Overview

URL rkiz.ru/
IP45.130.41.35
ASNBeget LLC
Location Russia
Report completed2022-09-21 09:33:40 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-21 2 rkiz.ru/ Malware
2022-09-21 2 rkiz.ru/ Malware
2022-09-21 2 investstable.ru/wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf Malware
2022-09-21 2 investstable.ru/wp-content/plugins/wp-social-likes/css/custom-buttons.css?v (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/css/fo (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/wp-social-likes/js/social-likes.min.js?v (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/wp-social-likes/css/custom-buttons_class (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/essential-addons-for-elementor-lite/asse (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/ (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 Malware
2022-09-21 2 investstable.ru/wp-content/plugins/piotnet-addons-for-elementor/assets/js/m (...) Malware
2022-09-21 2 investstable.ru/wp-content/themes/elegantwp/assets/js/skip-link-focus-fix.js Malware
2022-09-21 2 investstable.ru/wp-content/plugins/rate-my-post/public/js/rate-my-post.js?v (...) Malware
2022-09-21 2 investstable.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 Malware
2022-09-21 2 investstable.ru/wp-content/plugins/rate-my-post/public/css/rate-my-post.css (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/elementor/assets/css/frontend.min.css?ve (...) Malware
2022-09-21 2 investstable.ru/wp-content/themes/elegantwp/assets/js/theia-sticky-sidebar. (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/elementor/assets/css/frontend-legacy.min (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/advanced-responsive-video-embedder/build (...) Malware
2022-09-21 2 investstable.ru/wp-content/themes/elegantwp/assets/js/ResizeSensor.min.js Malware
2022-09-21 2 investstable.ru/ Malware
2022-09-21 2 investstable.ru/wp-content/plugins/wp-spamshield/js/jscripts-ftr2-min.js Malware
2022-09-21 2 investstable.ru/wp-content/themes/elegantwp/assets/js/navigation.js Malware
2022-09-21 2 investstable.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?v (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/piotnet-addons-for-elementor/assets/css/ (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/google-analytics-for-wordpress/assets/js (...) Malware
2022-09-21 2 investstable.ru/wp-content/themes/elegantwp/assets/js/jquery.fitvids.min.js Malware
2022-09-21 2 investstable.ru/wp-content/themes/elegantwp/assets/js/custom.js Malware
2022-09-21 2 investstable.ru/wp-content/plugins/wp-social-likes/css/social-likes_classic (...) Malware
2022-09-21 2 investstable.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 Malware
2022-09-21 2 investstable.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (78)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ssp.bestssp.com (1) 90974 2017-06-10 08:55:20 UTC 2022-09-21 08:19:25 UTC 185.147.80.35
mnemonic passive DNS mediatoday.ru (1) 136083 2013-05-20 20:53:32 UTC 2022-09-21 00:23:03 UTC 139.45.228.100
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-21 04:18:21 UTC 34.120.237.76
mnemonic passive DNS ocsp2.globalsign.com (2) 1544 2012-05-21 07:12:19 UTC 2022-09-21 04:56:28 UTC 104.18.21.226
mnemonic passive DNS www.web-ip.ru (1) 0 2012-07-27 17:57:56 UTC 2022-09-12 00:10:04 UTC 185.12.92.39 Domain (web-ip.ru) ranked at: 59797
mnemonic passive DNS dm-eu.hybrid.ai (1) 28847 2021-01-25 11:48:59 UTC 2022-09-21 04:53:01 UTC 37.18.103.21
mnemonic passive DNS sync.1dmp.io (2) 10017 2016-02-09 11:52:58 UTC 2022-09-21 08:19:24 UTC 78.46.100.125
mnemonic passive DNS sync.republer.com (1) 45392 2015-04-29 11:49:27 UTC 2022-09-21 04:30:15 UTC 23.88.82.46
mnemonic passive DNS mc.yandex.ru (9) 2672 2017-01-29 05:34:36 UTC 2022-09-21 08:08:08 UTC 93.158.134.119
mnemonic passive DNS rc.revolvermaps.com (4) 893374 2017-01-31 14:18:34 UTC 2022-09-15 03:41:15 UTC 185.44.104.99
mnemonic passive DNS kraken.rambler.ru (3) 22756 2016-07-11 17:32:30 UTC 2022-09-21 08:19:24 UTC 81.19.89.17
mnemonic passive DNS s.uuidksinc.net (1) 3423 2015-07-20 12:00:35 UTC 2022-09-21 08:08:42 UTC 31.220.27.134
mnemonic passive DNS exchange.buzzoola.com (1) 18389 2014-10-17 15:20:27 UTC 2022-09-21 08:47:50 UTC 168.119.8.212
mnemonic passive DNS adservice.google.no (1) 96969 2017-09-26 14:23:08 UTC 2022-09-21 04:19:09 UTC 216.58.211.2
mnemonic passive DNS status.thawte.com (1) 5123 2017-11-27 12:33:51 UTC 2022-09-21 05:07:24 UTC 93.184.220.29
mnemonic passive DNS sape-sync.rutarget.ru (1) 173587 2018-08-07 14:11:47 UTC 2022-09-21 00:23:03 UTC 46.243.143.249
mnemonic passive DNS fonts.gstatic.com (3) 0 2014-08-29 13:43:22 UTC 2022-09-21 04:18:17 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS cs.agency2.ru (1) 0 2022-04-29 14:24:02 UTC 2022-09-21 00:23:03 UTC 23.111.107.44 Unknown ranking
mnemonic passive DNS status.geotrust.com (1) 3662 2017-12-01 08:55:31 UTC 2022-09-21 04:28:33 UTC 93.184.220.29
mnemonic passive DNS ocsp.usertrust.com (1) 899 2012-05-21 15:43:18 UTC 2022-09-21 04:23:05 UTC 104.18.32.68
mnemonic passive DNS ut.rktch.com (1) 41215 2018-06-04 10:29:18 UTC 2022-09-21 06:41:10 UTC 89.108.97.2
mnemonic passive DNS ocsp.digicert.com (5) 86 2012-05-21 07:02:23 UTC 2022-09-21 04:07:23 UTC 93.184.220.29
mnemonic passive DNS investstable.ru (54) 0 2015-02-17 11:08:51 UTC 2022-08-02 22:40:29 UTC 45.130.41.35 Unknown ranking
mnemonic passive DNS ocsp.globalsign.com (7) 2075 2012-05-25 06:20:55 UTC 2022-09-21 04:23:28 UTC 104.18.20.226
mnemonic passive DNS sync.upravel.com (2) 28097 2017-05-29 09:13:46 UTC 2022-09-21 04:30:15 UTC 148.251.78.49
mnemonic passive DNS acint.net (2) 22962 2014-02-14 21:23:16 UTC 2022-09-21 06:24:30 UTC 185.12.125.25
mnemonic passive DNS a.utraff.com (1) 39874 2020-01-25 04:23:15 UTC 2022-09-21 08:22:50 UTC 104.21.59.66
mnemonic passive DNS stat.adlabs.ru (1) 200922 2012-07-23 15:58:30 UTC 2022-09-21 00:23:03 UTC 109.248.237.36
mnemonic passive DNS r3.o.lencr.org (21) 344 2020-12-02 08:52:13 UTC 2022-09-21 04:08:37 UTC 23.36.76.226
mnemonic passive DNS pagead2.googlesyndication.com (1) 101 2021-02-20 15:52:05 UTC 2022-09-21 08:47:14 UTC 142.250.74.98
mnemonic passive DNS sync.adkernel.com (1) 4993 2017-04-19 09:25:22 UTC 2022-09-21 06:03:59 UTC 77.245.57.72
mnemonic passive DNS dmg.digitaltarget.ru (4) 21471 2015-04-23 14:50:51 UTC 2022-09-21 08:19:24 UTC 185.15.175.158
mnemonic passive DNS connect.facebook.net (3) 139 2012-05-22 02:51:28 UTC 2022-09-21 04:14:35 UTC 157.240.200.14
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-21 04:18:29 UTC 142.250.74.72
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-21 05:17:10 UTC 142.250.74.10
mnemonic passive DNS ads.adlook.me (1) 43352 2018-11-28 12:50:19 UTC 2022-09-21 00:23:03 UTC 176.122.21.130
mnemonic passive DNS counter.yadro.ru (1) 7275 2014-09-09 18:41:17 UTC 2022-09-21 05:57:56 UTC 88.212.201.198
mnemonic passive DNS partner.googleadservices.com (1) 798 2012-10-03 01:04:21 UTC 2022-09-21 06:25:31 UTC 172.217.21.162
mnemonic passive DNS ads.betweendigital.com (5) 1571 2012-10-30 05:08:04 UTC 2022-09-21 05:58:32 UTC 188.42.191.196
mnemonic passive DNS ocsp.godaddy.com (2) 698 2012-05-20 19:28:57 UTC 2022-09-21 04:19:35 UTC 192.124.249.41
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-21 04:18:25 UTC 143.204.55.35
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-21 04:20:37 UTC 54.189.157.130
mnemonic passive DNS fcgi4.gnezdo.ru (1) 69027 2020-06-11 12:55:54 UTC 2022-09-21 00:23:03 UTC 93.95.102.105
mnemonic passive DNS ad.mail.ru (1) 7643 2012-06-22 19:38:09 UTC 2022-09-21 05:32:37 UTC 95.163.41.56
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-21 04:20:37 UTC 34.117.237.239
mnemonic passive DNS www.facebook.com (1) 99 2017-01-30 05:00:00 UTC 2022-09-21 04:11:59 UTC 157.240.200.35
mnemonic passive DNS cm.g.doubleclick.net (1) 202 2013-05-30 23:19:45 UTC 2022-09-21 08:47:05 UTC 142.250.74.2
mnemonic passive DNS redirect.frontend.weborama.fr (2) 8348 2017-05-04 15:00:27 UTC 2022-09-21 08:19:24 UTC 35.190.24.218
mnemonic passive DNS ocsp.sectigo.com (5) 487 2018-12-17 11:31:55 UTC 2022-09-21 08:01:53 UTC 172.64.155.188
mnemonic passive DNS sync.dmp.otm-r.com (1) 19534 2017-02-03 07:19:51 UTC 2022-09-21 08:47:50 UTC 116.202.236.228
mnemonic passive DNS sync.bumlam.com (2) 3243 2015-08-10 21:04:25 UTC 2022-09-21 08:19:24 UTC 31.172.81.158
mnemonic passive DNS ad.adriver.ru (2) 19548 2012-08-31 17:10:27 UTC 2022-09-21 08:19:25 UTC 195.209.108.47
mnemonic passive DNS px.adhigh.net (2) 10272 2013-01-03 21:02:08 UTC 2022-09-21 07:37:08 UTC 193.232.150.60
mnemonic passive DNS freecurrencyrates.com (9) 200816 2015-06-09 01:36:09 UTC 2022-09-14 11:29:03 UTC 74.119.195.177
mnemonic passive DNS proxy6.net (1) 59269 2016-08-05 10:52:53 UTC 2022-09-21 09:00:24 UTC 185.178.208.139
mnemonic passive DNS adlmerge.com (1) 146521 2017-04-06 07:10:27 UTC 2022-09-21 00:23:03 UTC 95.211.66.35
mnemonic passive DNS sm.rtb.mts.ru (2) 27154 2019-03-26 14:10:01 UTC 2022-09-21 04:30:15 UTC 217.66.147.164
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-21 04:18:32 UTC 143.204.55.49
mnemonic passive DNS nr.bidderstack.com (1) 352019 2019-02-11 14:43:50 UTC 2022-09-21 08:08:42 UTC 46.4.70.80
mnemonic passive DNS adservice.google.com (1) 76 2021-02-20 16:10:48 UTC 2022-09-21 04:16:41 UTC 142.250.74.34
mnemonic passive DNS tag.digitaltarget.ru (2) 98193 2015-07-21 14:24:58 UTC 2022-09-21 00:23:03 UTC 185.15.175.144
mnemonic passive DNS x01.aidata.io (2) 12188 2016-03-31 15:36:46 UTC 2022-09-21 08:19:23 UTC 89.108.119.43
mnemonic passive DNS tech.rtb.mts.ru (1) 27360 2017-04-17 12:41:30 UTC 2022-09-21 04:30:16 UTC 213.87.44.187
mnemonic passive DNS rkiz.ru (2) 0 2019-10-05 16:23:52 UTC 2022-08-02 22:40:29 UTC 45.130.41.35 Unknown ranking
mnemonic passive DNS www.acint.net (13) 29072 2014-02-14 21:23:16 UTC 2022-09-21 04:30:15 UTC 185.12.125.25
mnemonic passive DNS www.google-analytics.com (3) 40 2012-10-03 01:04:21 UTC 2022-09-21 04:08:31 UTC 142.250.74.174
mnemonic passive DNS 89b803c16ada2a63d903ac68020bb075-sp.ops.beeline.ru (1) 0 No data No data 37.9.245.57 Domain (beeline.ru) ranked at: 20964
mnemonic passive DNS top-fwz1.mail.ru (6) 8936 2013-05-12 17:16:07 UTC 2022-09-21 05:02:51 UTC 95.163.52.67
mnemonic passive DNS dmp.gotechnology.io (2) 48839 2019-06-17 16:08:58 UTC 2022-09-21 08:23:37 UTC 142.132.209.138
mnemonic passive DNS ssp.bidvol.com (1) 31817 2020-02-22 12:37:29 UTC 2022-09-21 00:23:03 UTC 65.109.23.99
mnemonic passive DNS ocsp.pki.goog (15) 175 2017-06-14 07:23:31 UTC 2022-09-21 04:20:12 UTC 142.250.74.3
mnemonic passive DNS an.yandex.ru (2) 2577 2017-01-30 05:11:51 UTC 2022-09-21 07:10:12 UTC 213.180.193.90
mnemonic passive DNS ssp.adriver.ru (2) 12439 2014-01-10 13:39:33 UTC 2022-09-21 08:19:24 UTC 195.209.111.19
mnemonic passive DNS glopart.ru (3) 65819 2012-10-17 12:06:53 UTC 2022-09-16 08:36:22 UTC 51.250.65.231
mnemonic passive DNS informer.yandex.ru (1) 54908 2015-07-19 08:35:06 UTC 2022-09-21 05:42:23 UTC 93.158.134.119
mnemonic passive DNS c65521c3-2693-42c1-b2f6-2318d64fa5f3.sync.upravel.com (1) 0 No data No data 148.251.237.106 Domain (upravel.com) ranked at: 27764
mnemonic passive DNS cp.beget.com (1) 150465 2016-03-24 06:31:11 UTC 2022-09-21 05:36:20 UTC 193.168.47.247
mnemonic passive DNS match.new-programmatic.com (1) 33613 2020-02-18 20:50:06 UTC 2022-09-21 05:58:32 UTC 217.65.2.150


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.130.41.35

Date UQ / IDS / BL URL IP
2022-10-08 18:18:08 +0000
0 - 0 - 11 www.vikupkvart.ru/ 45.130.41.35
2022-10-07 11:05:25 +0000
0 - 0 - 2 www.dolservis.store/ 45.130.41.35
2022-10-06 00:11:35 +0000
0 - 0 - 26 www.engineers01.ru/ 45.130.41.35
2022-09-22 04:23:35 +0000
0 - 0 - 32 rkiz.ru/ 45.130.41.35
2022-09-21 09:33:40 +0000
0 - 0 - 31 rkiz.ru/ 45.130.41.35

Last 5 reports on ASN: Beget LLC

Date UQ / IDS / BL URL IP
2022-11-28 03:37:49 +0000
0 - 0 - 26 expresselectro.ru/uslugi/remont/72-blagodarno (...) 5.101.153.188
2022-11-28 03:00:04 +0000
0 - 0 - 1 kostyach.bget.ru/ 5.101.152.83
2022-11-28 01:40:13 +0000
0 - 0 - 30 expresselectro.ru/uslugi/proektirovanie/13-po (...) 5.101.153.188
2022-11-27 22:39:03 +0000
0 - 0 - 1 ld-player.ru/youcut/?ysclid=lazy0i3psn164422741 87.236.16.238
2022-11-27 20:46:19 +0000
0 - 0 - 7 iban-24asbinfo.ru/ 45.130.41.59

Last 2 reports on domain: rkiz.ru

Date UQ / IDS / BL URL IP
2022-09-22 04:23:35 +0000
0 - 0 - 32 rkiz.ru/ 45.130.41.35
2022-09-21 09:33:40 +0000
0 - 0 - 31 rkiz.ru/ 45.130.41.35

Last 1 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-22 04:23:35 +0000
0 - 0 - 32 rkiz.ru/ 45.130.41.35


JavaScript

Executed Scripts (63)


Executed Evals (1)

#1 JavaScript::Eval (size: 31, repeated: 1) - SHA256: 6e4c074bba968f3a2899edcbccf9e893ebdad7a5a533463e4d9630f28f3baed1

                                        (a = 0) => {
    let b;
    const c = class {};
}
                                    

Executed Writes (2)

#1 JavaScript::Write (size: 726, repeated: 1) - SHA256: cbd9d2ef9e3a01851757b301ea15ef693ae0f87bcbc718905f2e94fc971019e3

                                        < a href = '//www.liveinternet.ru/click'
target = _blank > < img src = '//counter.yadro.ru/hit?t12.15;r;s1280*1024*24;uhttps%3A//investstable.ru/;h%u0412%u0441%u0451%20%u043E%20%u0437%u0430%u0440%u0430%u0431%u043E%u0442%u043A%u0435%20%u0432%20%u0438%u043D%u0442%u0435%u0440%u043D%u0435%u0442%u0435%20-%20%u0414%u0443%u043C%u0430%u0439%2C%20%u043F%u0440%u0435%u0436%u0434%u0435%20%u0447%u0435%u043C%20%u0432%u043A%u043B%u0430%u0434%u044B%u0432%u0430%u0442%u044C%20%u0434%u0435%u043D%u044C%u0433%u0438%2C%20%u0438%20%u043D%u0435%20%u0437%u0430%u0431%u044B%u0432%u0430%u0439%20;0.7777424789345702'
alt = ''
title = 'LiveInternet: ?>:070=> G8A;> ?@>A<>B@>2 70 24 G0A0, ?>A5B8B5;59 70 24 G0A0 8 70 A53>4=O'
border = '0'
width = '88'
height = '31' > < /a>
                                    

#2 JavaScript::Write (size: 65, repeated: 1) - SHA256: 4d568d638caa54f96a0f3219cb5a8926a47b1d4ea7833b96ad6a19345a894736

                                        < div id = "glopart-adunit-17775"
data - glopart - adunit = "17775" > < /div>
                                    


HTTP Transactions (254)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: rkiz.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.130.41.35
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx-reuseport/1.21.1
Date: Wed, 21 Sep 2022 09:33:28 GMT
Content-Length: 295
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://rkiz.ru/
Cache-Control: max-age=3600
Expires: Wed, 21 Sep 2022 10:33:28 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   295
Md5:    f1de6dd79e12a0f236b14f8018478b0d
Sha1:   0c3ad0178736ca21c168bce8a7497436cadedfd0
Sha256: 30b3ec617a92aaf8821ae4f1b39d54ab05afb1b6cb5bfbfb3277e1baf3f8fe7f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 09:14:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bk7ywrkvh-nUADIzTKjsPgF_bFzNeqel5SuDxfC81YXRcGKOjyHEdg==
Age: 1145


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    804f8bbb7f556d51a5f52d5ebd5b6eef
Sha1:   922cd7e06df278615a04abb81d811d14596c8180
Sha256: ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2177
Expires: Wed, 21 Sep 2022 10:09:45 GMT
Date: Wed, 21 Sep 2022 09:33:28 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MyKj3_Gp3HbdwDtMXkz6H9qdEKnIgXXZo1rCOgibnKxawMdm12D_QQ==
age: 17895
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 21 Sep 2022 09:33:29 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B86D25B975A800FDFB48D73B7E72429943D166EAFE064BE3334D72C1834962A4"
Last-Modified: Wed, 21 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 21 Sep 2022 15:33:29 GMT
Date: Wed, 21 Sep 2022 09:33:29 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 21 Sep 2022 09:03:22 GMT
Cache-Control: max-age=3600
Expires: Wed, 21 Sep 2022 09:40:54 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Uie04PTC4Nb_8NOjUvRYTuACkO3aYgIlwAiW0QmqnDb-Y75VRMWR1w==
Age: 1807


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET / HTTP/1.1 
Host: rkiz.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         45.130.41.35
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:29 GMT
content-length: 0
vary: X-Forwarded-Proto,Accept-Encoding
x-powered-by: PHP/7.3.31
x-redirect-by: WordPress
location: https://investstable.ru/
cache-control: max-age=3600
expires: Wed, 21 Sep 2022 10:33:29 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6351
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 09:33:29 GMT
Last-Modified: Wed, 21 Sep 2022 07:47:38 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6A644FA058890A19071C6CF17848AACC8C2DB7E7C22E805F91BF9B40ADFD4C3E"
Last-Modified: Wed, 21 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21596
Expires: Wed, 21 Sep 2022 15:33:25 GMT
Date: Wed, 21 Sep 2022 09:33:29 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3kMcmXtHcfAGP4QfLUn8Fg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.189.157.130
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3P1byl8sS8rzkcuoiBIR5aK2LqY=

                                        
                                            GET /wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/octet-stream
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 4824
last-modified: Sat, 03 Sep 2022 08:53:46 GMT
etag: "6313161a-12d8"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, ratemypost \012- data
Size:   4824
Md5:    5772d7b0d9851e23e062eafadaf7729f
Sha1:   c774ae6a5da5dd14342db3281735dc2812da1d3d
Sha256: 40d4cb30d26c1301383bc7445dd80bf4e3279374d2ff74c771aa4c3db182358f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/wp-social-likes/css/custom-buttons.css?ver=6.0.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-1dbd"
expires: Wed, 28 Sep 2022 09:33:30 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   5190
Md5:    803b7152799f0f6fdcdf00c90a508fa8
Sha1:   a95954b20e06d23a9e7ea5bb5d95e0cbb3253875
Sha256: de73ab1ad4ebcbb396711745f72008e7bdfc232c4ea84b308bc3485a924fbec8

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /gtag/js?id=UA-150971850-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 21 Sep 2022 09:33:30 GMT
expires: Wed, 21 Sep 2022 09:33:30 GMT
cache-control: private, max-age=900
last-modified: Wed, 21 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42194
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   42194
Md5:    37a9a534f4b6a40b029f6c3ca3ac6382
Sha1:   9db928bbff5f80f42dd49d6a7ecaeeb9b7e34592
Sha256: bcd59fa57a955b393ae98b306718adffaac1eb83500e3a1dc6238020d93102b0
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
last-modified: Mon, 19 Sep 2022 14:46:23 GMT
vary: Accept-Encoding
etag: W/"632880bf-7917"
expires: Wed, 28 Sep 2022 09:33:30 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   7551
Md5:    a401171606c7b58c95ba8f78b207f497
Sha1:   d850036814f95e8d4307b6700d3fa926ff59e8ec
Sha256: 4ac6a1f523f295e2d38e6ad24c7a8572fde2ae2ad2eb21616e66c33594d2f8dd

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /css?family=Playfair+Display:400,400i,700,700i|Domine:400,700|Oswald:400,700|Poppins:400,400i,700,700i HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 21 Sep 2022 09:33:30 GMT
date: Wed, 21 Sep 2022 09:33:30 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1545
Md5:    0d161fe214e37adaa56f6835d236c010
Sha1:   df63fd57d86f2dc7c09196480c2b71cd3b8f6545
Sha256: 41db7f12b98a7e804ca4738b0dec4749a9fcf7931fa65e1944920f99c43a37a6
                                        
                                            GET /wp-content/uploads/2020/05/cropped-vsyo-o-zarabotke-v-internete-scaled-1.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 104731
last-modified: Sun, 17 May 2020 17:28:39 GMT
etag: "5ec17447-1991b"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1250x291, components 3\012- data
Size:   104731
Md5:    c1cb42f2586a7bea5a881a948876456b
Sha1:   b18147881ec1e9509c25d8d0eca2b9e10ddc63ef
Sha256: ef0eb2ff448a4c83518f8dd3e89aff1123790226d87fcce4ec8c9ee6a3d7e3d8
                                        
                                            GET /wp-content/uploads/2022/09/vk_dm-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 39518
last-modified: Sat, 03 Sep 2022 09:22:48 GMT
etag: "63131ce8-9a5e"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   39518
Md5:    5dc73406aae193005e9cf3a7c204d3b1
Sha1:   87cca995b9d938e450bfb3d0ff54ac039f7e2b52
Sha256: 24b9e3b9009e663dabb5cdc28d3da5a218a01ef3e7f32261a2834234f1562fbf
                                        
                                            GET /wp-content/uploads/2020/05/a-markets.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 26988
last-modified: Mon, 25 May 2020 15:27:50 GMT
etag: "5ecbe3f6-696c"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Size:   26988
Md5:    756a565565df6e0f2cec2c9b4b76e296
Sha1:   387773b21ffcab31cb1d89e7f96d0d6b547506ba
Sha256: 09caa68834995289b636e847fceb545272b5a5350333b2e720093cb400d6aaba
                                        
                                            GET /wp-content/uploads/2020/05/250x250-pamm.gif HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 50534
last-modified: Mon, 25 May 2020 16:02:52 GMT
etag: "5ecbec2c-c566"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 250 x 250\012- data
Size:   50534
Md5:    cd3b0f639f22b2f35bd583ac16571cdb
Sha1:   a9ce0bc972d8963f8a88ae83a38c379e0a07a5ee
Sha256: 73de70b14b33570c9783b994522506583c50840edf538a76094151877e433df1
                                        
                                            GET /wp-content/uploads/2020/05/ndb_1500_250x250_ru.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 48403
last-modified: Mon, 25 May 2020 16:01:08 GMT
etag: "5ecbebc4-bd13"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Size:   48403
Md5:    14b49bbf12791190c668c54e5c867feb
Sha1:   52d144e242b973942da49d1f8500cac301ac6f1c
Sha256: 79b20d7cf1871bfed16ef693560ba0d8c29b93980c25be6e2e4ead025d85bfaa
                                        
                                            GET /wp-content/uploads/2020/12/viboom.gif HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 46261
last-modified: Tue, 15 Dec 2020 08:18:05 GMT
etag: "5fd8713d-b4b5"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 300 x 225\012- data
Size:   46261
Md5:    6da112ed7073c836748ec4198f5bb858
Sha1:   4908acad4b3151a2042719d59a0524f9c3766ad6
Sha256: df0a9e760593a0d61e1e8d5cc12a435be6153d0ccad00790854c55b86e4289fb
                                        
                                            GET /wp-content/plugins/wp-social-likes/js/social-likes.min.js?ver=6.0.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-24f8"
expires: Wed, 28 Sep 2022 09:33:30 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3980
Md5:    7e2046994c36e01d8fe75c118d3d3ba6
Sha1:   ed85272b67ede8acc1ce8e1aa5ddc2db5ae8a9a0
Sha256: 5b369cbe974d3e57dc97f9e5469e13d72ee31baa879bee093c297b1cb1dfbf53

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2020/05/banner-1-728x90-1.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 59669
last-modified: Tue, 12 May 2020 09:00:10 GMT
etag: "5eba659a-e915"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 728x90, components 3\012- data
Size:   59669
Md5:    164506b5e3543299d93d1817b850d98c
Sha1:   b4a644d177c37bf75f56c09208aadc92b522e8cd
Sha256: 2df22e26878a25ee43d3ec4093ef68515ea2561fd7430f071b03754c12e0db4e
                                        
                                            GET /wp-content/uploads/2020/10/1b60f5f5164148019a12f2f47c7b28b1.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 51586
last-modified: Sun, 18 Oct 2020 12:36:20 GMT
etag: "5f8c36c4-c982"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Size:   51586
Md5:    8863ca88093cdcc7381f2c0e3ee55ff0
Sha1:   e1a2a3aee11ace0d95b1d584a292379326ebc7bd
Sha256: da63cc478ddb4c84036814cefd918f548f5d29f1c8dcff64aedb10b1a43c9a3b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/uploads/2020/05/banner-6-240x400-1.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 82546
last-modified: Tue, 12 May 2020 09:05:43 GMT
etag: "5eba66e7-14272"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x400, components 3\012- data
Size:   82546
Md5:    51a4c1b3683215db55b49b09fb070068
Sha1:   b910ddaa2402e7442d1a40383ac7b69727c83047
Sha256: ff68e86ea261a9a70a60a7b7f4f605d020701449d50a899702db69d5269a2169
                                        
                                            GET /0/0/6.js?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0 HTTP/1.1 
Host: rc.revolvermaps.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.44.104.99
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Server: Apache
Last-Modified: Fri, 23 Jun 2017 15:59:45 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000
Content-Length: 975
Keep-Alive: timeout=4, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1829), with no line terminators
Size:   975
Md5:    6f2cff312815e129e65971e1f7aa0b6c
Sha1:   f07651ab0ae9b95ef1007782e8d1bbf0fae53f66
Sha256: 26a7a91762ec29a98d90e879584a0218e49e6733c98504d5c15d156f39d72446
                                        
                                            GET /static/img/b/7.28x90.png HTTP/1.1 
Host: proxy6.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.178.208.139
HTTP/2 200 OK
content-type: image/png
                                        
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=xUAcqE2KAkbvvoVuGYbH; Domain=.proxy6.net; HttpOnly; Path=/; Expires=Thu, 21-Sep-2023 09:33:30 GMT
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 22901
last-modified: Fri, 14 Apr 2017 17:35:01 GMT
etag: "58f10845-5975"
expires: Thu, 22 Sep 2022 09:33:30 GMT
cache-control: max-age=86400
accept-ranges: bytes
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 728 x 90, 8-bit colormap, non-interlaced\012- data
Size:   22901
Md5:    535a8e53835eabedf0f9436dc0a01c4f
Sha1:   96faf73445971f7f81e6b23416ae7fe76c287847
Sha256: 1b4b102a9932253604ff516491a2d43fa9f17534213cc76894c4f482b4ba7eed
                                        
                                            GET /wp-content/plugins/wp-social-likes/css/custom-buttons_classic.css?ver=6.0.2 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
last-modified: Mon, 02 Oct 2017 09:45:09 GMT
vary: Accept-Encoding
etag: W/"59d20aa5-16d"
expires: Wed, 28 Sep 2022 09:33:30 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   5649
Md5:    8eb77794f33bbd553d64702a00dd228e
Sha1:   6a016618cd2a2d2a897c4a1f06516d049e44debd
Sha256: f6334d8df8cc44d6914984a9569d1865cd84fa52d2a0643c2a4cff940679c7b6

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
last-modified: Fri, 02 Sep 2022 05:07:20 GMT
vary: Accept-Encoding
etag: W/"63118f88-d69"
expires: Wed, 28 Sep 2022 09:33:30 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   102573
Md5:    12810fdbb10641bea000dc87a387fd37
Sha1:   7ac8a7ac56b3366e259f7843a31bbe5535616b63
Sha256: 927fdd4f19303b5309d3e017f0dfe97232c0e3968484e712a8edf1e39681bd49

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2019/09/etxt-top.png HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         45.130.41.35
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx-reuseport/1.21.1
Date: Wed, 21 Sep 2022 09:33:30 GMT
Content-Length: 25516
Last-Modified: Fri, 27 Sep 2019 19:03:04 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "5d8e5ce8-63ac"
Expires: Fri, 21 Oct 2022 09:33:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 240 x 400, 8-bit colormap, non-interlaced\012- data
Size:   25516
Md5:    cb8cfd79a3d7e07dba22b9c5fe4f3d96
Sha1:   078c915b31f98b58f033506c0b84091dfe72274f
Sha256: 6c818e114473a3bf43c626772ebc5d4fb573e8c4043167c0d03b77e29548c3da
                                        
                                            GET /wp-content/uploads/2019/08/6912627ce8ddb69676858d981b62973d.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         45.130.41.35
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx-reuseport/1.21.1
Date: Wed, 21 Sep 2022 09:33:30 GMT
Content-Length: 33460
Last-Modified: Fri, 01 May 2020 14:11:51 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "5eac2e27-82b4"
Expires: Fri, 21 Oct 2022 09:33:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x600, components 3\012- data
Size:   33460
Md5:    d622aded8f2ecc17082f2a48cfe6b57c
Sha1:   c940eb282e634fef78a2a65167d4c457e27065d3
Sha256: 51c0031ad4194403f9dc6f6648d37e0467b69e7c1f2c2570079581e2094cbb1d
                                        
                                            GET /wp-content/uploads/2014/08/tinkoffkredkart.gif HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         45.130.41.35
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx-reuseport/1.21.1
Date: Wed, 21 Sep 2022 09:33:30 GMT
Content-Length: 129292
Last-Modified: Mon, 20 Mar 2017 18:39:50 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "58d021f6-1f90c"
Expires: Fri, 21 Oct 2022 09:33:30 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 240 x 400\012- data
Size:   129292
Md5:    0fa05fbdc4547a05ce7ca2812aaf1813
Sha1:   8eedb0688f90845d21205cc7839a3aaf0b0967f7
Sha256: 3b31ece620ceac4155c47e03e3e01c4d775c96e2a64b2b4155d66b838010e053
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://investstable.ru/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/font-woff2
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 77160
last-modified: Mon, 19 Sep 2022 14:46:23 GMT
etag: "632880bf-12d68"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "44856BFB834A500B1C55837358B97B8D4961EA56101516B1E332E6369B102D1E"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18792
Expires: Wed, 21 Sep 2022 14:46:42 GMT
Date: Wed, 21 Sep 2022 09:33:30 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
last-modified: Mon, 31 May 2021 18:47:51 GMT
vary: Accept-Encoding
etag: W/"60b52f57-176"
expires: Wed, 28 Sep 2022 09:33:30 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   27863
Md5:    f209b80fc16262e0a0e58c10cdcfe14b
Sha1:   fcb192322e94519060117acb02e41e7ce0a6190d
Sha256: 603ead86039dfa1e2e49614cf1f27e1df0f2866105bf7d38ecc7b2f86a00882a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:30:58 GMT
expires: Thu, 14 Sep 2023 19:30:58 GMT
cache-control: public, max-age=31536000
age: 568952
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Size:   7816
Md5:    25b0e113ca7cce3770d542736db26368
Sha1:   cb726212d5d525021752a1d8470a0fb593e0c49e
Sha256: 9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
                                        
                                            GET /s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 21:38:37 GMT
expires: Tue, 19 Sep 2023 21:38:37 GMT
cache-control: public, max-age=31536000
age: 129293
last-modified: Mon, 18 Jul 2022 19:23:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 17908, version 1.0\012- data
Size:   17908
Md5:    e46b4e2e3b47cc232937ebf72b4c537e
Sha1:   2675bc06ee643b8c935370325a327efb74746e6a
Sha256: d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4124
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 09:33:30 GMT
Last-Modified: Wed, 21 Sep 2022 08:24:47 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlSHYjedg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10656
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 22:22:31 GMT
expires: Tue, 19 Sep 2023 22:22:31 GMT
cache-control: public, max-age=31536000
age: 126659
last-modified: Mon, 18 Jul 2022 19:16:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 10656, version 1.0\012- data
Size:   10656
Md5:    82bc09c297dafefdb8ede29c07215a0e
Sha1:   a71c0ab54461d9ac9fb175cf0b1046ad7a2f249e
Sha256: 2180338485df7a5177f40705e1336cbb4b32fd5c49803cc453c25214ab40a5a4
                                        
                                            GET /js/r.php?i=21vr2g6pimi&l=https%3A%2F%2Finveststable.ru%2F&r=1663752810430 HTTP/1.1 
Host: rc.revolvermaps.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.44.104.99
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Server: Apache
Content-Length: 43
Keep-Alive: timeout=4, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    6d22e4f2d2057c6e8d6fab098e76e80f
Sha1:   b80b11203d97fe01c5597ca3be70406ea48f5709
Sha256: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
                                        
                                            GET /wp-content/plugins/piotnet-addons-for-elementor/assets/js/minify/extension.min.js?ver=2.4.20 HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
last-modified: Mon, 19 Sep 2022 14:46:29 GMT
vary: Accept-Encoding
etag: W/"632880c5-117ab"
expires: Wed, 28 Sep 2022 09:33:30 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   28570
Md5:    22204c632daf13fe2c6acaa4c85bc6fa
Sha1:   ff8828528767e96685b3a6155069a7d1eb0efb76
Sha256: bba6ad9b9abff30176bfee474aa618f5565fbbf2df75592448443e07d2cc9e46

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D1F7BC8166AC20CAEB9AAE7A8F15668D2BB90ED6DBB799524F1A280F4BAAD383"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8408
Expires: Wed, 21 Sep 2022 11:53:38 GMT
Date: Wed, 21 Sep 2022 09:33:30 GMT
Connection: keep-alive

                                        
                                            GET /js/c.php?i=21vr2g6pimi HTTP/1.1 
Host: rc.revolvermaps.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.44.104.99
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Server: Apache
Cache-Control: max-age=900
Last-Modified: Wed, 21 Sep 2022 09:33:30 GMT
Content-Length: 43
Keep-Alive: timeout=4, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    6d22e4f2d2057c6e8d6fab098e76e80f
Sha1:   b80b11203d97fe01c5597ca3be70406ea48f5709
Sha256: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
                                        
                                            GET /images/200-300.gif HTTP/1.1 
Host: www.web-ip.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

                                         
                                         185.12.92.39
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.16.1
Date: Wed, 21 Sep 2022 09:33:30 GMT
Content-Length: 399657
Last-Modified: Tue, 16 Oct 2018 18:33:51 GMT
Connection: close
ETag: "5bc62f0f-61929"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 200 x 300\012- data
Size:   399657
Md5:    3106053a699c9ac521a5b73ab06a017a
Sha1:   12bf12c0fca502f94a33cf50b026854c977dbdad
Sha256: e32c410d8e8353778912a3338dcf8b5c2535c55c31988def5a202d01b9f68b7b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0C29D8AC0416A80EE65337A90685CE677BE87AF1296682215A6B4118FD46BA5C"
Last-Modified: Wed, 21 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15470
Expires: Wed, 21 Sep 2022 13:51:20 GMT
Date: Wed, 21 Sep 2022 09:33:30 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/uploads/2022/08/vk_fra-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663752810519; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 26973
last-modified: Fri, 05 Aug 2022 16:46:24 GMT
etag: "62ed4960-695d"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   26973
Md5:    7a59ac2b35bba946e86997dd5248e0e0
Sha1:   792e85f57b6c46bff81789a8dee4635575e16707
Sha256: 510c549bdc189926dc97923d7dfad2dda9911ff6f9b119bb87100d7f84f32ad4
                                        
                                            GET /wp-content/uploads/2022/07/vk_zr-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663752810519; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 38506
last-modified: Thu, 28 Jul 2022 16:02:30 GMT
etag: "62e2b316-966a"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   38506
Md5:    8d6bcbf88b4ae3562a832d18b68ea6fa
Sha1:   b82db24050e494f63389dfd15b096c3bd97829b2
Sha256: 5f622bd93fdd8e279d18b588799a2cef833694dff83aa3810831b7a2d0c2382f
                                        
                                            GET /wp-content/uploads/2022/07/vk_nv-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663752810519; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 29964
last-modified: Mon, 18 Jul 2022 17:58:42 GMT
etag: "62d59f52-750c"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   29964
Md5:    1d467c4e8f48eeb675ff78eeffd1f648
Sha1:   29d2f6dcf66ca76b968d229eede988606906f7e0
Sha256: d4b6c4a3c03d4fba9b18c8c0840d9161cd84b822fd237c64d53bebbb89532147
                                        
                                            GET /wp-content/uploads/2022/07/vk_du-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663752810519; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 36713
last-modified: Sat, 16 Jul 2022 16:21:28 GMT
etag: "62d2e588-8f69"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   36713
Md5:    1fe20cb9c75e28a299994f622840b2d4
Sha1:   746434943382475dd5a7f970bb7daf00289d01a2
Sha256: 1364df773336e3e66dd8bddacb5a914426b430286df5facfebc1c6259f66148b
                                        
                                            GET /wp-content/themes/elegantwp/assets/js/skip-link-focus-fix.js HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
last-modified: Mon, 19 Jul 2021 17:36:19 GMT
vary: Accept-Encoding
etag: W/"60f5b813-342"
expires: Wed, 28 Sep 2022 09:33:30 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   9467
Md5:    391b1e563c2f379f75df36ab9d2c10a1
Sha1:   dbb44c6a2d620e2f22a8bc77f405841686ead0e2
Sha256: 6ad938af9faf95b967479d4801fe889e4b457810bacd1a68644199cda0757e60

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2022/07/vk_dv-480x360.jpg HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663752810519; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 32611
last-modified: Sat, 16 Jul 2022 15:52:32 GMT
etag: "62d2dec0-7f63"
expires: Fri, 21 Oct 2022 09:33:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Size:   32611
Md5:    d55d54340e448dab8fc3352aa04de50f
Sha1:   aa43e074296b59bd9a49da3f069847d47b89ac28
Sha256: 82e50e7c8f797260911e2c0505e56622c37fcf8008ab1674ea699db894e6cd3b
                                        
                                            GET /ads/adunit/17775/script.js HTTP/1.1 
Host: glopart.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         51.250.65.231
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
                                        
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 572
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (455)
Size:   572
Md5:    0126b369efb82632794c9aacd2a92bb2
Sha1:   9c02268ab458fcc85ba37b21f9d16826e21ddbfe
Sha256: 8a89f2123b15dd1bd89778a2f420241fbd3b99ab34db3b9480290bb5189af682
                                        
                                            GET /hit/?v=0.4.0&uid=192df9e0-c59b-4728-8c73-be680d6d2f7d&dp=10&tz=%2B00%3A00&nc=81641178&u=https%3A%2F%2Finveststable.ru%2F&r=&rs=1280x1024&t=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&oE=1&oP=1&dT=2022-09-21T09%3A33%3A30.608&fu=fa2d74c6-3661-4c6a-9616-dda0e479833f HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
set-cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /mc/?dp=10 HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 302 Found
content-type: text/html
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 154
location: /mc/?dp=10&tc=1
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Wed, 21-Sep-22 09:43:30 GMT aid=uQx9GWMq2mqiBQC5xg/WAqJXcQdU9vaOb5UAytPFPDepUTrt; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
                                        
                                            GET /w/6/a/a2.php?i=21vr2g6pimi&m=0&s=200&c=ff0000&cr1=ffffff&f=arial&l=0 HTTP/1.1 
Host: rc.revolvermaps.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         185.44.104.99
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Server: Apache
Cache-Control: public, max-age=2592000
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=4, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32541), with no line terminators
Size:   11240
Md5:    38c061c4a06aa91f396ef1fe99df4ac7
Sha1:   26f80bfb65cf273163e1315f52f68f9973cae1d4
Sha256: 8c8de3862a2ecf26dbb5fd1d040e244d481fa7f1ce1fb349de5ff23ffc7b4a16
                                        
                                            GET /ru/widget-vertical?iso=USD-RUB-EUR-GBP-CNY-BTC-UAH&df=1&p=FKCP47lFo&v=fits&source=fcr&width=245&width_title=0&firstrowvalue=1&thm=dddddd,eeeeee,E78F08,F6A828,FFFFFF,cccccc,ffffff,1C94C4,000000&title=%D0%9A%D0%BE%D0%BD%D0%B2%D0%B5%D1%80%D1%82%D0%B5%D1%80%20%D0%B2%D0%B0%D0%BB%D1%8E%D1%82&tzo=-180 HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: application/javascript
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:33:30 GMT
transfer-encoding: chunked
cache-control: max-age=300
content-encoding: gzip


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 text, with very long lines (11699), with CRLF, LF line terminators
Size:   5388
Md5:    286bbce6569fb7153ad203f853d52a0e
Sha1:   9f96f39ecf2dbf345fa606dcc0008913f67f9c0f
Sha256: bd8f0c8d272b25226cc437a00c2332603b49d22a516b1e070bf7b4199c0884c9
                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:30 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 25 Sep 2022 08:38:46 GMT
ETag: "4a569b8a000afcb61cd25490f76cdeef65f95939"
Last-Modified: Wed, 21 Sep 2022 08:38:47 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1474
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e1ccbb7a39b509-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    eee9d3ed5d8a46e1be45873094ed007e
Sha1:   4a569b8a000afcb61cd25490f76cdeef65f95939
Sha256: 1d7a4ca9268b25670dc26e8f2f2f91a047d1bd875bbb68dc07e45d273070f0e8
                                        
                                            GET /userip HTTP/1.1 
Host: kraken.rambler.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         81.19.89.17
HTTP/2 200 OK
content-type: application/octet-stream
                                        
server: nginx/1.19.4
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 12
access-control-allow-origin: https://investstable.ru
x-srv: 0node0010.top100.rambler.tech
set-cookie: ruid=1CIAAGraKmM7Q1OCATDqpgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/ proto_uid=1CIAAGraKmM7Q1OCATDqpgB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   12
Md5:    35b0bce9d250429df012c0426f88d0bd
Sha1:   f81d80af9cbeb0011316fbba3da8002b32251f7a
Sha256: da9add592d7eb9cca7705cb4870d7fd4e9718ccd51486c4261a727a8d566960d
                                        
                                            GET /flags/24/us.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:28:37 GMT
content-length: 656
last-modified: Fri, 01 Jul 2016 20:43:46 GMT
etag: "5776d602-290"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 293


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   656
Md5:    ae506a6c014bfeb8d8cbfdfbe94c14c9
Sha1:   f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
Sha256: bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
                                        
                                            GET /flags/24/gb.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:31:53 GMT
content-length: 1177
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-499"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 97


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   1177
Md5:    33a79546e65bf38629ec0bf90a0bcc3d
Sha1:   5afd0a44d0f4c8cadd3fea1ec866ddeb67e4afdd
Sha256: 9d5579d2ae226889e9cc592035a86cbe20c570edbdeb6394ec7ebc23c4246571
                                        
                                            GET /uploads/wareimages/12569/884a86b9d6f84d949e1b973feb4e5c7d.png HTTP/1.1 
Host: glopart.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.250.65.231
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 10357
etag: "9c528a39ab234d7bfd78425d65ddba7e"
last-modified: Sat, 19 Mar 2022 00:18:33 GMT
accept-ranges: bytes
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size:   10357
Md5:    9c528a39ab234d7bfd78425d65ddba7e
Sha1:   08efeac0136e6589cfaa2c4620620d649474a447
Sha256: 878dd963321d9fd1b03187a264bcb775bc62d4ca17bf369a158cde62f5f6db82
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A13695745612E9F0FEAF5B58CBAB183B166956C0E84B94148D230E12725B9C66"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12113
Expires: Wed, 21 Sep 2022 12:55:24 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            GET /mc/?dp=10&tc=1 HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: text/html
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:30 GMT
set-cookie: cSyncDp7v2=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp14v3=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp17=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp32=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp45v3=1663752810; expires=Thu, 22-Sep-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp53=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp54v2=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp62=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp67v2=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp68=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp71=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp77=1663752810; expires=Wed, 05-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp84=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp85=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp95v3=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp101=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp104v2=1663752810; expires=Wed, 05-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp107=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp110=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp111v2=1663752810; expires=Wed, 05-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp112v2=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp125v2=1663752810; expires=Thu, 06-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp126=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp127=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp129=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp136v2=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp138=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp144=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp146=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp148=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp149=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp151=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp178=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp179=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp186=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp221=1663752810; expires=Fri, 21-Oct-22 09:33:30 GMT; path=/; Secure; SameSite=None; domain=.acint.net
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1872
Md5:    a3dbd9278e9a019ec9c8a563e1bb2340
Sha1:   d00850cdff4ae7daba85a586462c7d749893da14
Sha256: 5b1c207ebba116bc21bca3788414ef63982b2eb642319c9dd5e7a6e359d6fde0
                                        
                                            GET /flags/24/eu.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:28:31 GMT
content-length: 909
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-38d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 299


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   909
Md5:    94eea2fb562263ef9a777380e3eba8fe
Sha1:   3f74d28639adf5c9fc35450da396da37cb43e2c8
Sha256: f880ef6584845869e5d81b2960b8eb81ec470b88ea8859dd75a2ef80f56fe8dd
                                        
                                            GET /flags/24/cn.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:29:41 GMT
content-length: 604
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-25c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 229


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   604
Md5:    933a5fd60bc9e9b3f152937065ba2142
Sha1:   c161d6d280949b5499111704f3e6f94e8b9d4b78
Sha256: 1afc41cd907186a8d6e578fc119c9b491d411ba4f5c33f02eb5714dd0f657fb6
                                        
                                            GET /flags/24/btc.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:31:23 GMT
content-length: 890
last-modified: Fri, 01 Jul 2016 20:43:45 GMT
etag: "5776d601-37a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 127


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 4-bit colormap, non-interlaced\012- data
Size:   890
Md5:    ee5ca44996167f948e9a7ef54687c16c
Sha1:   e05e6b5d566a829628f7d4f8f577128979bf4e6c
Sha256: dae692b8bba4d06e448f9724b4787312125a21b78b92e54b6496606f4e6d6055
                                        
                                            GET /match?id=106&vid=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: dm-eu.hybrid.ai
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         37.18.103.21
HTTP/2 204 No Content
                                        
date: Wed, 21 Sep 2022 09:33:31 GMT
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: vid=39defd8711277a09704b; expires=Thu, 21 Sep 2023 09:33:29 GMT; domain=.hybrid.ai; path=/; samesite=none
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
x-mode: 508
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: Hybrid Web Server
X-Firefox-Spdy: h2

                                        
                                            GET /flags/24/ua.png HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:31:11 GMT
content-length: 476
last-modified: Fri, 01 Jul 2016 20:43:46 GMT
etag: "5776d602-1dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 139


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size:   476
Md5:    8cf366da149b92da8713850df92cc2a7
Sha1:   8848474af0b13f8912c4e9b97004aad53d186adc
Sha256: 70549240fea1a10a4c0ec5804693af68a23eeaaff15c9cd1883c0138c81847e3
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 25 Sep 2022 06:30:45 GMT
ETag: "c4de315a1d00b0ddabf70e6581664e12123b06c4"
Last-Modified: Wed, 21 Sep 2022 06:30:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1395
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e1ccbd48f2b518-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    f56b2358a15efa2d0423a8e085fa9856
Sha1:   c4de315a1d00b0ddabf70e6581664e12123b06c4
Sha256: 4cab8c3c0392aa92debf7e0765455a1b0057a244ea738c84dd81afe9e5abca1c
                                        
                                            GET /assets/adunit-794b7334b25d2a9ccaec.js HTTP/1.1 
Host: glopart.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         51.250.65.231
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 21 Sep 2022 09:33:30 GMT
vary: Accept-Encoding
etag: W/"4cb75803fae23dbd10bfdaed386fff49"
last-modified: Sun, 10 Apr 2022 15:34:49 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   34584
Md5:    9d832e82f5825b2a0a995a3dd2c2ff9c
Sha1:   856906e3fb139c7d28287babf1ac4fe6c32aeba8
Sha256: ed4bfcece450cbe942bfdc4e771c223bbe6001a289b5c6fa03795538dcca623b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E75315ECF71F2D2C0BBA377F986399DB9653201D0E22C93F1D6A3AF0AAF64190"
Last-Modified: Mon, 19 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11109
Expires: Wed, 21 Sep 2022 12:38:40 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            GET /csync?url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D110%26euid%3D%7BuserId%7D HTTP/1.1 
Host: ads.adlook.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         176.122.21.130
HTTP/2 302 Found
                                        
location: https://acint.net/match?dp=110&euid=104bd0086aba468cae862fc822dd7a88
server: Kestrel
set-cookie: adlm_userId=104bd0086aba468cae862fc822dd7a88; expires=Wed, 20 Sep 2023 21:00:00 GMT; path=/; SameSite=None; secure
date: Wed, 21 Sep 2022 09:33:30 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            GET /match/sape?id=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         116.202.236.228
HTTP/2 204 No Content
                                        
server: nginx/1.17.10
date: Wed, 21 Sep 2022 09:33:31 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /sape/sync HTTP/1.1 
Host: sync.upravel.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         148.251.78.49
HTTP/2 302 Found
content-type: image/png
                                        
server: nginx
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 0
location: https://sync.upravel.com/sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0
set-cookie: session_tptc=1663752811138;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=180 session_tptc-legacy=1663752811138;Version=1;Domain=.upravel.com;Path=/;Max-Age=180
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2

                                        
                                            GET /font/roboto.googlefonts/Roboto-Medium.woff2 HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: application/octet-stream
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:33:15 GMT
content-length: 62228
last-modified: Sun, 03 Jul 2016 17:43:11 GMT
etag: "57794eaf-f314"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 15


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 62228, version 2.0\012- data
Size:   62228
Md5:    4a6c203d3f824fa9ce159965a0ab3156
Sha1:   024f9f4466d9eca4b612629001b32dbaff3c5b6f
Sha256: e9817ff441c7044f2d126a3e12b02f624bd2fff669e3f6092d9c92324313df13
                                        
                                            GET /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: sync.1dmp.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         78.46.100.125
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 0
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=748aca00-3990-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Thu, 21 Sep 2023 09:33:31 GMT; SameSite=None; Secure uid-legacy=748aca00-3990-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Thu, 21 Sep 2023 09:33:31 GMT
location: /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=89B803C16ADA2A63D903AC68020BB075&cs=1
X-Firefox-Spdy: h2

                                        
                                            GET /match?dsp=sape HTTP/1.1 
Host: sync.republer.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.88.82.46
HTTP/2 204 No Content
                                        
server: nginx
date: Wed, 21 Sep 2022 09:33:31 GMT
strict-transport-security: max-age=0
X-Firefox-Spdy: h2

                                        
                                            GET /match?dp=14&euid=88B803C16BDA2A631F000DA802529993 HTTP/1.1 
Host: acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; test_cookie=CheckForPermission; cSyncDp7v2=1663752810; cSyncDp14v3=1663752810; cSyncDp17=1663752810; cSyncDp32=1663752810; cSyncDp45v3=1663752810; cSyncDp53=1663752810; cSyncDp54v2=1663752810; cSyncDp62=1663752810; cSyncDp67v2=1663752810; cSyncDp68=1663752810; cSyncDp71=1663752810; cSyncDp77=1663752810; cSyncDp84=1663752810; cSyncDp85=1663752810; cSyncDp95v3=1663752810; cSyncDp101=1663752810; cSyncDp104v2=1663752810; cSyncDp107=1663752810; cSyncDp110=1663752810; cSyncDp111v2=1663752810; cSyncDp112v2=1663752810; cSyncDp125v2=1663752810; cSyncDp126=1663752810; cSyncDp127=1663752810; cSyncDp129=1663752810; cSyncDp136v2=1663752810; cSyncDp138=1663752810; cSyncDp144=1663752810; cSyncDp146=1663752810; cSyncDp148=1663752810; cSyncDp149=1663752810; cSyncDp151=1663752810; cSyncDp178=1663752810; cSyncDp179=1663752810; cSyncDp186=1663752810; cSyncDp221=1663752810
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6290
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 09:33:31 GMT
Last-Modified: Wed, 21 Sep 2022 07:48:41 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /match?dp=110&euid=104bd0086aba468cae862fc822dd7a88 HTTP/1.1 
Host: acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; test_cookie=CheckForPermission; cSyncDp7v2=1663752810; cSyncDp14v3=1663752810; cSyncDp17=1663752810; cSyncDp32=1663752810; cSyncDp45v3=1663752810; cSyncDp53=1663752810; cSyncDp54v2=1663752810; cSyncDp62=1663752810; cSyncDp67v2=1663752810; cSyncDp68=1663752810; cSyncDp71=1663752810; cSyncDp77=1663752810; cSyncDp84=1663752810; cSyncDp85=1663752810; cSyncDp95v3=1663752810; cSyncDp101=1663752810; cSyncDp104v2=1663752810; cSyncDp107=1663752810; cSyncDp110=1663752810; cSyncDp111v2=1663752810; cSyncDp112v2=1663752810; cSyncDp125v2=1663752810; cSyncDp126=1663752810; cSyncDp127=1663752810; cSyncDp129=1663752810; cSyncDp136v2=1663752810; cSyncDp138=1663752810; cSyncDp144=1663752810; cSyncDp146=1663752810; cSyncDp148=1663752810; cSyncDp149=1663752810; cSyncDp151=1663752810; cSyncDp178=1663752810; cSyncDp179=1663752810; cSyncDp186=1663752810; cSyncDp221=1663752810
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9D5840FC9DEA3D55D10247F043B47715557416539DB5856830BE0275EBD1224"
Last-Modified: Mon, 19 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20036
Expires: Wed, 21 Sep 2022 15:07:27 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7B67202E50EE8511EB36FAD0CCADF6B6DEBE8169C3925C48BC1B5F1AAE26BC13"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Wed, 21 Sep 2022 10:34:27 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "718EED71973D15305E0894498BE069C630B67BCAD72A6C1A1872BFDF99E97F4B"
Last-Modified: Mon, 19 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5911
Expires: Wed, 21 Sep 2022 11:12:02 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            GET /font/roboto.googlefonts/Roboto-Regular.woff2 HTTP/1.1 
Host: freecurrencyrates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         74.119.195.177
HTTP/1.1 200 OK
content-type: application/octet-stream
                                        
server: nginx/1.18.0
date: Wed, 21 Sep 2022 09:32:35 GMT
content-length: 61604
last-modified: Sun, 03 Jul 2016 17:43:11 GMT
etag: "57794eaf-f0a4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 56


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 61604, version 2.0\012- data
Size:   61604
Md5:    8eec98e0eb4f8d9f82fa2c1adbd327fd
Sha1:   87a0c5824a950d21f3b93d42e82ccc033e3b5329
Sha256: f05b6f9877fc4a3f9b4587aba72a9c63c60ce1e26398993498187816366de818
                                        
                                            GET /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=89B803C16ADA2A63D903AC68020BB075&cs=1 HTTP/1.1 
Host: sync.1dmp.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: uid=748aca00-3990-11ed-8677-901b0e934d81
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         78.46.100.125
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 35
expires: 0
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
set-cookie: uid=748aca00-3990-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Thu, 21 Sep 2023 09:33:31 GMT; SameSite=None; Secure uid-legacy=748aca00-3990-11ed-8677-901b0e934d81; Version=1; Path=/; Domain=.1dmp.io; Expires=Thu, 21 Sep 2023 09:33:31 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0C3B6835B2E7AA2BB66466305608B1AB6236431FADAFA3A6FE32530F516DC23A"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11972
Expires: Wed, 21 Sep 2022 12:53:03 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            GET /sspmatch?url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D95%26euid%3D HTTP/1.1 
Host: ssp.bestssp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.147.80.35
HTTP/1.1 302 Found
                                        
Server: nginx/1.16.1
Date: Wed, 21 Sep 2022 09:33:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.acint.net/match?dp=95&euid=QAKQYKNT
Set-Cookie: uid=QAKQYKNT; Expires=Wed, 21 Sep 2032 00:00:00 GMT; mf2=1; Expires=Fri, 21 Oct 2022 00:00:00 GMT;

                                        
                                            GET /matchspm?pi=1000005&pui=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: ut.rktch.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         89.108.97.2
HTTP/1.1 302 Found
                                        
Server: nginx/1.22.0
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 0
Connection: keep-alive
location: https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fut.rktch.com%2Fmatchspm%3Fpi%3D1000006%26pui%3D{WEBO_CID}%26noredirect
Set-Cookie: b_uid=948a1227dc11478e13fc4bc85085b35a7400; Max-Age=2592000; Expires=Fri, 21 Oct 2022 09:33:31 GMT; Domain=rktch.com; Secure; SameSite=None
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, Accept, Authorization
Access-Control-Allow-Credentials: true

                                        
                                            GET /sape/sync?session_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyJdfX0 HTTP/1.1 
Host: sync.upravel.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: session_tptc=1663752811138
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         148.251.78.49
HTTP/2 302 Found
content-type: image/png
                                        
server: nginx
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 0
location: https://c65521c3-2693-42c1-b2f6-2318d64fa5f3.sync.upravel.com/sape/sync?ud_tpt=eyJoZWFkZXJzIjp7InJlZmVyZXIiOlsiaHR0cHM6Ly93d3cuYWNpbnQubmV0LyIsImh0dHBzOi8vd3d3LmFjaW50Lm5ldC8iXX19
set-cookie: user_id=c65521c3-2693-42c1-b2f6-2318d64fa5f3;SameSite=None;Secure;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000 user_id-legacy=c65521c3-2693-42c1-b2f6-2318d64fa5f3;Version=1;Domain=.upravel.com;Path=/;Max-Age=315360000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: false
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9FF0F01363DBFB8A16C5BA064B6AD8AAAF50C69CD6181E65C41AC1E46CF891AD"
Last-Modified: Tue, 20 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2039
Expires: Wed, 21 Sep 2022 10:07:30 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            GET /sync?ssp=sape HTTP/1.1 
Host: a.utraff.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.59.66
HTTP/2 204 No Content
content-type: text/plain
                                        
date: Wed, 21 Sep 2022 09:33:31 GMT
set-cookie: preutid=1; Expires=Fri, 21 Oct 2022 12:33:31 GMT; Domain=.itraff.net; SameSite=None; Secure; Path=/ preutid=1; Expires=Fri, 21 Oct 2022 12:33:31 GMT; Domain=.utraff.com; SameSite=None; Secure; Path=/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-expose-headers: Content-Length,Content-Range
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1OnzjCiyZtlQ9MCWU6JuB5v%2BQ%2BE%2B1Pk04C8ylpE1YL8Slnjf52dm3jZePpWI1vxfA0lKpiYjkVMJ3nabErJlSvx2idA1%2FnQtAAc2EawdExb88OMK7W6sAnKTwPgpMEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e1ccbe286f1c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "33CC7E1528CD3C0358C442656146C740469BDF1F68FACB8D3171AF0FD9F76B67"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10495
Expires: Wed, 21 Sep 2022 12:28:26 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            GET /match/396/?remote_uid=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: s.uuidksinc.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.220.27.134
HTTP/2 302 Found
                                        
server: nginx/1.19.0
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 0
location: https://www.acint.net/match?dp=127&euid=6S83qsnK6P3OG0Br7ujj
set-cookie: jcsuuid=6S83qsnK6P3OG0Br7ujj; expires=Thu, 21 Sep 2023 09:33:31 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /wp-content/uploads/2019/10/cropped-26939-520-192x192.png HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663752810519; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20; fid=fa2d74c6-3661-4c6a-9616-dda0e479833f; adtech_uid=9d2b2b8e-6003-4107-bd9e-711d7658c8c7%3Ainveststable.ru; top100_id=t1.6699530.2123457652.1663752810667; t3_sid_6699530=s1.965615880.1663752810669.1663752810980.1.1.1.1; last_visit=1663752810955%3A%3A1663752810955
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 50173
last-modified: Fri, 01 May 2020 14:37:28 GMT
etag: "5eac3428-c3fd"
expires: Fri, 21 Oct 2022 09:33:31 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   50173
Md5:    e44d85614d8292ccfd0d2f66283315a7
Sha1:   ba7defd7ea00c5796cc6a5eaf7a3f24e3a7ad596
Sha256: fd5b43b6831c55cc360e720b2f1dd2ce08d5c086641c69a09a735d18974a340e
                                        
                                            GET /wp-content/uploads/2019/10/cropped-26939-520-32x32.png HTTP/1.1 
Host: investstable.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://investstable.ru/
Connection: keep-alive
Cookie: JCS_INENREF=; JCS_INENTIM=1663752810519; _wpss_h_=1; _wpss_p_=N%3A0%20%7C%20; fid=fa2d74c6-3661-4c6a-9616-dda0e479833f; adtech_uid=9d2b2b8e-6003-4107-bd9e-711d7658c8c7%3Ainveststable.ru; top100_id=t1.6699530.2123457652.1663752810667; t3_sid_6699530=s1.965615880.1663752810669.1663752810980.1.1.1.1; last_visit=1663752810955%3A%3A1663752810955
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.130.41.35
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx-reuseport/1.21.1
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 2402
last-modified: Fri, 01 May 2020 14:37:28 GMT
etag: "5eac3428-962"
expires: Fri, 21 Oct 2022 09:33:31 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   2402
Md5:    93f0cd2b3e24f6d8a35bd8960022f7ef
Sha1:   641413117c5083469194ce81347e100a9a57ec62
Sha256: f6aba205f53b839f33daff5ab64e9fbd4bf6d32252fd0c501704107e0d20ec1c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 18 Sep 2022 00:21:03 GMT
Expires: Sun, 25 Sep 2022 00:21:02 GMT
Etag: "4ae50c94f39c12046d8522d440f5bb81781d4e9a"
Cache-Control: max-age=311850,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74e1ccbe68030b39-OSL

                                        
                                            GET /match?dp=129&euid=67btg9vzk3 HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; test_cookie=CheckForPermission; cSyncDp7v2=1663752810; cSyncDp14v3=1663752810; cSyncDp17=1663752810; cSyncDp32=1663752810; cSyncDp45v3=1663752810; cSyncDp53=1663752810; cSyncDp54v2=1663752810; cSyncDp62=1663752810; cSyncDp67v2=1663752810; cSyncDp68=1663752810; cSyncDp71=1663752810; cSyncDp77=1663752810; cSyncDp84=1663752810; cSyncDp85=1663752810; cSyncDp95v3=1663752810; cSyncDp101=1663752810; cSyncDp104v2=1663752810; cSyncDp107=1663752810; cSyncDp110=1663752810; cSyncDp111v2=1663752810; cSyncDp112v2=1663752810; cSyncDp125v2=1663752810; cSyncDp126=1663752810; cSyncDp127=1663752810; cSyncDp129=1663752810; cSyncDp136v2=1663752810; cSyncDp138=1663752810; cSyncDp144=1663752810; cSyncDp146=1663752810; cSyncDp148=1663752810; cSyncDp149=1663752810; cSyncDp151=1663752810; cSyncDp178=1663752810; cSyncDp179=1663752810; cSyncDp186=1663752810; cSyncDp221=1663752810
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /?src=sap1&uid=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: sync.bumlam.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.172.81.158
HTTP/1.1 302 Moved Temporarily
                                        
Server: nginx
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiQ3NDllNzc4MC0zOTkwLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Tue, 16 Sep 2042 09:33:31 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync.bumlam.com/?src=sap1&s_data=CAIQARjrtKuZBmIgODlCODAzQzE2QURBMkE2M0Q5MDNBQzY4MDIwQkIwNzWiARB0nneAOZAR7YZEACWQyCQ3
ETag: 749e7780-3990-11ed-8644-002590c82437
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0

                                        
                                            GET /core/match.gif?s=32&id=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: mediatoday.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.228.100
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx/1.20.2
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 43
p3p: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA
cache-control: no-cache, max-age=0, must-revalidate, no-store
pragma: no-cache
expires: Thursday, 01-Jan-1970 00:00:00 GMT
set-cookie: idntfy=VU0259OOfTnLMgf; expires=Sat, 18-Sep-2032 09:33:31 GMT; domain=mediatoday.ru; path=/core; SameSite=None; Secure
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    325472601571f31e1bf00674c368d335
Sha1:   2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
Sha256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
                                        
                                            GET /match?dp=95&euid=QAKQYKNT HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; test_cookie=CheckForPermission; cSyncDp7v2=1663752810; cSyncDp14v3=1663752810; cSyncDp17=1663752810; cSyncDp32=1663752810; cSyncDp45v3=1663752810; cSyncDp53=1663752810; cSyncDp54v2=1663752810; cSyncDp62=1663752810; cSyncDp67v2=1663752810; cSyncDp68=1663752810; cSyncDp71=1663752810; cSyncDp77=1663752810; cSyncDp84=1663752810; cSyncDp85=1663752810; cSyncDp95v3=1663752810; cSyncDp101=1663752810; cSyncDp104v2=1663752810; cSyncDp107=1663752810; cSyncDp110=1663752810; cSyncDp111v2=1663752810; cSyncDp112v2=1663752810; cSyncDp125v2=1663752810; cSyncDp126=1663752810; cSyncDp127=1663752810; cSyncDp129=1663752810; cSyncDp136v2=1663752810; cSyncDp138=1663752810; cSyncDp144=1663752810; cSyncDp146=1663752810; cSyncDp148=1663752810; cSyncDp149=1663752810; cSyncDp151=1663752810; cSyncDp178=1663752810; cSyncDp179=1663752810; cSyncDp186=1663752810; cSyncDp221=1663752810
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /match?dp=127&euid=6S83qsnK6P3OG0Br7ujj HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; test_cookie=CheckForPermission; cSyncDp7v2=1663752810; cSyncDp14v3=1663752810; cSyncDp17=1663752810; cSyncDp32=1663752810; cSyncDp45v3=1663752810; cSyncDp53=1663752810; cSyncDp54v2=1663752810; cSyncDp62=1663752810; cSyncDp67v2=1663752810; cSyncDp68=1663752810; cSyncDp71=1663752810; cSyncDp77=1663752810; cSyncDp84=1663752810; cSyncDp85=1663752810; cSyncDp95v3=1663752810; cSyncDp101=1663752810; cSyncDp104v2=1663752810; cSyncDp107=1663752810; cSyncDp110=1663752810; cSyncDp111v2=1663752810; cSyncDp112v2=1663752810; cSyncDp125v2=1663752810; cSyncDp126=1663752810; cSyncDp127=1663752810; cSyncDp129=1663752810; cSyncDp136v2=1663752810; cSyncDp138=1663752810; cSyncDp144=1663752810; cSyncDp146=1663752810; cSyncDp148=1663752810; cSyncDp149=1663752810; cSyncDp151=1663752810; cSyncDp178=1663752810; cSyncDp179=1663752810; cSyncDp186=1663752810; cSyncDp221=1663752810
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /p?ssp=sp&uid=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: cs.agency2.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.111.107.44
HTTP/1.1 301 Moved Permanently
                                        
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 0
Connection: keep-alive
Server: fasthttp
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.acint.net/match?dp=186&euid=2c633c76-9c48-40ed-bc93-48ea0437fb8f
Set-Cookie: uuid=2c633c76-9c48-40ed-bc93-48ea0437fb8f; expires=Tue, 12 Sep 2023 09:33:31 GMT; domain=agency2.ru; path=/; secure; SameSite=None
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
X-Host: 23.111.107.44

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13203
Expires: Wed, 21 Sep 2022 13:13:34 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            GET /sape/cm?user_id=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: nr.bidderstack.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         46.4.70.80
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 44
Connection: keep-alive
Set-Cookie: uid=f9c74d40-6ca1-4d22-8d78-d4321be1c76e; domain=.bidderstack.com; path=/; expires=Thu, 21-Sep-2023 09:33:31 GMT;
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   44
Md5:    f9d60352c70a2ba15616d1c9421f3844
Sha1:   e9abc8bea7721a4b6a50295850d13c515006a95c
Sha256: 82cb517a8f80c91dfcec543c6d140deb3baaf463ea9e77655475096eba7bc7d9
                                        
                                            GET /?src=sap1&s_data=CAIQARjrtKuZBmIgODlCODAzQzE2QURBMkE2M0Q5MDNBQzY4MDIwQkIwNzWiARB0nneAOZAR7YZEACWQyCQ3 HTTP/1.1 
Host: sync.bumlam.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: suuid3=IiQ3NDllNzc4MC0zOTkwLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.172.81.158
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: suuid3=IiQ3NDllNzc4MC0zOTkwLTExZWQtODY0NC0wMDI1OTBjODI0Mzc*; Path=/; Expires=Tue, 16 Sep 2042 09:33:31 GMT; Domain=bumlam.com; SameSite=None; Secure
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E28B5CB66252A18D25FCCA8E24BFCDAAA5F93BC9AE8DB726B28CB4AF50867E21"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15068
Expires: Wed, 21 Sep 2022 13:44:39 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8826
x-amzn-requestid: cf0c711e-4ec9-4f87-a60f-41374262a114
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYweUHIyoAMFYQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202df5-17ad5d4e25a754586e531d05;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:15:01 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OEbpCQXLpTCDZH4OlzVvvsc-bSgbsIoXRgX6f-nKVwJTL5-SVTCHeA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:48:37 GMT
age: 42294
etag: "344c6000dbdafdb5105edc93a082d640c3e95ddc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8826
Md5:    4eb6d1b35f680bfec656941b6167fd23
Sha1:   344c6000dbdafdb5105edc93a082d640c3e95ddc
Sha256: 67fc85fa0f1a55d57ab9db6f4c723fb9116ef3b2c5282dbdd42d9c37396bd7b9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7507
x-amzn-requestid: 2a40c792-8b1b-4476-92de-1fce3df48fc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCmaHefoAMF4Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e28-6b05350006b7f3fb73d1e37a;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rq4QHCD4EubBKHyCj7jyKqpct5d7U33TvNufqj_w8mWunqQsouoh7w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:25:17 GMT
age: 40094
etag: "09bd3300d710c3212483159f8398b84cde09da26"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7507
Md5:    4d98acc059a69d51165fb5e0c7430ea3
Sha1:   09bd3300d710c3212483159f8398b84cde09da26
Sha256: 6e38bbb5c79c4f714973e10961d7bad9e7ae8711cf24d68b13a77206f474d2a6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c472fe6-fe9b-4742-98f4-b71f53839315.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4789
x-amzn-requestid: 36ce3b9d-d2aa-4975-86e5-22875944d707
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YiqljEIKoAMFhPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63242489-1a31957361790e766b8355c6;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:23:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uNmY94pnSglVwSsx4oEaFrQqFI0bxeVzH8o8PYApgHQk_CSrkk2R1g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:20:09 GMT
age: 40402
etag: "0850ed5db509f8a75439eca5866c2bb6ca3195d3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4789
Md5:    4df06b3e4176e8f080c997bfae578142
Sha1:   0850ed5db509f8a75439eca5866c2bb6ca3195d3
Sha256: 43e8bfd931d778ac5ebf2d4a8c9915cb05394b6499f9a8575cfc8ce93edd7d92
                                        
                                            GET /cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D HTTP/1.1 
Host: exchange.buzzoola.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         168.119.8.212
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 115
location: https://www.acint.net/match?dp=126&euid=051ecdb9-18a6-46ad-61f4-77f9fd9e619b
serverid: TODO
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   115
Md5:    0f3ec82b4adf7022303515650fde4115
Sha1:   406ce60fae1ec0bcc257e277ccdc448390b5f3e7
Sha256: d045175903075c807bd1453417d212bb41f840eae21fcddbacd9450a253abe28
                                        
                                            GET /merge_gpsid/?sid=50&id=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: stat.adlabs.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         109.248.237.36
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 21 Sep 2022 09:21:11 GMT
content-length: 0
location: //adlmerge.com/merge_gpsid/?sid=50&id=89B803C16ADA2A63D903AC68020BB075
X-Firefox-Spdy: h2

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9201
x-amzn-requestid: 6dbfae76-f9ab-4f31-9b62-bcf5d9ce4515
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YxzxlEYcoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a333d-7d147481402cc46a751b72ed;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:40:13 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JEb0g486u6AjYFbf8rSbreKjh0m1GsAGbvykHl0oahmVN2ciqe5FOw==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:14:57 GMT
etag: "1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54"
age: 40714
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9201
Md5:    a692964324dbb9c460a1b855808d02e6
Sha1:   1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54
Sha256: 3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10244
x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYwBkGqjIAMFz0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e3MMA-NVstIsR7M9_JGH05i1e8pK17RsjyERrSMlC3uoHsWw_7ABtA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 19:18:32 GMT
age: 51299
etag: "b1cd04a66852694284eeef16a1cde38896e33c03"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10244
Md5:    14e6ddceb639a5f4875aecb796f95c79
Sha1:   b1cd04a66852694284eeef16a1cde38896e33c03
Sha256: 4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb447f31d-2a9a-4657-a829-f79bc662f662.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10293
x-amzn-requestid: 79f60a00-d045-4829-aa8b-d79050cb890d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfWItGn6oAMFeyA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322d09d-197e424d3023e2683d291f7c;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:13:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p9HhyeWzmFixsw2Ft2OzcH2rBEhJ6xD1sQPxDAmj41akQVG_AG1xZQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 03:13:04 GMT
age: 22827
etag: "3a5ad499b134a33e79d5fe00c7f5c7c098b3ee34"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10293
Md5:    285c04fe0904d41ab1c0259942fa26ec
Sha1:   3a5ad499b134a33e79d5fe00c7f5c7c098b3ee34
Sha256: b91184725a4171202201b5478271a3ab361c54a8893b4dee70d941821a2e70a8
                                        
                                            GET /match?dp=186&euid=2c633c76-9c48-40ed-bc93-48ea0437fb8f HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; test_cookie=CheckForPermission; cSyncDp7v2=1663752810; cSyncDp14v3=1663752810; cSyncDp17=1663752810; cSyncDp32=1663752810; cSyncDp45v3=1663752810; cSyncDp53=1663752810; cSyncDp54v2=1663752810; cSyncDp62=1663752810; cSyncDp67v2=1663752810; cSyncDp68=1663752810; cSyncDp71=1663752810; cSyncDp77=1663752810; cSyncDp84=1663752810; cSyncDp85=1663752810; cSyncDp95v3=1663752810; cSyncDp101=1663752810; cSyncDp104v2=1663752810; cSyncDp107=1663752810; cSyncDp110=1663752810; cSyncDp111v2=1663752810; cSyncDp112v2=1663752810; cSyncDp125v2=1663752810; cSyncDp126=1663752810; cSyncDp127=1663752810; cSyncDp129=1663752810; cSyncDp136v2=1663752810; cSyncDp138=1663752810; cSyncDp144=1663752810; cSyncDp146=1663752810; cSyncDp148=1663752810; cSyncDp149=1663752810; cSyncDp151=1663752810; cSyncDp178=1663752810; cSyncDp179=1663752810; cSyncDp186=1663752810; cSyncDp221=1663752810
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 21 Sep 2022 08:41:12 GMT
expires: Wed, 21 Sep 2022 10:41:12 GMT
cache-control: public, max-age=7200
age: 3139
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /userbind?src=sape&id=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: match.new-programmatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         217.65.2.150
HTTP/1.1 204 No Content
                                        
Server: nginx/1.18.0
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Vary: Origin

                                        
                                            GET /plugins/ua/linkid.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 859
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 08:47:30 GMT
expires: Wed, 21 Sep 2022 09:47:30 GMT
cache-control: public, max-age=3600
age: 2761
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1335)
Size:   859
Md5:    904463ce35aee800847ab85ec948aaf6
Sha1:   904e4d2647466c7f7e0f7412019984e3b2ccfb24
Sha256: 057b4d29359dfe2536a2ec40243bdfa7b151222efcc1eb358608994a14c34237
                                        
                                            GET /match?dp=126&euid=051ecdb9-18a6-46ad-61f4-77f9fd9e619b HTTP/1.1 
Host: www.acint.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.acint.net/
Connection: keep-alive
Cookie: aid=wQO4iWMq2mporAPZdbALAsr0gpBBPkoiMX4fojae52OhTZZ8; test_cookie=CheckForPermission; cSyncDp7v2=1663752810; cSyncDp14v3=1663752810; cSyncDp17=1663752810; cSyncDp32=1663752810; cSyncDp45v3=1663752810; cSyncDp53=1663752810; cSyncDp54v2=1663752810; cSyncDp62=1663752810; cSyncDp67v2=1663752810; cSyncDp68=1663752810; cSyncDp71=1663752810; cSyncDp77=1663752810; cSyncDp84=1663752810; cSyncDp85=1663752810; cSyncDp95v3=1663752810; cSyncDp101=1663752810; cSyncDp104v2=1663752810; cSyncDp107=1663752810; cSyncDp110=1663752810; cSyncDp111v2=1663752810; cSyncDp112v2=1663752810; cSyncDp125v2=1663752810; cSyncDp126=1663752810; cSyncDp127=1663752810; cSyncDp129=1663752810; cSyncDp136v2=1663752810; cSyncDp138=1663752810; cSyncDp144=1663752810; cSyncDp146=1663752810; cSyncDp148=1663752810; cSyncDp149=1663752810; cSyncDp151=1663752810; cSyncDp178=1663752810; cSyncDp179=1663752810; cSyncDp186=1663752810; cSyncDp221=1663752810
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         185.12.125.25
HTTP/2 200 OK
content-type: image/gif
                                        
server: openresty
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
expires: Wed, 19 Apr 2000 11:43:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            POST /j/collect?v=1&_v=j97&a=831920087&t=pageview&_s=1&dl=https%3A%2F%2Finveststable.ru%2F&ul=en-us&de=UTF-8&dt=%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=aGBAAUIhAAAAAC~&jid=129360821&gjid=1778733038&cid=567185177.1663752811&tid=UA-150971850-1&_gid=1126789002.1663752811&_r=1&gtm=2ou9j0&did=dZGIzZG&gdid=dZGIzZG&z=131147654 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://investstable.ru
date: Wed, 21 Sep 2022 09:33:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13203
Expires: Wed, 21 Sep 2022 13:13:34 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 25 Sep 2022 06:21:39 GMT
ETag: "6a701d845c7a70b1dd10d7f5e047011ae3689360"
Last-Modified: Wed, 21 Sep 2022 06:21:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2076
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e1ccbfcf9cb509-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    a2e812044128f3a98fbd7fda6a36e44d
Sha1:   6a701d845c7a70b1dd10d7f5e047011ae3689360
Sha256: 763986ad47e03273f158fa35b26da01d56de2460e8c1321a3fbea96fe22eb7f7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4397
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 09:33:31 GMT
Last-Modified: Wed, 21 Sep 2022 08:20:14 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6290
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 09:33:31 GMT
Last-Modified: Wed, 21 Sep 2022 07:48:41 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /en_US/fbevents.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.14
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 3MPPLO/lWsZIYWtM4KgeSv9Tk1ynHFoT6XAhIXPfdi+cxfsyOe7yU3zG2JYYlg1qnHopHqjjO9SVgmGqaQ18dA==
content-length: 26839
x-fb-trip-id: 1679558926
date: Wed, 21 Sep 2022 09:33:31 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64348)
Size:   26839
Md5:    9ecd89752214ef749272eef344b9089a
Sha1:   70a58a49c08934265ee34c74efb01d6b3124095d
Sha256: f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528
                                        
                                            POST / HTTP/1.1 
Host: status.geotrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3570
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 09:33:31 GMT
Last-Modified: Wed, 21 Sep 2022 08:34:02 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 939
Connection: keep-alive
Expires: Sun, 25 Sep 2022 06:55:24 GMT
ETag: "9b2eb3991c2aaa92a2a2b16bc778dfd965de0277"
Last-Modified: Wed, 21 Sep 2022 06:55:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2747
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e1ccc0381eb509-OSL

                                        
                                            GET /p?ssp=sp&id=89B803C16ADA2A63D903AC68020BB075 HTTP/1.1 
Host: 89b803c16ada2a63d903ac68020bb075-sp.ops.beeline.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.acint.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         37.9.245.57
HTTP/2 301 Moved Permanently
                                        
server: nginx
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 0
location: https://www.acint.net/match?dp=111&euid=793c6c2c-da1c-471f-9385-9733dd605f3b
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: BeeAID=793c6c2c-da1c-471f-9385-9733dd605f3b; expires=Tue, 12 Sep 2023 09:33:31 GMT; domain=ops.beeline.ru; path=/; secure; SameSite=None
access-control-allow-credentials: true, true
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
x-route: http://upstream_cookiesync
x-host: 192.168.152.59
X-Firefox-Spdy: h2

                                        
                                            GET /pagead/js/adsbygoogle.js?client=ca-ca-pub-8209382010145353 HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investstable.ru
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.98
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Wed, 21 Sep 2022 09:33:31 GMT
expires: Wed, 21 Sep 2022 09:33:31 GMT
cache-control: private, max-age=3600
etag: 3358355803634077585
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 57993
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2903)
Size:   57993
Md5:    fa30d4dd608bb6ad1da80f8b88f0d072
Sha1:   b7d513c1d3499d8473f1d92d2ee9ebbb8ccfe767
Sha256: c960d41bd5797350cfaf1a3d28b445905001a5ff40accc34c4c1dd8b3ace3cb8
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9D9E74F7121399F63901DDA5622E7AE4E2199C44358A421780C2B1C2FC41114D"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16265
Expires: Wed, 21 Sep 2022 14:04:36 GMT
Date: Wed, 21 Sep 2022 09:33:31 GMT
Connection: keep-alive

                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 939
Connection: keep-alive
Expires: Sun, 25 Sep 2022 06:55:24 GMT
ETag: "9b2eb3991c2aaa92a2a2b16bc778dfd965de0277"
Last-Modified: Wed, 21 Sep 2022 06:55:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2747
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e1ccc049deb4f3-OSL

                                        
                                            GET /signals/plugins/identity.js?v=2.9.83 HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.14
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: fz/7TWi/756owKKANSlziMdki+O/3Oef8D3Tg1fahYtUZoUdZvhTSTSsUl8wR6IpPOD6uemj10rGHVq9QF42hQ==
content-length: 20715
x-fb-trip-id: 1679558926
date: Wed, 21 Sep 2022 09:33:31 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (60036)
Size:   20715
Md5:    703b94b52d28f1e141de2f87bf8c1c1c
Sha1:   e2c615d215960b30a3d750fd277076fc48106106
Sha256: c363dae6148c5c4822fd1083a8850e0682f710714c21fe3da6de7bebd5b806fd
                                        
                                            GET /hit?t12.15;r;s1280*1024*24;uhttps%3A//investstable.ru/;h%u0412%u0441%u0451%20%u043E%20%u0437%u0430%u0440%u0430%u0431%u043E%u0442%u043A%u0435%20%u0432%20%u0438%u043D%u0442%u0435%u0440%u043D%u0435%u0442%u0435%20-%20%u0414%u0443%u043C%u0430%u0439%2C%20%u043F%u0440%u0435%u0436%u0434%u0435%20%u0447%u0435%u043C%20%u0432%u043A%u043B%u0430%u0434%u044B%u0432%u0430%u0442%u044C%20%u0434%u0435%u043D%u044C%u0433%u0438%2C%20%u0438%20%u043D%u0435%20%u0437%u0430%u0431%u044B%u0432%u0430%u0439%20;0.7777424789345702 HTTP/1.1 
Host: counter.yadro.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         88.212.201.198
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 09:33:31 GMT
Content-Length: 807
Connection: keep-alive
Expires: Mon, 20 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400


--- Additional Info ---
Magic:  GIF image data, version 87a, 88 x 31\012- data
Size:   807
Md5:    ddeb55891a340ba1be4db55c4ff43cb3
Sha1:   b8b9139f2ec35ae37485fea6fc2f0493e546de93
Sha256: 16bb7b8a065e488d04a1b00749e74c1e2fa7a533b87fb822beea113b107815fb
                                        
                                            GET /cnt/v2/?event_name=page_view&event_type=base&project_id=6699530&request_id=1663752810.666-12568735&event_id=463428109803958&meta=%7B%22browser_size%22%3A%221268x939%22%2C%22title%22%3A%22%D0%92%D1%81%D1%91%20%D0%BE%20%D0%B7%D0%B0%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B5%20%D0%B2%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20-%20%D0%94%D1%83%D0%BC%D0%B0%D0%B9%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5%20%D1%87%D0%B5%D0%BC%20%D0%B2%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B%D0%B2%D0%B0%D1%82%D1%8C%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%2C%20%D0%B8%20%D0%BD%D0%B5%20%D0%B7%D0%B0%D0%B1%D1%8B%D0%B2%D0%B0%D0%B9%20%D0%B4%D1%83%D0%BC%D0%B0%D1%82%D1%8C%2C%20%D0%BA%D0%BE%D0%B3%D0%B4%D0%B0%20%D1%83%D0%B6%D0%B5%20%D0%B2%D0%BB%D0%BE%D0%B6%D0%B8%D0%BB%20%D0%B8%D1%85.%22%2C%22screen_size%22%3A%7B%22cr%22%3A1280%2C%22hr%22%3A1024%7D%2C%22color_depth%22%3A%2224-bit%22%2C%22language%22%3A%22en-US%22%2C%22browser%22%3A%22Netscape%22%2C%22platform%22%3A%22Linux%20x86_64%22%2C%22timezone%22%3A0%2C%22referer%22%3A%22%22%2C%22is_first%22%3A1%7D&url=https%3A%2F%2Finveststable.ru%2F&session_id=965615880_1663752810669&session_number=1&session_event_number=1&tid=t1.6699530.2123457652.1663752810667&adtech_uid=9d2b2b8e-6003-4107-bd9e-711d7658c8c7&adtech_uid_scope=investstable.ru&fingerprint=pA8AAENKs1er0heJAXvnWwA%3D&fingerprint_ip=pA8AAENKs1dky%2B7aATvR3QA%3D&version=3.10.9&counter_type=web&experiment=%5B%5B%22exp_bot%22%2C%22split_b%22%5D%2C%5B%22exp_ping%22%2C%22no%22%5D%5D&rn=2091872716 HTTP/1.1 
Host: kraken.rambler.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investstable.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         81.19.89.17
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx/1.19.4
date: Wed, 21 Sep 2022 09:33:31 GMT
content-length: 595
last-modified: Tue, 12 Nov 2019 12:50:59 GMT
etag: "5dcaaab3-253"
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: content-type
access-control-allow-credentials: true
x-srv: 0node0010.top100.rambler.tech
set-cookie: ruid=1CIAAGvaKmNMQ/SEAWR7owB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/ proto_uid=1CIAAGvaKmNMQ/SEAWR7owB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 87a, 88 x 31\012- data
Size:   595
Md5:    ab7587316a539078f47cbc113810a1eb
Sha1:   27e636702c39cc363b5fcdbdb463d84d023de8a3
Sha256: 292ec7c404a8403839ffe25a1dffc0369d499e43e3e584d525016eaa0681db25