r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9f3cf7e36f17a535e53e5213c02cf2b4
e65acbc03135ce135b9e91b4f74b3e1439faa6f6
a2317476862acd0a92fe523454c3991752b07ba14e7667f421dd9624e0233758
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2317476862ACD0A92FE523454C3991752B07BA14E7667F421DD9624E0233758"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12225
Expires: Mon, 19 Dec 2022 13:45:39 GMT
Date: Mon, 19 Dec 2022 10:21:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 460af93786e1eaa666f135e6c3fdc634
bc8aeba36225c79718f5de73d79928fe817c5490
471f4e7ae29bcf6ba1f749c0f5d4ab446cebfac5aa80c3e19c6edf21be456eb5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "471F4E7AE29BCF6BA1F749C0F5D4AB446CEBFAC5AA80C3E19C6EDF21BE456EB5"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8001
Expires: Mon, 19 Dec 2022 12:35:15 GMT
Date: Mon, 19 Dec 2022 10:21:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 19 Dec 2022 09:34:22 GMT
content-type: application/json
age: 2852
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bcade8542361774f13ecd22557ff8fb8
5e67a3753b0856c765f3b17f1742d3ed684ffb6d
647f8d9d3d1170e60a60e15fdfd9b59445feb56a6ce9d9bb2fa4720f0bfc3a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "647F8D9D3D1170E60A60E15FDFD9B59445FEB56A6CE9D9BB2FA4720F0BFC3A14"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9145
Expires: Mon, 19 Dec 2022 12:54:19 GMT
Date: Mon, 19 Dec 2022 10:21:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bLFlb+XVJ6zCFFQxPgbs81LlqeI5EvvYGFXkGJMHh+GGbAxlLWGj3X8s5UBXi2rw1ecPYZXOVJA=
x-amz-request-id: 739GCBYXQ2NVKB3B
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 19 Dec 2022 09:54:30 GMT
age: 1644
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:54 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 19 Dec 2022 09:33:24 GMT
age: 2910
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0bc27cdcd6c42d7f8eece6c074bc452f
ff1234b58f7381f51f9082c1ef4894b1ac5700ff
672fc3b7ba7ee7a8b376c73a86a5bab00b1a1aead54c3ca64c0bff83d831348e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6545
Cache-Control: max-age=88442
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:54 GMT
Etag: "639ed82b-1d7"
Expires: Tue, 20 Dec 2022 10:55:56 GMT
Last-Modified: Sun, 18 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.229.20.251101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.229.20.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Coj/ZEg8SHDjKDOYh4C9VA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eec2/N4aAabF/8iiGtmSPzNyW74=
f95241kr.beget.tech/
185.50.25.13200 OK 3.2 kB IP 185.50.25.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ISO-8859 text, with very long lines (400), with CRLF line terminators
Hash 51bc2d7b6b4d0be6a9fddaeba098ef9d
15c90482fdf3191e54bb4adb4fec6b4a9479d2cf
562d056c7fea475fadd1f1a8c4eb83e15570f67f05492005d068946161d431e8
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: f95241kr.beget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Mon, 19 Dec 2022 10:21:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
Content-Encoding: gzip
f95241kr.beget.tech/css/style.css
185.50.25.13200 OK 763 B URL HTTP/1.1 f95241kr.beget.tech/css/style.css
IP 185.50.25.13:0
File type ASCII text, with CRLF line terminators
Hash 72c907110213761066c945d1c9111511
e3533fa39788565c83f6badf8c915f5a259cf68b
557c1ad56afdb5ff471febf17ea2251135037740424c9cbffb0cc3cd7fd5b9a7
GET /css/style.css HTTP/1.1
Host: f95241kr.beget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Mon, 19 Dec 2022 10:21:55 GMT
Content-Type: text/css
Last-Modified: Tue, 02 Feb 2021 11:22:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
ETag: W/"6019360e-ac3"
Expires: Mon, 26 Dec 2022 10:21:55 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
f95241kr.beget.tech/images/phw.png
185.50.25.13200 OK 386 B URL HTTP/1.1 f95241kr.beget.tech/images/phw.png
IP 185.50.25.13:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash ebb002bf2629e5e14451b7dec6714489
56f972ef810456641f889f5d3a07cbe385daab3c
5fb8a371bb6564dee2d0770dece7fc92b12d090f6df696c53fcca6c1cd9f13fd
GET /images/phw.png HTTP/1.1
Host: f95241kr.beget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/css/style.css
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Mon, 19 Dec 2022 10:21:55 GMT
Content-Type: image/png
Content-Length: 386
Last-Modified: Tue, 02 Feb 2021 11:24:05 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "60193655-182"
Expires: Wed, 18 Jan 2023 10:21:55 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 98a9e1cee65ad32fca991928d887a2f6
f95a63e47b3416f7cb3df2d205133fb4f1a67257
ae0e8a38839e708d50c0e28c6f754edc4f02c2284edfb46f08d96dd816c3c60c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AE0E8A38839E708D50C0E28C6F754EDC4F02C2284EDFB46F08D96DD816C3C60C"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7107
Expires: Mon, 19 Dec 2022 12:20:23 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 98a9e1cee65ad32fca991928d887a2f6
f95a63e47b3416f7cb3df2d205133fb4f1a67257
ae0e8a38839e708d50c0e28c6f754edc4f02c2284edfb46f08d96dd816c3c60c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AE0E8A38839E708D50C0E28C6F754EDC4F02C2284EDFB46F08D96DD816C3C60C"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7107
Expires: Mon, 19 Dec 2022 12:20:23 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 98a9e1cee65ad32fca991928d887a2f6
f95a63e47b3416f7cb3df2d205133fb4f1a67257
ae0e8a38839e708d50c0e28c6f754edc4f02c2284edfb46f08d96dd816c3c60c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AE0E8A38839E708D50C0E28C6F754EDC4F02C2284EDFB46F08D96DD816C3C60C"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7107
Expires: Mon, 19 Dec 2022 12:20:23 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 98a9e1cee65ad32fca991928d887a2f6
f95a63e47b3416f7cb3df2d205133fb4f1a67257
ae0e8a38839e708d50c0e28c6f754edc4f02c2284edfb46f08d96dd816c3c60c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AE0E8A38839E708D50C0E28C6F754EDC4F02C2284EDFB46F08D96DD816C3C60C"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7107
Expires: Mon, 19 Dec 2022 12:20:23 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
fitprofix.ru/banner.php?id=152
178.208.75.47301 Moved Permanently 169 B URL HTTP/1.1 fitprofix.ru/banner.php?id=152
IP 178.208.75.47:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
GET /banner.php?id=152 HTTP/1.1
Host: fitprofix.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://fitprofix.ru/banner.php?id=152
ads.people-group.net/331743/14/1/1/
95.217.114.240200 OK 6.6 kB URL HTTP/1.1 ads.people-group.net/331743/14/1/1/
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (21422), with no line terminators
Hash 9d9320b4c4fa9eafe62c7e2e5877aa6c
27b3754d291322ddaf4a63d494f84400ef43416c
e2bd0c38c7b849880a7c983fde31df18b62eccc22ea9955bb435d43b544b700b
GET /331743/14/1/1/ HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: application/x-javascript;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgstg=1671445316.77898c2b6e; expires=Thu Dec 14 10:21:56 2023 GMT; path=/; domain=ads.people-group.net;
Content-Encoding: gzip
f95241kr.beget.tech/images/bg.jpg
185.50.25.13200 OK 156 kB URL HTTP/1.1 f95241kr.beget.tech/images/bg.jpg
IP 185.50.25.13:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 1280x800, components 3\012- data
Size 156 kB (156368 bytes)
Hash 24fb9f4c86fe18447ecd27752703f2fb
8a3c7152bd4fda7d110aaf792b8195d5b051077a
46e5ed0965735b292b6c3ac29f90246b275706115f2016b0d6955b5d4b229d3d
GET /images/bg.jpg HTTP/1.1
Host: f95241kr.beget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/css/style.css
HTTP/1.1 200 OK
Server: nginx-reuseport/1.21.1
Date: Mon, 19 Dec 2022 10:21:55 GMT
Content-Type: image/jpeg
Content-Length: 156368
Last-Modified: Tue, 02 Feb 2021 11:24:04 GMT
Connection: keep-alive
Keep-Alive: timeout=30
ETag: "60193654-262d0"
Expires: Wed, 18 Jan 2023 10:21:55 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
linkslot.ru/img/buyb.png
172.67.215.189200 OK 2.6 kB IP 172.67.215.189:0
File type PNG image data, 127 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 6623622f5954708d814fc46180f75b9f
7bd68ddbb91875e815e73fa937efc259e56fad47
5e9b14e8db47eb55c01f3982d1e63061c9ac23ecae71d5313e08169e9cfcce29
GET /img/buyb.png HTTP/1.1
Host: linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: image/png
content-length: 2585
last-modified: Fri, 29 May 2015 20:03:43 GMT
etag: "5568c61f-a19"
cache-control: max-age=14400
cf-cache-status: HIT
age: 21967668
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ig8DWVTUTpAZX8wugMrbbk7cwRX9ojAYZ63aG8TPbJDtkY0xYnNWMciNIA3gyU%2FEZMgj%2BsGEc3zlVpM61ucCCJJEZ1rAlXyirgU4oF7QcdMXVVoq0n7S%2B84BGd8aIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77bf6a09ac3efac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 98a9e1cee65ad32fca991928d887a2f6
f95a63e47b3416f7cb3df2d205133fb4f1a67257
ae0e8a38839e708d50c0e28c6f754edc4f02c2284edfb46f08d96dd816c3c60c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AE0E8A38839E708D50C0E28C6F754EDC4F02C2284EDFB46F08D96DD816C3C60C"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7107
Expires: Mon, 19 Dec 2022 12:20:23 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 224ca4f81387c97655a8f84d37920463
4668b8a63e63623548fb8bdd15f1b347267767ae
90d86298a11f6dd4e7019ebf5180517e99182bc11e215a3520350cff16341475
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "90D86298A11F6DD4E7019EBF5180517E99182BC11E215A3520350CFF16341475"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13440
Expires: Mon, 19 Dec 2022 14:05:56 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
sell-links.ru/b/3606
172.67.203.56200 OK 429 B IP 172.67.203.56:0
File type HTML document, ISO-8859 text, with CRLF line terminators
Hash 59349ebbb9c9bc8919e97d690b68ec58
39b87ca2f20b98f2e0f1876cd5a0d75f0d6a6d0b
3f4cffd13782e8faea72254d156c208ccc2153d893e2ac051fa57375dd58761f
GET /b/3606 HTTP/1.1
Host: sell-links.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=cp1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1EcB5OsVqXVqANsOoPA%2FsUd5EqmUiUvbilm6LmC7GrvrzrYjfPFxlm16eQMKXaFj%2FPu0BA157SMTvzDMvn5M0y74TnyXwd3pJGxGu1L44pYieoAgC%2BQZI431uFZ6ek%2Fw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77bf6a08d8efb50b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
linkslot.ru/uploads/321056b279139a27579854aa7fe470ab.gif
172.67.215.189200 OK 140 kB URL HTTP/2 linkslot.ru/uploads/321056b279139a27579854aa7fe470ab.gif
IP 172.67.215.189:0
File type GIF image data, version 89a, 468 x 60\012- data
Size 140 kB (140092 bytes)
Hash 321056b279139a27579854aa7fe470ab
e905a0e1b41de4146901b224f490371ca85a72c6
1a5774d73eb593fc2d12d6351f47e6aac16c0eec9c5c862ff2ac6d5875af2f2b
GET /uploads/321056b279139a27579854aa7fe470ab.gif HTTP/1.1
Host: linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: image/gif
content-length: 140092
last-modified: Sun, 18 Dec 2022 12:48:15 GMT
etag: "639f0c0f-2233c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DF7KijvhxzzG4OGP43bPZPAggBYhh2SMRumRNmvJG%2BRQO4vSooxe4CVN5P%2BjKespRvz7YAVTgkPbqvlcvgv5MM7TDPijQ4OHvP6iPIyOjTWJZI2JUguGt9BQZGpB0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77bf6a09ac3afac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11220
Expires: Mon, 19 Dec 2022 13:28:56 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11220
Expires: Mon, 19 Dec 2022 13:28:56 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b3b93babc7c72967d105118667baf3d9
6142a0f31a70d487d63f49620b02e212399f488e
4332131b7d2b42aea2a03e4d371d3fbf58ba4f0c33538d0adcfee21484f28158
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4332131B7D2B42AEA2A03E4D371D3FBF58BA4F0C33538D0ADCFEE21484F28158"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16989
Expires: Mon, 19 Dec 2022 15:05:05 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11220
Expires: Mon, 19 Dec 2022 13:28:56 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340d7003-71e4-4f8e-a457-d067d05e0525.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340d7003-71e4-4f8e-a457-d067d05e0525.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dce7a87ac0852f838007018af2e83cb5
379f7844a18284958ec0250cc45f2c91ac1ddfcf
31a5191700b9d5c2e471c0e6db15d43f1804b61c6a0867340e8001c32a0dabb5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340d7003-71e4-4f8e-a457-d067d05e0525.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: f8f1832c-4269-4c4b-83c0-4c2d8c2fdd8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dQjC7GLSIAMFd4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ce545-4c54f9704a32da245a90ab0d;Sampled=0
x-amzn-remapped-date: Fri, 16 Dec 2022 21:38:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sg4SOln-mB63kOrv2oVmW25o92Sxw7bW4QA78iT5eq3Tpbk_SYUEdw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 00:09:11 GMT
age: 36765
etag: "379f7844a18284958ec0250cc45f2c91ac1ddfcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d178a6b115f657a00617293489405fe
5a85960ea077d8a1e8ee24de73a9594682d9a4ef
61c2a7e815efe3206e64f00974ddba9b24b99b41bf030a102e53a6613d105b67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11263
x-amzn-requestid: 7cb5a6e1-9e6f-4b65-a0c4-d7612223edb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c6OCtGU6IAMF6lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393f6dd-459d1bef15af6cf134231005;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 03:02:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dF3uhrxqSuq8L3bfocnU2ryQb_UcL97PM_MVhushhf0_STCTbIhORA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:37:59 GMT
age: 45837
etag: "5a85960ea077d8a1e8ee24de73a9594682d9a4ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F098a9ffa-a930-493a-86d2-96d21a07d7ae.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F098a9ffa-a930-493a-86d2-96d21a07d7ae.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 945d09b8aa956ddee667614c08687f76
0db0497203df4f2ec5da40cd0ab89383479e5d9b
a0953dafcf933d120941f84b60d2884b3df33fa01dfbc5bfe62fc4910b392a83
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F098a9ffa-a930-493a-86d2-96d21a07d7ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9824
x-amzn-requestid: c9683b2f-dcf3-4c59-ad63-d10ec8908aa9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dTQDBE5tIAMFwdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639dfa13-6ab265cc3d4229b548a8dc4d;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 17:19:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sXOJkHnQUxV2rJN7VQkRpyqQO36n2AsIyokaIoWOVc2zoQWrCktLXg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 06:02:10 GMT
age: 15586
etag: "0db0497203df4f2ec5da40cd0ab89383479e5d9b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e2ec9-6896-4273-b8df-01dec989c40f.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e2ec9-6896-4273-b8df-01dec989c40f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa1560ff1a3a3e698d833e8b6755ec41
2871e0b444d1280ddd962686d86c3fad39804345
f278a5decebd47e869cdaeedd1d5faa7650fe1446655937d1fb444e54a5de3d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e2ec9-6896-4273-b8df-01dec989c40f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9839
x-amzn-requestid: 9c6ba5d7-f5a8-4726-b223-2205ade3aace
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dJvjfENdIAMFSow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639a2c7c-77ce3f1916280be75e0a8a7b;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 20:05:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -nx30FEx9im5SYmqVXrUZVNsPicRRt8tSn_ZSLRo0TXMR0WY6Bi1uA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:52:15 GMT
age: 44981
etag: "2871e0b444d1280ddd962686d86c3fad39804345"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed374d0c34e8b2e15f08a6479a4f45e7
5db9e59699048998f0685e940640eae19ef11c8e
9933854830be796a87cfe44b6b8336294e2d3dbbe3205f267720aca6968c3a21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c81bdf4-0a78-472d-ba75-80092016f334.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12125
x-amzn-requestid: e44faa15-1dfd-4bc0-bdfb-307c3de2755d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2QPFZAIAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3734-33d636210a1e24742ee71187;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:40:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DmeWRYIlUMCR8Nds0-n0a9ju0ySR7ZuTAS82Lu8sZxPXQpBJkqzvww==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:52:16 GMT
age: 44980
etag: "5db9e59699048998f0685e940640eae19ef11c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8576327b06d5d8259e87bfeb71761ff5
2b2e5694e77b30f2e2cdfddd8ad616be214c9df2
377ffbcb85710900d97b1d99522a8087a6c66bcb778be42da806283cae833715
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5654
x-amzn-requestid: b9f6e88a-f07b-4c6c-b823-9b9e928274ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dKtB8Eb5oAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639a8ed9-3c8888ca41c995d67a09fa50;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 03:04:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FaoiV9Jr3-1aqI-rVbXAYEMTsG_cjqVxmr0di-CbJaQBwIbb6BRg6A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 06:05:02 GMT
age: 15414
etag: "2b2e5694e77b30f2e2cdfddd8ad616be214c9df2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d289cd200a148c8caa856317effe91c7
206d69dec3fb333cee471944c5018fa1bb672444
fbefdd725ab105d7b5dacef92217d63e3aaa8b87598381572e14d9f7d19ae663
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBEFDD725AB105D7B5DACEF92217D63E3AAA8B87598381572E14D9F7D19AE663"
Last-Modified: Sun, 18 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21581
Expires: Mon, 19 Dec 2022 16:21:37 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6c5913245156204a05173312d3872259
37273a99f9fa86c430169d65ce3705598d980e60
a2776bb05cece82a47bcf26babde41ca9ea1da9fb86d30fa4d1ce518c365c272
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A2776BB05CECE82A47BCF26BABDE41CA9EA1DA9FB86D30FA4D1CE518C365C272"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11277
Expires: Mon, 19 Dec 2022 13:29:53 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
fitprofix.ru/banner.php?id=152
178.208.75.47200 OK 427 B URL HTTP/2 fitprofix.ru/banner.php?id=152
IP 178.208.75.47:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (519)
Hash 04f368d820e4e10947cccc83f630ea57
9679141586ba55f67e009b7f7b61b3a388c2e9bc
b1235800007ade9500536d96c56b12cef3d38b4ca83852321eadd13007af6feb
GET /banner.php?id=152 HTTP/1.1
Host: fitprofix.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://f95241kr.beget.tech/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html; charset=UTF-8
content-length: 427
x-powered-by: PHP/7.3.31-1~deb10u1
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
fitprofix.ru/img/bux/add.png
178.208.75.47200 OK 1.0 kB URL HTTP/2 fitprofix.ru/img/bux/add.png
IP 178.208.75.47:0
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash f086d84512a3c5554f3182f71f33f1f2
128d85f7ac9baad499df285ac34ed77117300b27
09b1ce2275081bc8d1aaf1bc08ff648cd6e8622b670896fae66577673d8ccff6
GET /img/bux/add.png HTTP/1.1
Host: fitprofix.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: image/png
content-length: 1006
last-modified: Sun, 05 Sep 2021 01:08:49 GMT
etag: "613418a1-3ee"
expires: Tue, 20 Dec 2022 10:21:56 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2
cuys.ru/bancode.php?id=5585
176.57.70.200200 OK 891 B URL HTTP/1.1 cuys.ru/bancode.php?id=5585
IP 176.57.70.200:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (847), with no line terminators
Hash e252e0beeb6a32c238f1c86eb4c76d71
70c79f2ab40d98968062841f6912d8d7dd65342b
8ba135f3832887ee45ea04b6cbe4399a4e01b514933f1f3ac295cceedf9375c1
Analyzer Verdict Alert fortinet Malware
GET /bancode.php?id=5585 HTTP/1.1
Host: cuys.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=oetq7tsqe4p1s7h9tvune6tta0; path=/
Strict-Transport-Security: max-age=31536000;
nvuti.direct/?i=1196227
104.26.0.222302 Found 12 kB IP 104.26.0.222:0
File type GIF image data, version 89a, 468 x 60\012- data
Hash a9f6117dc039ef8fae0b3178addf9587
2a89da3b05ddc1ab09c96a49a4e0e0ddaba5e8a8
0756170967ea6088480a5f9c772a0e8532408c4fd0e23450b7f2068d83615fb3
GET /?i=1196227 HTTP/1.1
Host: nvuti.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 19 Dec 2022 10:21:56 GMT
location: https://nvuti.help/?i=1196227
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DPLsafJ1jOLvTKcLiONS%2BGREQkLvtAyjUA%2BbD5r%2Frwauy%2BW%2FJoF8XMg8gtAKJ4foEGVxg%2FSKbw0jcP3tDo78uf9W%2BXjL1p8L6ij2lm2UvjDLcGlEslr1OxfexG1V6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77bf6a0afbc80b55-OSL
X-Firefox-Spdy: h2
linkslot.ru/bancode.php?id=312769
172.67.215.189200 OK 4.9 kB URL HTTP/2 linkslot.ru/bancode.php?id=312769
IP 172.67.215.189:0
File type ISO-8859 text, with very long lines (3020)
Hash 12aa03aa0eae8de4cce374de9ed1226d
91ff2def96aaec16ab21968a97b617f6aa9b123e
7c995b7d362c114818f22cefe9ba665b68d587dd6e1999bbcac3e18f693bb5d8
GET /bancode.php?id=312769 HTTP/1.1
Host: linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: application/javascript; charset=windows-1251
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APWZnM6V1MK1kbrWCFZ2n48fp608A2QItbICF%2ByiGtAssvV%2F807z%2FLrxyKajwFTmfC00PwgtVj0bsEnIFIOwfOOJ7NP2TVFjuATJIiGD9dHeqhm7b1wHR9Gn9pQSyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a094c0bfac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads-lot.ru/images/img_al2.png
5.187.6.135200 OK 351 B URL HTTP/2 ads-lot.ru/images/img_al2.png
IP 5.187.6.135:0
ASN #44066 diva-e Datacenters GmbH
File type GIF image data, version 89a, 123 x 17\012- data
Hash 15945d32fa167a408a29dc6b53c292b7
1951669ff15844e0b8735c843d27e650ecf31b5d
4a33cc4ac137df2dd60dfe31ee9fa4db6b54ed39b320aede4d18b8bd1542e760
GET /images/img_al2.png HTTP/1.1
Host: ads-lot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: image/png
content-length: 351
last-modified: Sun, 27 Dec 2020 06:06:46 GMT
etag: "5fe82476-15f"
expires: Wed, 18 Jan 2023 10:21:56 GMT
pragma: public
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
accept-ranges: bytes
X-Firefox-Spdy: h2
ads-lot.ru/vitrine.php?id=1474
5.187.6.135200 OK 19 kB URL HTTP/2 ads-lot.ru/vitrine.php?id=1474
IP 5.187.6.135:0
ASN #44066 diva-e Datacenters GmbH
Hash 26baa860999c05bfc11702b61866bced
a11b1a0bf0edc616b6c2e21b008e2f4bf482c274
b32b1dc3a698dca4c1f9af51b24935a9fee857d0d72b48dc6d5a653eba05c0fd
GET /vitrine.php?id=1474 HTTP/1.1
Host: ads-lot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html;charset=windows-1251
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=07itfu525ruj69s1ubjgqvos90; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
ads-lot.ru/vitrine.php?id=1431
5.187.6.135200 OK 13 kB URL HTTP/2 ads-lot.ru/vitrine.php?id=1431
IP 5.187.6.135:0
ASN #44066 diva-e Datacenters GmbH
Hash 62364caee5872531de6972735c451b5c
bc038693abf52e50752a9e54f1fb7558f8de2945
c237ebb2216cf4f021c556b69fa30bd432e747ebdcb53e01a7dadd7219c4d70d
GET /vitrine.php?id=1431 HTTP/1.1
Host: ads-lot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html;charset=windows-1251
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=enva3b3ut81fpbtpq75ci6t1h5; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/G4DwwdLMWpc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/G4DwwdLMWpc
IP 142.250.74.131:0
Hash 36b70fba5590148238c6f70c037bb701
8ef9262ec5951674ecb97fbaa200e7a048805375
a440afe696023369d8174b0ed6d41e4bf04fd76742c89c7ac147a87ddd5dc62f
POST /s/gts1p5/G4DwwdLMWpc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
serfnets.ru/2bancod.php?r=15738
188.114.97.1301 Moved Permanently 0 B URL HTTP/1.1 serfnets.ru/2bancod.php?r=15738
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2bancod.php?r=15738 HTTP/1.1
Host: serfnets.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 19 Dec 2022 10:21:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 19 Dec 2022 11:21:56 GMT
Location: https://serfnets.ru/2bancod.php?r=15738
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eR76%2FtgmUJaJK8TYlBI9dtlRjdB0lkHW4wcLK9GfSqmUSzdY2H6oZ9L25XrJfIVjOTsXqWM9lD44nArY3YEdCtOIqOpbN1DRqFIG95BbbV2KL0F8%2FgaeOXD53lHjZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a0b7952b4f9-OSL
alt-svc: h2=":443"; ma=60
cuys.ru/uploads/193ba0b8680d3d827ce776326f1c2b59.gif
176.57.70.200200 OK 24 kB URL HTTP/1.1 cuys.ru/uploads/193ba0b8680d3d827ce776326f1c2b59.gif
IP 176.57.70.200:0
File type GIF image data, version 89a, 468 x 60\012- data
Hash fcec4e7b82a6af4d1d1b6e623850353c
7a33aea80cc80008022019b7613b1bbe0266855f
e2f8f8b5f62eb1aaf8aef0c86b80c9c7eeb27dcedc4089c37b2d0e3ef198a4ab
GET /uploads/193ba0b8680d3d827ce776326f1c2b59.gif HTTP/1.1
Host: cuys.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: image/gif
Content-Length: 24110
Last-Modified: Fri, 09 Dec 2022 04:53:23 GMT
Connection: keep-alive
ETag: "6392bf43-5e2e"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
ad.a-ads.com/1657413?size=468x60
136.243.35.166200 OK 4.6 kB URL HTTP/1.1 ad.a-ads.com/1657413?size=468x60
IP 136.243.35.166:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Hash 0beaa41c7e769702401722bf2b7f5100
68805ca5a1fbbbb4b6a78abf9a3ed422d6067f0c
95c48a64cf7a80f4a1491637d6aa6b6afcf390ab1df91884de2f7a3bbaee7897
GET /1657413?size=468x60 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: http://f95241kr.beget.tech/
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Content-Encoding: gzip
ads.people-group.net/?hwn=MzMxNzQzJzE0JzEn&xm=1&swf=0&hrf=&stg=1671445316.77898c2b6e&s=MTI4MCUzQTElM0E5Mzk%3D&h=12%2F19%2F2022%2010%3A21%3A56%27%5E%271%27%5E%27&k=%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&0.5174225038080312
95.217.114.240200 OK 4.9 kB URL HTTP/1.1 ads.people-group.net/?hwn=MzMxNzQzJzE0JzEn&xm=1&swf=0&hrf=&stg=1671445316.77898c2b6e&s=MTI4MCUzQTElM0E5Mzk%3D&h=12%2F19%2F2022%2010%3A21%3A56%27%5E%271%27%5E%27&k=%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&0.5174225038080312
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13208), with no line terminators
Hash 9fe20a5064d17b5fd947ed3e1ca322b9
96db7c959e235f448ebce274f73166a9b1d184ff
3e79f824468a02943f812a090f08f3bb7f3015f5e8728a59cb7e8c8d85410351
GET /?hwn=MzMxNzQzJzE0JzEn&xm=1&swf=0&hrf=&stg=1671445316.77898c2b6e&s=MTI4MCUzQTElM0E5Mzk%3D&h=12%2F19%2F2022%2010%3A21%3A56%27%5E%271%27%5E%27&k=%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&0.5174225038080312 HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html;charset=UTF-8;
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 0;
Set-Cookie: _pgutm1=818|51|1; path=/; domain=ads.people-group.net;
_pgstg=1671445316.77898c2b6e; expires=Thu Dec 14 10:21:56 2023 GMT; path=/; domain=ads.people-group.net;
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 224ca4f81387c97655a8f84d37920463
4668b8a63e63623548fb8bdd15f1b347267767ae
90d86298a11f6dd4e7019ebf5180517e99182bc11e215a3520350cff16341475
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "90D86298A11F6DD4E7019EBF5180517E99182BC11E215A3520350CFF16341475"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13440
Expires: Mon, 19 Dec 2022 14:05:56 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
regionads.ru/js/banner.php?id=835
188.120.236.88301 Moved Permanently 169 B URL HTTP/1.1 regionads.ru/js/banner.php?id=835
IP 188.120.236.88:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd6987d71fad7058a993a9028dc40454
3ed872fa3a00837bb008ad9d201850e2ea57a79f
f0e759f444eb3a324b621f0548919424455e81441d42ea6bc6bcd2b24fce1b92
GET /js/banner.php?id=835 HTTP/1.1
Host: regionads.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://regionads.ru:443/js/banner.php?id=835
webtrafic.ru/banners/1434f87beb84cc6d7e73ea0778828a99.gif
172.67.212.189200 OK 108 kB URL HTTP/2 webtrafic.ru/banners/1434f87beb84cc6d7e73ea0778828a99.gif
IP 172.67.212.189:0
File type GIF image data, version 89a, 468 x 60\012- data
Size 108 kB (107943 bytes)
Hash 43d46b08779573aa0da5920245731df4
b76616a2b0154ca3d09a2c6da9b2a2968496b300
e205715dd1fd94a12fe2ce8e06973bf48177f35746d1d2f9c0fbb8f51928d4a8
GET /banners/1434f87beb84cc6d7e73ea0778828a99.gif HTTP/1.1
Host: webtrafic.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: image/gif
content-length: 107943
last-modified: Tue, 08 Nov 2022 09:25:34 GMT
etag: "636a208e-1a5a7"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4050
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tiRxY9VPWXxT2UnwNl4rrIdUr22xcgn3yLMURx56wlvQ8DXsVBfvh9%2FJVZokeK30W%2F5Dd9EjAOERZs8Ub8BYJ5YfzCSCWVPrtfUwba7B7AaNVOr%2BFku0Ft97cIino%2B8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77bf6a0bdf74b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads-lot.ru/vitrine.php?id=2313
5.187.6.135200 OK 23 kB URL HTTP/2 ads-lot.ru/vitrine.php?id=2313
IP 5.187.6.135:0
ASN #44066 diva-e Datacenters GmbH
Hash ab0bb6d44b8f507f52420e313184164c
759156043b1f301a93eeb204cb2c9441afc93a33
e47f5f7c65b1e76de3da4954ca36c37efab4d4e3ce293318441e222979581951
GET /vitrine.php?id=2313 HTTP/1.1
Host: ads-lot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html;charset=windows-1251
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=grmb488f0c7jiq83o8a252dm75; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
linkslot.ru/bancode.php?id=311760
172.67.215.189200 OK 14 kB URL HTTP/2 linkslot.ru/bancode.php?id=311760
IP 172.67.215.189:0
File type ISO-8859 text, with very long lines (3020)
Hash 11f123691a391a0cebbd104d1bc5b3b3
c4f281ec1fa2890296386ee3d56003f0d849e73f
8c002429b0e1277bc4798e0cebc0916921b56a85f766633506a4991db4e8eedd
GET /bancode.php?id=311760 HTTP/1.1
Host: linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: application/javascript; charset=windows-1251
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BVy0MZSbexiFXgR5VAO3j7%2BvBb4fPdqOt08jmawEUercskOHn5ZMjxpEq2noP4Y99NwTm5DjoSES3yFf%2FtqEOkqeRu8M236CdPzDUhj1cStqd5CzcNeLVqd81r%2Bv0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a094c04fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.people-group.net/bann/fonts2.css
95.217.114.240200 OK 93 kB URL HTTP/1.1 ads.people-group.net/bann/fonts2.css
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (33850), with CRLF line terminators
Hash 8fb32ddcad6d21e053e826836814a373
53d4198a8e2e68a2541cd877c179c453651ec1b5
3999b2214fe8faa2b3e3f3b087f4962564e7a002b485cca42921d56a18cb52af
GET /bann/fonts2.css HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ads.people-group.net/?hwn=MzMxNzQzJzE0JzEn&xm=1&swf=0&hrf=&stg=1671445316.77898c2b6e&s=MTI4MCUzQTElM0E5Mzk%3D&h=12%2F19%2F2022%2010%3A21%3A56%27%5E%271%27%5E%27&k=%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&0.5174225038080312
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/css
Last-Modified: Fri, 08 Aug 2014 18:44:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"53e51a9b-1e2d2"
Expires: Mon, 19 Dec 2022 11:21:56 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip
ads.people-group.net/bann/jquery.min.js
95.217.114.240200 OK 33 kB URL HTTP/1.1 ads.people-group.net/bann/jquery.min.js
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32086)
Hash f3f99798737334e9d6a59819c7d7590a
4257d1ffd07601b36d1e68c4e9e803196e7db9df
560f5a20ad5d7b5add7aa23e53a0371837a82d6765fc12df5cdfa03bc076e964
GET /bann/jquery.min.js HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ads.people-group.net/?hwn=MzMxNzQzJzE0JzEn&xm=1&swf=0&hrf=&stg=1671445316.77898c2b6e&s=MTI4MCUzQTElM0E5Mzk%3D&h=12%2F19%2F2022%2010%3A21%3A56%27%5E%271%27%5E%27&k=%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&0.5174225038080312
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 08 Oct 2014 12:03:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"54352814-1762a"
Expires: Mon, 19 Dec 2022 11:21:56 GMT
Cache-Control: max-age=3600
Content-Encoding: gzip
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a6ddb2c8eae4d692fd48c142d8f85cf1
aa3b0f10469f9cd2dd6d31b3701cb7aa730e5f36
e25e90f82deed9d8c167a0392c7556bf0de5bf725cb35b59c2b860a81cc849a7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "E25E90F82DEED9D8C167A0392C7556BF0DE5BF725CB35B59C2B860A81CC849A7"
Last-Modified: Sat, 17 Dec 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 19 Dec 2022 16:21:56 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
ads-lot.ru/pics/mining.php
5.187.6.135200 OK 2.0 kB URL HTTP/2 ads-lot.ru/pics/mining.php
IP 5.187.6.135:0
ASN #44066 diva-e Datacenters GmbH
Hash 6362e931afb6e694c8a0bff044872db0
b8200cf2223cb737f658c19907a444e282795037
97cb24de3a5b5165cacb33f46512f41b0d826b9e9c5954a8344920300a10a145
GET /pics/mining.php HTTP/1.1
Host: ads-lot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html; charset=windows-1251
content-encoding: gzip
X-Firefox-Spdy: h2
f95241kr.beget.tech/favicon.ico
185.50.25.13404 Not Found 235 B URL HTTP/1.1 f95241kr.beget.tech/favicon.ico
IP 185.50.25.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a849cd98d38c56d3908c1124c10a76c7
1887d1480cc9604fd3908e9122be14c2f1a893a6
d1588e3ff3599fef377aeef033d5c25c3553cdceaa058aea774d6142975dc5d4
GET /favicon.ico HTTP/1.1
Host: f95241kr.beget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
HTTP/1.1 404 Not Found
Server: nginx-reuseport/1.21.1
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
Content-Encoding: gzip
ads.people-group.net/bann/1/8/4/9/184998_1.gif
95.217.114.240200 OK 212 kB URL HTTP/1.1 ads.people-group.net/bann/1/8/4/9/184998_1.gif
IP 95.217.114.240:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 468 x 60\012- data
Size 212 kB (212254 bytes)
Hash 544576fce522e6190560e22ebf83ff42
91c5fafef1e7ee0415ac35aec7b131ae7cdd9e0d
5b7678d42dd1a583ccfb994bf5cf7e46b08a1987d2b630f98a745645c7a88c2b
GET /bann/1/8/4/9/184998_1.gif HTTP/1.1
Host: ads.people-group.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ads.people-group.net/?hwn=MzMxNzQzJzE0JzEn&xm=1&swf=0&hrf=&stg=1671445316.77898c2b6e&s=MTI4MCUzQTElM0E5Mzk%3D&h=12%2F19%2F2022%2010%3A21%3A56%27%5E%271%27%5E%27&k=%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&0.5174225038080312
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: image/gif
Content-Length: 212254
Last-Modified: Thu, 15 Dec 2022 16:54:13 GMT
Connection: keep-alive
ETag: "639b5135-33d1e"
Expires: Mon, 19 Dec 2022 11:21:56 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
nvuti.help/?i=1196227
104.26.1.154200 OK 14 kB IP 104.26.1.154:0
Hash a620322cdcef13e4e19094019e1d1a59
bdaf7d669d0ffb48a90bc0b21ce1cc271a9e5f6c
bc6835d3c58c23ae37eb6d14691d4e28d72ea7ba0657230762e3f01cc96478b4
GET /?i=1196227 HTTP/1.1
Host: nvuti.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://f95241kr.beget.tech/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html; charset=UTF-8
set-cookie: ref=1196227; expires=Wed, 18-Feb-2026 18:21:56 GMT; Max-Age=99993600; secure
vary: Accept-Encoding
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tvG5FXtzH%2Bdm%2Bx8mVvzXrFFsXrZF%2FACrLBg2oCZFjiHZWQUKRfKfu5rWS%2FHYOPMD6iH33cYcBt996kMYiv%2BKPJ%2FKg2iB7WNQqSXVwTwmf0qOy066A85GUD%2F9WKw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a0b8c42b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d3df29d976125fa0833d1ff9d82179b2
79c17d120a47482f3d8e59fc2284afaa0382fb5c
bc6e7e938925ae1081c82fe96b929d9516b8a4561720f127fe116ce60344c6fb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC6E7E938925AE1081C82FE96B929D9516B8A4561720F127FE116CE60344C6FB"
Last-Modified: Mon, 19 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12343
Expires: Mon, 19 Dec 2022 13:47:39 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 746ab998df9a3e14d369925b60e07e59
ae1e54c484d236f1c1923c0c79c84e9ab8220b46
b0d9f0a4a57dbe2f0cd41b9db7b72a167ce9593164e20d62b596cfc347392390
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 23 Dec 2022 07:09:04 GMT
ETag: "ae1e54c484d236f1c1923c0c79c84e9ab8220b46"
Last-Modified: Mon, 19 Dec 2022 07:09:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1951
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a0d1b1cfabc-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b4586672d75b996eff51058c3edd7c7c
6d6f0bc5ca30297764b632ca653ce73ea3230059
5dd0130eff5cb345bbaff9dc1a5ff3d4c1667215585248841e603258ab90452a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 04:27:35 GMT
Expires: Sat, 24 Dec 2022 04:27:34 GMT
Etag: "6d6f0bc5ca30297764b632ca653ce73ea3230059"
Cache-Control: max-age=410137,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77bf6a0cdc6d0b61-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 3bc2769074b9a662f4504f6f2a0fdacc
43ad5241fad2fdc339baa27ed7c3ba059f2746b7
d84ea7592d7dcba0315348e759efb2b5fcf36d0a149d12fb7e102a6c2d0b9fc8
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Fri, 23 Dec 2022 07:11:18 GMT
ETag: "43ad5241fad2fdc339baa27ed7c3ba059f2746b7"
Last-Modified: Mon, 19 Dec 2022 07:11:19 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1429
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a0d4b3cfabc-OSL
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f0ba956482d51da84b9f3ba59f9b15f3
5c748bb9156f04ad0fea236cc62ba2becea8902b
84c4ddc75b5f23528498eb0c6002e837db39fed3d881f17fbbb7aebfa241a913
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "84C4DDC75B5F23528498EB0C6002E837DB39FED3D881F17FBBB7AEBFA241A913"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21581
Expires: Mon, 19 Dec 2022 16:21:37 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
payeer.com/01276479
149.202.17.208302 Found 0 B IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /01276479 HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-store, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: /iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
counter.yadro.ru/hit?t26.1;r;s1280*1024*24;uhttp%3A//f95241kr.beget.tech/;h%u0420%u0430%u0441%u043A%u0440%u0443%u0442%u043A%u0430%20%u0441%u0430%u0439%u0442%u0430%20%u0431%u0435%u0441%u043F%u043B%u0430%u0442%u043D%u043E;0.6570154030375929
88.212.201.204200 OK 126 B URL HTTP/1.1 counter.yadro.ru/hit?t26.1;r;s1280*1024*24;uhttp%3A//f95241kr.beget.tech/;h%u0420%u0430%u0441%u043A%u0440%u0443%u0442%u043A%u0430%20%u0441%u0430%u0439%u0442%u0430%20%u0431%u0435%u0441%u043F%u043B%u0430%u0442%u043D%u043E;0.6570154030375929
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 88 x 15\012- data
Hash eeea197420e22097599fe89480975996
7544e7b5f70e1268d440229928092a61460f8ef0
17d7e5619ab8120fecaba26a81fb92ce998c4db1f9ff87c7dba904505d00b30d
GET /hit?t26.1;r;s1280*1024*24;uhttp%3A//f95241kr.beget.tech/;h%u0420%u0430%u0441%u043A%u0440%u0443%u0442%u043A%u0430%20%u0441%u0430%u0439%u0442%u0430%20%u0431%u0435%u0441%u043F%u043B%u0430%u0442%u043D%u043E;0.6570154030375929 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: image/gif
Content-Length: 126
Connection: keep-alive
Expires: Sat, 18 Dec 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
ads-lot.ru/pics/mining.php
5.187.6.135200 OK 724 B URL HTTP/2 ads-lot.ru/pics/mining.php
IP 5.187.6.135:0
ASN #44066 diva-e Datacenters GmbH
Hash dc2a47a2d5ed47259f4f12022bfa8d5f
116a5004aa21b3aa6185488d5843e272f03fe799
e32ae150130654e8032e93e835dcf070c752e0de190813f37ce77ea571ac06a5
GET /pics/mining.php HTTP/1.1
Host: ads-lot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html; charset=windows-1251
content-encoding: gzip
X-Firefox-Spdy: h2
serfnets.ru/img/banner468x60_free.png
188.114.97.1200 OK 5.9 kB URL HTTP/2 serfnets.ru/img/banner468x60_free.png
IP 188.114.97.1:0
File type GIF image data, version 89a, 468 x 60\012- data
Hash 3260e0e0f566e3974ce03f34fa876833
81ff835fdb617e65503ae911cc6f293f467241fd
bac71fa3ac6192a1c8fa24bf2947c2093fe5821ec7cdebb00dc6ec62635663a9
GET /img/banner468x60_free.png HTTP/1.1
Host: serfnets.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/2bancod.php?r=15738
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: image/png
content-length: 5916
last-modified: Fri, 09 Aug 2019 04:24:28 GMT
etag: "5d4cf57c-171c"
strict-transport-security: max-age=31536000;
cf-cache-status: HIT
age: 2546
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zDlrtX8d6hUZxlO3KJo%2FBBGLVHTocyr%2FfzVSLmgrmNDSJVdDqwQO2AotjsQiwjaTNdvMDEw%2B2A5w5zFDCFGW7EML3PQqnR9jgVOENmgE8hr0rumQadXXU%2FoucXWMVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77bf6a0dbf37fac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
serfnets.ru/img/banners/sn.png
188.114.97.1200 OK 1.2 kB URL HTTP/2 serfnets.ru/img/banners/sn.png
IP 188.114.97.1:0
File type PNG image data, 127 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 2f3c7728444f20ffbd644d1c5246fa5d
2092d63037b3dfd4370333ac56d2f4558b7ea631
e794145991dfe574aaec2d04e70490e3cadca529c8d3dbfc8092f5271b769e2a
GET /img/banners/sn.png HTTP/1.1
Host: serfnets.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/2bancod.php?r=15738
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: image/png
content-length: 1190
last-modified: Fri, 09 Aug 2019 04:24:28 GMT
etag: "5d4cf57c-4a6"
strict-transport-security: max-age=31536000;
cf-cache-status: HIT
age: 3962
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02D448pI3W2pQG34vSl%2Fqb%2BEp8sIyn3hXKJ6GJqKy2aNB63%2BBXMLJun5WTPXmgIaGLzNN%2Ff1SAH9JtU5Nvw1pNE3B1mM5Bo5EtUZVgjrt0dg0u5J0GRac1v5tbLYIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77bf6a0dbf38fac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a6ddb2c8eae4d692fd48c142d8f85cf1
aa3b0f10469f9cd2dd6d31b3701cb7aa730e5f36
e25e90f82deed9d8c167a0392c7556bf0de5bf725cb35b59c2b860a81cc849a7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "E25E90F82DEED9D8C167A0392C7556BF0DE5BF725CB35B59C2B860A81CC849A7"
Last-Modified: Sat, 17 Dec 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 19 Dec 2022 16:21:56 GMT
Date: Mon, 19 Dec 2022 10:21:56 GMT
Connection: keep-alive
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash b604b44a44140d3e443d1c1c9da02d8d
05407447253dbbd694e67456c6b25b5112bd359d
0dcc105aceee70b68e812bdb6033ab465720efe541259c35f19aa09fadc88bf8
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73737
date: Mon, 19 Dec 2022 10:21:56 GMT
access-control-allow-origin: *
etag: "639bee03-12009"
expires: Mon, 19 Dec 2022 11:21:56 GMT
last-modified: Fri, 16 Dec 2022 07:03:15 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
trafiframe.ru/iframe.php
104.21.56.225200 OK 2.7 kB IP 104.21.56.225:0
File type XML 1.0 document text\012- XHTML document text (version 1.0)\012- broken XHTML document text (version 1.0)\012- HTML document text\012- XML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1118), with CRLF line terminators
Hash bde10b92ba472f9461e566de0cd02724
d0b96ea83cf2f8a746834ab74b60be28ad0bf651
12b8783c461131b68f3a663c65e5522bc1c858a834b243d4704fa0c1a67d7770
GET /iframe.php HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=creJDI4jyRF1bnGFMoQ1x9QPfyITaka3O26Ped4djQeHnkAp8LRO1e3MfGUrTJf7QCW5eFgtIfVryFtdc9peSw04Ngr896HduDq9XEyl%2Fe1WnPQMMSGJ0hqi%2FGZg5WPk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77bf6a0bfc95b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b4586672d75b996eff51058c3edd7c7c
6d6f0bc5ca30297764b632ca653ce73ea3230059
5dd0130eff5cb345bbaff9dc1a5ff3d4c1667215585248841e603258ab90452a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Dec 2022 04:27:35 GMT
Expires: Sat, 24 Dec 2022 04:27:34 GMT
Etag: "6d6f0bc5ca30297764b632ca653ce73ea3230059"
Cache-Control: max-age=410137,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77bf6a0d1911b4ee-OSL
regionads.ru/js/banner.php?id=835
188.120.236.88200 OK 3.7 kB URL HTTP/1.1 regionads.ru/js/banner.php?id=835
IP 188.120.236.88:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ISO-8859 text, with very long lines (334), with CRLF, LF line terminators
Hash 3be0abfd972322d3479d2092899bc84a
1c61927d8802bbd08941f040dfdc292089eb1b0b
9eacc80d11e3b6d30061508ac78228a68605290fb061e0618d983d97ed17095c
GET /js/banner.php?id=835 HTTP/1.1
Host: regionads.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://f95241kr.beget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=windows-1251
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Strict-Transport-Security: max-age=31536000;
payeer.com/01276479
149.202.17.208302 Found 0 B IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /01276479 HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-store, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: /iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
payeer.com/01276479
149.202.17.208302 Found 0 B IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /01276479 HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-store, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: /iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
payeer.com/iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
149.202.17.208302 Found 0 B URL HTTP/1.1 payeer.com/iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ== HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-store, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: /01276479
payeer.com/01276479
149.202.17.208302 Found 0 B IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /01276479 HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-store, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: /iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 03c8258e1c16364384a10c746732e080
24f121ea76ab812448228b238fadc421f5c4d6c8
9dfb03f619014cd8683030fb68b00b8a0befd9ad9755fcd77c69a2a4e163d397
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
trafiframe.ru/css/cs-s.css
104.21.56.225200 OK 1.3 kB URL HTTP/1.1 trafiframe.ru/css/cs-s.css
IP 104.21.56.225:0
File type assembler source, ASCII text, with CRLF line terminators
Hash 1da4d289cd9eb00ac2aaf5a812cd27dc
e590abf18e1f8307ead3eb7fb1ccbc5f25a433db
7b2cb4729328cce41e85da4b6b6600b5b9b9fb702a3e3ee0165747de0e626a65
GET /css/cs-s.css HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 27 Jan 2021 12:06:47 GMT
ETag: W/"60115757-1460"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3204
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MugWq6Grh4TkJ8YKy62QRMMdqQDus8%2FmUziGtDsSfsst7%2BuCVJM6JiBTYsMCD3t%2FLTuTACh4bzEIUhuZEbNJ5TiK4O%2FjjK%2FMo%2BXWdNt4%2Fvow2O7N90%2FLcbYK1%2Fwk9ouo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a0fd888b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
142.250.74.138200 OK 33 kB URL HTTP/1.1 ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
IP 142.250.74.138:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 18351732b1849ba758e98884e186b3c8
d735af8661eda41ff4ffbf76e6a284a0e2deb81c
bfac625d304d52e04f2caeb19266354749929c888ca09d3d1e3edcbb8770d0f0
GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 33333
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 15 Dec 2022 20:52:13 GMT
Expires: Fri, 15 Dec 2023 20:52:13 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Age: 307784
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f0ba956482d51da84b9f3ba59f9b15f3
5c748bb9156f04ad0fea236cc62ba2becea8902b
84c4ddc75b5f23528498eb0c6002e837db39fed3d881f17fbbb7aebfa241a913
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "84C4DDC75B5F23528498EB0C6002E837DB39FED3D881F17FBBB7AEBFA241A913"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21580
Expires: Mon, 19 Dec 2022 16:21:37 GMT
Date: Mon, 19 Dec 2022 10:21:57 GMT
Connection: keep-alive
www.google.com/s2/favicons?domain=https://satoshimonster.com
142.250.74.164301 Moved Permanently 339 B URL HTTP/2 www.google.com/s2/favicons?domain=https://satoshimonster.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 1967487340378554a7a90c5e77d16671
5a4219c8289bcd9fb271d8a1990df013d8491890
5b48f1ebc5906b6b22f3c2c87f4e663062a2ae012a5e3a9b4b2e66282f5b257c
GET /s2/favicons?domain=https://satoshimonster.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://satoshimonster.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 339
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://tfbitcoin.com
142.250.74.164301 Moved Permanently 334 B URL HTTP/2 www.google.com/s2/favicons?domain=https://tfbitcoin.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 8c01b716cd154224dd936707494f4ead
575238dd6f4da87c7742bbf6666ce0123a22f252
2cd33ca794a7287a4c1923b954fdf6aee258fa276d69e0edc9491200bba799a4
GET /s2/favicons?domain=https://tfbitcoin.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://tfbitcoin.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 334
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://ripplefree.info
142.250.74.164301 Moved Permanently 335 B URL HTTP/2 www.google.com/s2/favicons?domain=http://ripplefree.info
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ea7785cfc5fd1427b878a699d41048a3
954ba7f206baa56f43195dad8151336de3fd8c51
52a6b644b9f455662d043f0785ad0572c5fb17984a9b2c5a8a5793e535aac51c
GET /s2/favicons?domain=http://ripplefree.info HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://ripplefree.info&size=16
x-content-type-options: nosniff
server: sffe
content-length: 335
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://freebitco.in/?r=1733706
142.250.74.164301 Moved Permanently 344 B URL HTTP/2 www.google.com/s2/favicons?domain=https://freebitco.in/?r=1733706
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash eaea004c69c2c39311835604ce496799
ea276818f0a4a9fdb4b4e8f8558081f6cc011958
d09d63c648a672081145d7ed0574661dba5a6c9ed7ae5bc0d7d1e69b539ac8d5
GET /s2/favicons?domain=https://freebitco.in/?r=1733706 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://freebitco.in/?r=1733706&size=16
x-content-type-options: nosniff
server: sffe
content-length: 344
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://paidtomoney.com/?r=oke_i@mail.ru
142.250.74.164301 Moved Permanently 353 B URL HTTP/2 www.google.com/s2/favicons?domain=https://paidtomoney.com/?r=oke_i@mail.ru
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e5c5f1403ffb0e33252cb9d5a05ac2c1
ed6258653b0a33ee8a8be976f4aa29442a6d6a8b
e0ba741ed83aab1e56813d072721c555cca35d0734d69c2f44c92eeca69f4b97
GET /s2/favicons?domain=https://paidtomoney.com/?r=oke_i@mail.ru HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://paidtomoney.com/?r=oke_i@mail.ru&size=16
x-content-type-options: nosniff
server: sffe
content-length: 353
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://konstantinova.net/dogecoin/?r=D6c9jmNT1Fw8YkkaQUjMNVXVZsdJzfoEZX
142.250.74.164301 Moved Permanently 385 B URL HTTP/2 www.google.com/s2/favicons?domain=https://konstantinova.net/dogecoin/?r=D6c9jmNT1Fw8YkkaQUjMNVXVZsdJzfoEZX
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash aad7496eca828d2560faf64ce591b0a1
2e2091022cd6a1cac78cb3bb778828921313b405
c14606a7440a89d7fdbdd26a6f0fd4d4aa5986240663e399ce601a15dd918def
GET /s2/favicons?domain=https://konstantinova.net/dogecoin/?r=D6c9jmNT1Fw8YkkaQUjMNVXVZsdJzfoEZX HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://konstantinova.net/dogecoin/?r=D6c9jmNT1Fw8YkkaQUjMNVXVZsdJzfoEZX&size=16
x-content-type-options: nosniff
server: sffe
content-length: 385
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://free-dogecoin.com
142.250.74.164301 Moved Permanently 338 B URL HTTP/2 www.google.com/s2/favicons?domain=https://free-dogecoin.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 99781c2aad055f43a28d9ff6274bb362
7cde33e28631337a48c9033466e72d86b2dcc96f
633eebd64f5b93b5c76280ed329b0c6f776f112e26b97b3546327ff88ffbd043
GET /s2/favicons?domain=https://free-dogecoin.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://free-dogecoin.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 338
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 03c8258e1c16364384a10c746732e080
24f121ea76ab812448228b238fadc421f5c4d6c8
9dfb03f619014cd8683030fb68b00b8a0befd9ad9755fcd77c69a2a4e163d397
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/s2/favicons?domain=http://cryptounity.net
142.250.74.164301 Moved Permanently 335 B URL HTTP/2 www.google.com/s2/favicons?domain=http://cryptounity.net
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4045d7b4e55e5b38a72e00a8bb8d19ce
8766de9f3025dd421cc322549ffcc825a404ce76
a384d85a2e5886042b8151325e442f3b1478dc100960485c68ed727c351767a2
GET /s2/favicons?domain=http://cryptounity.net HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://cryptounity.net&size=16
x-content-type-options: nosniff
server: sffe
content-length: 335
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 03c8258e1c16364384a10c746732e080
24f121ea76ab812448228b238fadc421f5c4d6c8
9dfb03f619014cd8683030fb68b00b8a0befd9ad9755fcd77c69a2a4e163d397
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/s2/favicons?domain=https://cryptoscourge.com
142.250.74.164301 Moved Permanently 338 B URL HTTP/2 www.google.com/s2/favicons?domain=https://cryptoscourge.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 58de4853e8a183a7e8b89229453efea1
1f0ff4b90b41fcd32c50145077fa27dfc59db858
bd0710cb1e730db36298491a15739cb4e10dcf084b7d5cdb827ea9280a1f0911
GET /s2/favicons?domain=https://cryptoscourge.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://cryptoscourge.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 338
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://cointiply.com
142.250.74.164301 Moved Permanently 334 B URL HTTP/2 www.google.com/s2/favicons?domain=https://cointiply.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 8d8c38b8d8160383901192f8682bbef2
7497e6e1179b8c50b92aeb72f0c3dac445b7d96f
fdcf64b4f7599249550c867eae46179e8e95bfae9185967a18c51dfaad47c60b
GET /s2/favicons?domain=https://cointiply.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://cointiply.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 334
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://free-bcash.com
142.250.74.164301 Moved Permanently 335 B URL HTTP/2 www.google.com/s2/favicons?domain=https://free-bcash.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 9342e8465b10d71e7ecb6ba0e890c35b
800028932503e09ccf8428eafcf2c1f1e003f218
de6181dcc636d71b1ad290df81235b6678b0bd42767c218fd6e49b5b3b90d5b8
GET /s2/favicons?domain=https://free-bcash.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://free-bcash.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 335
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://claimfreecoins.io
142.250.74.164301 Moved Permanently 338 B URL HTTP/2 www.google.com/s2/favicons?domain=https://claimfreecoins.io
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3ae953b01935e9097e24a290239be3a7
afb4821bbbcc46836634d53087733a7ab8e5e2d7
eabd94a71e95b3809fbfd4dfd6d7ad848762d8f9e959281b3ebdcf5058f6a511
GET /s2/favicons?domain=https://claimfreecoins.io HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://claimfreecoins.io&size=16
x-content-type-options: nosniff
server: sffe
content-length: 338
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
regionads.ru/images/ra_logo.gif
188.120.236.88200 OK 695 B URL HTTP/1.1 regionads.ru/images/ra_logo.gif
IP 188.120.236.88:0
File type GIF image data, version 89a, 20 x 20\012- data
Hash 91f36dada2c436a82b352fdd30ebf16c
bb1d0a054a56d043cf5b9267cc73fa38e8ffb415
df7be0d12117230256dd66d99ad9ca5febb7b3587e2ce5930a68de39399b2d47
GET /images/ra_logo.gif HTTP/1.1
Host: regionads.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://regionads.ru/js/banner.php?id=835
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/gif
Content-Length: 695
Last-Modified: Sun, 23 Jun 2019 06:11:49 GMT
Connection: keep-alive
ETag: "5d0f1825-2b7"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
ocsp.sectigo.com/
172.64.155.188200 OK 282 B IP 172.64.155.188:0
Hash c18457207d71002cf71d1b044a9fc98d
fcee68f225c50e0f84fa60e0214c5d565cbb413a
0d33fe8c47e70b20fc26357d24d9799e814bf849aaa296b5ed7c6e27b910f046
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: application/ocsp-response
Content-Length: 282
Connection: keep-alive
Last-Modified: Fri, 16 Dec 2022 21:53:49 GMT
Expires: Fri, 23 Dec 2022 21:53:48 GMT
Etag: "fcee68f225c50e0f84fa60e0214c5d565cbb413a"
Cache-Control: max-age=386510,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77bf6a106f3d0b61-OSL
www.google.com/s2/favicons?domain=https://bitsfree.net
142.250.74.164301 Moved Permanently 333 B URL HTTP/2 www.google.com/s2/favicons?domain=https://bitsfree.net
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash aee82c50d851075a85c28d9f6843bf4d
b91cbec371c7d413d3e92f7698f462a71f81e3aa
21f94cc96a47efd7750d71ebd3c7d74764e7e37efc5d1fd61da04b9759389b38
GET /s2/favicons?domain=https://bitsfree.net HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://bitsfree.net&size=16
x-content-type-options: nosniff
server: sffe
content-length: 333
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://cryptoarea.net
142.250.74.164301 Moved Permanently 334 B URL HTTP/2 www.google.com/s2/favicons?domain=http://cryptoarea.net
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f94409a8defb6ead489285c61d7f669e
721728b201c37f70563bace166ad3a802d1b620a
72d7a68b8ce3bf6b1bdf8679b91708056ea978510906d5b15647025382ffb68d
GET /s2/favicons?domain=http://cryptoarea.net HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://cryptoarea.net&size=16
x-content-type-options: nosniff
server: sffe
content-length: 334
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://free-ethereum.io
142.250.74.164301 Moved Permanently 336 B URL HTTP/2 www.google.com/s2/favicons?domain=http://free-ethereum.io
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash b536b46e06c72f2ab1f03ecb73cf5abb
784d1efa568f5bed46e3d3d3d4e0b1895ca6a76d
4ad7ebeb03c8348e742da3e39b2921b620f1c575d268424edfb494b3b659763b
GET /s2/favicons?domain=http://free-ethereum.io HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-ethereum.io&size=16
x-content-type-options: nosniff
server: sffe
content-length: 336
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://ethereumfree.info
142.250.74.164301 Moved Permanently 337 B URL HTTP/2 www.google.com/s2/favicons?domain=http://ethereumfree.info
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 387319b07a7d23b4be2106195fed1668
57b17d7838613ba0e1fa7e9cfdac0cead69c1d27
4184b6521fac48c5217ebf2b9b7ec50b51c8e16517ba43976ad5c7f857b2c201
GET /s2/favicons?domain=http://ethereumfree.info HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://ethereumfree.info&size=16
x-content-type-options: nosniff
server: sffe
content-length: 337
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://faucetlite.net
142.250.74.164301 Moved Permanently 334 B URL HTTP/2 www.google.com/s2/favicons?domain=http://faucetlite.net
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash aef23ebeea8bca8699663ad05e9d3fc5
a55fa68fd77c0e1595a2913efa508f9fe5f2a731
e3fc7576dc82bbfa4c7d210e3d3710a7ea371c0cfe9917d71acf671b5c7011a6
GET /s2/favicons?domain=http://faucetlite.net HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://faucetlite.net&size=16
x-content-type-options: nosniff
server: sffe
content-length: 334
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
trafiframe.ru/css/img/Qiwi.png
104.21.56.225200 OK 3.0 kB URL HTTP/1.1 trafiframe.ru/css/img/Qiwi.png
IP 104.21.56.225:0
File type PNG image data, 88 x 31, 8-bit/color RGB, non-interlaced\012- data
Hash 5727016e65a894b482c69eadbcb00d16
17577054c497d6859fca51a1b28e49bb83ccf3b7
a24361e8123c217d21726c53fb1e5e4268974ff6cb0177c8eb31c242791f6e95
GET /css/img/Qiwi.png HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/png
Content-Length: 2979
Connection: keep-alive
Last-Modified: Mon, 08 Jul 2019 05:30:46 GMT
ETag: "5d22d506-ba3"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3203
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VEpXJOy%2BppHiIJk6441yTuUSWyH5LO3eR8YofFnbigYNvE8%2FM6TYgYOEdrH7HhBW9gQ09rIE8u%2F4P4jAJ10x%2BasEN%2FrneeVvjLtV54VX0SDHpEB6u6KkjBXEN5ssqOJ5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a10c961b515-OSL
alt-svc: h2=":443"; ma=60
www.google.com/s2/favicons?domain=https://dogecoinfree.info
142.250.74.164301 Moved Permanently 338 B URL HTTP/2 www.google.com/s2/favicons?domain=https://dogecoinfree.info
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ec70d30f250cce5a50a152538ad66e2f
b5ac2091394bc76d0a5600d67ebf2e0ea55489c8
e2de060be3a26044a7cb375acea028149f3d67222fc0d29fe786d831af2ad840
GET /s2/favicons?domain=https://dogecoinfree.info HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://dogecoinfree.info&size=16
x-content-type-options: nosniff
server: sffe
content-length: 338
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://litecoinfree.info
142.250.74.164301 Moved Permanently 337 B URL HTTP/2 www.google.com/s2/favicons?domain=http://litecoinfree.info
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 16a284fe5685907b2aeb15ca158ac1c0
69be9b1e2e3045aef4771ec66562915b324f9386
98a7a1d307961ffb0018535c4c1450db312d543f2b391c3ca59f00417dd6d74d
GET /s2/favicons?domain=http://litecoinfree.info HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://litecoinfree.info&size=16
x-content-type-options: nosniff
server: sffe
content-length: 337
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
payeer.com/01224350
149.202.17.208200 OK 0 B IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /01224350 HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
trafiframe.ru/css/img/Yandex.png
104.21.56.225200 OK 2.5 kB URL HTTP/1.1 trafiframe.ru/css/img/Yandex.png
IP 104.21.56.225:0
File type PNG image data, 88 x 31, 8-bit/color RGB, non-interlaced\012- data
Hash 422d065c0e4ad04b7f06e85b8cbc3d77
c9d001a8f40222dc085bd147a99a055cf6d92515
107b5b6d1b4acdf6f07d7e33e9dbaf592a052f8aeff4984cdc17eb61402b4f38
GET /css/img/Yandex.png HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/png
Content-Length: 2456
Connection: keep-alive
Last-Modified: Sat, 30 Nov 2019 03:56:37 GMT
ETag: "5de1e875-998"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3125
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hN9zCoTeaS2Zmheg%2Fxo62GctM%2FRhLlNuHhFueuAwYxrqCT97tT%2BNjKSWf8f8oBQJlWZ7qOcX1JZ4y69zsRQp562hcl16UCVjH8SJbqqPOJOZgPjwX7SVKgZzudpUJAGx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a10f8ea0b55-OSL
alt-svc: h2=":443"; ma=60
www.google.com/s2/favicons?domain=http://free-litecoin.com
142.250.74.164301 Moved Permanently 337 B URL HTTP/2 www.google.com/s2/favicons?domain=http://free-litecoin.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash dd8d93bd5276f94e64933c228537256d
bb37926f5924f3ca9bfd6313556dc3e871b5682e
952bcec3b3d312337f635bc2fdbdcae0d3cb98b19bbc6ff18f1e7c7892769d30
GET /s2/favicons?domain=http://free-litecoin.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-litecoin.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 337
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://panel.bither.one
142.250.74.164301 Moved Permanently 336 B URL HTTP/2 www.google.com/s2/favicons?domain=http://panel.bither.one
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash fadab7316f65e6a90e70457f0781486e
1d88424455fa7f9028a8b650271a0fd12df7a816
47423e3d83ed80b16835a8d90050eaf62aa52028fa9783469263ec1225c9ec05
GET /s2/favicons?domain=http://panel.bither.one HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://panel.bither.one&size=16
x-content-type-options: nosniff
server: sffe
content-length: 336
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://free-monero.com
142.250.74.164301 Moved Permanently 335 B URL HTTP/2 www.google.com/s2/favicons?domain=http://free-monero.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 8b7528acd03c8184c957c9e0be17e118
fa2fdd4479a10866255426f372a53b1ca8c541b7
28b465dec6ad5fcf1ab40f30152dcf65c2f5a7629530420aa71ea6048969c93d
GET /s2/favicons?domain=http://free-monero.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-monero.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 335
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://freeb.tc/?r=62410
142.250.74.164301 Moved Permanently 338 B URL HTTP/2 www.google.com/s2/favicons?domain=https://freeb.tc/?r=62410
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 38b4bbf3d6e9f5c73326692dd14fcf35
432ec636f4db5490667ad9769fda2cc0febc24c3
a1b902fef342100ac0cb9579bac362ad81b123181ef88b7b7254ea409ca65ea7
GET /s2/favicons?domain=https://freeb.tc/?r=62410 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://freeb.tc/?r=62410&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
expires: Mon, 19 Dec 2022 10:51:57 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 338
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
trafiframe.ru/css/img/Payeer.png
104.21.56.225200 OK 680 B URL HTTP/1.1 trafiframe.ru/css/img/Payeer.png
IP 104.21.56.225:0
File type PNG image data, 88 x 31, 8-bit colormap, non-interlaced\012- data
Hash ffa8e8dfacb11b69472754ac5d6b0d8f
46a5c2094e724452200e57a1b758328d7190051f
28513542247e10b882e088a7eaf583e87d6ec6cd6affc8c8916d703fd3be9902
GET /css/img/Payeer.png HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/png
Content-Length: 680
Connection: keep-alive
Last-Modified: Sat, 30 Nov 2019 03:56:37 GMT
ETag: "5de1e875-2a8"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3203
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYyK5jwnACd49up46jpT5XMouIe1xtKOaNoJZEyzthxTBGWy6u6C3oAQtomN8WQOMWNRewJay8RekA22LxxR4z6jvLBH38F9AnpIgdKLTH2mBBsRionivzlckejmeqXp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a11099db515-OSL
alt-svc: h2=":443"; ma=60
www.google.com/s2/favicons?domain=https://torbax.ru/btckopilka/index.php?ref=126525
142.250.74.164301 Moved Permanently 362 B URL HTTP/2 www.google.com/s2/favicons?domain=https://torbax.ru/btckopilka/index.php?ref=126525
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 03b4dd751179ecd3be0e07d60a8f4118
1acfd6083856592eba93417331fa66bcf96f4c5b
856d3f9efd195c8c20864b74cf88bffd1ee5e9351b2ac8d6d9c8fc0d4a8a20e6
GET /s2/favicons?domain=https://torbax.ru/btckopilka/index.php?ref=126525 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://torbax.ru/btckopilka/index.php?ref=126525&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
expires: Mon, 19 Dec 2022 10:51:57 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 362
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://satoshihero.com
142.250.74.164301 Moved Permanently 336 B URL HTTP/2 www.google.com/s2/favicons?domain=https://satoshihero.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 0824285a5d75e52248c08f316ca91d63
355d4aac4c14d9aea17fa7182ade1d63f8bfa1d2
adfd5e661cb280b502d7e1c57d5ecce0750344565d5e6252c188e42d7990bab9
GET /s2/favicons?domain=https://satoshihero.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://satoshihero.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 336
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:05:55 GMT
expires: Mon, 19 Dec 2022 10:35:55 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 962
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://www.bestchange.com
142.250.74.164301 Moved Permanently 339 B URL HTTP/2 www.google.com/s2/favicons?domain=https://www.bestchange.com
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c531e254338567530e6ef13448f757b1
5db53f2e2e08a0a78fb6b5167f06006950930db4
b59be5f1df48c9d0dccd8f17414cb96ec89aba35755c2f532a648f667fbc4c67
GET /s2/favicons?domain=https://www.bestchange.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://www.bestchange.com&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
expires: Mon, 19 Dec 2022 10:51:57 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 339
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=http://juicybtc.net/r/671EB40BB
142.250.74.164301 Moved Permanently 344 B URL HTTP/2 www.google.com/s2/favicons?domain=http://juicybtc.net/r/671EB40BB
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c437548b192f7db62ddd6744e09b29df
860ef30e10e77d7fcd21ede0bee769a986e363e8
189ff8fd07dc6f0795b83d6e796e618f961927b25153bda70588c7566b85fee9
GET /s2/favicons?domain=http://juicybtc.net/r/671EB40BB HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://juicybtc.net/r/671EB40BB&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
expires: Mon, 19 Dec 2022 10:51:57 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://bitfaucet.app/ref/6et2w
142.250.74.164301 Moved Permanently 344 B URL HTTP/2 www.google.com/s2/favicons?domain=https://bitfaucet.app/ref/6et2w
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 959641806f0745953c41d9358b3b697b
93b195201536a4586b283d4dc583e2f551debb6d
3b0cd98dc214ec2a186084ab754f4e981024ad8bab8d24b879996a10bd8a6a31
GET /s2/favicons?domain=https://bitfaucet.app/ref/6et2w HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://bitfaucet.app/ref/6et2w&size=16
x-content-type-options: nosniff
server: sffe
content-length: 344
x-xss-protection: 0
date: Mon, 19 Dec 2022 10:01:24 GMT
expires: Mon, 19 Dec 2022 10:31:24 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/favicons?domain=https://www.ilovebtc.fun/?ref=28849
142.250.74.164301 Moved Permanently 348 B URL HTTP/2 www.google.com/s2/favicons?domain=https://www.ilovebtc.fun/?ref=28849
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 03a17562d54d02954bff8740b56015d6
898db8d4ad1446a82e2f7b6aa62b99b99bca5e84
a3f068501caafe6b12bdc2995594f5c0b964b634b43dc645c13449e4f9c4f32c
GET /s2/favicons?domain=https://www.ilovebtc.fun/?ref=28849 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://www.ilovebtc.fun/?ref=28849&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
expires: Mon, 19 Dec 2022 10:51:57 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 348
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
trafiframe.ru/css/img/foot.png
104.21.56.225200 OK 548 B URL HTTP/1.1 trafiframe.ru/css/img/foot.png
IP 104.21.56.225:0
File type PNG image data, 93 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 653187f4d97c7ce44697dd1c43855fa6
a2c66d8c6c8bc624464f63b8d16dc7a4582270a3
49a7a5d720f769b67e864725cd43fafd9212e25cc93ebb3a2945280034d72176
GET /css/img/foot.png HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/png
Content-Length: 548
Connection: keep-alive
Last-Modified: Fri, 29 Nov 2019 23:41:16 GMT
ETag: "5de1ac9c-224"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3203
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIyGsmBNV6fTEO04SrjfrlJ%2B9LdFSj83wi%2BroGl7C1xZiEMAcm%2B5uEBOQuAl0yzI8N00h4vEQGBn4KbHBdKXuNCE7Y2XZfpCj4GIIPmtCX2%2BlgL0uNjHZgGY%2BGAXrUfQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a1108fd0b55-OSL
alt-svc: h2=":443"; ma=60
trafiframe.ru/css/img/megastock.png
104.21.56.225200 OK 854 B URL HTTP/1.1 trafiframe.ru/css/img/megastock.png
IP 104.21.56.225:0
File type PNG image data, 88 x 31, 8-bit colormap, non-interlaced\012- data
Hash 3647f5c9b3ea7092329cd1ee93f5e2e3
98115f7be0c616eeaf3453c8adb8a21c1a9596ba
be4ba2c067449ee68cd89d090dd3176ae90de2ab061d751e123a33b27f2e0a87
GET /css/img/megastock.png HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/png
Content-Length: 854
Connection: keep-alive
Last-Modified: Sat, 30 Nov 2019 03:56:37 GMT
ETag: "5de1e875-356"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3203
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i1mL8b%2FSbcG2rfERifoyKtp80mItUqHBFYIvrw8vcefoHUcYUPOyOuyqsB56MC2IqdMTQj1AXUVbfDw1RSA09lUxIy6U8ZDPNzDT7h3GrZZPxW6bg2j53HHgLen%2B2I62"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a1119aab515-OSL
alt-svc: h2=":443"; ma=60
regionads.ru/images/banners/6_1639812171.jpg
188.120.236.88200 OK 15 kB URL HTTP/1.1 regionads.ru/images/banners/6_1639812171.jpg
IP 188.120.236.88:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 468x60, components 3\012- data
Hash 2641e255e3901f2c13c80d0d63471a34
9584ce8c0656301fe6d865ca9e7775995d6a4017
93ca9d1cffeb0ff580659ed62b662ddc4fc3f266ce9a82f37cccaaa6cb1dcffd
GET /images/banners/6_1639812171.jpg HTTP/1.1
Host: regionads.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://regionads.ru/js/banner.php?id=835
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/jpeg
Content-Length: 14608
Last-Modified: Sat, 18 Dec 2021 07:22:51 GMT
Connection: keep-alive
ETag: "61bd8c4b-3910"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
payeer.com/iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
149.202.17.208302 Moved Temporarily 151 B URL HTTP/1.1 payeer.com/iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
IP 149.202.17.208:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 84c5c7ab6eb37f26115891919aeb3cb2
13c7a36516fc799d2ec4a6a4eddfb4cbd70ce3cb
5481c0c12c3efcbeb4f116073584dd0cbb17006c11554df5a5ebeb4e50c4bee7
GET /iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ== HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html
Content-Length: 151
Location: https://payeer.com/
Connection: keep-alive
webtrafic.ru/img/banner_468x60_5.gif
172.67.212.189301 Moved Permanently 0 B URL HTTP/1.1 webtrafic.ru/img/banner_468x60_5.gif
IP 172.67.212.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /img/banner_468x60_5.gif HTTP/1.1
Host: webtrafic.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 301 Moved Permanently
Date: Mon, 19 Dec 2022 10:21:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 19 Dec 2022 11:21:57 GMT
Location: https://webtrafic.ru/img/banner_468x60_5.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2TYlCDMy5SvSdaoN9Fok1L00YaM0uGMnZYimNkZxizVHPcdCXkFdRWCLhUXpUJSIUyrN6LhTxvoJnlWJ3sYmNnzgydzebwnrr0T0qLX3H1MubiSDyX67zVRzdLZufkc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a112ce8b51d-OSL
alt-svc: h2=":443"; ma=60
trafiframe.ru/img/468_3.gif
104.21.56.225200 OK 142 kB URL HTTP/1.1 trafiframe.ru/img/468_3.gif
IP 104.21.56.225:0
File type GIF image data, version 89a, 468 x 60\012- data
Size 142 kB (141463 bytes)
Hash 728e56e2002c1c7c318d3e909c66a8c0
c19e6989a8fd4d907433e662cf572a6be1126a8a
e3b2b697b15822da14db860b660ed364c072badea25c8dc537d2d9d4d10bcc38
GET /img/468_3.gif HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/gif
Content-Length: 141463
Connection: keep-alive
Last-Modified: Thu, 05 Aug 2021 18:01:55 GMT
ETag: "610c2793-22897"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3203
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mvo%2FN%2BEEsl%2BszDg397hDN53e4VcKaAz50O2gUZ6oj1RLoolTSkNRXT0f21xuoZ%2FHPhPeMkhAcHn%2BnirEVhi%2F5YO5k34ynLtFzIod4ZEMSfMFbYKpUyg582UCiT2S0D9O"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a1129110b55-OSL
alt-svc: h2=":443"; ma=60
payeer.com/01276479
149.202.17.208200 OK 0 B IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /01276479 HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
payeer.com/iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
149.202.17.208302 Moved Temporarily 151 B URL HTTP/1.1 payeer.com/iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
IP 149.202.17.208:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 84c5c7ab6eb37f26115891919aeb3cb2
13c7a36516fc799d2ec4a6a4eddfb4cbd70ce3cb
5481c0c12c3efcbeb4f116073584dd0cbb17006c11554df5a5ebeb4e50c4bee7
GET /iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ== HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html
Content-Length: 151
Location: https://payeer.com/
Connection: keep-alive
payeer.com/iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
149.202.17.208302 Moved Temporarily 151 B URL HTTP/1.1 payeer.com/iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ==
IP 149.202.17.208:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 84c5c7ab6eb37f26115891919aeb3cb2
13c7a36516fc799d2ec4a6a4eddfb4cbd70ce3cb
5481c0c12c3efcbeb4f116073584dd0cbb17006c11554df5a5ebeb4e50c4bee7
GET /iproxy/j?e6ynoauyqLCRljqselz4Gy8wMTI3NjQ3OQ== HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html
Content-Length: 151
Location: https://payeer.com/
Connection: keep-alive
trafiframe.ru/img/ref.gif
104.21.56.225200 OK 284 kB URL HTTP/1.1 trafiframe.ru/img/ref.gif
IP 104.21.56.225:0
File type GIF image data, version 89a, 468 x 60\012- data
Size 284 kB (283659 bytes)
Hash 160c41d2e4d339940fd34528f45f3c38
b72177819a767959e301b05f3b3837aabb55e8b2
8ecdbbb859841771cec7dbbfb354b5574969f75756fed803ca30ebd1e374340b
GET /img/ref.gif HTTP/1.1
Host: trafiframe.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://trafiframe.ru/
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: image/gif
Content-Length: 283659
Connection: keep-alive
Last-Modified: Tue, 03 Aug 2021 01:19:22 GMT
ETag: "6108999a-4540b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3838
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2FAwe5Sm%2BVUiEFxhtSN%2F1Yw28zMR%2FSCm3BWsg4l1%2BFJzVIcSdNlb9tUDmVj6DoaVngXz1AVUgsLbs548VCIlrYkJp4p6gb8wzwZmppn1A6ox4Eg7JUEFnkGXEzSzaSWB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bf6a1129ceb515-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c7067973a30c54b2897aeeb5e204f014
7b0711fd3909e48347441e4edc9c429af69595a9
b224be5e7ec78abaa46ab333f0adee535cb24e5bc4b2b721c441e4061043a467
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
payeer.com/?session=2103954
149.202.17.208200 OK 0 B URL HTTP/1.1 payeer.com/?session=2103954
IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?session=2103954 HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://trafiframe.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 10:21:57 GMT
access-control-allow-origin: *
etag: "639bee03-2b"
expires: Mon, 19 Dec 2022 11:21:57 GMT
accept-ranges: bytes
last-modified: Fri, 16 Dec 2022 07:03:15 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 12 kB IP 142.250.74.131:0
Hash c29e21dc6e299aaff9194bc2f0e38fa7
7790335f601eaf2591599ccb3f1936cf1875ce0e
e4c1870824e8a6591be65b47cc2c2c1bc04b403528f9d0755b2fbca2b241dfaf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 346 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0cabcee92eb90fbd451d1c1166719434
1d68ddb14095b723af4e642bff798c68fc1a0623
2ee1878376f3345febf5fb1b62274ffe33622e0489540bc3d6775cd409654375
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "2EE1878376F3345FEBF5FB1B62274FFE33622E0489540BC3D6775CD409654375"
Last-Modified: Sat, 17 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8346
Expires: Mon, 19 Dec 2022 12:41:03 GMT
Date: Mon, 19 Dec 2022 10:21:57 GMT
Connection: keep-alive
cdn.freekassa.ru/banners/small-dark-2.png
104.26.12.182200 OK 1.8 kB URL HTTP/2 cdn.freekassa.ru/banners/small-dark-2.png
IP 104.26.12.182:0
File type PNG image data, 88 x 31, 8-bit/color RGBA, non-interlaced\012- data
Hash 0cd33c762a1140b59c703401d939b274
4c14c9cc097c7418d7f6e4d6564fc87193b3f221
6194aa64884a78b709b75ff4a7625f8fb4ad94021e3ed9ea9f6968fd2108668b
GET /banners/small-dark-2.png HTTP/1.1
Host: cdn.freekassa.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://betrobots.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:57 GMT
content-type: image/png
content-length: 1784
strict-transport-security: max-age=63072000; includeSubDomains
last-modified: Thu, 01 Apr 2021 12:07:50 GMT
etag: "6f8-5bee814951f6c"
content-security-policy: frame-ancestors 'self' *; default-src 'self' data: wss: mc.yandex.ru mc.yandex.com fpnpmcdn.net cdnwbstts.com *.fptls.com *.cdnwbstts.com *.fpjs.io *.fpapi.io *.youtube.com finana.io fokusdoom.ru pay.finana.io *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com freekassa.ru *.freekassa.ru *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' blob: mc.yandex.ru mc.yandex.com fpnpmcdn.net fokusdoom.ru *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com *.freekassa.ru *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.jivosite.com *.google.com.ua *.freekassa.ru; font-src 'self' data: *.gstatic.com 'unsafe-inline'; style-src-elem 'self' data: *.jivosite.com *.googleapis.com *.freekassa.ru 'unsafe-inline'; base-uri 'none'; form-action 'self' *; style-src 'self' *.googleapis.com *.freekassa.ru *.googletagmanager.com *.jivosite.com 'unsafe-inline' ; style-src-attr 'self' *.googleapis.com *.freekassa.ru freekassa.ru 'unsafe-inline';
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Origin, Accept-Encoding
cache-control: max-age=3600
cf-cache-status: HIT
age: 7080
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mQbVLDQddh4GrMlkvnC2wLbpmPEuSL7q8%2Fim0r%2BQD5S270spMGoJRl7j%2ByfxQjajPKbPWH4cBcHNX%2FZWOyW%2FQHs%2F317m7CCI%2FkMGyhufH6mt7V49zx5qcgiMCPUH9%2BfAcr0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a130fb2b4fd-OSL
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32058)
Hash fc3fc31e5e7c0933dc18e562c1c071bf
a44c31323f6bd29e583cc585036e6eb39f7014a6
ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d
GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://betrobots.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Dec 2022 20:50:02 GMT
expires: Fri, 15 Dec 2023 20:50:02 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 307915
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/87261774/1?wmode=7&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&site-info=%7B%22ip%22%3A%2291.90.42.154%22%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2116%3Afu%3A0%3Aen%3Awindows-1251%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A397012290182%3Ahid%3A474126600%3Az%3A0%3Ai%3A20221219102156%3Aet%3A1671445317%3Ac%3A1%3Arn%3A920057292%3Arqn%3A1%3Au%3A1671445317508128318%3Aw%3A1268x912%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C38%2C1908%2C0%2C-7%2C0%2C%2C536%2C2%2C%2C%2C%2C2541%3Aco%3A0%3Ans%3A1671445313593%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671445317%3At%3A%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/87261774/1?wmode=7&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&site-info=%7B%22ip%22%3A%2291.90.42.154%22%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2116%3Afu%3A0%3Aen%3Awindows-1251%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A397012290182%3Ahid%3A474126600%3Az%3A0%3Ai%3A20221219102156%3Aet%3A1671445317%3Ac%3A1%3Arn%3A920057292%3Arqn%3A1%3Au%3A1671445317508128318%3Aw%3A1268x912%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C38%2C1908%2C0%2C-7%2C0%2C%2C536%2C2%2C%2C%2C%2C2541%3Aco%3A0%3Ans%3A1671445313593%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671445317%3At%3A%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash 0347b46fa3c8237e07fe8f9f38184aad
d17fa02077903ae470a9b67721678fddbcf0cadd
2173432f1d4fb9757bc650b3629d3f0aa0d6aa1766ff1683ff5155cd50d2e10f
GET /watch/87261774/1?wmode=7&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&site-info=%7B%22ip%22%3A%2291.90.42.154%22%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2116%3Afu%3A0%3Aen%3Awindows-1251%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A397012290182%3Ahid%3A474126600%3Az%3A0%3Ai%3A20221219102156%3Aet%3A1671445317%3Ac%3A1%3Arn%3A920057292%3Arqn%3A1%3Au%3A1671445317508128318%3Aw%3A1268x912%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C38%2C1908%2C0%2C-7%2C0%2C%2C536%2C2%2C%2C%2C%2C2541%3Aco%3A0%3Ans%3A1671445313593%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671445317%3At%3A%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://f95241kr.beget.tech
Referer: http://f95241kr.beget.tech/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Mon, 19 Dec 2022 10:21:57 GMT
x-content-type-options: nosniff
access-control-allow-origin: http://f95241kr.beget.tech
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:21:57 GMT
last-modified: Mon, 19-Dec-2022 10:21:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://freebitco.in/?r=1733706&size=16
142.250.74.36200 OK 344 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://freebitco.in/?r=1733706&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 4e0f5acd4f0f376676e41bc76a9802db
000da66f9763a3b58f85bf9a55b092be9772085d
caff971b82a1504ee3d93f8ac0e9127b5ea23083ba7057fc11af2a62ca4c537d
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://freebitco.in/?r=1733706&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://static1.freebitco.in/favicon.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 18:48:55 GMT
expires: Fri, 23 Dec 2022 18:48:55 GMT
cache-control: public, max-age=604800
age: 228782
last-modified: Thu, 16 Apr 2020 15:12:56 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://litecoinfree.info&size=16
142.250.74.36200 OK 525 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://litecoinfree.info&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 0e7490fb45f75e701e6f881c482f41d0
eb49f737486f87c9155563697b47d5ed3b788fae
d3528057ed6f6e5ef6d921c1eda6c1f2ca0524c33c83619143967a8bb6c7e4ff
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://litecoinfree.info&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-location: http://img.sedoparking.com/templates/logos/sedo_logo.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 525
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Dec 2022 16:26:42 GMT
expires: Tue, 20 Dec 2022 16:26:42 GMT
cache-control: public, max-age=604800
age: 496515
last-modified: Mon, 26 Nov 2018 03:13:52 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://torbax.ru/btckopilka/index.php?ref=126525&size=16
142.250.74.36200 OK 439 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://torbax.ru/btckopilka/index.php?ref=126525&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 349d1ba409ce35fcf3179e3407214210
2ca5a45a42f6ae7e5030697516453910116dae4b
fdfd15b38194c05f18adc7e691a65f748e1122e9a0d69c5fe6170d6439547a78
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://torbax.ru/btckopilka/index.php?ref=126525&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://torbax.ru/wp-content/uploads/2021/07/cropped-favicon1-32x32.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 439
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 18 Dec 2022 04:06:46 GMT
expires: Sun, 25 Dec 2022 04:06:46 GMT
cache-control: public, max-age=604800
last-modified: Mon, 26 Jul 2021 01:30:41 GMT
content-type: image/png
age: 108911
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://tfbitcoin.com&size=16
142.250.74.36404 Not Found 726 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://tfbitcoin.com&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://tfbitcoin.com&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
payeer.com/
149.202.17.208200 OK 0 B IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://panel.bither.one&size=16
142.250.74.36200 OK 170 kB URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://panel.bither.one&size=16
IP 142.250.74.36:0
Size 170 kB (170045 bytes)
Hash 4ae54858a19c4aaf28958807d2655db8
0b81d70020422f88a28e8791f2689286953271e1
3f4cc53820b39dbe9db0f60ca7769b24309c9f22d93e48345efa5aa6b1abaa7c
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://panel.bither.one&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://panel.bither.one/themes/vendors/images/favicon.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 277
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Dec 2022 13:26:00 GMT
expires: Sat, 24 Dec 2022 13:26:00 GMT
cache-control: public, max-age=604800
age: 161757
last-modified: Sat, 01 Sep 2018 04:08:12 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-ethereum.io&size=16
142.250.74.68200 OK 636 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-ethereum.io&size=16
IP 142.250.74.68:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 7fa40b3c934d23860435dc6e60fc58a8
7529d705dc1f6008db3f2184798176045c886812
21b383a3cbcabeeab544d3edc3c5627201fab79393bbf21ed8b9501e07f9cb18
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-ethereum.io&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://free-ethereum.io/img/favicon/favicon-16x16.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 636
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 14:01:52 GMT
expires: Fri, 23 Dec 2022 14:01:52 GMT
cache-control: public, max-age=604800
age: 246005
last-modified: Fri, 12 Jul 2019 11:53:46 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-monero.com&size=16
142.250.74.36200 OK 520 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-monero.com&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b8ef076dac621fa83fc39ccd632279d
7272d81ca594248a7cbea4c26653e4e46adf4f62
6278df87642b01807265db5f83352ef922dfd458727b7972af0389ca1a5718af
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-monero.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-location: http://free-monero.com/img/favicon/favicon-16x16.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 520
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 14:08:34 GMT
expires: Fri, 23 Dec 2022 14:08:34 GMT
cache-control: public, max-age=604800
age: 245603
last-modified: Thu, 12 Sep 2019 23:17:38 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://freeb.tc/?r=62410&size=16
142.250.74.68404 Not Found 726 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://freeb.tc/?r=62410&size=16
IP 142.250.74.68:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://freeb.tc/?r=62410&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://bitsfree.net&size=16
142.250.74.36200 OK 603 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://bitsfree.net&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 521065acf3102a346c2fb69e3b3fecb0
08c4b6d9ee3393c9c6e8d595a249453de6544ec5
6fd7eb863f06c174b29103d540b29c0277bb55dee4bbd066f6dfb61d7ed88bfe
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://bitsfree.net&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://bitsfree.net/assets/images/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 603
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 14:42:34 GMT
expires: Fri, 23 Dec 2022 14:42:34 GMT
cache-control: public, max-age=604800
age: 243563
last-modified: Mon, 18 Jan 2021 06:02:52 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://www.bestchange.com&size=16
142.250.74.36200 OK 712 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://www.bestchange.com&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 89b375949b7191a6cf9dd1177628aa84
76335e8605f328f57d79f92d5a297ae8cdf06d5a
3c856c8ddcc4bdd24a9cb63b4a0675a26cd64e4ebabddf8e9d1ab8505d09fbc0
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://www.bestchange.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.bestchange.com/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 712
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 21:43:16 GMT
expires: Fri, 23 Dec 2022 21:43:16 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
age: 218321
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
informer.yandex.ru/informer/56460499/3_0_ECECECFF_CCCCCCFF_0_pageviews
93.158.134.119200 OK 1.6 kB URL HTTP/2 informer.yandex.ru/informer/56460499/3_0_ECECECFF_CCCCCCFF_0_pageviews
IP 93.158.134.119:0
File type PNG image data, 88 x 31, 8-bit/color RGBA, non-interlaced\012- data
Hash ebefbfd9a53eab1d5096c19899a2f5b5
90c9ecf15fcae1ca483365372011bfd177ebaeb3
165e6d063f07276f36cd8f323ad6be8019b91fbec1cf029d814903d096e9b3b8
GET /informer/56460499/3_0_ECECECFF_CCCCCCFF_0_pageviews HTTP/1.1
Host: informer.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://trafiframe.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 1598
last-modified: Mon, 19-Dec-2022 10:21:57 GMT
content-type: image/png
pragma: no-cache
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:21:57 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://dogecoinfree.info&size=16
142.250.74.36404 Not Found 726 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://dogecoinfree.info&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://dogecoinfree.info&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://free-bcash.com&size=16
142.250.74.36200 OK 479 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://free-bcash.com&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 0e55569b6a092da064e5305dde4b18fd
d9a5e0b04783f959595b1cf60a6fb45f0674124a
a7f4bafe9ddf3dc331e194e0ed1644f5d6b8c6a69207d62ae6f8ce14c9e5dd31
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://free-bcash.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://free-bcash.com/img/favicon/favicon-16x16.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 479
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Dec 2022 22:42:04 GMT
expires: Tue, 20 Dec 2022 22:42:04 GMT
cache-control: public, max-age=604800
age: 473993
last-modified: Mon, 13 Aug 2018 08:34:18 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://claimfreecoins.io&size=16
142.250.74.68200 OK 264 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://claimfreecoins.io&size=16
IP 142.250.74.68:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash fb61286ebf3a5e8299982a5e34c63d6c
aa1aa2e5557d5de724358559ac1e741f9c8c71ae
cc0ed18bcff661176dd7b5a8e602412192232ee40e4678fa8533e0df041d72e2
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://claimfreecoins.io&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://claimfreecoins.io/assets/img/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 264
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 14:08:00 GMT
expires: Wed, 21 Dec 2022 14:08:00 GMT
cache-control: public, max-age=604800
age: 418437
last-modified: Mon, 28 Dec 2020 15:24:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-litecoin.com&size=16
142.250.74.36200 OK 331 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-litecoin.com&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash b73e0d6f0e293236b1d1657c5fc16b5c
df008793678d726df00dcdd888147b5fbef4872e
585afee12b1f454ed160df91b41195e638d3611d50e49452d563cbdf611b4b85
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://free-litecoin.com&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://free-litecoin.com/icon/favicon-96x96.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 331
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 08:28:20 GMT
expires: Fri, 23 Dec 2022 08:28:20 GMT
cache-control: public, max-age=604800
last-modified: Wed, 11 Apr 2018 00:43:34 GMT
content-type: image/png
age: 266017
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://free-dogecoin.com&size=16
142.250.74.36404 Not Found 726 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://free-dogecoin.com&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://free-dogecoin.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ads.top-dengi.ru/btc.php
185.26.122.78200 OK 2.1 kB IP 185.26.122.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ISO-8859 text
Hash c14d2b1d0021e97e28ed4deefc6eedab
0ad72699c2780f290b6d6bc0871608f03326a40f
a8ff4fd9b180f658bdcd3f34dd171ca27e9b1ffb5a890c117ee921755139e943
GET /btc.php HTTP/1.1
Host: ads.top-dengi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:57 GMT
content-type: text/html
vary: Accept-Encoding
x-powered-by: PHP/5.2.18-dev
content-encoding: gzip
X-Firefox-Spdy: h2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://satoshimonster.com&size=16
142.250.74.36200 OK 505 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://satoshimonster.com&size=16
IP 142.250.74.36:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 16x16, components 3\012- data
Hash 0d1db78ce5d53ddf664af70a726654dd
04e137b721a40df12cc213ebc0847b5531e83f5f
7b7d11fec49123e2e112f602f7e9446eae6f44a49ef7f9d4ba083de38da2d921
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://satoshimonster.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://satoshimonster.com/_nuxt/icons/icon_64x64.84a3f9.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 505
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 15:05:28 GMT
expires: Fri, 23 Dec 2022 15:05:28 GMT
cache-control: public, max-age=604800
age: 242189
last-modified: Sat, 10 Oct 2020 02:15:11 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://faucetlite.net&size=16
142.250.74.68404 Not Found 726 B URL HTTP/2 t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://faucetlite.net&size=16
IP 142.250.74.68:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://faucetlite.net&size=16 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 930f0320ed7bc9738f6d3d00639c7537
f9a1d6bea1bd4816546a03821888cd3dff122c73
1f59797edf40eaef89b0c2671766ecdcaf9e48ec2883f285b34d330f01823d19
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
payeer.com/
149.202.17.208200 OK 0 B IP 149.202.17.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: payeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: iCore Proxy Module
Date: Mon, 19 Dec 2022 10:21:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://cryptoscourge.com&size=16
142.250.74.36404 Not Found 726 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://cryptoscourge.com&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://cryptoscourge.com&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://ethereumfree.info&size=16
142.250.74.36404 Not Found 726 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://ethereumfree.info&size=16
IP 142.250.74.36:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://ethereumfree.info&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://serfnets.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 19 Dec 2022 10:21:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fa1403d9008d93c5fc6b5d9ad40dffa7
c04042b56d2c5dbeec8bbc68d5167eda3b06751d
af35c81f6ddf41e8f12a0c72fa84cecfbaf8cc89df785e9fd70676bc99afb065
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AF35C81F6DDF41E8F12A0C72FA84CECFBAF8CC89DF785E9FD70676BC99AFB065"
Last-Modified: Sun, 18 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=374
Expires: Mon, 19 Dec 2022 10:28:11 GMT
Date: Mon, 19 Dec 2022 10:21:57 GMT
Connection: keep-alive
static.a-ads.com/a-ads-banners/426618/300x250?region=eu-central-1
136.243.35.166200 OK 500 kB URL HTTP/2 static.a-ads.com/a-ads-banners/426618/300x250?region=eu-central-1
IP 136.243.35.166:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 300 x 250\012- data
Size 500 kB (499628 bytes)
Hash e4eb2c4ec1794d4e05b77ec20607b881
4abdedcc14882e200a685cfd4240e69c60732aea
4f2c5f4d5efd47fd8d0fc9e0ceca3d637d907a682b748102378c2aa677395efe
GET /a-ads-banners/426618/300x250?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:57 GMT
content-type: image/gif
content-length: 499628
x-amz-id-2: FnRnZrpmSlBXry31TZ/CYRNBHKWJPhud+pjnyxtaQtchQ5p5YF4Zn+JDdmx7v5AOVJLRzLpWXXk=
x-amz-request-id: R994FV0GVH6Q5VKD
x-amz-replication-status: COMPLETED
last-modified: Sun, 20 Nov 2022 16:37:46 GMT
etag: "e4eb2c4ec1794d4e05b77ec20607b881"
cache-control: max-age=315360000
x-amz-version-id: aMmfct8jferkXctt.IjET.eVL2M61OoN
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fa1403d9008d93c5fc6b5d9ad40dffa7
c04042b56d2c5dbeec8bbc68d5167eda3b06751d
af35c81f6ddf41e8f12a0c72fa84cecfbaf8cc89df785e9fd70676bc99afb065
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AF35C81F6DDF41E8F12A0C72FA84CECFBAF8CC89DF785E9FD70676BC99AFB065"
Last-Modified: Sun, 18 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=373
Expires: Mon, 19 Dec 2022 10:28:11 GMT
Date: Mon, 19 Dec 2022 10:21:58 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c7067973a30c54b2897aeeb5e204f014
7b0711fd3909e48347441e4edc9c429af69595a9
b224be5e7ec78abaa46ab333f0adee535cb24e5bc4b2b721c441e4061043a467
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 10:21:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
translate.googleapis.com/translate_static/css/translateelement.css
142.250.74.74200 OK 291 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP 142.250.74.74:0
Size 291 kB (291097 bytes)
Hash faed236a5a6f76608726c28b32bd5670
2b33e8a4b39b8ced8ef3217fd5600f269ff7a695
1662dba44763cb58f5f4fccfb07d4ed17d29ac14ea5d9965ec2d784837c432b5
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://betrobots.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3619
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 09:31:39 GMT
expires: Mon, 19 Dec 2022 10:31:39 GMT
cache-control: public, max-age=3600
last-modified: Wed, 17 Aug 2022 23:38:00 GMT
content-type: text/css
age: 3019
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.c2_H6h0zvYw.O/d=1/exm=el_conf/ed=1/rs=AN8SPfraNL4hBUxcHD1JwUr3OofpEUwLhQ/m=el_main
142.250.74.74200 OK 76 kB URL HTTP/2 translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.c2_H6h0zvYw.O/d=1/exm=el_conf/ed=1/rs=AN8SPfraNL4hBUxcHD1JwUr3OofpEUwLhQ/m=el_main
IP 142.250.74.74:0
Hash 0d12ea1b0d1413fd1cc9f38c69ca28da
a47dc0a542a35bf3a37131173142212592477a42
d3ae1856776659661bb2ac6234d0d25004abbf217630e275cc18aacd2d7277c0
GET /_/translate_http/_/js/k=translate_http.tr.no.c2_H6h0zvYw.O/d=1/exm=el_conf/ed=1/rs=AN8SPfraNL4hBUxcHD1JwUr3OofpEUwLhQ/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://betrobots.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 75142
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 13:35:38 GMT
expires: Sat, 16 Dec 2023 13:35:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 07 Dec 2022 22:10:10 GMT
content-type: text/javascript; charset=UTF-8
age: 247580
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
banner.trafficvulcan.com/bannerads/banners/248865.jpg
67.222.24.1200 OK 34 kB URL HTTP/2 banner.trafficvulcan.com/bannerads/banners/248865.jpg
IP 67.222.24.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 468x60, components 3\012- data
Hash 45ee1653821517d56f50fa11c96b1373
1a2a1bc8bfb660cc1c0543869bd859a58d544ce7
71ec2f7cfcee51fed7f5305eb95c3dc64b8282a6253565b90f6c83f9ea4ab08d
GET /bannerads/banners/248865.jpg HTTP/1.1
Host: banner.trafficvulcan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://start-traffic.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 26 Dec 2022 10:21:58 GMT
content-type: image/jpeg
last-modified: Fri, 08 Apr 2022 23:04:32 GMT
accept-ranges: bytes
content-length: 33550
date: Mon, 19 Dec 2022 10:21:58 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
ads.top-dengi.ru/btc.php
185.26.122.78200 OK 8.3 kB IP 185.26.122.78:0
Hash 80370b7772154d2a9fa145d3b6f48a69
dd306c7fc9948ef772dd6033983fffcb91646b00
6856cf70467aa990af6e668ea40b80cf609042ab4e65e067038873166d23d609
GET /btc.php HTTP/1.1
Host: ads.top-dengi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:59 GMT
content-type: text/html
vary: Accept-Encoding
x-powered-by: PHP/5.2.18-dev
content-encoding: gzip
X-Firefox-Spdy: h2
ads.top-dengi.ru/btc.php
185.26.122.78200 OK 8.3 kB IP 185.26.122.78:0
Hash 7ef8db39d2000102a67b57876465982b
347f9926be0fb9a971790b37eff5ac8efd9aa476
ce9d4c36d713fede7f2981a5e6df9c0ccca809b7c5eca100060ba1470a115681
GET /btc.php HTTP/1.1
Host: ads.top-dengi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:59 GMT
content-type: text/html
vary: Accept-Encoding
x-powered-by: PHP/5.2.18-dev
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/56460499/1?wmode=7&page-url=http%3A%2F%2Ftrafiframe.ru%2Fiframe.php&page-ref=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A217674029126%3Ahid%3A482010017%3Aphid%3A474126600%3Az%3A0%3Ai%3A20221219102200%3Aet%3A1671445321%3Arn%3A981014037%3Au%3A16714453211956024%3Aw%3A0x0%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C361%2C1%2C2951%2C2951%2C0%2C876%3Aco%3A0%3Ans%3A1671445316176%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671445321%3At%3AAuto-surfing%20sites&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ecs%280%29ti%282%29
93.158.134.119200 OK 161 kB URL HTTP/2 mc.yandex.ru/watch/56460499/1?wmode=7&page-url=http%3A%2F%2Ftrafiframe.ru%2Fiframe.php&page-ref=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A217674029126%3Ahid%3A482010017%3Aphid%3A474126600%3Az%3A0%3Ai%3A20221219102200%3Aet%3A1671445321%3Arn%3A981014037%3Au%3A16714453211956024%3Aw%3A0x0%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C361%2C1%2C2951%2C2951%2C0%2C876%3Aco%3A0%3Ans%3A1671445316176%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671445321%3At%3AAuto-surfing%20sites&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ecs%280%29ti%282%29
IP 93.158.134.119:0
Size 161 kB (160550 bytes)
Hash 21fafe7817924b3029e4b485a2cf6a56
33c19bd48e07644721c15c3604789bd1c1bff4f0
e85ae9e0bf386e6d319537a34232ddedb4e9f69829ff95a1c948c99404518aca
GET /watch/56460499/1?wmode=7&page-url=http%3A%2F%2Ftrafiframe.ru%2Fiframe.php&page-ref=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A217674029126%3Ahid%3A482010017%3Aphid%3A474126600%3Az%3A0%3Ai%3A20221219102200%3Aet%3A1671445321%3Arn%3A981014037%3Au%3A16714453211956024%3Aw%3A0x0%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C361%2C1%2C2951%2C2951%2C0%2C876%3Aco%3A0%3Ans%3A1671445316176%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671445321%3At%3AAuto-surfing%20sites&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ecs%280%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Mon, 19 Dec 2022 10:22:00 GMT
x-content-type-options: nosniff
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:22:00 GMT
last-modified: Mon, 19-Dec-2022 10:22:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/87261774?wmode=0&wv-part=1&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=329775056&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1671445322%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102201%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445322&t=gdpr(14)ti(2)
93.158.134.119200 OK 10 kB URL HTTP/2 mc.yandex.ru/webvisor/87261774?wmode=0&wv-part=1&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=329775056&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1671445322%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102201%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445322&t=gdpr(14)ti(2)
IP 93.158.134.119:0
Hash cae816de869d0fe149570361e5b9176b
4de2fcc94dd8420711d3cee88622de7b0537a14b
8bff50a857c830afa077c601fa1353c6f6dc7325018e346c95c28d1234a31a29
POST /webvisor/87261774?wmode=0&wv-part=1&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=329775056&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1671445322%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102201%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445322&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 29651
Origin: http://f95241kr.beget.tech
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 10:22:01 GMT
access-control-allow-origin: http://f95241kr.beget.tech
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:22:01 GMT
last-modified: Mon, 19-Dec-2022 10:22:01 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
acceptable.a-ads.com/2095511
136.243.35.166200 OK 7.1 kB URL HTTP/2 acceptable.a-ads.com/2095511
IP 136.243.35.166:0
ASN #24940 Hetzner Online GmbH
Hash c2b70026ca85f63202aa6d7e02e6180a
f6c2b9a1e91c7d364dcfbd18b21553d7bd1e238e
f5ff5c6b508bc58a19046b8c6fd0eec57c24854c9af87d965d890b4fd4f1704b
GET /2095511 HTTP/1.1
Host: acceptable.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.top-dengi.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:59 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://ads.top-dengi.ru/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c75c44b-23de-48ee-8779-fc709ee37768.png
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c75c44b-23de-48ee-8779-fc709ee37768.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ed7005624f90e7d1825d24702fb6908
d2ee7e561f1685b15dbea1ddcccd037198d1e6a5
559b1b38a23bc5d8fb25b91d5b81e431ad0b601cd4e23904ce724cf6a396c6c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c75c44b-23de-48ee-8779-fc709ee37768.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5328
x-amzn-requestid: e527eb7d-9b1b-41e2-ba46-c8d9776fc0ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGnPsHXuoAMFpNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398ebfd-29ef7c0d02765d2e47e02bfc;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:17:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7cn0pVRKcmhQ9XA9zgBJCjlt_pRM2EwVBR7OMzutx6gKrUqAEnpNg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:46:54 GMT
age: 45309
etag: "d2ee7e561f1685b15dbea1ddcccd037198d1e6a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/87261774?wv-check=42516&wv-type=0&wmode=0&wv-part=1&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=195710602&browser-info=we%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/87261774?wv-check=42516&wv-type=0&wmode=0&wv-part=1&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=195710602&browser-info=we%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/87261774?wv-check=42516&wv-type=0&wmode=0&wv-part=1&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=195710602&browser-info=we%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 44
Origin: http://f95241kr.beget.tech
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 10:22:03 GMT
access-control-allow-origin: http://f95241kr.beget.tech
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:22:03 GMT
last-modified: Mon, 19-Dec-2022 10:22:03 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/87261774?wmode=0&wv-part=2&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=21355217&wv-type=3&browser-info=we%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/87261774?wmode=0&wv-part=2&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=21355217&wv-type=3&browser-info=we%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/87261774?wmode=0&wv-part=2&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=21355217&wv-type=3&browser-info=we%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 21
Origin: http://f95241kr.beget.tech
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 10:22:03 GMT
access-control-allow-origin: http://f95241kr.beget.tech
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:22:03 GMT
last-modified: Mon, 19-Dec-2022 10:22:03 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/87261774?wmode=0&wv-part=2&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=257149742&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/87261774?wmode=0&wv-part=2&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=257149742&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/87261774?wmode=0&wv-part=2&wv-hit=474126600&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&rn=257149742&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1671445323%3Aw%3A1268x898%3Av%3A943%3Az%3A0%3Ai%3A20221219102202%3Au%3A1671445317508128318%3Avf%3Awy278c4xrecmji309n1ev%3Ast%3A1671445323&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 15
Origin: http://f95241kr.beget.tech
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 10:22:03 GMT
access-control-allow-origin: http://f95241kr.beget.tech
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:22:03 GMT
last-modified: Mon, 19-Dec-2022 10:22:03 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
serfnets.ru/2bancod.php?r=15738
188.114.97.1200 OK 0 B URL HTTP/2 serfnets.ru/2bancod.php?r=15738
IP 188.114.97.1:0
GET /2bancod.php?r=15738 HTTP/1.1
Host: serfnets.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://f95241kr.beget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html; charset=WINDOWS-1251
x-powered-by: PHP/5.3.29
vary: Accept-Encoding
strict-transport-security: max-age=31536000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lGODPVKmkSQzAbbNbBhKYNk9m0avrIfrc1jCqxO9i%2Frl0zdjizErO5%2BvBrc9HkXMzM7%2BjQ7LPhy5kqWLSajpcCzQ7d%2BN6CvjE2kti%2FbfEFgnc8%2BxnNWipjs%2BeGmEvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a0cde98fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
142.250.74.110200 OK 0 B URL HTTP/2 translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
IP 142.250.74.110:0
GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://betrobots.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 19 Dec 2022 10:21:58 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+372; expires=Wed, 18-Dec-2024 10:21:58 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ad.a-ads.com/1559674?size=320x100
136.243.35.166200 OK 0 B URL HTTP/2 ad.a-ads.com/1559674?size=320x100
IP 136.243.35.166:0
ASN #24940 Hetzner Online GmbH
GET /1559674?size=320x100 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://serfnets.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:57 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://serfnets.ru/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
osferno.pro/ref302
172.67.162.222200 OK 0 B IP 172.67.162.222:0
GET /ref302 HTTP/1.1
Host: osferno.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://trafiframe.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:58 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=b91e8178c21138262c54fe91a5586909; path=/
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-cache-status: EXPIRED
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LUz4kSC%2FMT9eMGPaEnfwjQsXVR%2BwawOxe40JX0zxa8C6qVsl8OSMJydBnT4DKQ0FtAqGHiaCA%2BmYwNzFrP7YWc6zXAV%2Fs542eUm9X3M7yRqZMzVTwHS%2Bqvs8%2BDfc7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a151b411c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.top-dengi.ru/btc.php
185.26.122.78200 OK 0 B IP 185.26.122.78:0
GET /btc.php HTTP/1.1
Host: ads.top-dengi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:58 GMT
content-type: text/html
vary: Accept-Encoding
x-powered-by: PHP/5.2.18-dev
content-encoding: gzip
X-Firefox-Spdy: h2
linkslot.ru/bancode.php?id=334760
172.67.215.189200 OK 0 B URL HTTP/2 linkslot.ru/bancode.php?id=334760
IP 172.67.215.189:0
GET /bancode.php?id=334760 HTTP/1.1
Host: linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: application/javascript; charset=windows-1251
set-cookie: ring=%23V; expires=Wed, 18-Jan-2023 10:21:56 GMT; Max-Age=2592000
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G57O6BLARcEzZGDU5EYRVunThevRpd3kXDtF19n3LhwNA%2FohHjE3druvm5bwEZ0oaIyIw4WEGMYh3YPpsTgAddQlYFW59aL8IVOJTc2wnkSL409aopJ%2BGOH2R7TmBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a094c0afac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
webtrafic.ru/ads.php?uid=540
172.67.212.189200 OK 0 B URL HTTP/2 webtrafic.ru/ads.php?uid=540
IP 172.67.212.189:0
GET /ads.php?uid=540 HTTP/1.1
Host: webtrafic.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wubRyTl44%2FAClCVgw3yK%2Bfpt94TYBd8z%2Byydq0CmmIsEbURI8lH5JroptAdhcimGNcnKiA1UkjAxpKMzj%2Fj2aFgSJyRaVXEU8VPqGPHnXtdhS0Wh%2BdDxnxDyMvpizo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a09fcd9b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
acceptable.a-ads.com/2095511
136.243.35.166200 OK 0 B URL HTTP/2 acceptable.a-ads.com/2095511
IP 136.243.35.166:0
ASN #24940 Hetzner Online GmbH
GET /2095511 HTTP/1.1
Host: acceptable.a-ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.top-dengi.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:57 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://ads.top-dengi.ru/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/87261774?wmode=7&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&site-info=%7B%22ip%22%3A%2291.90.42.154%22%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2116%3Afu%3A0%3Aen%3Awindows-1251%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A397012290182%3Ahid%3A474126600%3Az%3A0%3Ai%3A20221219102156%3Aet%3A1671445317%3Ac%3A1%3Arn%3A920057292%3Arqn%3A1%3Au%3A1671445317508128318%3Aw%3A1268x912%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C38%2C1908%2C0%2C-7%2C0%2C%2C536%2C2%2C%2C%2C%2C2541%3Aco%3A0%3Ans%3A1671445313593%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671445317%3At%3A%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/87261774?wmode=7&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&site-info=%7B%22ip%22%3A%2291.90.42.154%22%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2116%3Afu%3A0%3Aen%3Awindows-1251%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A397012290182%3Ahid%3A474126600%3Az%3A0%3Ai%3A20221219102156%3Aet%3A1671445317%3Ac%3A1%3Arn%3A920057292%3Arqn%3A1%3Au%3A1671445317508128318%3Aw%3A1268x912%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C38%2C1908%2C0%2C-7%2C0%2C%2C536%2C2%2C%2C%2C%2C2541%3Aco%3A0%3Ans%3A1671445313593%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671445317%3At%3A%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
GET /watch/87261774?wmode=7&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&site-info=%7B%22ip%22%3A%2291.90.42.154%22%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2116%3Afu%3A0%3Aen%3Awindows-1251%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A397012290182%3Ahid%3A474126600%3Az%3A0%3Ai%3A20221219102156%3Aet%3A1671445317%3Ac%3A1%3Arn%3A920057292%3Arqn%3A1%3Au%3A1671445317508128318%3Aw%3A1268x912%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C38%2C1908%2C0%2C-7%2C0%2C%2C536%2C2%2C%2C%2C%2C2541%3Aco%3A0%3Ans%3A1671445313593%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671445317%3At%3A%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://f95241kr.beget.tech
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/87261774/1?wmode=7&page-url=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&site-info=%7B%22ip%22%3A%2291.90.42.154%22%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2116%3Afu%3A0%3Aen%3Awindows-1251%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A397012290182%3Ahid%3A474126600%3Az%3A0%3Ai%3A20221219102156%3Aet%3A1671445317%3Ac%3A1%3Arn%3A920057292%3Arqn%3A1%3Au%3A1671445317508128318%3Aw%3A1268x912%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A4%2C38%2C1908%2C0%2C-7%2C0%2C%2C536%2C2%2C%2C%2C%2C2541%3Aco%3A0%3Ans%3A1671445313593%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671445317%3At%3A%D0%A0%D0%B0%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%BA%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D0%BE&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Mon, 19 Dec 2022 10:21:57 GMT
access-control-allow-origin: http://f95241kr.beget.tech
set-cookie: yabs-sid=234079291671445317; Path=/; SameSite=None; Secure
i=2UHIYWJxleXbMGtJ2pxIFofHk1C/cZSUjSf2OET+zyVvIqWi/Ahgo/vEFKjvVie48/+B+wxl77FseHoMuCc6oyTZZQQ=; Expires=Thu, 16-Dec-2032 10:21:57 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=321169011671445317; Expires=Tue, 19-Dec-2023 10:21:57 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=321169011671445317; Expires=Tue, 19-Dec-2023 10:21:57 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1702981317.yc.1671445317#1702981317.yrts.1671445317#1702981317.yrtsi.1671445317; Expires=Tue, 19-Dec-2023 10:21:57 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:21:57 GMT
last-modified: Mon, 19-Dec-2022 10:21:57 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/56460499?wmode=7&page-url=http%3A%2F%2Ftrafiframe.ru%2Fiframe.php&page-ref=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A217674029126%3Ahid%3A482010017%3Aphid%3A474126600%3Az%3A0%3Ai%3A20221219102200%3Aet%3A1671445321%3Arn%3A981014037%3Au%3A16714453211956024%3Aw%3A0x0%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C361%2C1%2C2951%2C2951%2C0%2C876%3Aco%3A0%3Ans%3A1671445316176%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671445321%3At%3AAuto-surfing%20sites&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ecs(0)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/56460499?wmode=7&page-url=http%3A%2F%2Ftrafiframe.ru%2Fiframe.php&page-ref=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A217674029126%3Ahid%3A482010017%3Aphid%3A474126600%3Az%3A0%3Ai%3A20221219102200%3Aet%3A1671445321%3Arn%3A981014037%3Au%3A16714453211956024%3Aw%3A0x0%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C361%2C1%2C2951%2C2951%2C0%2C876%3Aco%3A0%3Ans%3A1671445316176%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671445321%3At%3AAuto-surfing%20sites&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ecs(0)ti(2)
IP 93.158.134.119:0
GET /watch/56460499?wmode=7&page-url=http%3A%2F%2Ftrafiframe.ru%2Fiframe.php&page-ref=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A217674029126%3Ahid%3A482010017%3Aphid%3A474126600%3Az%3A0%3Ai%3A20221219102200%3Aet%3A1671445321%3Arn%3A981014037%3Au%3A16714453211956024%3Aw%3A0x0%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C361%2C1%2C2951%2C2951%2C0%2C876%3Aco%3A0%3Ans%3A1671445316176%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671445321%3At%3AAuto-surfing%20sites&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ecs(0)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/56460499/1?wmode=7&page-url=http%3A%2F%2Ftrafiframe.ru%2Fiframe.php&page-ref=http%3A%2F%2Ff95241kr.beget.tech%2F&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A217674029126%3Ahid%3A482010017%3Aphid%3A474126600%3Az%3A0%3Ai%3A20221219102200%3Aet%3A1671445321%3Arn%3A981014037%3Au%3A16714453211956024%3Aw%3A0x0%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C361%2C1%2C2951%2C2951%2C0%2C876%3Aco%3A0%3Ans%3A1671445316176%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671445321%3At%3AAuto-surfing%20sites&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ecs%280%29ti%282%29
date: Mon, 19 Dec 2022 10:22:00 GMT
access-control-allow-origin: null
set-cookie: yabs-sid=2467164721671445320; Path=/; SameSite=None; Secure
i=yKQQ4uznJ/FYX/zVNWKZR8Qc+lTn36BFLywWix4L+DLPpYyGEmS7424/yAr2dpXn4kp5l9kIPUNNP9aPoDd1FVrgIc8=; Expires=Thu, 16-Dec-2032 10:21:47 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=5617847141671445320; Expires=Tue, 19-Dec-2023 10:22:00 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5617847141671445320; Expires=Tue, 19-Dec-2023 10:22:00 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1702981320.yc.1671445320#1702981320.yrts.1671445320#1702981320.yrtsi.1671445320; Expires=Tue, 19-Dec-2023 10:22:00 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 10:22:00 GMT
last-modified: Mon, 19-Dec-2022 10:22:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
linkslot.ru/lincode.php?id=312770
172.67.215.189200 OK 0 B URL HTTP/2 linkslot.ru/lincode.php?id=312770
IP 172.67.215.189:0
GET /lincode.php?id=312770 HTTP/1.1
Host: linkslot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: application/javascript; charset=windows-1251
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4vHaxCH32LyB0Lt7vM0Me%2BAuwCXqaHtXnHFjAD1pwmUd7K%2Bq%2Fpyn8%2B6RC1PTXMEmCzDWeFAGqHTjTC3ZosIInU%2B1%2F2GbXTYqk8%2FR6LAmhU%2B0Rgmo%2FMkQYodttyPmbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a094c02fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads-lot.ru/vitrine.php?id=1430
5.187.6.135200 OK 0 B URL HTTP/2 ads-lot.ru/vitrine.php?id=1430
IP 5.187.6.135:0
ASN #44066 diva-e Datacenters GmbH
GET /vitrine.php?id=1430 HTTP/1.1
Host: ads-lot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html;charset=windows-1251
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=9horf7kpljhqvv52buu0trj4l0; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
ads-lot.ru/pics/mining.php
5.187.6.135200 OK 0 B URL HTTP/2 ads-lot.ru/pics/mining.php
IP 5.187.6.135:0
ASN #44066 diva-e Datacenters GmbH
GET /pics/mining.php HTTP/1.1
Host: ads-lot.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html; charset=windows-1251
content-encoding: gzip
X-Firefox-Spdy: h2
betrobots.online/ref39
188.114.96.1200 OK 0 B IP 188.114.96.1:0
GET /ref39 HTTP/1.1
Host: betrobots.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://f95241kr.beget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 10:21:56 GMT
content-type: text/html; charset=utf-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=d9c4601e953e7f629cabd33b57cbfd5e; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t4sP%2FHcAjWcFay5hfAi7iDwRBQnZ9JkhdZJbx2%2FMPQ%2BAH%2F%2BqrOAa7v9QKlXV4Y%2FEW87DSMYNQ9H49vgzy3SfYDwBmTpueJPFjSZekci6u6Qfs7fyBiqZ1qBHjUW%2FeLzNCeGC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77bf6a0d58e1b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:300,400,500,600,700,900
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:300,400,500,600,700,900
IP 142.250.74.106:0
GET /css?family=Montserrat:300,400,500,600,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://osferno.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Dec 2022 10:21:58 GMT
date: Mon, 19 Dec 2022 10:21:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2