{"report_id":"e636927a-bb25-4019-8335-4ce8e7de7ef5","version":6,"status":"done","tags":[],"date":"2025-08-07T06:08:39Z","url":{"schema":"http","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"172.67.203.11","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"title":"rutor.org :: Свободный торрент трекер :: rutor.org закрыли, rutor org заблокирован, rutor org не работает, rutor org переехал, рутор орг зеркало"},"submit":{"url":{"schema":"http","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"172.67.203.11","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-11T06:08:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-07T06:08:18Z","timestamp":1754546898,"ip_dst":{"addr":"172.18.0.10","port":39292,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.115.92.99","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 36","source":"{\"timestamp\":\"2025-08-07T06:08:18.974760+0000\",\"flow_id\":48469827048036,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.115.92.99\",\"src_port\":443,\"dest_ip\":\"172.18.0.10\",\"dest_port\":39292,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400035,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 36\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":62,\"start\":\"2025-08-07T06:08:18.905828+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pixel.dsp.onetarget.ru","ip":{"addr":"130.193.53.230","port":443,"asn":200350,"as":"Yandex.Cloud LLC","country":"Russia","country_code":"RU"},"domain_registered":"2019-04-18","domain_rank":0,"first_seen":"2024-03-13T16:04:45Z","last_seen":"2025-08-06T06:49:11.264514Z","alert_count":0,"request_count":1,"received_data":730,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sync.gonet-ads.com","ip":{"addr":"188.42.104.140","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2022-04-05","domain_rank":0,"first_seen":"2023-02-03T11:32:31Z","last_seen":"2025-08-06T06:49:10.715699Z","alert_count":0,"request_count":2,"received_data":690,"sent_data":962,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"acint.net","ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"domain_registered":"2014-02-06","domain_rank":22962,"first_seen":"2014-02-14T21:23:16Z","last_seen":"2025-08-02T16:39:33.415611Z","alert_count":0,"request_count":4,"received_data":32842,"sent_data":6210,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sp.linkssp.ru","ip":{"addr":"188.246.224.210","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2024-09-18","domain_rank":0,"first_seen":"2025-05-28T20:33:39.660871Z","last_seen":"2025-08-02T17:22:37.180647Z","alert_count":0,"request_count":1,"received_data":488,"sent_data":537,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"mediatoday.ru","ip":{"addr":"194.186.91.198","port":443,"asn":3216,"as":"PVimpelCom","country":"Russia","country_code":"RU"},"domain_registered":"2008-03-02","domain_rank":136083,"first_seen":"2013-05-20T20:53:32Z","last_seen":"2025-08-02T17:22:37.559375Z","alert_count":0,"request_count":2,"received_data":1007,"sent_data":1008,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ssp.bestssp.com","ip":{"addr":"83.222.96.170","port":443,"asn":42632,"as":"MnogoByte LLC","country":"Russia","country_code":"RU"},"domain_registered":"2016-05-05","domain_rank":90974,"first_seen":"2017-06-10T08:55:20Z","last_seen":"2025-08-06T09:15:30.320119Z","alert_count":0,"request_count":1,"received_data":332,"sent_data":555,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.bringads.ru","ip":{"addr":"213.171.19.229","port":443,"asn":56694,"as":"LLC Smart Ape","country":"Russia","country_code":"RU"},"domain_registered":"2025-02-06","domain_rank":0,"first_seen":"2025-05-20T10:33:46.598539Z","last_seen":"2025-08-07T02:02:20.374148Z","alert_count":0,"request_count":1,"received_data":566,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sync.dmp.otm-r.com","ip":{"addr":"194.55.244.189","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"domain_registered":"2014-01-16","domain_rank":19534,"first_seen":"2017-02-03T07:19:51Z","last_seen":"2025-08-02T17:22:36.641817Z","alert_count":0,"request_count":3,"received_data":1495,"sent_data":1466,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.23.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sync.adspend.space","ip":{"addr":"172.67.69.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-02-11","domain_rank":0,"first_seen":"2022-10-20T06:12:42Z","last_seen":"2025-08-06T06:49:12.167216Z","alert_count":0,"request_count":2,"received_data":1763,"sent_data":1046,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"match.ohmy.bid","ip":{"addr":"37.0.127.200","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"domain_registered":"2022-06-09","domain_rank":0,"first_seen":"2023-05-23T09:17:10Z","last_seen":"2025-08-02T17:22:36.553677Z","alert_count":0,"request_count":2,"received_data":775,"sent_data":1119,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ssp-statistics.dsp.nt.technology","ip":{"addr":"54.76.133.2","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2019-02-02","domain_rank":0,"first_seen":"2025-01-30T05:42:21.300558Z","last_seen":"2025-08-06T06:49:11.687518Z","alert_count":0,"request_count":1,"received_data":587,"sent_data":792,"comment":"","tags":null,"fingerprints":null},{"fqdn":"sync.techdsp.ru","ip":{"addr":"212.41.28.182","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2024-10-09","domain_rank":0,"first_seen":"2024-11-01T12:08:52Z","last_seen":"2025-08-06T06:49:12.726641Z","alert_count":0,"request_count":2,"received_data":889,"sent_data":952,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static.kimberlite.io","ip":{"addr":"212.8.232.117","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"domain_registered":"2017-03-16","domain_rank":0,"first_seen":"2025-08-02T01:45:57.64153Z","last_seen":"2025-08-02T01:45:58.060586Z","alert_count":0,"request_count":2,"received_data":35996,"sent_data":911,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"psyduck-beak.yotor.ru","ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-10-28","domain_rank":0,"first_seen":"2025-07-07T22:56:18.281573Z","last_seen":"2025-07-31T06:11:21.846388Z","alert_count":0,"request_count":1,"received_data":1020,"sent_data":545,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"a.adlook.tech","ip":{"addr":"104.21.57.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-08-06","domain_rank":0,"first_seen":"2025-01-09T16:00:53Z","last_seen":"2025-08-06T06:49:23.539184Z","alert_count":0,"request_count":1,"received_data":915,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"logger.moviead55.ru","ip":{"addr":"193.200.65.162","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"domain_registered":"2017-02-15","domain_rank":81149,"first_seen":"2020-11-24T10:53:30Z","last_seen":"2025-08-02T19:13:22.255377Z","alert_count":0,"request_count":6,"received_data":1866,"sent_data":3973,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cr-frontend.weborama-tech.ru","ip":{"addr":"178.154.212.160","port":443,"asn":200350,"as":"Yandex.Cloud LLC","country":"Russia","country_code":"RU"},"domain_registered":"2022-03-09","domain_rank":0,"first_seen":"2023-07-27T11:09:06Z","last_seen":"2025-08-06T06:49:12.208095Z","alert_count":0,"request_count":1,"received_data":440,"sent_data":587,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sync.opendsp.ru","ip":{"addr":"185.175.47.157","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2022-08-24","domain_rank":0,"first_seen":"2022-09-01T11:01:38Z","last_seen":"2025-08-04T23:14:43.014639Z","alert_count":0,"request_count":3,"received_data":750,"sent_data":1424,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"otclick-adv.ru","ip":{"addr":"139.45.228.133","port":443,"asn":57304,"as":"JSC RetnNet","country":"Russia","country_code":"RU"},"domain_registered":"2011-01-17","domain_rank":71115,"first_seen":"2015-09-17T11:20:30Z","last_seen":"2025-08-02T19:13:23.148124Z","alert_count":0,"request_count":2,"received_data":1116,"sent_data":1093,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sp.kombinat.digital","ip":{"addr":"77.223.120.36","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2025-04-16","domain_rank":0,"first_seen":"2025-07-09T21:59:17.553875Z","last_seen":"2025-08-07T05:50:56.274774Z","alert_count":0,"request_count":3,"received_data":1741,"sent_data":1633,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"adx.com.ru","ip":{"addr":"83.222.105.118","port":443,"asn":42632,"as":"MnogoByte LLC","country":"Russia","country_code":"RU"},"domain_registered":"2017-05-19","domain_rank":43296,"first_seen":"2017-06-05T16:30:42Z","last_seen":"2025-08-06T06:49:22.845549Z","alert_count":0,"request_count":2,"received_data":208,"sent_data":1054,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sp.ohmy.bid","ip":{"addr":"37.0.127.200","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"domain_registered":"2022-06-09","domain_rank":0,"first_seen":"2022-07-26T15:24:33Z","last_seen":"2025-07-31T05:38:27.472944Z","alert_count":0,"request_count":2,"received_data":4910,"sent_data":1137,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.adiam.tech","ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-12-23","domain_rank":0,"first_seen":"2024-03-15T20:38:51Z","last_seen":"2025-08-02T17:22:37.087977Z","alert_count":0,"request_count":1,"received_data":915,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-08-06T15:14:12.503348Z","alert_count":0,"request_count":5,"received_data":44015,"sent_data":2370,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"myroledance.com","ip":{"addr":"193.200.64.24","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-10-03","domain_rank":0,"first_seen":"2024-10-07T17:52:04Z","last_seen":"2025-08-06T06:49:22.918126Z","alert_count":0,"request_count":1,"received_data":1750,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"statmedia.ru","ip":{"addr":"46.161.36.24","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2022-03-25","domain_rank":0,"first_seen":"2015-08-17T13:20:07Z","last_seen":"2025-08-02T17:22:36.425471Z","alert_count":0,"request_count":1,"received_data":265,"sent_data":513,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kimberlite.io","ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"domain_registered":"2017-03-16","domain_rank":166512,"first_seen":"2017-09-14T05:18:59Z","last_seen":"2025-08-02T09:11:15.166719Z","alert_count":0,"request_count":6,"received_data":5071,"sent_data":3388,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ck.silvermob.com","ip":{"addr":"212.95.41.187","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2015-08-25","domain_rank":0,"first_seen":"2025-03-13T10:51:02.742077Z","last_seen":"2025-08-06T06:49:11.971315Z","alert_count":0,"request_count":1,"received_data":368,"sent_data":549,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"match.new-programmatic.com","ip":{"addr":"217.65.2.150","port":443,"asn":3175,"as":"Citytelecom LLC","country":"Russia","country_code":"RU"},"domain_registered":"2020-02-18","domain_rank":33613,"first_seen":"2020-02-18T20:50:06Z","last_seen":"2025-08-06T06:49:10.671787Z","alert_count":0,"request_count":1,"received_data":215,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"data.24smi.net","ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2011-12-12","domain_rank":59257,"first_seen":"2017-01-29T20:20:42Z","last_seen":"2025-08-01T21:37:10.720073Z","alert_count":0,"request_count":4,"received_data":2764,"sent_data":2515,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"libbb.yotor.ru","ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-10-28","domain_rank":0,"first_seen":"2024-12-02T23:31:00.787899Z","last_seen":"2025-08-03T07:15:12.341258Z","alert_count":0,"request_count":31,"received_data":653294,"sent_data":13985,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cmr.bidderstack.com","ip":{"addr":"185.149.242.234","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2017-04-25","domain_rank":0,"first_seen":"2024-06-26T06:54:13Z","last_seen":"2025-08-02T17:22:37.437176Z","alert_count":0,"request_count":2,"received_data":542,"sent_data":965,"comment":"","tags":null,"fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}]},{"fqdn":"code.moviead55.ru","ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"domain_registered":"2017-02-15","domain_rank":83359,"first_seen":"2017-02-18T04:38:39Z","last_seen":"2025-08-06T06:49:23.474675Z","alert_count":0,"request_count":26,"received_data":55040,"sent_data":14157,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.utraff.com","ip":{"addr":"104.21.47.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-09-27","domain_rank":39874,"first_seen":"2019-02-27T10:01:37Z","last_seen":"2025-08-06T06:49:11.792732Z","alert_count":0,"request_count":1,"received_data":1003,"sent_data":466,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ssp.al-adtech.com","ip":{"addr":"45.139.25.120","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"domain_registered":"2024-01-16","domain_rank":0,"first_seen":"2024-01-30T10:38:38Z","last_seen":"2025-08-03T15:31:18.250337Z","alert_count":0,"request_count":2,"received_data":1299,"sent_data":1137,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cs.agency2.ru","ip":{"addr":"23.111.107.44","port":443,"asn":39134,"as":"Edinaya Set Limited Liability Company","country":"Russia","country_code":"RU"},"domain_registered":"2008-10-06","domain_rank":0,"first_seen":"2022-04-29T14:24:02Z","last_seen":"2025-08-06T06:49:11.120187Z","alert_count":0,"request_count":1,"received_data":766,"sent_data":466,"comment":"","tags":null,"fingerprints":null},{"fqdn":"exchange.buzzoola.com","ip":{"addr":"45.138.161.71","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2010-08-11","domain_rank":18389,"first_seen":"2014-10-17T15:20:27Z","last_seen":"2025-08-02T19:13:22.757419Z","alert_count":0,"request_count":3,"received_data":1242,"sent_data":1895,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.videohead.tech","ip":{"addr":"104.21.16.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-05-30","domain_rank":0,"first_seen":"2023-06-07T20:20:13Z","last_seen":"2025-08-05T10:03:28.619269Z","alert_count":0,"request_count":1,"received_data":915,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"rtb.dynotech.io","ip":{"addr":"82.202.197.102","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2024-04-24","domain_rank":0,"first_seen":"2024-06-21T10:32:20Z","last_seen":"2025-08-06T06:49:10.884442Z","alert_count":0,"request_count":1,"received_data":201,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"dm-eu.hybrid.ai","ip":{"addr":"37.230.131.21","port":443,"asn":200197,"as":"Hybrid Adtech Sp.z.o.o.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2017-12-19","domain_rank":28847,"first_seen":"2021-01-25T11:48:59Z","last_seen":"2025-08-02T17:22:37.204011Z","alert_count":0,"request_count":2,"received_data":814,"sent_data":1003,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.acint.net","ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"domain_registered":"2014-02-06","domain_rank":29072,"first_seen":"2014-02-14T21:23:16Z","last_seen":"2025-08-04T08:41:42.98118Z","alert_count":0,"request_count":11,"received_data":51951,"sent_data":14677,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"sync.bumlam.com","ip":{"addr":"31.172.81.145","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2015-08-10","domain_rank":3243,"first_seen":"2015-08-10T21:04:25Z","last_seen":"2025-08-02T17:22:36.687078Z","alert_count":0,"request_count":3,"received_data":1959,"sent_data":1563,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pix.bumlam.com","ip":{"addr":"31.172.81.160","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2015-08-10","domain_rank":92002,"first_seen":"2022-03-29T09:19:43Z","last_seen":"2025-08-06T06:49:12.212121Z","alert_count":0,"request_count":3,"received_data":2243,"sent_data":1532,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sync.dsp.solta.io","ip":{"addr":"217.199.220.72","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"domain_registered":"2022-07-19","domain_rank":0,"first_seen":"2022-09-21T16:47:56Z","last_seen":"2025-08-05T10:03:29.215431Z","alert_count":0,"request_count":2,"received_data":500,"sent_data":894,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kllastroad.com","ip":{"addr":"193.200.65.68","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-10-03","domain_rank":0,"first_seen":"2024-10-08T03:17:02Z","last_seen":"2025-08-06T06:49:22.993994Z","alert_count":0,"request_count":1,"received_data":36448,"sent_data":460,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sync.dvgroup.com","ip":{"addr":"82.148.21.217","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"1998-09-12","domain_rank":0,"first_seen":"2024-09-03T12:22:07Z","last_seen":"2025-08-06T06:49:11.66622Z","alert_count":0,"request_count":1,"received_data":250,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sync.vqserve.com","ip":{"addr":"80.93.187.134","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2024-09-01","domain_rank":0,"first_seen":"2024-10-25T14:11:40Z","last_seen":"2025-08-06T06:49:23.742349Z","alert_count":0,"request_count":1,"received_data":636,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.27.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"jsn.24smi.net","ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2011-12-12","domain_rank":62736,"first_seen":"2017-01-29T15:57:51Z","last_seen":"2025-08-03T00:33:54.285565Z","alert_count":0,"request_count":4,"received_data":338585,"sent_data":1752,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ssp.bidvol.com","ip":{"addr":"194.85.16.23","port":443,"asn":8985,"as":"Join-stock company Internet ExchangeMSK-IX","country":"Russia","country_code":"RU"},"domain_registered":"2019-09-24","domain_rank":31817,"first_seen":"2020-02-22T12:37:29Z","last_seen":"2025-08-04T23:14:42.552118Z","alert_count":0,"request_count":1,"received_data":672,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"e80cd184-7354-11f0-86e0-002590c0647c.n2.sync.bumlam.com","ip":{"addr":"188.120.241.50","port":443,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"domain_registered":"2015-08-10","domain_rank":0,"first_seen":"2025-08-07T06:08:41.500347Z","last_seen":"2025-08-07T06:08:41.500347Z","alert_count":0,"request_count":1,"received_data":305,"sent_data":541,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"mc.acint.net","ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"domain_registered":"2014-02-06","domain_rank":0,"first_seen":"2024-01-29T15:31:01Z","last_seen":"2025-08-02T09:11:17.221581Z","alert_count":0,"request_count":14,"received_data":5592,"sent_data":26102,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.adspector.io","ip":{"addr":"104.21.15.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-02","domain_rank":0,"first_seen":"2024-06-28T02:35:48Z","last_seen":"2025-08-06T06:06:22.613562Z","alert_count":0,"request_count":1,"received_data":921,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sync.programmatica.com","ip":{"addr":"77.246.157.45","port":443,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"domain_registered":"2016-10-12","domain_rank":0,"first_seen":"2022-12-17T01:18:07Z","last_seen":"2025-08-02T19:13:22.863521Z","alert_count":0,"request_count":1,"received_data":345,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pxltag.com","ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2025-05-25","domain_rank":0,"first_seen":"2025-06-01T19:45:52.576875Z","last_seen":"2025-08-06T06:49:12.127393Z","alert_count":0,"request_count":1,"received_data":358,"sent_data":504,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ssp-rtb.sape.ru","ip":{"addr":"193.3.184.217","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"domain_registered":"2006-06-19","domain_rank":31166,"first_seen":"2016-02-02T17:01:03Z","last_seen":"2025-08-03T07:30:48.602903Z","alert_count":0,"request_count":2,"received_data":1404,"sent_data":1189,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"6-wbpbqewx.123tt.ru","ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-10-28","domain_rank":0,"first_seen":"2025-08-07T06:08:41.511888Z","last_seen":"2025-08-07T06:08:41.511888Z","alert_count":0,"request_count":7,"received_data":151827,"sent_data":5160,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"vak345.com","ip":{"addr":"87.242.104.43","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"domain_registered":"2019-07-11","domain_rank":115474,"first_seen":"2019-07-12T05:59:47Z","last_seen":"2025-07-31T04:47:11.32863Z","alert_count":0,"request_count":2,"received_data":126113,"sent_data":920,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"user91471.clients-cdnnow.ru","ip":{"addr":"185.40.155.13","port":443,"asn":21030,"as":"Docker LTD","country":"Russia","country_code":"RU"},"domain_registered":"2015-10-14","domain_rank":148184,"first_seen":"2020-01-13T11:19:03Z","last_seen":"2025-08-02T19:13:22.915653Z","alert_count":0,"request_count":1,"received_data":166610,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-07T06:08:18Z","timestamp":1754546898,"ip_dst":{"addr":"172.18.0.10","port":39292,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"185.115.92.99","port":443,"asn":42881,"as":"Sc Itns.net Srl","country":"Moldova","country_code":"MD"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 36","source":"{\"timestamp\":\"2025-08-07T06:08:18.974760+0000\",\"flow_id\":48469827048036,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"185.115.92.99\",\"src_port\":443,\"dest_ip\":\"172.18.0.10\",\"dest_port\":39292,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400035,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 36\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":62,\"start\":\"2025-08-07T06:08:18.905828+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"c202292fe573271b1244fafad2e73dbf","sha1":"1eff5d3199f6058d1b9afbd5020e3ba13c97e1fa","sha256":"309e3fb5a0c57cd08034721a10db4c3a41ee43661b7e459275a446975df8eedf","sha512":"97088564ff6c8dea897ac0ec54f133b7444ef8e07f89a3b313697014ff669a65c86a6fbf2d297066fad51a63decd8266ff185745c387abff05117d6b6e3aefdb","ssdeep":"","tlshash":"53800082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":35,"data":"","first_seen":"2023-05-21T11:00:04Z","last_seen":"2026-03-29T07:13:34.448263Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9892936c70a52bed2273dbdf7cfc591a","sha1":"70a9288c9a0269ed5260f1947cf0d1f7d64ce2c2","sha256":"3c2c51abb9befd747aaafa0cc7644ba0b787957793d16fdc7b38f9bdd48fc537","sha512":"b480c484984bf1c57df876c1b6175f17224e9b78f7fec510cb058df9997b8eeec4780f9a7daba2e67c421016c35ec7f55b69670a51c8e2772ac75eac2b025c6d","ssdeep":"","tlshash":"f2f0f195f8d8102183b3117867eb600d7416363fcc4ead24f90d84422f6e9bd082b90c","size":440,"data":"","first_seen":"2025-03-13T03:11:39.54943Z","last_seen":"2025-08-18T18:16:07.832823Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61d79e6b5e9104cbe97e58d43fe3936f","sha1":"abd062926d04aaa48a643a38d307643b0773aca2","sha256":"7261ad3e581712d2357386b8b21c180b99bf0939085605dbb39e9d06355de9ef","sha512":"15166b52c8d37f52a813dc5bf2fd649b5995f55ebb57d33139d26741ba28782109e514f8ff002e481a71c0f4679159fb33722941c96c8512f31d494f54872cd3","ssdeep":"","tlshash":"eed0c9b1159c7893ddf75e68d306970a38964077390220560c84c62022ee68394a28b8","size":204,"data":"","first_seen":"2025-08-07T06:08:50.997013Z","last_seen":"2025-08-07T06:08:50.997013Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/chimichanga/galets.js","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"37607a50e5c3055c37745b8a8523f5fe","sha1":"b65d14449e609c6ecffbc73e17aa2f05b0acf210","sha256":"7462330295488346f30edebf0a6d2e847eb2cc135e7d735310504e128217db6a","sha512":"0a652beb49d0e1bf408a0f7428ecc0bc793ed261a18acc641b7deda39226133cb67fa2978b9fc5329d5bd2f8f85a9eb07c66608a1e1e639c170c2ea04a0ae0f8","ssdeep":"","tlshash":"31318e98359e701d918423467a7510deac3ce7b102db91bce5deb472609081b8e3d9f6","size":1537,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.367557Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsn.24smi.net/smi.js","fqdn":"jsn.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4ba6035f650dda50dbd3ba367e03dbb","sha1":"0384ec281fc67ec906eeb10b75daf9ff2df40a8a","sha256":"9a7ce92d40730fd8da81d7108f05d988bd9b87cbf14e75484e9be3fa5087c8da","sha512":"2a97564449ce215cb01c4f7fb905588902875b348fcecbc6905eab7ccd4f8d0e997726d6c58ab085c642e678212c33c1831db337c62774f822e6771cca7f3b1e","ssdeep":"1536:BRSu24xbb5suVmDmkR5MgiQ5rra/Qfh00sHqnJk8/DSdCItiWs:BR1PS00sHqJX/DCCVX","tlshash":"abb3d88c7d85f42a43d361f1807f054fb2372e1d688d6550e2aad8e53eb884d612bfad","size":108064,"data":"","first_seen":"2025-08-03T08:36:22.377769Z","last_seen":"2025-08-12T06:34:34.474459Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/js/lib/buzzoola_ufp.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f4f91442f3c51aa0ab4d00240cb9ca53","sha1":"9fad8ac07c22c86ab006bac7207e7928098a22c1","sha256":"c5b7be7ff5a92d4d03ae4b96a3931d1349f726affed96d8b64ecbd1ef7de598f","sha512":"b7af177eaf8de9bb7cfe4332c223524d40415e517b4770fb923b71c8d31bc22f08c975226934e9d4d2262a3e94acdf718d5c970725ed9cbb75589da98207b7c0","ssdeep":"384:MtJpg1qCMUYbJZ9uhMN9wgR1YOO6ghS++1ZBneflJnbRbpxsqmpv4Ypm7RnCE0i6:8Jpg17MUYbJZ9Oiw1uWSjH0ftsuNCR","tlshash":"6452d7e9f28ee4f745f43756582a635a7371c43064384918f90cd682ea07dea907ebb4","size":13432,"data":"","first_seen":"2025-03-28T18:47:27.609281Z","last_seen":"2026-04-05T13:19:36.731217Z","times_seen":2663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/zax/jquery.min.js","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"10092eee563dec2dca82b77d2cf5a1ae","sha1":"65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b","sha256":"e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59","sha512":"cc92cf5a9b3a62a18af432fdffb81b76da84e2f43ce3c7800a919c10809118d0611e29a47f103ff3df18a54d5331bc5f06ef4771dc406cc763b30ff2a66a3e81","ssdeep":"1536:Du98G2ltZMNWnDr7doqPp07HVDTLGbY9TGA7zEcbnkb17jQq3nPRefqvpsz:DuJItn6qepq15nUfqvpsz","tlshash":"5063e9c9b2c67273c3e730b824af510af136a8aaa44c4854f06ce8e5bd74a55447bf7d","size":72174,"data":"","first_seen":"2023-03-07T01:07:10Z","last_seen":"2026-04-05T13:04:14.142261Z","times_seen":7610,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"01aeda25cc612ac6fd77f18bba5041e0","sha1":"27eaf3c12999caa5c29a7591377756d6d7d35459","sha256":"8f6e59b4280f7b6855ac1a246568b4f412db956026ccf366ad7f4c698d9b8f6b","sha512":"a4335cefb02c3bdc8f6ec07084b23f0b61f502005365b2b522a6c100fbc768e9db4e6f40841ab5d7a92a8692ec8a35c05e8b4104bdc71646292f9a182cd54f15","ssdeep":"","tlshash":"f1e026b01c4348ac98430c73b9a085a529f4a5713b217322208e323928d0f70366aa74","size":305,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.411925Z","times_seen":120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"373d25500418a58c9e15346c368f6ebd","sha1":"998e4fa89837fac2938fd802d66e12d78b24b31e","sha256":"c360f142201bc3f123ecdee17aebd1ddb30dc24c18ef54962001b57a886ec45a","sha512":"078d7592a572a646068c74dcb9f9df15c6ea189014df34afa43df1a7b177475ac2c32e3e457cf9dd244d0749bd1fa286c67e4ca1ab36bffa666050b1d9725ab2","ssdeep":"","tlshash":"11116bed0c265039486351536b3fb2577b22702f5094d8157aecc711afa57978c11ac0","size":1013,"data":"","first_seen":"2025-07-18T09:21:09.343379Z","last_seen":"2025-08-07T06:08:51.000502Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"6026e44e1e7a43d757be6382fd146edc","sha1":"e2bf69f11ca5f943a8e9ab08faa0fca046c6e83f","sha256":"122819be0147876f6617b1aab8ad2adf9abbd19911479637f2d04de709bffbfb","sha512":"2b1c07e49f37c4c5c32bb58ea9925828568526572af35a37f9bf9760ed745b24836b9876ad585ef682b4e6c2c481c1ce252c226e934ef90db7f3cd6a5283d88d","ssdeep":"","tlshash":"5b511e14bd78243981ca906c523b270fb3726959623244387979cee9a9f8ec50775ff8","size":2837,"data":"","first_seen":"2025-08-07T06:08:51.001302Z","last_seen":"2025-08-07T06:08:51.001302Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vak345.com/csn/202508070908.js?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026_t=1754546893558.558","fqdn":"vak345.com","domain":"vak345.com","tld":"com"},"ip":{"addr":"87.242.104.43","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b22bef57b9c55e207246c60be5b4b88","sha1":"cc165620252be52b46b7343e549f138f7ca89fa9","sha256":"c0432516293ff447155b785890ad70de15133a2eda93fe72899312d37255626e","sha512":"cbe1a6240f9e50a33611dc11c03185d6f36e2285a7e28e2598a0faafa410359fca2914bf32085f281a60747b8f8fcb441e5a316f3fc9a6f826bd71d32b80cf4f","ssdeep":"1536:mLVI/2tNOVuxALFJGHe5LENtV0MsBwj23ZoREl5i+Ep1fMeDA:x/7lFJGHe5ANtD2pBviHjDA","tlshash":"fba3f9633212e93546f2c0ea61765602f326619cb8c6461cb5accdd768ecd4371bebf8","size":100336,"data":"","first_seen":"2025-08-07T06:08:50.929842Z","last_seen":"2025-08-07T06:08:50.929842Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/kimjongun/under_desc/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c46293aa285ba7aa107978a1d1819a9a","sha1":"4fa0b1817ba39ca83e458b9781e011132977ae94","sha256":"868306ed744f3c485e29048571a5bdeb209404643df14f02797004c990dc567e","sha512":"0bf342f2a84f3639e6d54a5b6b366079a08fe34415e5ddbbabf69108f309e727f5e20ca0347c6a7dd968e57c3bf1d0690fb164e92a343e38ca10b392d9f65cbd","ssdeep":"","tlshash":"a69002116025001a803050441326320a79430a1600d2341006450420703104b9a9a084","size":43,"data":"","first_seen":"2023-03-07T01:39:52Z","last_seen":"2026-04-05T09:13:03.864955Z","times_seen":593,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"data.24smi.net/informer?psw=1280\u0026psh=1024\u0026pow=1280\u0026poh=1024\u0026pdpr=1\u0026pdt=1754546894\u0026ptz=0\u0026pl=en-US\u0026object=24415\u0026template_id=14536\u0026num=3\u0026ref=https%3A%2F%2F6-wbpbqewx.123tt.ru\u0026output=json\u0026chash=ea4Dkpnf6O\u0026extids=\u0026page=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026yhb_price=0\u0026formats=1\u0026show_id=daf4bf5b-1aed-4272-8181-4fcdcbc4c491\u0026callback=__smiCb1754546893933","fqdn":"data.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"36c891fa9dc2296a6fea5720f7962b08","sha1":"fad81d38e84965581f12085a28ca2cf2c90f0b64","sha256":"19c3871bc1d666d5ccb3184a62425bf269415f55dd71af2926232aeb3ffa2e04","sha512":"ca19a883deb9e340f86a9122669f1b318fccc95deb4d1c65cd0e730143fffe348b09115ca0db0c51688d229830d51695390b539aaac940bbd0f2c539f70a16df","ssdeep":"","tlshash":"f2b01290491019b450d8c52102057b055dc001362511d80855b041ac93bf14304e248f","size":87,"data":"","first_seen":"2025-08-07T06:08:50.944954Z","last_seen":"2025-08-07T06:08:50.944954Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"90a95c6eadfac649ff7177fe5b40acaf","sha1":"60a6cce884d06b9edfd7d365ce762b7561a2e158","sha256":"512375428066a3a76a7ededa27a74028096d484ca1207d279f17ef71ef330017","sha512":"b1fb88d1b804bcd790acaccee106c9cd861823112f7758cfacd392a383988c490269ab97c33f28aa3822e5a6675c15938ed02dde6278b991bc8fd69ab4467a68","ssdeep":"","tlshash":"a751135ea6b71038b133a0be0ff764893720580bc652aa897fdc21812fd075ed9e1bd4","size":3159,"data":"","first_seen":"2025-08-07T06:08:51.005906Z","last_seen":"2025-08-07T06:08:51.005906Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/oci.js?t=1754546894740","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"43e0ed24b6bb53a80ec7998b1a38c8a5","sha1":"67b44be7458ca988431867893aaf8e6ed9a040c4","sha256":"66b9a45280f55b9df05c6fc606e3e197d33dd47baeaf177069d7be18e9fd1261","sha512":"06ea7dc48f130f027917621521a758e709aff76f5b866930336e406b6c7c344a4c0fd673cbacdd8bac7b3944ae511650ba8878c9b7940ac4a323fbf705e1f343","ssdeep":"","tlshash":"6b11afcdbed9f452623b3ab0c01f940fb6b259662a9c0860915caa9139b542cd523edd","size":1000,"data":"","first_seen":"2025-05-22T20:31:38.341594Z","last_seen":"2026-02-03T13:45:09.529928Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/southcentral/js.js?08","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"48f15eb2a5b8ee7b68b032c16d4f9ee8","sha1":"8797e04b9c5a05dc71c8aac4cc8b145ae6bde3e2","sha256":"6ede838c510b030a60f27b0e3466376607a480c6d0cab4e0d2f2f19d92d16af9","sha512":"2832b9fe25e789c3552227ac05c1c4672c27833784f468920a5f3520d6802bfb3302661cea000ec709e13dcf32ce0f52cd16e12109ddd3a9a41776047c1b82e3","ssdeep":"","tlshash":"2c510d4cf75de11c94d603857ead02ee387ca5233242852dfd5d6e606278c3a8a3cdb5","size":2898,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.373332Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2744a37ceaa29e760f738c3a74a83a7d","sha1":"06f0589bb234822a0471beefce05c5dbf58b6966","sha256":"d94db2a1c37a7ee75c603192f99b27222bc0f84dd082197fc5e634fdf3545286","sha512":"eaf4daf3482621744942cb0fbd68cef2a711399a9f2c49e43a94ac21dae08d58fcb730cfdf03c82fe8a368cf3f6f4cff02be47ea7d5489e1f6503c93428c0eda","ssdeep":"","tlshash":"67f0dcaa3cc88139433612227233f29872693a28284dac24c55d88a228a6cec087f50c","size":468,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.418388Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"47e6130092690092b5843b3bdc58e560","sha1":"54492ad18f00c6e45aa3037c541443d1705d8ebf","sha256":"a29d8472de509aea5ffcd6e8fc8d319d7b26e447b5921c06f0e12ee36dd4e78c","sha512":"cc5071e83141e4dc3712f2994de1e5aece9fab4ea88fc65c1f533442d814d8a73bfd0195822398cb27ddab46f3c408b72003f147aa4335caa625def954c9178a","ssdeep":"","tlshash":"45e07d6b6d631030eb873368a77cd5647420202e1b25c049b8ccd8158f60e945c1afd8","size":331,"data":"","first_seen":"2025-03-13T03:11:39.556521Z","last_seen":"2025-08-18T18:16:07.821609Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"data.24smi.net/informer?psw=1280\u0026psh=1024\u0026pow=1280\u0026poh=1024\u0026pdpr=1\u0026pdt=1754546894\u0026ptz=0\u0026pl=en-US\u0026object=24832\u0026template_id=15500\u0026num=4\u0026ref=https%3A%2F%2F6-wbpbqewx.123tt.ru\u0026output=json\u0026chash=ea4Dkpnf6O\u0026extids=\u0026page=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026yhb_price=0\u0026formats=1\u0026show_id=ed46f086-90a7-49c0-9ca0-18e050d898d4\u0026callback=__smiCb1754546894062","fqdn":"data.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d30a01c41fd9ab78f3b6184ff17cc33","sha1":"9ca83d36e3800f8ed6f501c2d03c539e26407eec","sha256":"d398e4cac44f2994b6b016fce7ea5d81db32aa24c9d02a412b18f6fd6a1e68e7","sha512":"045481a3a1e3227740b3f60476ab26e38baf1ee8bfff6a2a32c92673cb0fc404160346974846f70eadcbb0088374800dec5f9a42f21d689c4c28e09585026a2b","ssdeep":"","tlshash":"30b01240441118b41198c51102016b055dc04b2625119c18d6b091ac43b714304d244f","size":87,"data":"","first_seen":"2025-08-07T06:08:50.957609Z","last_seen":"2025-08-07T06:08:50.957609Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/t/functions.js","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1807e6a8009ef9a06b54a0586ee8884","sha1":"2691a68a2209485cbe526d8914c54113daf773df","sha256":"d47ad6a2c2fa3bbd326ea77e4a328ea45e13f67593684237859ef21ed594222d","sha512":"99bde3ae5264e92d6288bf01bda8cf48eac02d7e2c9d51ddaeceaeaaec439f61bec916355253a29eb18c614bfc66080dae36f19910cca9027825600c4e87280b","ssdeep":"","tlshash":"82613219b9c1502a872710353def364a34b90573d085da62b86cb9606f64e34577eef8","size":3392,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.406875Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/pokemoky.js?48d","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5eefc1f7d0796d34520a56f42baf2c1a","sha1":"10f69fb4a0e2f51a757c3e425777a2c75cd09cb9","sha256":"bcd273007ad9efb689cf0cd2beaf6b211569720a7971425f2db177506d87af14","sha512":"f82cd40427772f582366dd84d0a1579f1ecb8c4e828d2b9c60de05356e3baf0f9602176fa51ea9ccabe79bb667f304b6edc156f73a32ce7812ae945694ee9fa2","ssdeep":"768:N/EgW8iCORMC7g2ZIbCCLG/qPdVBMcv/k7N5R:hEg1CCLIpcv/k73R","tlshash":"9383c5a9dfad0259d1e3004baea15aca647d83777214dc12bc1c1a5873c1dde8b7a3bc","size":86848,"data":"","first_seen":"2025-07-18T09:21:09.181733Z","last_seen":"2026-03-29T07:13:34.375973Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsn.24smi.net/smi.js","fqdn":"jsn.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4ba6035f650dda50dbd3ba367e03dbb","sha1":"0384ec281fc67ec906eeb10b75daf9ff2df40a8a","sha256":"9a7ce92d40730fd8da81d7108f05d988bd9b87cbf14e75484e9be3fa5087c8da","sha512":"2a97564449ce215cb01c4f7fb905588902875b348fcecbc6905eab7ccd4f8d0e997726d6c58ab085c642e678212c33c1831db337c62774f822e6771cca7f3b1e","ssdeep":"1536:BRSu24xbb5suVmDmkR5MgiQ5rra/Qfh00sHqnJk8/DSdCItiWs:BR1PS00sHqJX/DCCVX","tlshash":"abb3d88c7d85f42a43d361f1807f054fb2372e1d688d6550e2aad8e53eb884d612bfad","size":108064,"data":"","first_seen":"2025-08-03T08:36:22.377769Z","last_seen":"2025-08-12T06:34:34.474459Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsn.24smi.net/6/4/24415/14536.js?t=1702619098","fqdn":"jsn.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"645f399924685f6720e22d285f36748d","sha1":"cb5012304f0a6d0dc916edd8d16d56b37a5a7a1e","sha256":"9afe1e31cd187105708989928f24c8f5cb702c52e2c83dd73afa04a4572d4140","sha512":"09fdf2ec018120a63f7c2f618efa694f8dd26431052a93f84b96aadcb2596f68e5d5d3884fc3917cc78a576e49c2613d6c91f87e1bbfc9b69e5b12b29f6d8dbd","ssdeep":"768:Xnm2ixk3NQSyoSxs+YFr6AHovKQaYFr6AHovKQ/YFr6AHovKQmS:W2ixk3zSgFwyQbFwyQQFwyQz","tlshash":"a5331b32544e72f927351923a1faee0db11e9247c9a187b5d9efcd54e00a2b921133fe","size":51300,"data":"","first_seen":"2023-12-15T12:56:08Z","last_seen":"2025-10-29T19:25:09.722301Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/build/buzzlibrary.js","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"5488f8a9b5924ba42cbfe9aeaf798591","sha1":"68736e432adaae80c743869a2e306fb91f545046","sha256":"af9d7f05ed322a00608241d22a68b0f2cefd9777b69868df385081e346165c6b","sha512":"abbf98b88f0f39865dc994c49e5d6d651a3b779287c183d168347a4e8a66ff208a3dcab81072a7a4c4f88475b1c10a1f2a0e1513e984f80ce7ae0caeb5d6845f","ssdeep":"1536:aWidjjZmj5Y75M3+uQ7CCC2m0bVn+YVjWsgd5KV4MXAMEu2H:aWiWY75MOuUVn+YVjWF7aC9b","tlshash":"87a32bcd7fa0b06743e366d4903f550e637b5a2ea80cc4a4b699c5e4583d88e423bf79","size":103042,"data":"","first_seen":"2025-06-22T21:31:48.194553Z","last_seen":"2025-08-12T07:26:30.389891Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tube.buzzoola.com/api_iframe.html#id=t-81794caa-742e-74ff-86e4-fbbcda1b51f1","fqdn":"tube.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"4a67973bcae976b31d69f9773aa3a2be","sha1":"7d196b73b9bedb5363671c54c650227038d408cc","sha256":"a1507b3e5e4de4631cd4e7878632ea07d482835fc93e56e32a3bfb0ebabfe433","sha512":"229170b62af6516bec33ac8077bcb726de767060c0068b0938d4e3050c4dc4228458d716c44e122eb76163fbe02416a8bfcf74537b63cac2563818197575aff0","ssdeep":"768:yJljsVgPA3Va48UETJa7LZ73GsuQo26Ce3f5P3Nxooo:yJmV+Axiy73xu926CehPgoo","tlshash":"f8f2f9cd7fa1b06383aa65e4813f580b627f6a4eb44c45b9b254c9f4187e44d632bf38","size":36283,"data":"","first_seen":"2025-06-22T21:31:48.202292Z","last_seen":"2025-08-12T07:26:30.46965Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ace9db13a7dd020090d7137c2003ea20","sha1":"4eb635fc5ec72ed6ab636fe35265f195b80bf281","sha256":"c3f7251bae9ebb1a7cfdc617b3f683e59ae1c3db71651e3aa0cbeca72c24e13b","sha512":"1368d72925705d8d71b89c855a51924e5f4f2bccef41aff76ec2ccdc35c691483877b101af03ea2ee471db5a8eea175bc8ef328081f8498509587e62811383a2","ssdeep":"","tlshash":"d39002576259954827d4e64168811d23a4f48a64500e5206d154185405520066f148ab","size":54,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.419486Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kllastroad.com/green/island.js?24469\u0026v=3\u0026u=null\u0026a=0.9401812389300818","fqdn":"kllastroad.com","domain":"kllastroad.com","tld":"com"},"ip":{"addr":"193.200.65.68","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5543f2b1001445da35073854a81cb9a","sha1":"4461171aac3caa3ad375fab85cbabec93faf9e84","sha256":"661a751a180b84661761d65017ab0c6cabc9e9e40a73c94eae4e795b898d035b","sha512":"bdd0b469783185e44e3c93c8e7351d2bd448f15e782426429949abc1892f97702352101cec6e08bc501c22e47ce62aadd64dd3203a6c5483da0df5646a4a3d7a","ssdeep":"768:xwT/7d3VZb+mtjfptkwIL9HBlyQQwMs3NEaWlcb3JH:xwT/7d3VZb+mtjxtkww9HBlyQQwMCNE+","tlshash":"d0f2934e66e710320197a43f6fdf81487570c1973248e91cbdac46486f58e29cafabde","size":36096,"data":"","first_seen":"2025-08-07T06:08:50.963385Z","last_seen":"2025-08-07T06:08:50.963385Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/bn?key=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026cp.adsource=Inv_bnr3\u0026vt=100\u0026w=300\u0026h=250\u0026pw=400\u0026ph=225\u0026cp.referer=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026fid=f884be043442dc459\u0026cp.tanc=\u0026maid=29290dc5-7ba6-4e37-a05b-6b0576ed0eee","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"fdb5c42e0b700ac93e08e72259fe4dcb","sha1":"abc9f2a635cc2a0c1a76cc1ec7f5ff4508f7b141","sha256":"fca4d4ffa51e97321476765e5be2b316de9c93887991a74d0825fb59677efd4c","sha512":"78c1b165f2952a4f6d5b04b482d4d9836c31d94a82767c40207c9da6dad657385436e85737fdf19dced161a77fa0cc6823895ed3c552ded78a7e41c96c8643f3","ssdeep":"96:wngJUXHsLnVS+XEG0ya/Dpk0OPTdm3NwV3keByzW:wgJoHsLPXEDSRPTdm3wkeB/","tlshash":"71b118a51ccf2e00c7b945153ede06d18c0da7cde8d368eea443f685c26e86c08ca1db","size":5308,"data":"","first_seen":"2025-08-07T06:08:51.013952Z","last_seen":"2025-08-07T06:08:51.013952Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"data.24smi.net/cfg?object=24832\u0026ver=79\u0026pio=true\u0026pps=true\u0026callback=__smiCb1754546894061","fqdn":"data.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c13e7bdcf1f3b5803361a17446c4122","sha1":"24a44c635f20c9ebec5647a0c08a7725eda16263","sha256":"1ac8fcbaf824df89112f1b0f33d520e55318b8e982ff622ef4ed235cff76fe89","sha512":"e9a89c552d6c7b1ca0b1d358f6c6eaa89a062f7ba265f5f98e42fee08a9a222d550baa5e78fad5c7be0e02f577f988272534071e301bce5cd30efc015f0e2b80","ssdeep":"","tlshash":"e9f046418606a5f48357a65280143d92893d26338b8a24a6f9d84a3dd4bdeab324a50f","size":567,"data":"","first_seen":"2025-08-07T06:08:50.972188Z","last_seen":"2025-08-07T06:08:50.972188Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"83d5f889b863e035ab1d03c6d5044dc4","sha1":"2c9fd52505f7a7868506e5e26a66085a288dfc23","sha256":"39993fb74fc9328ba8e8ca1ea164c22652bfa59cdf22504a970561bd3e29ee3e","sha512":"1ee1860daf646580d466e481ebe77de43a7d13184147698c1238c9fce34b33862ec9d31c9a68c518bb0b07ee1a6129463454c4c7fe6a2fec6750ceb5fae31d86","ssdeep":"384:FTlKWDZF01RVP0Tl+Lk/X+ojdC76ssbiQLFPnN:FTlK+ZKHVPOl+LuuojdS6bJPnN","tlshash":"9f7293f98a873ed51d7ee1027b76492c1312749b462a8adb621d3e8c770d4ad3404ebb","size":17397,"data":"","first_seen":"2025-04-16T12:20:35.288766Z","last_seen":"2025-10-19T17:46:42.360589Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"user91471.clients-cdnnow.ru/mp_dist/mstream2.js?ver=1752761533443","fqdn":"user91471.clients-cdnnow.ru","domain":"clients-cdnnow.ru","tld":"ru"},"ip":{"addr":"185.40.155.13","port":443,"asn":21030,"as":"Docker LTD","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"491654dcff2b3c2b6092ccf253421108","sha1":"69001127160212287e1deb3b8a349cf35ae5be6d","sha256":"32595c2561932c9493b2d19a540ef559ea0eebdf13202db90143284673872dc8","sha512":"0978cfecbfc53442d1b39482c9c78022c13979549087082bf9f33131ab721444314903d2fcae521f0c148c18f88e81608fbd98583e59fb7a6f476749191db9bf","ssdeep":"3072:dFJtTVisVPmLAeRE/5RuYkyh/FS8RwK4eTUdOmrTVU1:dPe+iKLRo8RwpeIOmrRU1","tlshash":"fbf35cb6194160762ba0c1e561b84281ee3d671e3483439c7d5dcee7a46d821b2febfc","size":166296,"data":"","first_seen":"2025-07-18T09:21:09.205013Z","last_seen":"2025-08-07T06:08:50.915904Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/jquery.cookie-min.js","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce56bb0d2daafc993b2866ccc1af86fc","sha1":"fe46733587f81da245f6b3e16d6bbbd8a1cb2fea","sha256":"874d19eae19d9f20a884d976ccca6092c91da6ee8c71d8be1c5c893acbad9159","sha512":"b3191b1e1e2626f0b30c71e074024d90dc89e9dde13d563cdf92520c4cc37c3d65dbcaa5c2ad8f160e18878b1442cfab5a9939d4ccfc3887f2916dfc1fa03d3a","ssdeep":"","tlshash":"3f01152cb1a9195845fe0221377daa86b411eb214999b07cd787e87423b84410db3d71","size":732,"data":"","first_seen":"2023-03-07T12:22:05Z","last_seen":"2026-04-04T14:40:59.388024Z","times_seen":1755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/js/check.js?100500","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d61a419574aecbe3b0ff9e130958ac8","sha1":"9217d73e87f12fc0c1de4d2b1aca89bb757852d9","sha256":"0d6fd0e4a74606c8c0f1385b2761f0390869b07159e5bff4bf7814ecc6a90c7b","sha512":"da8a8069eba6e5556a6117f27f8f63aa3191e28d6f15925ed4f4ab01369da246a3e46a8a6080021d9bb020e7a4d4cf1b7c23bbb187ab0e665834fbe5a50b74e4","ssdeep":"","tlshash":"bff02729254d21ec63e24317427a5b01d8bc8d37d75374aa58ca3516b044d068512cee","size":481,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.426054Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"348cec49376fb3c15569c9d6df404eaf","sha1":"97d9ebac60a6a5140647c81db6f2f1e7bce94ff5","sha256":"15bc72c526f5d3d5d1fbdbfd0218a135070925b7b414eae39ca38a8e5cd3165f","sha512":"f09ef08e0d607a59c3f06f286d5d857ca7b705b923ac84767a3692592ed634e7232915e30816a4b1328595b2dec4fc47e8cfe397a1394d2de3ed3858b937fdaf","ssdeep":"","tlshash":"7b019e26d1ecc62723d6aaa1f94b3d5cd8873216d15a4a01f0fa22d8f007f8c8ac3810","size":683,"data":"","first_seen":"2024-12-11T10:01:53.153509Z","last_seen":"2026-03-29T07:13:34.421442Z","times_seen":29,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/kimjongun/under_desc/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e24d409c999f0223dcd6203452fedb1","sha1":"d70fc4f6de4ebf16782bd9add3f59345ecc6e08a","sha256":"92560cf9d262c2cba4a5f61e4147d760abaf7640d5b1b3f8f0dd3e67014f7323","sha512":"986906e59ab5d56a69ae0bf2c0842feb10d89dbcaa1d43780b20e5f504ace22b9e95e692159a57c5794bca464a4d846808b9c544982b2fbdbe5cedadb4175e4e","ssdeep":"","tlshash":"1a31e4af20a2183949ef667f657d538d3937401bbb8364023c7c1b698f54d51887aa50","size":1829,"data":"","first_seen":"2025-03-09T19:46:16.108142Z","last_seen":"2026-03-29T07:13:34.443136Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"50113682318a4ec37430b6afeae03cc9","sha1":"4ef7d709fbdf3a4c26c6dc9054682626349e358e","sha256":"abfa28caa2a49861f42af3553adc80c3714990472afe721a2a6e83057d093c39","sha512":"21b7d90a3d12f48fd00a3d8e71045e89ffb97fbdb6a07f87b887ace9d16046d51c869598587921ecc3b77d99b2ed457c19798b59a6283a411c537f51d6789f09","ssdeep":"","tlshash":"c8800030bc008803002803002223ba28382000a03ac3b0c032a022a83030bcba8c0082","size":29,"data":"","first_seen":"2025-08-07T06:08:51.020064Z","last_seen":"2025-08-07T06:08:51.020064Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/bmap?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026sub_id=ap\u0026fmt_id=4\u0026pl_key=banner\u0026testad=no\u0026r=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026tanc=\u0026ancs=\u0026maid=29290dc5-7ba6-4e37-a05b-6b0576ed0eee","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"1acddeb6efe4c311d761e8303faab80a","sha1":"8c94d06826ed441d8e8c4b093480ecab87bc4d87","sha256":"62f0888ba38b6faf82efe28370450395409fb3656aa257b62ad9a0a506c62f01","sha512":"288c014dbdd83fa6baf9ff74965265c5a3271af334bd33c7df96df1db26039f0f44306ecedd7b3fbc08efcf06fbf458db1bac624a5adee992fc1c5edc6edeb74","ssdeep":"","tlshash":"d5116519374069878a3ec067bf1780c1e5104d87638b1cddf71db416e859060d9c2f88","size":1000,"data":"","first_seen":"2025-08-03T08:36:22.566242Z","last_seen":"2025-08-07T06:08:51.022152Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"216ece037f69be07a61c57720e961796","sha1":"d2fe3e708eb78614739deeebbae10d9c061ee454","sha256":"8df13aba9d4a5567a9c11f6beb220ce15825ade3f1cd932692eab3b80cacf886","sha512":"f75dcd70e9551734e317b20fe07ca925be7fadb81bfe204236c25b42f27c5e826969565ca68ecfdc354542a711556d36cf5dfd5f6b2e0af3e23f30107450ad50","ssdeep":"","tlshash":"41512e6a057b58391ab644ee0adf760135a290134c04fa08fb1cb24c2f9d32fa171bea","size":2497,"data":"","first_seen":"2025-08-07T06:08:51.024155Z","last_seen":"2025-08-07T06:08:51.024155Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/mc/?dp=167","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"e7d9e11845fe60484a2a14883b4f0ca7","sha1":"957ce179626304158d6c459c3cbb58776bb743f5","sha256":"cc737903e22d9f062c9b4ae082d4bbd93e923a5ad80de14ae98c63f33d0c84a2","sha512":"a8b0652f00072058a5165c1ecb6daf07a2e761188e9b0fa306570888d7f0239e9063251b3c502efe9754d95d63f58d95be180e410c09038949c42e56ee0d9a71","ssdeep":"","tlshash":"2af0c92a49f60c22015508b9e3fa5221b801330f2c8ac04ebddefa4a6f1c89a9057a8c","size":525,"data":"","first_seen":"2025-08-07T06:08:51.026081Z","last_seen":"2025-08-07T06:08:51.026081Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.kimberlite.io/js/botd.js","fqdn":"static.kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"212.8.232.117","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"234a8c1c15df9b03c65e9e14c82fc872","sha1":"e5ca36727846aede7dfbc07e88b2b025eb0cae90","sha256":"29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89","sha512":"9aeee4e620de49e0ed303917e9afc1806da0815896bc5feef3add9f89e0429678bfe0d9f0ad3fc940bd8e48f7e235e5c8d23463407c42b6fbc740b50c43a0b53","ssdeep":"384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA","tlshash":"bd62a4cef996b07553bb34a1503f2206b2362655745e84a0cf2bc2c16879e5ac23bf6d","size":15196,"data":"","first_seen":"2024-04-04T09:37:24Z","last_seen":"2026-04-05T08:51:36.249753Z","times_seen":12523,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6ed5f24030527b233bfe4972d891c85a","sha1":"6463b94ece30792f6fbefead1a85ab64eaafff2f","sha256":"bbe07d3d476e13f3a3208edf38fab3d0fb0a80a98e2f4b6eee6e77e5e15912ee","sha512":"0f11e45baa8401b0e0f444c54e7653386e8ce08ce9ae902d3aa4b679b044d4944c8f12b94ba526f7210d7681d26520216766415c35a226446bd317fdbc79799f","ssdeep":"","tlshash":"5cd097287b5ce38d0421300028fac8ea301699b24f1687402b4cb022f84032b7d4cebd","size":247,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.425064Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vak345.com/s.js?v=4b9e9f8a5456f3d3f097a92cdd8ec336","fqdn":"vak345.com","domain":"vak345.com","tld":"com"},"ip":{"addr":"87.242.104.43","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"40f3aaa843659973596ebe649ec9acd2","sha1":"fa4e06f5660f8251e10ddfa8dea0a3bfff6effe0","sha256":"79724190d47e3ff332e2fc9b07b26b151d00bc4869825950a2e5336c993bd55a","sha512":"453c261b8adfcce21d7e8a8e24c42e7ca92520b76524d4295856821567b7df7f1dc437796a653e16363703e30e56b0f515b3b5654014e163057fc3eed8436ba0","ssdeep":"768:E4gj8m4M2LpG+9BTl1OvaF/0a+EbFKm7awn8uPm+beS05FI8x2WM4BvxUofG5YiH:NFEVdFIeDR5iHjKxo","tlshash":"6bb2509225d4b4a947b317b7620ef2c6e02a5cede4440edeb30cf9a4f198503fba9571","size":24878,"data":"","first_seen":"2025-08-07T06:08:50.979306Z","last_seen":"2025-08-07T06:08:50.979306Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a988d7de269785ee2419bd8c285be79","sha1":"21d259a44ee52338609e836c71f01c764f351b92","sha256":"b561fa09846a6cc0a9bb28a4926b2c3d2aff1a928fba55377035cb3d17105fd6","sha512":"074330747682e3951975ba09da030196a218ddf001b6317e4f10031837282076829fd6cd40b94f1775c711134951e9bfcfc1dd42364f69088aece74c765ed909","ssdeep":"","tlshash":"d241bc594ae34066667f211d579f33003973c8f35a54e9a0bb1c5f08efe412f56b8ac8","size":1956,"data":"","first_seen":"2025-08-07T06:08:51.029242Z","last_seen":"2025-08-07T06:08:51.029242Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/ujs?ymss=skyadvert","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"177d50353544da216402c730c9e6dd1e","sha1":"092cfbfe0f7aeb2f356019cf218993d944bbcbf5","sha256":"bd338292ccff53562314eaf5adaaef714d6b56776866bc0a5fc069946fefab6f","sha512":"0514b2feb0de44c6867e446d56670713f1d51600a28125f6173b91df3d777d12e6e6b0ba9044228596b72c53f78c475260a115e94a4987872adf5625dc2c7724","ssdeep":"","tlshash":"a83185a328c8907c863000dbe13e8748b9760b6468ad9c6bd63f4e403959d4bec99dac","size":1530,"data":"","first_seen":"2025-08-07T06:08:50.95569Z","last_seen":"2025-08-07T06:08:50.95569Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"traffaret.com/s/banners/buzzoola/index.html?placementId=1296719","fqdn":"traffaret.com","domain":"traffaret.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"4c080490152e8f34e6d73347b848fb5d","sha1":"56dba0f1107679c3cf91622a0487011bfdcfd2ba","sha256":"71d6635e1547d024e8a2abbfe5de4296234b8e72349c669513119da5b98b8c6e","sha512":"d6bf595cb6b1bf2d16627c0fc00cd92207a3796367a32149d1091e0901d1b7ddb93774e34bdd83af7de0ccbcb0a95d3894a98575330baef5bd98f7a6adc94df3","ssdeep":"","tlshash":"092161aef76c506723f95081293831de713d04b6f8026466fd89322b299cedec598264","size":1235,"data":"","first_seen":"2025-08-07T06:08:51.031864Z","last_seen":"2025-08-07T06:08:51.031864Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"038b07bc5bf7a09e3785702b4dba46b4","sha1":"dba46d242a5c86e92f7d4bb50df67dfdd07c2304","sha256":"ba24a03d5a21d556fb00101f33c7652e83bb7b85fe5070ad18bf74af199d57a0","sha512":"5d502b52e6a40be14d7a1b9be4b984d4ff0ab9069056aa546994928212f5a22c0bfe71d7b06ef5c5976d4972524d4c8bf1352c9902d81088dac7a0185bb3ce74","ssdeep":"","tlshash":"81b012c75002616a1a630019059b32503bfb89ab00085004c54450903269f4fd217d8c","size":93,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-04-01T09:23:20.283723Z","times_seen":253,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9746fee96e71372dfcf2469706766e64","sha1":"3d343f2bec9a87bb7e06ff4602403ed7d8159745","sha256":"96a5061bcb6b961514705a44d52a6c60334de407eea279a2c237441d501c813f","sha512":"cf54d5bde6bd157d9a5f939aa64e328e347e76bcf5949151992eff388aa2275beea0d5f556bfeee93e07293f6f45668557185bc52ead6d124222e10ee66772e0","ssdeep":"","tlshash":"3ff0274290048d0272fe7aacd5966b0460f611ab2633804429064cb82b66bfdcbadea4","size":444,"data":"","first_seen":"2023-05-21T11:00:04Z","last_seen":"2026-03-29T07:13:34.429346Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acint.net/aci.js","fqdn":"acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"20f0381069e78a636d53b3d505e967c7","sha1":"800464b5f1400a923482d4298b472e17cda20737","sha256":"7b2d18d3dc9861604cbbde63dd9218e12a6cac1a06f52b877eddf61f9f7c3b37","sha512":"5aa6d98aca4d9881d5bf2c8dd71ff3d35e534a09ee749bf248c3d6f838f240f0d77edf06f8f2eae1b7a3797d9d447fe2da922395243f22547a13c4b6ea9981a2","ssdeep":"768:EMNY2uNr6tm67+DVRhNk6L0Wbha0XByPcf0:EMN/uNWo67+DLhNZaMByks","tlshash":"1ce2f98a7191f47306d3a179c12f050bf136696620e8d0e4f536dce0aeb858e6577f3a","size":31372,"data":"","first_seen":"2024-10-20T11:06:54.910201Z","last_seen":"2026-01-29T05:23:48.922533Z","times_seen":4303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f8c722c29c106deffac333373bee3f1a","sha1":"3b22e04a56c59a1944aa4eefad04c21dffc7cf54","sha256":"eda58a9eed09189c9201bf769b9611f226c20ee9035f92944cc1b8a063bc18dc","sha512":"00e27cb36c92c04cd7674b2d0f1b29ac726a7daad89d831021deee82ff070c83517b33f8d8bc9b1c3170ff553d3f8ff2b53d19210fb0ea0173a3d217de3961fa","ssdeep":"","tlshash":"bc8000a080beb008880200a22000a2b0e00a20cae08200000200083b88002f0b0882cc","size":26,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.438096Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c9feab8347346cd568a157489324aeb1","sha1":"45c07e53bdc1a5c961480251438ff9106ee5063b","sha256":"b6bf34b0c0063143cfdc7977334b53e6aaad68a29aa25162defa0be10afc3cce","sha512":"3f94f77ccb583d2a4691c96723e4977822bc1964de8fa45bf7c59c6ea0fa1fb1d5bcab63e47a9077b94dd7322baf75e945634c7b28c1da71812de3ba2429e0b4","ssdeep":"","tlshash":"01b02238f828a88882bb00a3202b8b000c0ab203a082e008038828a0cab80280c00f2e","size":121,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-04-01T09:23:20.274924Z","times_seen":254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"75d02574b4d2b91d421c6202503d703f","sha1":"047f71a00802fd9ed91878bbaeebda68521e77fc","sha256":"840ad758733c0966b5e57b85fa86884e75ed85947b265648edec34b2a75236e1","sha512":"da644d793c77dec134483bb8f9abf181b79d0e7aeb77bf4bf77c8fe2496aba03c5379a330150ac6f5e7205fe09c73b5f0ca43b0ef8b4b26c4c46ee2c1a5e53c1","ssdeep":"","tlshash":"1fa0013a8423193c09800ac9212ef2c2be37f06138aaa6029108021811d9a9e8842c08","size":75,"data":"","first_seen":"2024-01-30T23:48:35Z","last_seen":"2026-03-29T07:13:34.444125Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f87729c2f32d0cea6f13b2505cc893d7","sha1":"a8491a61699afa1a9f5b397b16b39b67237c484b","sha256":"80ad99139927541b8040b5811d385b88b71b69bc6d613c615f3a583873e4d4c7","sha512":"c28a2f46d07c477c02afc0f639be9bbac9b69bf07d33b16ad887b82ce396b73908d4562cdd526f156785767a2fc10af9ca63571e240903efa968559efed6c478","ssdeep":"","tlshash":"43e0d8551d73d634529212ff6e3ad1641272600b606cf45f3dedc5086fa1bd84e21f95","size":384,"data":"","first_seen":"2025-03-13T03:11:39.550746Z","last_seen":"2025-08-18T18:16:07.827009Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/js/plz.somechange.new.mn.js?211","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"88ec660122b6599c6fe8d645cc5f3b44","sha1":"21bd9f609fd0332363752e1d04a6b5cca625c14d","sha256":"ec2adeb3f8361c1907d58b0597cafad01b6826a48852b7f239493d7a3ede6952","sha512":"6cfb295af1f463e5ca28e1309861d86d16f8c62ecc80b37373d4e5488d75fd1673b57e0ffa7dd3f06f43d18226dcc84453730c40cd537c7c6139711dbf5249b7","ssdeep":"","tlshash":"88613ff9ac73d435e5af20abe03df31a6ab81f4bb1c8e061754ccd994741adc5485c88","size":3293,"data":"","first_seen":"2024-10-17T23:59:15.818153Z","last_seen":"2025-08-12T06:34:34.496538Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f13f5dc047435a2ea7bde51fd8352b66","sha1":"5d99e88f7367c4224db4560c8a406e729ed1b0ad","sha256":"0f037315de45ddc3ac1055d5fc35f60ca7bdd357c91bc777c795444936cba1d0","sha512":"9f2ae5bb8be4ca4471a863107abc55c45c0fbfe7659965fb4708fce7e01749636645eae51837614ba6656000cea88ba9e9ea9bb30c008b8a489b84630338811b","ssdeep":"","tlshash":"ddb012c464ed417063cf1c536c0e934a10301fb3d3d0d1ad79276d30888591acc144fc","size":112,"data":"","first_seen":"2023-06-17T11:09:51Z","last_seen":"2026-03-29T07:13:34.445017Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/css/jquery.tablesorter.new-rutor.min.js?1","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6de84298187380f0dd15bfa17ace1a7d","sha1":"8dadf1532d9651d168bfbd73ff139e8494198e4e","sha256":"fb736e8586695a5db7c37884ebfd5860cb016a3a587b00b17fcc3053b5681048","sha512":"2e7edeeba1afebe8b9fe0703c59ff8f108d48ee9782a924a3c65bcf9c6f9a09371f0aecbe9333c880dc00ef7202a4bd0c0f21438a345ada598d672254ad9b5bc","ssdeep":"384:RGyqkRzzWBYEfmHtYyR0GPr4h6I/uaa6TYWAZVszlEAWhS5b:Rg+zWBVfmHtYt6+UuQh4","tlshash":"4282c69573ad346390dab4b0886e0859bd315fa39908c435ad35e4872df4e8cc6bbf78","size":18623,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.374043Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"81774d54aa944d3bd0afc3f98e052623","sha1":"ad2c136b4ebf24853a38ea9e120d169b71407ea5","sha256":"17dd49f17d360b866fff190bba425a204b9e3cc880798cfacb693f4b77bb88b7","sha512":"5f4568b27c30cff8ec069a1994bd407434374e4afb939ddabd86ba0f63fd435f1c7ef57b6a76a00aef040d27a36f3088226511823a55fbafbbad9c91a0e8a5eb","ssdeep":"","tlshash":"9a619cc7ff0ed1e64ef904086599919f783c62735a5358aa7c8c28b521804ebc8fd978","size":3456,"data":"","first_seen":"2025-06-23T14:43:08.47892Z","last_seen":"2026-03-29T07:13:34.44582Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;charset=utf-8;base64,ZnVuY3Rpb24gXzB4NjUyOShfMHgyZDk0NzMsXzB4NGZmOTYxKXtjb25zdCBfMHgxOTJhN2U9XzB4MmVjMCgpO3JldHVybiBfMHg2NTI5PWZ1bmN0aW9uKF8weDU2OGE5ZSxfMHgyNjgzNmQpe18weDU2OGE5ZT1fMHg1NjhhOWUtKDB4MzI3Ky0weDc1OCsweDcqMHhkZSk7bGV0IF8weGVmMDIxOT1fMHgxOTJhN2VbXzB4NTY4YTllXTtyZXR1cm4gXzB4ZWYwMjE5O30sXzB4NjUyOShfMHgyZDk0NzMsXzB4NGZmOTYxKTt9KGZ1bmN0aW9uKF8weDM1ZThiYSxfMHg0NjZiMGIpe2Z1bmN0aW9uIF8weDVhMjU3NihfMHgxNjgyNTksXzB4MWQ5NDllLF8weDJlZjZhOCxfMHg2NDlkOTgpe3JldHVybiBfMHg2NTI5KF8weDFkOTQ5ZS0weDNjOCxfMHgxNjgyNTkpO31mdW5jdGlvbiBfMHgyY2JmOGQoXzB4NDJjMzM2LF8weDNmOGU1MyxfMHg0MmM4OTMsXzB4Mjk4ODkyKXtyZXR1cm4gXzB4NjUyOShfMHg0MmM4OTMtIC0weDI2NSxfMHgzZjhlNTMpO31jb25zdCBfMHgxMzk5MGI9XzB4MzVlOGJhKCk7d2hpbGUoISFbXSl7dHJ5e2NvbnN0IF8weDM2YmJiZD0tcGFyc2VJbnQoXzB4MmNiZjhkKC0weDczLC0weDkxLC0weDc3LC0weDk1KSkvKC0weDE4ZDEqLTB4MSstMHg2MTEqMHgxKzB4MTJiZiotMHgxKSoocGFyc2VJbnQoXzB4NWEyNTc2KDB4NWM4LDB4NWJiLDB4NWI2LDB4NWNmKSkvKDB4MTcqLTB4OSsweDNmMSoweDErLTB4MzIwKSkrcGFyc2VJbnQoXzB4NWEyNTc2KDB4NWM2LDB4NWQ3LDB4NWU3LDB4NWRkKSkvKDB4MWUzOCstMHgyMmNhKzB4NDk1KStwYXJzZUludChfMHgyY2JmOGQoLTB4NjYsLTB4NGIsLTB4NjMsLTB4NWUpKS8oLTB4ZjArMHgxODVlKy0weDE0ZCoweDEyKSooLXBhcnNlSW50KF8weDVhMjU3NigweDVkYywweDVkMCwweDViMSwweDVlNCkpLygweDE0YiotMHgxNistMHgxOTU5KzB4YyoweDQ3YykpK3BhcnNlSW50KF8weDJjYmY4ZCgtMHg3NywtMHg4OCwtMHg2ZCwtMHg2NikpLygweDIqLTB4MTBlNCstMHgyMzM1KjB4MSsweDMqMHgxNzAxKSooLXBhcnNlSW50KF8weDVhMjU3NigweDVjYywweDVjZCwweDVjZSwweDViZSkpLygtMHgxKjB4ZmE5KzB4ODkqLTB4YisweDE1OTMpKStwYXJzZUludChfMHg1YTI1NzYoMHg1YTcsMHg1YmUsMHg1YmEsMHg1ZDMpKS8oMHgxOGIzKzB4OTQ5Ki0weDMrMHgzMzApKigtcGFyc2VJbnQoXzB4NWEyNTc2KDB4NWI5LDB4NWMxLDB4NTlmLDB4NWRiKSkvKC0weDdhNistMHgxNjkqMHg2KzB4MTAyNSkpKy1wYXJzZUludChfMHgyY2JmOGQoLTB4NGIsLTB4NmMsLTB4NTMsLTB4NWEpKS8oLTB4MSotMHg2MmIrMHg3MzUrMHgyKi0weDZhYikrLXBhcnNlSW50KF8weDJjYmY4ZCgtMHgzZiwtMHgzNSwtMHg0ZCwtMHg2OSkpLygtMHgxKi0weDEwZCstMHgxMmE3KzB4MTFhNSoweDEpKigtcGFyc2VJbnQoXzB4MmNiZjhkKC0weDRiLC0weDI3LC0weDQyLC0weDRjKSkvKDB4M2EqMHg4YistMHgxYWRhKjB4MSstMHg0OTgpKTtpZihfMHgzNmJiYmQ9PT1fMHg0NjZiMGIpYnJlYWs7ZWxzZSBfMHgxMzk5MGJbJ3B1c2gnXShfMHgxMzk5MGJbJ3NoaWZ0J10oKSk7fWNhdGNoKF8weDEwY2FjNSl7XzB4MTM5OTBiWydwdXNoJ10oXzB4MTM5OTBiWydzaGlmdCddKCkpO319fShfMHgyZWMwLC0weDIxYmIrLTB4MWFiMTUqMHgzKy0weDI2YTcqLTB4M2IpLCgoYXN5bmMoKT0+e2NvbnN0IF8weDIyOGVjNz17J0puZ1dOJzpmdW5jdGlvbihfMHg1NmI0NDMsXzB4ZmJiYjBiLF8weDRlZjg1Mil7cmV0dXJuIF8weDU2YjQ0MyhfMHhmYmJiMGIsXzB4NGVmODUyKTt9LCdyd1RrSSc6ZnVuY3Rpb24oXzB4NTdkNTE5LF8weDE0NzhmNil7cmV0dXJuIF8weDU3ZDUxOShfMHgxNDc4ZjYpO30sJ3BNT2xLJzpmdW5jdGlvbihfMHg0YmU2NjUsXzB4NTViOWZhKXtyZXR1cm4gXzB4NGJlNjY1PT09XzB4NTViOWZhO30sJ0dDS09HJzpfMHg1YmY1ZGIoMHg0MzAsMHg0MmYsMHg0NGYsMHg0NDMpLCdDY3lqRic6XzB4NGRmYTk3KDB4NGIzLDB4NGJlLDB4NGE5LDB4NGI4KSwna1daa1YnOidtc2wnLCdWVHFjaic6ZnVuY3Rpb24oXzB4NDVhYWVjLF8weDI1ZjczYSl7cmV0dXJuIF8weDQ1YWFlYz09PV8weDI1ZjczYTt9LCdheHZ6bSc6ZnVuY3Rpb24oXzB4MWQ0YzRiLF8weDExOGNjOSl7cmV0dXJuIF8weDFkNGM0Yj09PV8weDExOGNjOTt9LCdrREl3dic6XzB4NWJmNWRiKDB4NDQ2LDB4NDZjLDB4NDZhLDB4NDU2KSwnckdJSG0nOmZ1bmN0aW9uKF8weGI2NjUyLF8weDU3NTIwNSl7cmV0dXJuIF8weGI2NjUyPT09XzB4NTc1MjA1O30sJ3NiS3JUJzpmdW5jdGlvbihfMHg0ZDA4ZjksXzB4Mzg1NzMzKXtyZXR1cm4gXzB4NGQwOGY5IT09XzB4Mzg1NzMzO30sJ1B1UmZ1JzpfMHg1YmY1ZGIoMHg0MzQsMHg0NDksMHg0NGUsMHg0NDYpLCdoS2hBVSc6XzB4NGRmYTk3KDB4NGNlLDB4NGU3LDB4NGIxLDB4NGM2KSwnb1lCWFUnOmZ1bmN0aW9uKF8weDI2ODk1YyxfMHgyMDgzZjkpe3JldHVybiBfMHgyNjg5NWM9PV8weDIwODNmOTt9LCdvb05KRSc6ZnVuY3Rpb24oXzB4MmY5MGMwLF8weDIyM2E2OCl7cmV0dXJuIF8weDJmOTBjMCE9XzB4MjIzYTY4O30sJ2pvUnNlJzondW5kZWZpbmVkJywncExLUGMnOl8weDViZjVkYigweDQ2YiwweDQ5MywweDQ3MywweDQ3OCksJ09oS25iJzpmdW5jdGlvbihfMHg0ZDk3ZjIsXzB4NGJlNDZhKXtyZXR1cm4gXzB4NGQ5N2YyKF8weDRiZTQ2YSk7fSwnc09kTWQnOl8weDRkZmE5NygweDRkYiwweDRmOCwweDRjNywweDRlNSksJ3R4cFl2JzpmdW5jdGlvbihfMHgzYWQ3NDgsXzB4YmQ1MzBiKXtyZXR1cm4gXzB4M2FkNzQ4PT09XzB4YmQ1MzBiO30sJ25xemZJJzonT2hFZFEnLCd5T0l1Vic6ZnVuY3Rpb24oXzB4Mjc5YWQxLF8weDM5ZmQxOSxfMHg1YzYzMGQpe3JldHVybiBfMHgyNzlhZDEoXzB4MzlmZDE5LF8weDVjNjMwZCk7fSwnaVpTclEnOidnaEZNSycsJ09OeEdzJzpfMHg1YmY1ZGIoMHg0NjUsMHg0NjYsMHg0NWUsMHg0NzApLCdrTlhPeSc6ZnVuY3Rpb24oXzB4NmIxY2NiLF8weDM5NDMwZil7cmV0dXJuIF8weDZiMWNjYiE9PV8weDM5NDMwZjt9LCdScVFUQyc6J2xSU1ptJywnTHp6a2onOidWcnlWSScsJ1BsT1lwJzpmdW5jdGlvbihfMHgyMDUxMTApe3JldHVybiBfMHgyMDUxMTAoKTt9fTtpZihfMHgyMjhlYzdbXzB4NWJmNWRiKDB4NDM1LDB4NDQ0LDB4NDQwLDB4NDRhKV0odHlwZW9mIHdpbmRvd1tfMHg0ZGZhOTcoMHg0ZDUsMHg0ZjAsMHg0ZWEsMHg0Y2YpXSxfMHgyMjhlYzdbXzB4NGRmYTk3KDB4NTAxLDB4NGNmLDB4NGNlLDB4NGUyKV0pKXJldHVybjt3aW5kb3dbXzB4NWJmNWRiKDB4NDQzLDB4NDVjLDB4NDM5LDB4NDU4KV09ISFbXTtsZXQgXzB4NTU4MTE5LF8weDE4Y2U0NT0hW107ZnVuY3Rpb24gXzB4NWJmNWRiKF8weDMxZGRiOSxfMHhlODc4MWMsXzB4NTA5NGFjLF8weDhhMzM3Nyl7cmV0dXJuIF8weDY1MjkoXzB4OGEzMzc3LTB4MjViLF8weGU4NzgxYyk7fWZ1bmN0aW9uIF8weDRkZmE5NyhfMHgxYWNlYjIsXzB4MjZkYzAzLF8weDVhMDU0MixfMHgyOTg0YzUpe3JldHVybiBfMHg2NTI5KF8weDI5ODRjNS0weDJkMixfMHgxYWNlYjIpO31sZXQgXzB4NTBkMjNhPShfMHg0MGY0ZGEsXzB4Mjc2YjY1KT0+e18weDIyOGVjN1sncndUa0knXShjbGVhclRpbWVvdXQsXzB4NTU4MTE5KSx3aW5kb3dbJ2lzcCddPV8weDQwZjRkYTtpZih3aW5kb3dbXzB4MzM5OWNhKDB4MTgsLTB4MTYsMHhhLDB4ZSkrJ2dlJ10pe2lmKF8weDIyOGVjN1sncE1PbEsnXShfMHgyMjhlYzdbJ0dDS09HJ10sXzB4MjI4ZWM3W18weGE4MzFlMCgtMHgxNjMsLTB4MTViLC0weDE1MiwtMHgxN2EpXSkpXzB4MjI4ZWM3W18weGE4MzFlMCgtMHgxNzEsLTB4MTViLC0weDE4ZiwtMHgxNWUpXShfMHg1ZjRjZWMsMHg1MioweDRkKzB4MjI3ZSoweDErMHgzKi0weDEzYjgsXzB4M2UwY2UwKTtlbHNle2NvbnN0IF8weDM1MmZhOD1fMHgyMjhlYzdbXzB4YTgzMWUwKC0weDE0MiwtMHgxM2UsLTB4MTU1LC0weDE1NCldLF8weDE3YmQ5NT13aW5kb3dbXzB4MzM5OWNhKC0weGUsMHgxZSwweGEsMHgyMCkrJ2dlJ11bXzB4YTgzMWUwKC0weDE4MCwtMHgxOTgsLTB4MTc2LC0weDE4OSldKF8weDM1MmZhOCk7aWYoXzB4MTdiZDk1KXtpZihfMHgyMjhlYzdbXzB4MzM5OWNhKDB4NSwweDIsLTB4NCwweGYpXShfMHgxN2JkOTUsJzEnKSl7aWYoXzB4MjI4ZWM3W18weGE4MzFlMCgtMHgxNDMsLTB4MTJlLC0weDE0ZiwtMHgxNTUpXShfMHgyMjhlYzdbXzB4MzM5OWNhKDB4NSwweDFiLDB4MCwtMHgxYildLF8weGE4MzFlMCgtMHgxNzcsLTB4MTcwLC0weDE2YiwtMHgxNWMpKSl0cnl7XzB4MzEyZWZkW18weGE4MzFlMCgtMHgxN2QsLTB4MTZiLC0weDE2ZCwtMHgxN2IpXVtfMHgzMzk5Y2EoMHgyOSwweDI3LDB4OCwweDFjKSsnZSddKF8weGE4MzFlMCgtMHgxNmQsLTB4MTRkLC0weDE1NywtMHgxNGUpLCcqJyk7fWNhdGNoKF8weDNiODI3OSl7fWVsc2Ugd2luZG93W18weDMzOTljYSgweDJlLDB4MWUsMHgxNywweDI4KV09MHg2NSoweDgrLTB4MTBmNyotMHgxKy0weDMyKjB4Njc7fX19fWZ1bmN0aW9uIF8weDMzOTljYShfMHgzNTExZTQsXzB4NTMxMGJiLF8weDQ1ZjRkYyxfMHgyM2NhN2Mpe3JldHVybiBfMHg0ZGZhOTcoXzB4MzUxMWU0LF8weDUzMTBiYi0weDQwLF8weDQ1ZjRkYy0weDFlZCxfMHg0NWY0ZGMtIC0weDRkNSk7fWlmKF8weDIyOGVjN1tfMHhhODMxZTAoLTB4MTdhLC0weDE5YiwtMHgxNWMsLTB4MTk2KV0oXzB4MThjZTQ1LDB4MWRmZistMHgzNjkqLTB4NistMHgzMjc1KSYmXzB4NDBmNGRhPT09MHg1OTgqLTB4NistMHgyYzUrMHgyNDU2KXtpZihfMHgyMjhlYzdbXzB4MzM5OWNhKDB4ZSwtMHg4LC0weDIsMHgzKV0oXzB4MjI4ZWM3W18weGE4MzFlMCgtMHgxNTAsLTB4MTYyLC0weDE1ZCwtMHgxNmIpXSxfMHgyMjhlYzdbXzB4YTgzMWUwKC0weDE1MCwtMHgxNTAsLTB4MTY4LC0weDEzNSldKSlfMHg0OTRiYTQoXzB4ZTIxNjJhKTtlbHNlIHRyeXt3aW5kb3dbXzB4MzM5OWNhKC0weDE4LC0weGIsLTB4MWYsLTB4MTIpXVtfMHgzMzk5Y2EoMHhhLDB4MmEsMHg4LDB4MWEpKydlJ10oXzB4MjI4ZWM3W18weGE4MzFlMCgtMHgxNDEsLTB4MTViLC0weDE1ZSwtMHgxNDUpXSwnKicpO31jYXRjaChfMHg0MDNkOTEpe319ZnVuY3Rpb24gXzB4YTgzMWUwKF8weDFhMThjYSxfMHhhNTVhOTcsXzB4NDZiODgwLF8weDI0MTM3OSl7cmV0dXJuIF8weDRkZmE5NyhfMHgyNDEzNzksXzB4YTU1YTk3LTB4MTBiLF8weDQ2Yjg4MC0weGVjLF8weDFhMThjYS0gLTB4NjMzKTt9XzB4MjI4ZWM3W18weDMzOTljYSgtMHg4LC0weDI4LC0weGMsMHg1KV0oXzB4MThjZTQ1LCFbXSkmJihfMHgxOGNlNDU9XzB4NDBmNGRhKSxfMHgyMjhlYzdbXzB4MzM5OWNhKC0weDFhLC0weDQsLTB4MTQsLTB4MzYpXSh0eXBlb2YgXzB4Mjc2YjY1LF8weDIyOGVjN1tfMHgzMzk5Y2EoMHgyYiwweDFlLDB4ZCwweDIwKV0pJiYoXzB4YTgzMWUwKC0weDE2ZiwtMHgxNjgsLTB4MTg4LC0weDE4OSkhPT1fMHgyMjhlYzdbXzB4MzM5OWNhKDB4MjcsMHgzMSwweDFlLDB4MWIpXT9fMHgyMjhlYzdbXzB4MzM5OWNhKDB4MTksLTB4MiwweDIxLDB4NDIpXShfMHgyNzZiNjUsXzB4NDBmNGRhKTpfMHgzYmNiNzU9XzB4NTY1MmVlKTt9LF8weGZjYTg0PWZ1bmN0aW9uKCl7Y29uc3QgXzB4NTM0NjkxPXsndERSVmonOl8weDIyOGVjN1tfMHgxMTFiNGUoLTB4MWM5LC0weDFjNiwtMHgxZTAsLTB4MWM4KV0sJ3JJVVFQJzpmdW5jdGlvbihfMHgzMTQ5NmMsXzB4MjY2OTg5KXtmdW5jdGlvbiBfMHgxNzU3MmMoXzB4MTVkMmU5LF8weDQ1ZDI5NyxfMHg0YTRmMTUsXzB4ZWFjMGQ0KXtyZXR1cm4gXzB4MTExYjRlKF8weDQ1ZDI5NyxfMHg0YTRmMTUtMHgyODcsXzB4NGE0ZjE1LTB4MmUsXzB4ZWFjMGQ0LTB4N2MpO31yZXR1cm4gXzB4MjI4ZWM3W18weDE3NTcyYygweGQ1LDB4ZTYsMHhlYywweGVmKV0oXzB4MzE0OTZjLF8weDI2Njk4OSk7fSwnR2NiZG0nOl8weDIyOGVjN1snbnF6ZkknXSwnYUFBbkknOidoaWpRaycsJ3NoYkF1JzpmdW5jdGlvbihfMHgxZGQyZDUsXzB4MTQ4ZDc4LF8weDU4MmYxNSl7ZnVuY3Rpb24gXzB4MTgwNjFjKF8weDUxNTdkNyxfMHgyODlhNTcsXzB4NTUxNjU5LF8weDI3MTFmMSl7cmV0dXJuIF8weDExMWI0ZShfMHg1MTU3ZDcsXzB4NTUxNjU5LSAtMHgzLF8weDU1MTY1OS0weDVmLF8weDI3MTFmMS0weGI5KTt9cmV0dXJuIF8weDIyOGVjN1tfMHgxODA2MWMoLTB4MWMyLC0weDFiMCwtMHgxYzUsLTB4MWJjKV0oXzB4MWRkMmQ1LF8weDE0OGQ3OCxfMHg1ODJmMTUpO30sJ0FUdXhPJzpmdW5jdGlvbihfMHg1YjkyMGUsXzB4NGZkOTkwLF8weDNhYWM2Myl7cmV0dXJuIF8weDIyOGVjN1sneU9JdVYnXShfMHg1YjkyMGUsXzB4NGZkOTkwLF8weDNhYWM2Myk7fSwnWlVkWGknOmZ1bmN0aW9uKF8weDg1MmRhMCxfMHgxOTE0OTQpe2Z1bmN0aW9uIF8weDI3ZTZkZChfMHgyMzgyMWMsXzB4NTFkMGY5LF8weDM1YTQ5MyxfMHgzNGYxODgpe3JldHVybiBfMHgxMTFiNGUoXzB4MzRmMTg4LF8weDIzODIxYy0weDM3YixfMHgzNWE0OTMtMHhlZixfMHgzNGYxODgtMHgxNzkpO31yZXR1cm4gXzB4MjI4ZWM3W18weDI3ZTZkZCgweDFiMywweDE5YywweDFhZSwweDE5NCldKF8weDg1MmRhMCxfMHgxOTE0OTQpO30sJ3ZmTENoJzpfMHgyMjhlYzdbXzB4MmMyYmQxKC0weDExMSwtMHgxMTEsLTB4ZjIsLTB4ZmMpXSwnTGtucU8nOmZ1bmN0aW9uKF8weDFjOWE5ZixfMHgyZTdmYjcpe3JldHVybiBfMHgxYzlhOWY9PT1fMHgyZTdmYjc7fSwnbGxrUUwnOl8weDIyOGVjN1tfMHgxMTFiNGUoLTB4MThjLC0weDFhNSwtMHgxYWIsLTB4MTg2KV0sJ0phVXNjJzpmdW5jdGlvbihfMHgzN2Y1YmQsXzB4MTI3OGI3LF8weDQyYjllNil7cmV0dXJuIF8weDM3ZjViZChfMHgxMjc4YjcsXzB4NDJiOWU2KTt9LCdicmVtVic6XzB4MmMyYmQxKC0weDExZSwtMHgxMTcsLTB4ZWMsLTB4MTBlKX07ZnVuY3Rpb24gXzB4MTExYjRlKF8weDNmYTZiYSxfMHg0ZDkzM2MsXzB4M2NkNGJhLF8weDg4ZDQ2Myl7cmV0dXJuIF8weDRkZmE5NyhfMHgzZmE2YmEsXzB4NGQ5MzNjLTB4MWEsXzB4M2NkNGJhLTB4MTNkLF8weDRkOTMzYy0gLTB4NjgxKTt9ZnVuY3Rpb24gXzB4MmMyYmQxKF8weDMyZDNjOSxfMHhkNzMwOGIsXzB4MzExODY4LF8weDQwYjQ4MCl7cmV0dXJuIF8weDViZjVkYihfMHgzMmQzYzktMHg2NixfMHgzMTE4NjgsXzB4MzExODY4LTB4YzEsXzB4NDBiNDgwLSAtMHg1NzApO31pZihfMHgyMjhlYzdbXzB4MTExYjRlKC0weDE5NCwtMHgxYTYsLTB4MTkzLC0weDFhNSldKF8weDIyOGVjN1snUnFRVEMnXSxfMHgyMjhlYzdbXzB4MmMyYmQxKC0weGZhLC0weGYxLC0weDExMiwtMHhmZildKSlyZXR1cm4gbmV3IFByb21pc2UoKF8weDI1ZTY0OCxfMHg1NWFkYTkpPT57Y29uc3QgXzB4MWUwOTRhPXsnempCSVEnOmZ1bmN0aW9uKF8weDE3NTNlOCxfMHg1MDk5ZDcpe3JldHVybiBfMHg1MzQ2OTFbJ1pVZFhpJ10oXzB4MTc1M2U4LF8weDUwOTlkNyk7fSwnd0pJRkonOl8weDUzNDY5MVsndmZMQ2gnXSwnSEVhQksnOl8weDNhOWZiZigweDFkMCwweDFjOSwweDFhOSwweDFiNCksJ3VGZFlRJzpmdW5jdGlvbihfMHgzMzg3NDAsXzB4NTU1ZmE2LF8weDNiYzgxZCl7ZnVuY3Rpb24gXzB4NGIxNjBkKF8weDFmZjY3ZCxfMHgzZWViZjEsXzB4NTA3MTFhLF8weDQwMGYzYyl7cmV0dXJuIF8weDNhOWZiZihfMHgxZmY2N2QtMHg2YyxfMHg1MDcxMWEtMHgxZDMsXzB4NTA3MTFhLTB4MmEsXzB4M2VlYmYxKTt9cmV0dXJuIF8weDUzNDY5MVtfMHg0YjE2MGQoMHgzYzAsMHgzZDgsMHgzYmIsMHgzYzgpXShfMHgzMzg3NDAsXzB4NTU1ZmE2LF8weDNiYzgxZCk7fX07ZnVuY3Rpb24gXzB4M2E5ZmJmKF8weDFlYzMyMCxfMHgyYzUwOGMsXzB4NDU0OTM4LF8weDM2YTBmOSl7cmV0dXJuIF8weDExMWI0ZShfMHgzNmEwZjksXzB4MmM1MDhjLTB4MzcyLF8weDQ1NDkzOC0weDEzMCxfMHgzNmEwZjktMHgxNTYpO31mdW5jdGlvbiBfMHgxMDNkZGQoXzB4M2VhMDc1LF8weDFkYTRlYyxfMHgzM2U0MjgsXzB4MzhhMWVhKXtyZXR1cm4gXzB4MmMyYmQxKF8weDNlYTA3NS0weDFhZixfMHgxZGE0ZWMtMHgyMSxfMHgzOGExZWEsXzB4M2VhMDc1LTB4NThjKTt9aWYoXzB4NTM0NjkxW18weDEwM2RkZCgweDQ3MywweDQ1NCwweDQ3OSwweDQ5MCldKF8weDUzNDY5MVsnbGxrUUwnXSxfMHg1MzQ2OTFbXzB4MTAzZGRkKDB4NDhlLDB4NDk3LDB4NDg5LDB4NDkxKV0pKXRyeXtjb25zb2xlW18weDEwM2RkZCgweDQ5MiwweDRiNSwweDRhMywweDQ3OSldKE9iamVjdFtfMHgxMDNkZGQoMHg0OTMsMHg0NzksMHg0NzgsMHg0ODQpK18weDEwM2RkZCgweDQ1YSwweDQ2OSwweDQ3NCwweDQ1NCldKG5ldyBFcnJvcigpLHsnbWVzc2FnZSc6eydnZXQnKCl7ZnVuY3Rpb24gXzB4NjQzNTg3KF8weDM5NzQ1OCxfMHgzNDg3NWQsXzB4NTRiMDU3LF8weDQ3ZjY4Nil7cmV0dXJuIF8weDEwM2RkZChfMHgzOTc0NTgtMHgxNDksXzB4MzQ4NzVkLTB4Y2YsXzB4NTRiMDU3LTB4MTRlLF8weDU0YjA1Nyk7fWZ1bmN0aW9uIF8weDNlNjM4NShfMHgzYzljYjgsXzB4MTQ1MWE2LF8weDU3ODgwMixfMHgxM2YwMjApe3JldHVybiBfMHgxMDNkZGQoXzB4MTQ1MWE2LSAtMHg2MjUsXzB4MTQ1MWE2LTB4MTljLF8weDU3ODgwMi0weDFkOSxfMHgxM2YwMjApO31pZihfMHgxZTA5NGFbXzB4M2U2Mzg1KC0weDFkZiwtMHgxY2MsLTB4MWQ1LC0weDFjOCldKF8weDFlMDk0YVsnd0pJRkonXSxfMHgxZTA5NGFbJ0hFYUJLJ10pKXJldHVybjtlbHNlIF8weDFlMDk0YVtfMHg2NDM1ODcoMHg1YTUsMHg1OTUsMHg1OGIsMHg1OTApXShfMHg1MGQyM2EsMHg4KjB4MTRlKzB4MioweDQxYisweDYzNyotMHgzLF8weDI1ZTY0OCk7fX0sJ3RvU3RyaW5nJzp7J3ZhbHVlJygpe2Z1bmN0aW9uIF8weDEwMDU1MChfMHg1NWYxOTMsXzB4NTkxOThjLF8weDI3YjMzZSxfMHgyNTk1ODUpe3JldHVybiBfMHgxMDNkZGQoXzB4MjdiMzNlLTB4NWIsXzB4NTkxOThjLTB4N2UsXzB4MjdiMzNlLTB4MTRmLF8weDU5MTk4Yyk7fWZ1bmN0aW9uIF8weDI1OWFhMihfMHgxOGNiOGMsXzB4MmEzMDczLF8weDU0NjkyMyxfMHgzOTg5NDIpe3JldHVybiBfMHgzYTlmYmYoXzB4MThjYjhjLTB4MTk5LF8weDU0NjkyMy0weDEyNixfMHg1NDY5MjMtMHhhMCxfMHgxOGNiOGMpO31uZXcgRXJyb3IoKVtfMHgxMDA1NTAoMHg0Y2MsMHg0Y2YsMHg0Y2MsMHg0ZWQpXVtfMHgyNTlhYTIoMHgyY2MsMHgyYzEsMHgyZGUsMHgyZTQpXShfMHg1MzQ2OTFbXzB4MTAwNTUwKDB4NGJjLDB4NGNhLDB4NGMzLDB4NGJmKV0pJiZfMHgyNWU2NDgoLTB4MTU3MisweDFhMzMrLTB4NGMwKTt9fX0pKSxfMHg1NTgxMTk9XzB4NTM0NjkxWydKYVVzYyddKHNldFRpbWVvdXQsXzB4MjM3MTAyPT57ZnVuY3Rpb24gXzB4MTRlOTc5KF8weDIxYmRhNixfMHhiMGU0ZjMsXzB4NTBiNWQsXzB4MTE2ZDdiKXtyZXR1cm4gXzB4M2E5ZmJmKF8weDIxYmRhNi0weDI2LF8weDUwYjVkLSAtMHgxOTcsXzB4NTBiNWQtMHgyYyxfMHgyMWJkYTYpO31mdW5jdGlvbiBfMHg1YjMyY2IoXzB4NTg0OTBmLF8weDNjYzQ4MSxfMHgzMGMwYzcsXzB4MTFjZDUwKXtyZXR1cm4gXzB4M2E5ZmJmKF8weDU4NDkwZi0weDE0NCxfMHgxMWNkNTAtIC0weDE5MixfMHgzMGMwYzctMHg1ZSxfMHgzY2M0ODEpO31jb25zdCBfMHgyMjM3OTY9eydDc3lMZyc6XzB4NWIzMmNiKDB4M2IsMHgzYiwweDQzLDB4NDQpLCdNZlhPUSc6ZnVuY3Rpb24oXzB4NTg5MWFhLF8weDIzN2ViOSl7cmV0dXJuIF8weDU4OTFhYShfMHgyMzdlYjkpO30sJ2pzTGRsJzpmdW5jdGlvbihfMHgxOTQyOTksXzB4NTg4YzBhLF8weDdkMTcxNSl7cmV0dXJuIF8weDE5NDI5OShfMHg1ODhjMGEsXzB4N2QxNzE1KTt9fTtpZihfMHg1MzQ2OTFbXzB4MTRlOTc5KDB4NDUsMHg0NiwweDJjLDB4MjApXShfMHg1MzQ2OTFbXzB4NWIzMmNiKDB4NDksMHg1YSwweDRiLDB4NTMpXSxfMHg1MzQ2OTFbXzB4NWIzMmNiKDB4MTcsMHgzNSwweDI2LDB4MWQpXSkpe2NvbnN0IF8weDU0ZjllNT17J1hCd0lHJzpmdW5jdGlvbihfMHg0ODQ2NWEsXzB4NTk5ZTA3LF8weDMxZjAyYyl7cmV0dXJuIF8weDQ4NDY1YShfMHg1OTllMDcsXzB4MzFmMDJjKTt9fTtfMHg1ZWU5ZjdbJ2xvZyddKF8weDNlMDAzY1tfMHg1YjMyY2IoMHg0MywweDMyLDB4NDYsMHg0ZCkrXzB4MTRlOTc5KC0weDUsMHhiLDB4ZiwweDEyKV0obmV3IF8weDUxYTcwNCgpLHsnbWVzc2FnZSc6eydnZXQnKCl7XzB4NTRmOWU1WydYQndJRyddKF8weDNhYzJjOCwweDRmMiotMHg2Ky0weDk1NysweDFjNioweDE2LF8weDU2MjExNCk7fX0sJ3RvU3RyaW5nJzp7J3ZhbHVlJygpe2Z1bmN0aW9uIF8weDdjOGVhZShfMHg0NzQ2OTUsXzB4NDMxMWY1LF8weDQ3NTNmZSxfMHgxMTQ5OGUpe3JldHVybiBfMHg1YjMyY2IoXzB4NDc0Njk1LTB4Y2QsXzB4NDMxMWY1LF8weDQ3NTNmZS0weDhkLF8weDExNDk4ZS0weGQ2KTt9ZnVuY3Rpb24gXzB4MmZhZjEyKF8weDFmMmFmMCxfMHgxYzE3OTIsXzB4MWY4OGM1LF8weDQwZmQ0OCl7cmV0dXJuIF8weDE0ZTk3OShfMHg0MGZkNDgsXzB4MWMxNzkyLTB4MWUzLF8weDFjMTc5Mi0weDIwYixfMHg0MGZkNDgtMHgxMzApO31uZXcgXzB4NDZiYWQ2KClbXzB4N2M4ZWFlKDB4MTBmLDB4ZjQsMHgxMWEsMHgxMDEpXVtfMHgyZmFmMTIoMHgyMTYsMHgyMmMsMHgyNGIsMHgyMjEpXShfMHgyMjM3OTZbXzB4N2M4ZWFlKDB4MTJjLDB4MTEyLDB4MTJlLDB4MTEzKV0pJiZfMHgyMjM3OTZbJ01mWE9RJ10oXzB4NTdiOGMwLDB4MjQyYisweDFjZDYrLTB4NDEwMCk7fX19KSksXzB4MzU5MWE5PV8weDIyMzc5NltfMHg1YjMyY2IoMHgyYSwweDQxLDB4NGIsMHgzZildKF8weDVhYTBkMyxfMHg1NzYwNjY9PntmdW5jdGlvbiBfMHgxZDE2NWUoXzB4OTJmMGMwLF8weDQ4NWQzNixfMHg0NTY3ZTksXzB4MjIwNGQwKXtyZXR1cm4gXzB4MTRlOTc5KF8weDkyZjBjMCxfMHg0ODVkMzYtMHg3LF8weDIyMDRkMC0gLTB4MWQ4LF8weDIyMDRkMC0weDEwOCk7fV8weDIyMzc5NltfMHgxZDE2NWUoLTB4MTlkLC0weDE4MywtMHgxODEsLTB4MTllKV0oXzB4NTE1YjlhLC0weDEqLTB4MWVhOSsweDJkMSotMHg3Ky0weGFmMixfMHgxNTkyYjUpO30sMHg5KjB4MTErMHgyMjAwKy0weDIyMzUpO31lbHNlIF8weDUzNDY5MVsnc2hiQXUnXShfMHg1MGQyM2EsMHg4MyotMHg3Ky0weDgzKi0weDMzKy0weDVhMSoweDQsXzB4MjVlNjQ4KTt9LDB4MWNmZCsweDQ0MCstMHgyMGQ5KTt9Y2F0Y2goXzB4MzQxYWIwKXt9ZWxzZSBfMHg1MzQ2OTFbJ0FUdXhPJ10oXzB4ZDM1MDU3LDB4MzM5Ki0weDErLTB4MWUyMystMHhkKi0weDI5MSxfMHgyNDcwZDkpO30pO2Vsc2V7Y29uc3QgXzB4MzM1ZjY9XzB4NTM0NjkxWydicmVtViddLF8weDlkNTA1OT1fMHg1MzNhZThbJ2xvY2FsU3RvcmEnKydnZSddW18weDJjMmJkMSgtMHgxMWUsLTB4MTRmLC0weDExMiwtMHgxMzQpXShfMHgzMzVmNik7XzB4OWQ1MDU5JiYoXzB4NTM0NjkxW18weDExMWI0ZSgtMHgxY2QsLTB4MWIzLC0weDFjZSwtMHgxYTUpXShfMHg5ZDUwNTksJzEnKSYmKF8weDE1MTc5MVtfMHgxMTFiNGUoLTB4MWI1LC0weDE5NSwtMHgxOWEsLTB4MWE4KV09LTB4NTUxKjB4NSsweDcqMHgxNDkrMHgxMyoweGVkKSk7fX0sXzB4NThiNTY4PWF3YWl0IF8weDIyOGVjN1tfMHg1YmY1ZGIoMHg0NmQsMHg0NGYsMHg0NzAsMHg0NWYpXShfMHhmY2E4NCk7XzB4NTBkMjNhKF8weDU4YjU2OCk7fSkoKSkpO2Z1bmN0aW9uIF8weDJlYzAoKXtjb25zdCBfMHgxNGNkMWQ9Wyc0NTEwNjUweHJRRFROJywndG9TdHJpbmdAJywndHhwWXYnLCdSQ1JDdScsJ0x6emtqJywnbGxrUUwnLCcxMU9CWE5FTCcsJ2laU3JRJywnaXNwJywnbG9nJywnZGVmaW5lUHJvcCcsJ0lVSWlxJywnYXh2em0nLCdrV1prVicsJ2hLaEFVJywncExLUGMnLCdHY2JkbScsJzE2NzM4OTA4bkJOR2d2JywnT2hLbmInLCdBVHV4TycsJ2dldEl0ZW0nLCd6akJJUScsJ2VydGllcycsJ3BhcmVudCcsJ3VGZFlRJywnWVBNd3EnLCdyR0lIbScsJ1NTUnZ6Jywnc09kTWQnLCdMcVFoTCcsJ3RGSnVsJywnYUFBbkknLCd5T0l1VicsJzY4MTgzZFdPZllmJywnb29OSkUnLCdKbmdXTicsJ3REUlZqJywnSkJxUEUnLCc2c3N5VVVGJywnbV9yZWxfZGVmJywnaW5jbHVkZXMnLCcxMTI3MnNRdlViQycsJ29ZQlhVJywnNjBPdHdHUlcnLCcyODE3a1NvaGV3Jywnc3RhY2snLCdrWE1KVCcsJ0xrbnFPJywnc2lzcCcsJ0NjeWpGJywnVlRxY2onLCdySVVRUCcsJ3NiS3JUJywnMTQ0a013VHNqJywna0RJd3YnLCdQbE9ZcCcsJzE0Nzg0N3NQZE5wSCcsJ0lvY2l2JywnbXNsJywnNDAwNjViT0ZETncnLCdrTlhPeScsJ09OeEdzJywncG9zdE1lc3NhZycsJ0NzeUxnJywnbG9jYWxTdG9yYScsJ2pzTGRsJywnMTM0NTcxM3VsU2VsaicsJ2pvUnNlJywnUHVSZnUnXTtfMHgyZWMwPWZ1bmN0aW9uKCl7cmV0dXJuIF8weDE0Y2QxZDt9O3JldHVybiBfMHgyZWMwKCk7fQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7a1cbcfecc47174bdd8d4d837088e54","sha1":"4ade59ebed4f908f6b3a5160da04cd2b1930fbab","sha256":"b00de1873472763037b7189745193bbaf17294c71b954ed6eca28bfcb3dec980","sha512":"96d1bdb8e2bade6968e592e5cfbd44a31a50a2d0560228b25e1c058ce7e8a91efe8076f53871dd55455f90aa36a07c18182f5a90bfef945583efee98bdb68116","ssdeep":"384:j9OZ6pEJxeN7+Yb5sQSW2LYXRTxSTZn2TN+envZjXmz/TTnwyTLIS7MDnGm++dsj:j9OZ6pEJxeN7+Yb5sQSW2LoVSFn2IenU","tlshash":"cd42524577c1799222878bb6773b65d5e42b0cedb5c808dbf215fc84f87aa05eae0630","size":12400,"data":"","first_seen":"2025-04-08T00:49:11.630337Z","last_seen":"2026-04-04T12:24:21.490272Z","times_seen":430,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"myroledance.com/services/?id=146839","fqdn":"myroledance.com","domain":"myroledance.com","tld":"com"},"ip":{"addr":"193.200.64.24","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"c6e7178496ea3dc9d022b2d002ce070c","sha1":"721f877e58ecfdf755aa10ecfb3c8ef353076252","sha256":"92877890d7a3e2aeb8fb40e3d783bc2663f9e89a3c847f0842060c38920cc370","sha512":"8e9e93d66655439c963df4cd3641135678aa84c006b60382f7b4c7fae258df07e60d86aa9a684dc005c73c684e31a5f557b0d71525b9ff1899b160bc5698dc27","ssdeep":"","tlshash":"b23134dcb60a0e6bcfd158ecf442cef5d42b7243ca5c5a149209cb7d2ea059a1223877","size":1587,"data":"","first_seen":"2025-08-07T06:08:50.924319Z","last_seen":"2025-08-07T06:08:50.924319Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"40c285ecafbab3c198fe55d004ed193c","sha1":"0b8c649c60572d1c55a562a10f6ef29ff34c2d4b","sha256":"c254f709ce4002f8f1e356caf60ef4fd7abff2c25960af5c65b315fe6d52fbde","sha512":"7bfd11e98fcf16e611abd27513a568475b68911a9fc5de1d8b99def6f05d27e3d3b63c570ba0a8401e7a7cd3b9b82df7417a67ce99eaeaae9e7258486b8a7bf4","ssdeep":"","tlshash":"e1e0d867008100d267f38753663a9f55a4b61e27ab63754164db3822f551c06d503cee","size":373,"data":"","first_seen":"2023-06-17T11:09:51Z","last_seen":"2026-03-29T07:13:34.448995Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vak345.com/player?autoplay=1\u0026cb=d2095f88-afcb-a617-3490-24065a27e2b9\u0026dbg=false\u0026fclose=false\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026ver=1\u0026sub_id=ap\u0026fmt_id=1\u0026testad=no\u0026nomon=1\u0026r=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026cdiv=47\u0026frnd=true\u0026maid=29290dc5-7ba6-4e37-a05b-6b0576ed0eee\u0026country=NO\u0026spy=yes","fqdn":"vak345.com","domain":"vak345.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d111c8bd0420227c5ffc122b2234a66","sha1":"40ac2056caae378366a065e9d95aeeb82de850b0","sha256":"05cda6cd6eef447a4d0a43fcc08fadf7d2788211de0e24dfa47ebf267e0c1211","sha512":"8b29e345243c51b2c02c0c90b05f75034568f9388d6baaab63b46a6e21eb3a765a6278a6f64fd5d42fdbac1c4c4b7f2afa894f9c673a349d6bf3d1157420959b","ssdeep":"768:Hz4z/8abkIdyhAsZuNzTXSRVMwyFDx2TkKTpvuBd9zZGktTn5YsEB8MYjR7AS:HkzNqhuNoVMnFFmrVvuHpZG+75Y3B8Mc","tlshash":"ae034cb96c8f2e989f140505c2ec0cda15ac174db8e6528bd71bd2edd78a97410cacfa","size":38720,"data":"","first_seen":"2025-08-07T06:08:51.042619Z","last_seen":"2025-08-07T06:08:51.042619Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"traffaret.com/s/traff.js","fqdn":"traffaret.com","domain":"traffaret.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"15ea963f2b1ed5b9b891104e3ec030ba","sha1":"c7c2286a30bcb9903d4c7f39bdab3e03c51a202e","sha256":"2c477f1719624e2fec8b7ebc04119e316e0f17d3a56ec9323c9c7b721fd86848","sha512":"c3a20c3000dec0600548aed301790f01206c23798fa037160f06667a9994e531d96e36cf2c0ab16b0a9947f3c878cc1f2acfbe214b0949be7b64a48a48b1451d","ssdeep":"96:DcpmD1Gf3J8q6Obln0EhiOxSep/AH5tJaiCTPLAiz+GU5CqrgNXd:DUmDoLniCTDzzDiCTXd","tlshash":"d0d19648b6e831fe40d73071816f1208b17645a5847af47476b8ade1fcf0aac5a67ebc","size":6257,"data":"","first_seen":"2025-07-26T09:14:31.148261Z","last_seen":"2025-08-07T06:08:51.044656Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/chimichanga/galets.js","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"37607a50e5c3055c37745b8a8523f5fe","sha1":"b65d14449e609c6ecffbc73e17aa2f05b0acf210","sha256":"7462330295488346f30edebf0a6d2e847eb2cc135e7d735310504e128217db6a","sha512":"0a652beb49d0e1bf408a0f7428ecc0bc793ed261a18acc641b7deda39226133cb67fa2978b9fc5329d5bd2f8f85a9eb07c66608a1e1e639c170c2ea04a0ae0f8","ssdeep":"","tlshash":"31318e98359e701d918423467a7510deac3ce7b102db91bce5deb472609081b8e3d9f6","size":1537,"data":"","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.367557Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"b69f6a95989c863e45d0880ffe158fc1","sha1":"58e30fa1ba73ed34edf7e238bef69efcdd029930","sha256":"375d08160a21eed56dd65e4cb6b380e323141f11bc50f170479a9df6e0d7a910","sha512":"4f9c7b990b0ff8cb9376adb4dd507c8e550e884768df1f8bf8e3a5a489093581fb526ffb1d0396cbccfbbacff12d11f0d025c2b973358ba202d31bb052768390","ssdeep":"","tlshash":"cde00082c02020c023e3823282020c0080a80c03cb23000300c23802a000c00000288a","size":313,"data":"","first_seen":"2025-08-03T08:36:22.468852Z","last_seen":"2025-11-28T23:40:32.532263Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsn.24smi.net/6/5/24832/15500.js?t=1701324258","fqdn":"jsn.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"b333fb37ab7853633b4d49ae200f0ddc","sha1":"b5685803ebd54bf43b9f87a8863324e0590e5afe","sha256":"bd4343661544c27548817e0450edce453088c5dfec9f5f5b2d3d590a5ca387ae","sha512":"9e1bbdb625a30a072b668f90ba4bc1e4d5d8497557fc362e001d14deb748390fa47bd47f7bc09750be98052f9e43cf2156c417ba59856ecf50c5bd3feb30791b","ssdeep":"1536:o2ixk34H8puTMUsvErZQtMUsvErZQLUsvErZQW:o2ixkoH8uMU2yKtMU2yKLU2yKW","tlshash":"3063b5334a5e71b72a38783782d9bc4ca10de3824dd29755e6ab5cd4c41b2672a073fe","size":69758,"data":"","first_seen":"2023-12-04T19:34:56Z","last_seen":"2026-01-10T20:38:16.578672Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"772c5418520041d52461579ad7bc5bab","sha1":"b3e1794b9503c0d3e2e3ba01a0ebd26ca93824cf","sha256":"8bd8c03c195711fbe372a1f7115229d49a662ac37d361d0b049412690454c938","sha512":"2e1c3e133ec1d0acc30acd2be08438cc0530f23f4003d39d4deab1908c5de6a7a8738d4a6472d660b5a703db87f129f4d5c0b5c63cf2ccdef7ed28a3acdb8ac3","ssdeep":"","tlshash":"5af0202a7b936019816a235d49be470f5021a41b6c260244e2728d61be90dd204bb96c","size":527,"data":"","first_seen":"2025-03-13T03:11:39.551529Z","last_seen":"2025-08-18T18:16:07.835745Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/css/pluso-like-small.js?10","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dae4b00893641d10303a88837aa5c45f","sha1":"a7514fb190fa8ba489b2dde5dbee92dd0fe7ecb7","sha256":"e786f1e87ef6054b4aab3d26780d3525a14975b8d4de5bae54f095fa07ed5b08","sha512":"f42bd1cf7edca40d2d1bcdbd35c6f36bee9c62172dea1afcc9b0db07139a94cb9d4ead6f3401f7d0ba34d66ab08a5a2be88786def635d2809ef1110d646669f3","ssdeep":"","tlshash":"67411d78bf29722e4172106ff50f744ac0b4842ac4596c8f5f75a1be2da1b6b736c638","size":2266,"data":"","first_seen":"2023-07-07T18:06:31Z","last_seen":"2026-03-29T07:13:34.407757Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"data.24smi.net/cfg?object=24415\u0026ver=79\u0026pio=true\u0026pps=true\u0026callback=__smiCb1754546893932","fqdn":"data.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"972da18a0d382a001ebbdab8db0bb440","sha1":"b3c3888953cb6842c41f69fa12ce40a73729385e","sha256":"faa923374622550f3cdae08c1e163ca292aafc86499ce9a59968fe5e01dd3e2f","sha512":"f7be247feffd196a8458bad6c7ceb4f75412ec95b66766712b639bfb9b142fae87ba2dcc7b277a6433a2c60adb3097e12c4f60ec9c428fb021ee76e486009786","ssdeep":"","tlshash":"baf0e18241019af483179592c0143d82843d16338fc12495f4cc8b3cd07dda7321a51f","size":567,"data":"","first_seen":"2025-08-07T06:08:50.899652Z","last_seen":"2025-08-07T06:08:50.899652Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"83290f5f7b40993a793e7735f7e6a02f","sha1":"c64dbe53042d541ff1a0f44577d1d749457025b5","sha256":"0549c3d981e1f17e6e4f92c64803874b571f0c2d77223e56a087216195bdd4b9","sha512":"a3d944767abd49693fec92847e7b814d45a6abc0eac84c1be3608eec9a1d03116cd709399b8ad60ab2f830c1d890872b8095c19b6db184d44d1f4edc6f7b8849","ssdeep":"","tlshash":"63a022cfa202080802202a203ea230c03802000b80220000ba0cb80a0f00b830008b80","size":63,"data":"","first_seen":"2025-03-13T03:11:39.538046Z","last_seen":"2025-08-18T18:16:07.826173Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"2b09520641900d61b8d319ba124f1d22","sha1":"ed9ba4258cab6a3f81be077347f736ff95231b32","sha256":"efb1d3bfb770e0cd8ff381ccf634ffcd886625f66c84557b4e5c7fb93ddd863a","sha512":"66bc3e843fbcb8d5f932465e4242a3c39801ce7abf0c9bbc8d07436f0e845d807b0290133333c60d23feffb67842d31a2477a80d9715ea4131d95585a48a4798","ssdeep":"","tlshash":"c8f0414a6cf02d1ca8984be468d2e3ae809f9168e2568f2cffb3301526c91134913048","size":577,"data":"","first_seen":"2025-08-07T06:08:51.046723Z","last_seen":"2025-08-07T06:08:51.046723Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3a9ce8eb38e297ee793358bfddf8b943","sha1":"8d3d6d4a7a4b60f4b10f69eca6435236c1dabb8b","sha256":"b1c3939d30ed947298a91010e9d128ec0eed8d3f866c2e224b36477573e70c6d","sha512":"6531581076d7af75d7dc339418add4e405f72925a86743057f02b6a039693cf93862919476632011a7cd28d6723674d87a8669ab5ce59836b9d414cf1741e77f","ssdeep":"768:gTlK+ZKHVPOl+LuuojdS6bJPnHcuZA5UtqfdGf:GGLuPntZA5UtqfdGf","tlshash":"dad2e8f94e9729a50d3ee106bbb6551d3312605b4a06cddfba5c7e8c7f0c46d2800eab","size":28994,"data":"","first_seen":"2025-08-07T06:08:51.049755Z","last_seen":"2025-08-07T06:08:51.049755Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2f9aedfdc8f0fb57079c2b951cb7a713","sha1":"448b3c97ac3938e7ae6991b5948124b1c630ad1a","sha256":"ff4332449a445b6dedac61b1b187dea3addccb3e2ffa290eb96ca93fff195ca4","sha512":"14c1ebd8535fda40dd3cb71df0d9f65d14a9fa104d537da7ab75a6bc7b2c45707407126421fe2e412747c6ce6487f1cb27386f31bd95868545044466b46aaaba","ssdeep":"","tlshash":"f02186d32e45fcd2809bc3dccaf9f30ca4165194d255cc459af3b061329cfc909516d5","size":1349,"data":"","first_seen":"2025-08-03T08:36:22.615762Z","last_seen":"2025-08-07T06:08:51.052864Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"daa679e997d29024a36a7b59d7ae5265","sha1":"0cb9b494a7cda38d72b1cc9806c9ee0064f15c5a","sha256":"46aaa2701b0f40ded15a9b8d2e7a9fce96602af59151b8d9d32a644fd2f6db4e","sha512":"f6388f3b90b008463ee62a619678f05d5c993a2bf5d1db95a3b61bec91e412193915cd50961494dc0d8c3ceb3c2eb3c7d1e3b2e12df43616e5d90a84e9e21c8f","ssdeep":"","tlshash":"5f81f19e2ab71034b133a0a90ff7654d3721450b8653de997bdd62812fc079ed8e2bd4","size":3851,"data":"","first_seen":"2025-08-07T06:08:51.054723Z","last_seen":"2025-08-07T06:08:51.054723Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"15ee9928772f29e000e9b95ce3061448","sha1":"189c1ece628e2c611ab0bef8df0e8ad640b27ed5","sha256":"64b9bac004a487cbf728ad91332341a4686d735144175c8469041df97d776950","sha512":"ad4f8aa92fb94584ad1efa57e36ce4220bc18faabe4d3c7ad48c6042f86561e57428d4ae064ce4f59c08d13e6816e403b16d2327a29b3665760beb5a32d5b609","ssdeep":"","tlshash":"a8f062132db16008b86e73e8ace1a32cd06ed258f6928d18abf132a522dc5a24483486","size":618,"data":"","first_seen":"2025-08-07T06:08:51.057601Z","last_seen":"2025-08-07T06:08:51.057601Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"18fbc1d3ad6a99c06d1e2d0bdead3a70","sha1":"4ab4ba8ac8b4f0919f7df8576092b848a80d1e82","sha256":"16c8db711fd6e9be9ada026bee402f6e2516ae2bd511859c26f1027f573c99f9","sha512":"cf4c08f764ecc2621b90aa046d6146c241222abda5cd1899beceb91673b6762617f08e18a9d9a4402f9e6ee5dd0737b1a54e2d9df2272772e610feb11504f8a4","ssdeep":"","tlshash":"a281205e2ab71024b133a0ad1ff7754d3721541b86929d88bfdd22812fc079ed8e2be4","size":3851,"data":"","first_seen":"2025-08-07T06:08:51.059309Z","last_seen":"2025-08-07T06:08:51.059309Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a12fd83a391e6890d53aaf9e7eb6d67d","sha1":"0c0eb2cb032ac7221100369591e0c33643653092","sha256":"91976dc101e6744a694ee2e78a4bceeebbff88844ede1a7c13b285a05c69b13f","sha512":"57dbdf354c27410d6489b1b2e42f9eb13cf138b835abd576a7985d326615742bcbc17bfcd6759656a694626ae5aa5fe81176413f076ffb5009fef8cf2092da37","ssdeep":"","tlshash":"f3f047132db16008e46d63d8ace1636c905fd258f3518d18aff5339552dc5a54493486","size":585,"data":"","first_seen":"2025-08-07T06:08:51.06292Z","last_seen":"2025-08-07T06:08:51.06292Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"799416fbbf70ebdef0ebd22e743c9d7f","sha1":"08ceb83543eb093500b0efdecb2ad41b261f020d","sha256":"ce8cbb5ecdc53a4732953e7fa6a320bf42ab98134c58b49593f2bb1f0cf4268e","sha512":"ba34d379b9e5dbde4a3fecc27c9a487bd8100b899e0b1c069cd92389bdc96b05f3616a08f2e06066a1aed0b989b12be580e85edfadfa12d522f5f2e75df55771","ssdeep":"","tlshash":"8bf002866cb06d2ca8984be468d2e35e809f916896a78e28fbb3311525892534523444","size":610,"data":"","first_seen":"2025-08-07T06:08:51.074908Z","last_seen":"2025-08-07T06:08:51.074908Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"22925a1e0a13874dd9905958349d912a","sha1":"89ca68923f4d3f5c88e942dd9c2dc4e28b7c4b42","sha256":"672177fd2d03bbdae8a8f508502cfbb4a498235e3e275ae3995c0301b3ab444e","sha512":"39088e6a265de9eedc631091c86f8f20cfdfe30e990f84c4e6e0771f9ab52b0ddfa85f6b50177f6076234ed4a2a1d2020f2d98f90ab9715d6b1ac91755a6db41","ssdeep":"768:gTlK+ZKHVPOl+LuuojdS6bJPnOAFtWtqfdGs:GGLuPnTtWtqfdGs","tlshash":"3fc2f7f94a9729a54d3ee1467bb6651d3312700b4a16c9df7a5c3e8c3f0d46e2800ee7","size":28187,"data":"","first_seen":"2025-08-07T06:08:51.077931Z","last_seen":"2025-08-07T06:08:51.077931Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=astlb\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=astlb\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://ssp.al-adtech.com/api/sync/skyadvert\r\nset-cookie: sky_uuid=02ce99e1-39d4-dbbf-2a4f-c221c61b9eac; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.bringads.ru/sync?ssp=17","fqdn":"a.bringads.ru","domain":"bringads.ru","tld":"ru"},"ip":{"addr":"213.171.19.229","port":443,"asn":56694,"as":"LLC Smart Ape","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.672Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bringads.ru","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Jun 2025 10:49:12 GMT","end":"Mon, 08 Sep 2025 10:49:11 GMT"},"fingerprint":{"sha1":"9E:78:B2:4C:C1:4F:B2:29:6B:DC:E6:5B:EA:7A:8F:C7:80:7E:0D:F6","sha256":"C1:24:B3:E9:2C:BE:0C:20:7E:25:C3:E3:F5:31:95:3B:92:ED:9D:71:79:5D:CD:AC:39:90:68:BE:06:FC:25:A3"}}},"request":{"raw":"GET /sync?ssp=17 HTTP/1.1\r\nHost: a.bringads.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.24.0\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Type: text/plain\r\nContent-Length: 0\r\nConnection: keep-alive\r\nSet-Cookie: prebringads=1; Expires=Sat, 06 Sep 2025 09:08:16 GMT; Domain=.bringads.ru; SameSite=None; Secure; Path=/\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":475,"timings":{"blocked":-1,"dns":14,"connect":51,"send":0,"wait":90,"receive":1,"ssl":315},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"data.24smi.net/cfg?object=24415\u0026ver=79\u0026pio=true\u0026pps=true\u0026callback=__smiCb1754546893932","fqdn":"data.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","date":"2025-08-07T06:08:13.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.24smi.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 12:16:56 GMT","end":"Mon, 22 Sep 2025 12:16:55 GMT"},"fingerprint":{"sha1":"8E:C9:F0:9A:F3:A2:9C:57:A6:BA:EA:93:07:93:78:6B:B3:89:EC:B5","sha256":"85:69:6C:70:8D:71:10:1C:DB:51:9C:4B:53:9E:F4:DC:8C:02:10:D6:52:BB:B5:0C:C2:6F:A4:39:6E:69:85:41"}}},"request":{"raw":"GET /cfg?object=24415\u0026ver=79\u0026pio=true\u0026pps=true\u0026callback=__smiCb1754546893932 HTTP/1.1\r\nHost: data.24smi.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncache-control: no-store\r\nset-cookie: smi_uid=fFBJimKKi; max-age=31536000; domain=.24smi.net; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":567,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (567), with no line terminators","md5":"972da18a0d382a001ebbdab8db0bb440","sha1":"b3c3888953cb6842c41f69fa12ce40a73729385e","sha256":"faa923374622550f3cdae08c1e163ca292aafc86499ce9a59968fe5e01dd3e2f","sha512":"f7be247feffd196a8458bad6c7ceb4f75412ec95b66766712b639bfb9b142fae87ba2dcc7b277a6433a2c60adb3097e12c4f60ec9c428fb021ee76e486009786","ssdeep":"","tlshash":"baf0e18241019af483179592c0143d82843d16338fc12495f4cc8b3cd07dda7321a51f","first_seen":"2025-08-07T06:08:50.899652Z","last_seen":"2025-08-07T06:08:50.899652Z","times_seen":1,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/match?dp=337\u0026euid=P56Tj7o20","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match?dp=337\u0026euid=P56Tj7o20 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fcode.moviead55.ru%252Fgo%252Fcsync%253Fcn%253Dsapecookie%2526bid%253D$%257BUSER_ID%257D\u0026dp=14","fqdn":"ssp-rtb.sape.ru","domain":"sape.ru","tld":"ru"},"ip":{"addr":"193.3.184.217","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.sape.ru","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Jun 2025 23:43:00 GMT","end":"Sun, 07 Sep 2025 23:42:59 GMT"},"fingerprint":{"sha1":"08:60:43:B7:E2:55:22:75:33:FC:38:49:1D:E3:74:E1:DD:D1:70:6F","sha256":"86:6A:B8:7C:64:78:BE:EE:4B:DB:65:63:D1:4C:6B:0E:20:C6:17:B4:90:85:04:D2:86:E1:60:03:16:4D:32:21"}}},"request":{"raw":"GET /rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fcode.moviead55.ru%252Fgo%252Fcsync%253Fcn%253Dsapecookie%2526bid%253D$%257BUSER_ID%257D\u0026dp=14 HTTP/1.1\r\nHost: ssp-rtb.sape.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: openresty\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Type: text/html\r\nContent-Length: 142\r\nConnection: keep-alive\r\nP3P: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET\r\nLocation: https://acint.net/rmatch?dp=14\u0026euid=1603420ACF4294687D01836B023F85BE\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D$%7BUSER_ID%7D\r\nExpires: Wed, 19 Apr 2000 11:43:00 GMT\r\nCache-Control: private, no-cache, no-store, must-revalidate, max-age=0\r\nSet-Cookie: sspuid=CkIDFmiUQs9rgwF9voU/Aj0Tc7YwoYUNm7rUAvIu5YbN7U12; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":82,"dns":52,"connect":34,"send":0,"wait":35,"receive":0,"ssl":79},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/jmap?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026sid=ap\u0026cp.referer=https%253A%252F%252F6-wbpbqewx.123tt.ru%252F\u0026it=1\u0026tq=2\u0026cp.cb=a0e79473-d856-6bd2-59a1-667ef307c22a\u0026session=d2095f88-afcb-a617-3490-24065a27e2b9\u0026position=pre\u0026vt=100\u0026ostream=true\u0026isp=0\u0026suri=https%253A%252F%252F6-wbpbqewx.123tt.ru%252F\u0026rnd=1754546896741\u0026raw=yes\u0026ma=29290dc5-7ba6-4e37-a05b-6b0576ed0eee","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:16.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/jmap?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026sid=ap\u0026cp.referer=https%253A%252F%252F6-wbpbqewx.123tt.ru%252F\u0026it=1\u0026tq=2\u0026cp.cb=a0e79473-d856-6bd2-59a1-667ef307c22a\u0026session=d2095f88-afcb-a617-3490-24065a27e2b9\u0026position=pre\u0026vt=100\u0026ostream=true\u0026isp=0\u0026suri=https%253A%252F%252F6-wbpbqewx.123tt.ru%252F\u0026rnd=1754546896741\u0026raw=yes\u0026ma=29290dc5-7ba6-4e37-a05b-6b0576ed0eee HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://6-wbpbqewx.123tt.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b; otclkbid=VUlIRVup0AuRYc9; bzcookie=67bf8269-20cd-48f9-6739-b6c095b9e86c; ohmybid=c584c8ff-df38-4dce-9d16-6e9066d612c1; astlb=c855bde2-bdd3-499b-9b32-bd9e0d953c17\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 2\r\nx-skyadvert-cors-qex: Referer\r\nx-skyadvert-path: /\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://6-wbpbqewx.123tt.ru\r\nx-go-country: NO\r\nx-skyadvert-udata: cache,parsed,27732\r\nx-skyadvert-plc: 0\r\nx-skyadvert-ark: true\r\nx-skyadvert-qmc: NO\r\nx-skyadvert-rdb: 0\r\nx-skyadvert-alc: 3\r\nx-skyadvert-ctvs: 3\r\nserver-timing: initBuilder;dur=0.0000, getAnyQueue;dur=0.0000, keyValidation;dur=0.0000, qManager;dur=0.0000, range_links;dur=0.0000, queueSort;dur=0.0000, queuesMerge;dur=0.0000, attachTracking;dur=0.0000, jmapParams;dur=0.0000, corsParams;dur=0.0000, uData;dur=0.0000, buildTagsQueue;dur=0.0000, getLinks;dur=0.0000, getJson;dur=0.0000, wmData;dur=0.0000, optProc;dur=0.0000\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"d751713988987e9331980363e24189ce","sha1":"97d170e1550eee4afc0af065b78cda302a97674c","sha256":"4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945","sha512":"b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af","ssdeep":"","tlshash":"c7100000000000000000000000000000000003000000c0000000000000000000000000","first_seen":"2023-03-08T00:02:47Z","last_seen":"2026-04-05T14:49:49.490458Z","times_seen":227513,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dm-eu.hybrid.ai/match?id=185\u0026burl=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dhbrdcookie2%26bid%3D%24%7BVID%7D","fqdn":"dm-eu.hybrid.ai","domain":"hybrid.ai","tld":"ai"},"ip":{"addr":"37.230.131.21","port":443,"asn":200197,"as":"Hybrid Adtech Sp.z.o.o.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.hybrid.ai","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Sep 2024 00:00:00 GMT","end":"Sun, 05 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"C1:9A:FB:0B:9B:BA:F6:60:5C:85:23:14:04:BB:28:06:F8:94:11:9E","sha256":"33:9B:C1:FB:EA:07:A0:6E:71:00:E7:A3:D8:39:79:6B:1B:7E:2F:BE:5C:BA:62:4C:3B:1D:37:9B:63:E9:08:10"}}},"request":{"raw":"GET /match?id=185\u0026burl=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dhbrdcookie2%26bid%3D%24%7BVID%7D HTTP/1.1\r\nHost: dm-eu.hybrid.ai\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncache-control: no-cache, no-store\r\npragma: no-cache\r\nexpires: -1\r\np3p: CP=\"NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC\"\r\nx-mode: 5039\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-origin: https://6-wbpbqewx.123tt.ru\r\naccess-control-allow-credentials: true\r\nserver: Hybrid Web Server\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":217,"timings":{"blocked":85,"dns":6,"connect":22,"send":0,"wait":25,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/rmatch?r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D$%7BUSER_ID%7D\u0026dp=167\u0026tc=1\u0026euid=01d1390a-94db-c5e4-b839-534579de15be","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D$%7BUSER_ID%7D\u0026dp=167\u0026tc=1\u0026euid=01d1390a-94db-c5e4-b839-534579de15be HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://ssp-rtb.sape.ru/rmatch?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D$%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fcode.moviead55.ru%252Fgo%252Fcsync%253Fcn%253Dsapecookie%2526bid%253D$%257BUSER_ID%257D\u0026dp=14\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nset-cookie: cSyncDp14v4=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/ping/?v=0.7.1\u0026uid=38f3c079-c3bb-4ef0-99ed-d9b34f896a4b\u0026dp=167\u0026tz=%2B00%3A00\u0026nc=863634\u0026dT=2025-08-07T06%3A08%3A17.748","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:17.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /ping/?v=0.7.1\u0026uid=38f3c079-c3bb-4ef0-99ed-d9b34f896a4b\u0026dp=167\u0026tz=%2B00%3A00\u0026nc=863634\u0026dT=2025-08-07T06%3A08%3A17.748 HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894; cSyncDp7v3=1754546896; cSyncDp241v2=1754546896\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/madstyle.css","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /madstyle.css HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\naccess-control-max-age: 86400\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\netag: W/\"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0\"\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":209,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"15ed2e0aa45ebcfa33986346be773a4f","sha1":"f72ac7f7e82dd4fbba7afaae6bcd7d3f1971808f","sha256":"bbc6e53a4cd250a3c0da0b141cc341bfc05fe26ee1cd321466625815e94da889","sha512":"05e31abc339a849a80c2ba55c025bfc6c07d21d533a94ea8ada36de7fd028964b9941ebd458e46ac31ca2458b1768ec2966031a3719c11e5e85ea3bca91758f2","ssdeep":"","tlshash":"aed0129059f78e4013528ad4371fb7215228b062056b9e285f82bddc8fca202e063f8c","first_seen":"2025-08-07T06:08:50.906166Z","last_seen":"2025-08-07T06:08:50.906166Z","times_seen":1,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":64,"dns":6,"connect":17,"send":0,"wait":18,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dmp.otm-r.com/match/skyadvert","fqdn":"sync.dmp.otm-r.com","domain":"otm-r.com","tld":"com"},"ip":{"addr":"194.55.244.189","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sync.dmp.otm-r.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:33:19 GMT","end":"Fri, 24 Oct 2025 10:33:18 GMT"},"fingerprint":{"sha1":"73:CB:E4:07:8B:A8:CE:7D:8A:1A:81:05:89:63:AF:54:5E:AB:E3:AE","sha256":"46:32:4A:BE:51:0A:51:BD:7A:8E:10:EA:DF:90:3E:22:0A:79:9E:F3:36:E3:78:A9:A5:C9:33:8F:62:AF:8D:12"}}},"request":{"raw":"GET /match/skyadvert HTTP/1.1\r\nHost: sync.dmp.otm-r.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.23.4\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 61\r\naccess-control-allow-origin: *\r\nlocation: /match/skyadvert?otcm_check=1754546894\r\nset-cookie: mpid=Njg5NDQyY2UwZTM1Mzk2YQ==; Path=/; Domain=otm-r.com; Max-Age=31536000; Secure; SameSite=None\nmpid=Njg5NDQyY2UwZTM1Mzk2YQ==; Path=/; Domain=otm-r.com; Max-Age=31536000; Secure; SameSite=None; Partitioned\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.23.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":41,"connect":57,"send":0,"wait":52,"receive":0,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"123tt.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 23:16:34 GMT","end":"Tue, 09 Sep 2025 00:11:23 GMT"},"fingerprint":{"sha1":"33:C9:E3:85:7A:15:06:3B:6A:7F:B8:0B:01:6F:F7:BF:9A:88:7A:26","sha256":"57:7C:B3:AF:43:E6:6E:D8:E5:72:3D:6A:C5:E0:6C:6A:DF:DC:57:D9:48:DB:03:B8:C7:0F:0F:99:D0:F2:75:03"}}},"request":{"raw":"GET /kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/ HTTP/1.1\r\nHost: 6-wbpbqewx.123tt.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: korjik_test=1; crackers_days=1; crackers_visited=1; crackers_time_visited=1754546891; crackers_views=1; somechange_js_korjik=1; t_e4719dd21a=1; rocketteam_counter=1; pokemoky_counter=1; jassyandjames_rand=2; poke_counter_up=Thu%2C%2007%20Aug%202025%2018%3A08%3A13%20GMT; poke_counter=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: text/html\r\naccess-control-allow-methods: GET, OPTIONS, POST\r\nlast-modified: Thu, 01 Jun 2023 11:17:29 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mg6EcuS6k6k9KNaWAEEXTJmyDsx6w5JJ9yYVmhnwSjb5SQeGwNHKDCEmjvJyUl%2BZADoVlQTYHvvdXj0o7Q%2FvBEWU4mv6lzb1SAcJ7YGyphB5\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\netag: W/\"64787e49-68b\"\r\naccess-control-allow-origin: chrome-extension://pmlihfbibgfoklgdkkeipenneifojopk\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: office, content-type, Content-Type, Accept, x-requested-with\r\ncf-ray: 96b49924e9a256c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1675,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"d1009ca07c7e56763ee96a14b58fa7ed","sha1":"72121214f5c447a4e2b814be1eac041341d091e5","sha256":"f13a837ddefe6aa3bba0ba7c25d14f9b2186808d9911c6394c14518e5e64b341","sha512":"054f1a7994fa782674c0d1b9503a390fc73e5abe33e14e5ddf7847bcd6880720cefe3cc66c8639773aae918c4bebeb25ba650ad05cf6f78b38df27dae3cf5627","ssdeep":"","tlshash":"8131126a1c20506682b221475f37f309fe2623eb6182d4413b9c93aa7f7495acd13fdc","first_seen":"2023-06-17T11:09:52Z","last_seen":"2026-03-29T07:13:34.364106Z","times_seen":23,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.bumlam.com/?src=sap1\u0026s_data=CAIQARjPhdHEBmIgMDYwMDAwN0ZDRTQyOTQ2ODIzMDE0Rjk5MDI5M0I1NTKiARDoDNGEc1QR8IbgACWQwGR8","fqdn":"sync.bumlam.com","domain":"bumlam.com","tld":"com"},"ip":{"addr":"31.172.81.145","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bumlam.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 06:16:05 GMT","end":"Sat, 18 Oct 2025 06:16:04 GMT"},"fingerprint":{"sha1":"63:39:BB:B3:0F:06:C3:B8:0F:8B:09:D7:EB:99:F3:72:4A:AB:94:27","sha256":"E7:AF:31:40:0B:59:D5:B3:32:9C:37:13:F5:35:8E:06:36:67:4D:FD:5A:6A:CD:46:CF:09:8C:3B:7C:E2:24:BA"}}},"request":{"raw":"GET /?src=sap1\u0026s_data=CAIQARjPhdHEBmIgMDYwMDAwN0ZDRTQyOTQ2ODIzMDE0Rjk5MDI5M0I1NTKiARDoDNGEc1QR8IbgACWQwGR8 HTTP/1.1\r\nHost: sync.bumlam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: suuid3=IiRlODBjZDE4NC03MzU0LTExZjAtODZlMC0wMDI1OTBjMDY0N2M*\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nSet-Cookie: suuid3=IiRlODBjZDE4NC03MzU0LTExZjAtODZlMC0wMDI1OTBjMDY0N2M*; Path=/; Expires=Wed, 02 Aug 2045 06:08:16 GMT; Domain=bumlam.com; SameSite=None; Secure\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nCache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsn.24smi.net/smi.js","fqdn":"jsn.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","date":"2025-08-07T06:08:13.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.24smi.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 12:16:56 GMT","end":"Mon, 22 Sep 2025 12:16:55 GMT"},"fingerprint":{"sha1":"8E:C9:F0:9A:F3:A2:9C:57:A6:BA:EA:93:07:93:78:6B:B3:89:EC:B5","sha256":"85:69:6C:70:8D:71:10:1C:DB:51:9C:4B:53:9E:F4:DC:8C:02:10:D6:52:BB:B5:0C:C2:6F:A4:39:6E:69:85:41"}}},"request":{"raw":"GET /smi.js HTTP/1.1\r\nHost: jsn.24smi.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 31 Jul 2025 08:26:17 GMT\r\netag: W/\"688b28a9-1a620\"\r\nexpires: Thu, 07 Aug 2025 06:18:13 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=0\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108064,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b4ba6035f650dda50dbd3ba367e03dbb","sha1":"0384ec281fc67ec906eeb10b75daf9ff2df40a8a","sha256":"9a7ce92d40730fd8da81d7108f05d988bd9b87cbf14e75484e9be3fa5087c8da","sha512":"2a97564449ce215cb01c4f7fb905588902875b348fcecbc6905eab7ccd4f8d0e997726d6c58ab085c642e678212c33c1831db337c62774f822e6771cca7f3b1e","ssdeep":"1536:BRSu24xbb5suVmDmkR5MgiQ5rra/Qfh00sHqnJk8/DSdCItiWs:BR1PS00sHqJX/DCCVX","tlshash":"abb3d88c7d85f42a43d361f1807f054fb2372e1d688d6550e2aad8e53eb884d612bfad","first_seen":"2025-08-03T08:36:22.377769Z","last_seen":"2025-08-12T06:34:34.474459Z","times_seen":3,"resource_available":true,"data":null}},"time_used":256,"timings":{"blocked":98,"dns":5,"connect":29,"send":0,"wait":57,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"logger.moviead55.ru/logger?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026t=player_loaded\u0026a=\u0026m=%7B%22sub_id%22%3A%22ap%22%2C%22loadTime%22%3A0.918%2C%22version%22%3A%221752761533443%22%2C%22platform_id%22%3A2%2C%22vt%22%3A100%2C%22dv%22%3Atrue%2C%22l%22%3A%22https%3A%2F%2F6-wbpbqewx.123tt.ru%2F%22%2C%22scr%22%3A%7B%22w%22%3A1280%2C%22h%22%3A1024%2C%22c%22%3A24%2C%22iw%22%3A400%2C%22ih%22%3A225%7D%7D\u0026o=\u0026s2=1","fqdn":"logger.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.162","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /logger?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026t=player_loaded\u0026a=\u0026m=%7B%22sub_id%22%3A%22ap%22%2C%22loadTime%22%3A0.918%2C%22version%22%3A%221752761533443%22%2C%22platform_id%22%3A2%2C%22vt%22%3A100%2C%22dv%22%3Atrue%2C%22l%22%3A%22https%3A%2F%2F6-wbpbqewx.123tt.ru%2F%22%2C%22scr%22%3A%7B%22w%22%3A1280%2C%22h%22%3A1024%2C%22c%22%3A24%2C%22iw%22%3A400%2C%22ih%22%3A225%7D%7D\u0026o=\u0026s2=1 HTTP/1.1\r\nHost: logger.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: Content-Type: image/png\r\nvary: Accept-Encoding\r\nx-logger-le: true\r\nx-logger-tdb: default\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"b357a19c87624c7c4d131aeeb4ae677f","sha1":"c7a9c45fd419815a5ab1998503a9f03514c0e229","sha256":"497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581","sha512":"794ee916028e48775103a2f1974a7d7d92089f45dffa86c5c342afa073fa41d4a589340ad126789854a7c8e9ac19a5cc7955ebf80fd349f17959a3277f3b6069","ssdeep":"","tlshash":"81a022e32ba0bc3cca30203300088b30ca3020a000220e8e000e803e3c022e000882a3","first_seen":"2023-04-11T22:59:57Z","last_seen":"2026-04-05T14:28:29.233573Z","times_seen":2871,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"user91471.clients-cdnnow.ru/mp_dist/mstream2.js?ver=1752761533443","fqdn":"user91471.clients-cdnnow.ru","domain":"clients-cdnnow.ru","tld":"ru"},"ip":{"addr":"185.40.155.13","port":443,"asn":21030,"as":"Docker LTD","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.clients-cdnnow.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 12 May 2025 22:42:41 GMT","end":"Sun, 10 Aug 2025 22:42:40 GMT"},"fingerprint":{"sha1":"B5:9C:B2:F7:FC:4C:20:0F:CF:D5:CF:32:34:93:B8:5C:DB:05:50:31","sha256":"B7:97:30:64:95:42:4D:C2:2D:29:71:13:AE:A6:8D:FC:65:C3:46:46:80:30:1A:11:A5:EA:A6:26:5C:90:42:49"}}},"request":{"raw":"GET /mp_dist/mstream2.js?ver=1752761533443 HTTP/1.1\r\nHost: user91471.clients-cdnnow.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 17 Jul 2025 14:12:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"687904ca-28998\"\r\nx-movieads-country: RU\r\ncontent-encoding: gzip\r\nx-edge-cache: HIT\r\nx-edge-ip: 172.19.32.29\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":166296,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65071), with no line terminators","md5":"491654dcff2b3c2b6092ccf253421108","sha1":"69001127160212287e1deb3b8a349cf35ae5be6d","sha256":"32595c2561932c9493b2d19a540ef559ea0eebdf13202db90143284673872dc8","sha512":"0978cfecbfc53442d1b39482c9c78022c13979549087082bf9f33131ab721444314903d2fcae521f0c148c18f88e81608fbd98583e59fb7a6f476749191db9bf","ssdeep":"3072:dFJtTVisVPmLAeRE/5RuYkyh/FS8RwK4eTUdOmrTVU1:dPe+iKLRo8RwpeIOmrRU1","tlshash":"fbf35cb6194160762ba0c1e561b84281ee3d671e3483439c7d5dcee7a46d821b2febfc","first_seen":"2025-07-18T09:21:09.205013Z","last_seen":"2025-08-07T06:08:50.915904Z","times_seen":14,"resource_available":true,"data":null}},"time_used":297,"timings":{"blocked":105,"dns":28,"connect":52,"send":0,"wait":54,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"match.ohmy.bid/cm?ssp=skyadv\u0026redirect_url=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dohmybid%26bid%3D%7Buid%7D","fqdn":"match.ohmy.bid","domain":"ohmy.bid","tld":"bid"},"ip":{"addr":"37.0.127.200","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ohmy.bid","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 15:12:54 GMT","end":"Sat, 18 Oct 2025 15:12:53 GMT"},"fingerprint":{"sha1":"AE:15:A3:A4:41:D3:DA:E5:B7:41:38:D6:C9:5B:70:83:47:0B:5B:C8","sha256":"0E:15:23:C8:20:5B:EE:67:6D:A1:5C:CE:0E:A4:E3:41:59:F4:F6:58:3C:C3:7B:8A:CD:2F:21:D5:DD:A6:08:AB"}}},"request":{"raw":"GET /cm?ssp=skyadv\u0026redirect_url=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dohmybid%26bid%3D%7Buid%7D HTTP/1.1\r\nHost: match.ohmy.bid\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nBidder: bid-20 1.2104.4452ce78\r\nLocation: https://code.moviead55.ru/go/csync?cn=ohmybid\u0026bid=c584c8ff-df38-4dce-9d16-6e9066d612c1\r\nSet-Cookie: uid=c584c8ff-df38-4dce-9d16-6e9066d612c1.689442ce.e9d15dd663d11820; domain=.ohmy.bid; path=/; expires=Sat, 06-Sep-2025 06:08:14 GMT; SameSite=None; Secure;\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":305,"timings":{"blocked":-1,"dns":24,"connect":63,"send":0,"wait":57,"receive":0,"ssl":155},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cr-frontend.weborama-tech.ru/cr?key=sape\u0026url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D296%26euid%3D%7BWEBO_CID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D296","fqdn":"cr-frontend.weborama-tech.ru","domain":"weborama-tech.ru","tld":"ru"},"ip":{"addr":"178.154.212.160","port":443,"asn":200350,"as":"Yandex.Cloud LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.weborama-tech.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 01 Aug 2024 17:15:52 GMT","end":"Tue, 02 Sep 2025 17:15:51 GMT"},"fingerprint":{"sha1":"F9:25:AF:31:D2:3B:C2:89:E0:BC:2A:03:84:38:24:3B:CC:73:F8:0B","sha256":"CD:FB:C5:2D:17:B8:F2:F7:20:0E:89:13:BE:1E:FB:60:D6:5F:B6:42:6D:E1:0B:01:02:31:8C:1E:08:CD:57:75"}}},"request":{"raw":"GET /cr?key=sape\u0026url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D296%26euid%3D%7BWEBO_CID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D296 HTTP/1.1\r\nHost: cr-frontend.weborama-tech.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\nvary: Origin\r\naccess-control-allow-origin: *\r\np3p: CP=\"NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM\"\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0\r\npragma: no-cache\r\nexpires: Tue, 03 Jul 2001 06:00:00 GMT\r\nlast-modified: Thu, 07 Aug 2025 06:08:16 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":531,"timings":{"blocked":-1,"dns":16,"connect":47,"send":0,"wait":42,"receive":0,"ssl":408},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/match?dp=68\u0026euid=Njg5NDQyY2UwZTM1Mzk2YQ%3D%3D","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match?dp=68\u0026euid=Njg5NDQyY2UwZTM1Mzk2YQ%3D%3D HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/zax/jquery.min.js","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /zax/jquery.min.js HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 24606\r\ncf-ray: 96b4991daf8d569d-OSL\r\nlast-modified: Mon, 25 Apr 2016 17:14:40 GMT\r\netag: \"119ee-531524fd52000-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 227412\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=yX6lZ1MYE5xHN1u3STdLCxTIP86sm54THU5CWGF%2B7it4Z457sDSCSsmLWOM1OvkPLSb%2FneW%2Bwc7cSz%2F06IPaZlMBLMU56ccoxe0Lf9peF6RgIyJndRKYRopn6UgSjwh%2BOw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1514\u0026min_rtt=431\u0026rtt_var=1154\u0026sent=130\u0026recv=49\u0026lost=0\u0026retrans=1\u0026sent_bytes=120608\u0026recv_bytes=3305\u0026delivery_rate=14552763\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=174\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72174,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (820)","md5":"10092eee563dec2dca82b77d2cf5a1ae","sha1":"65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b","sha256":"e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59","sha512":"cc92cf5a9b3a62a18af432fdffb81b76da84e2f43ce3c7800a919c10809118d0611e29a47f103ff3df18a54d5331bc5f06ef4771dc406cc763b30ff2a66a3e81","ssdeep":"1536:Du98G2ltZMNWnDr7doqPp07HVDTLGbY9TGA7zEcbnkb17jQq3nPRefqvpsz:DuJItn6qepq15nUfqvpsz","tlshash":"5063e9c9b2c67273c3e730b824af510af136a8aaa44c4854f06ce8e5bd74a55447bf7d","first_seen":"2023-03-07T01:07:10Z","last_seen":"2026-04-05T13:04:14.142261Z","times_seen":7610,"resource_available":true,"data":null}},"time_used":346,"timings":{"blocked":146,"dns":16,"connect":31,"send":0,"wait":18,"receive":1,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/js/plz.somechange.new.mn.js?211","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /js/plz.somechange.new.mn.js?211 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 520 No Reason Phrase\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 7213\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=NZyjOvYErzECKxKUdYXL5tD8r09%2F5DrZcv1KIpJV21phUTdfr38QAEYPcUNkOwHVRHaF6d%2FC3u36bfZeVArSJJVgz6ye1OYUs%2Fb3k6tqz8x14hkRT0MLnF0lneuKJ2kG5w%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: same-origin\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nserver: cloudflare\r\ncf-ray: 96b4991d3f06569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1930\u0026min_rtt=431\u0026rtt_var=1260\u0026sent=111\u0026recv=46\u0026lost=0\u0026retrans=1\u0026sent_bytes=101710\u0026recv_bytes=3305\u0026delivery_rate=6779933\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=167\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"520","status_text":"No Reason Phrase","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":150,"timings":{"blocked":67,"dns":0,"connect":0,"send":0,"wait":82,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","date":"2025-08-07T06:08:14.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css2?family=Roboto:wght@400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 07 Aug 2025 06:08:14 GMT\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"270b4672cca5a8dc03af448e54205bc9","sha1":"441be2c5de58625134502940743f707da40b4970","sha256":"3e4424ebabdf68c54bd3effe78a8c7969e7692f1709b1e29403dfbb2fa9d01dd","sha512":"6bd7aa89fbb513cc4bf962a2bafe2d848e344b3d451b32fa3c368d8439d0087a88afe964ba821a16aee92707bf42f37da3df0b5bfb7b76db0e153157002f4555","ssdeep":"384:8jfMj1jWj6jyhj/qY4XjNjtjijfDjOjdjBjyaj/qY4QjGjmj4jfdjkjDj3jyQj/E:8oBy+Oh/EBpmv65lOa/76icZwPLOQ/VK","tlshash":"357220a1041740009b839ce223cebf35fe1f92117142d0b5abfd9b6badcbc66526936d","first_seen":"2025-06-02T17:35:42.189924Z","last_seen":"2025-10-31T07:25:24.551836Z","times_seen":1824,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":105,"dns":0,"connect":14,"send":0,"wait":31,"receive":0,"ssl":91},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=gonetbid\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=gonetbid\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://sync.gonet-ads.com/match/SkyAdvert?id=2c64a1ec-a958-eb05-90df-00fdd4b6eeee\r\nset-cookie: sky_uuid=2c64a1ec-a958-eb05-90df-00fdd4b6eeee; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/cmatch?dp=368","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:17.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /cmatch?dp=368 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894; cSyncDp7v3=1754546896; cSyncDp241v2=1754546896\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"logger.moviead55.ru/logger?t=player_finish\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026a=\u0026m=\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026o=","fqdn":"logger.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.162","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:32.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /logger?t=player_finish\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026a=\u0026m=\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026o= HTTP/1.1\r\nHost: logger.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:32 GMT\r\ncontent-type: Content-Type: image/png\r\nvary: Accept-Encoding\r\nx-logger-le: true\r\nx-logger-tdb: default\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"b357a19c87624c7c4d131aeeb4ae677f","sha1":"c7a9c45fd419815a5ab1998503a9f03514c0e229","sha256":"497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581","sha512":"794ee916028e48775103a2f1974a7d7d92089f45dffa86c5c342afa073fa41d4a589340ad126789854a7c8e9ac19a5cc7955ebf80fd349f17959a3277f3b6069","ssdeep":"","tlshash":"81a022e32ba0bc3cca30203300088b30ca3020a000220e8e000e803e3c022e000882a3","first_seen":"2023-04-11T22:59:57Z","last_seen":"2026-04-05T14:28:29.233573Z","times_seen":2871,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/menu_b1.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/menu_b1.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libbb.yotor.ru/parse/s.rutor.org/css.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2487\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=qfY2n1SkxlVS3yCwg90m70jfVbBppfBYu%2FePwlB4u7M5x4uqj2TPJNiTHC%2BpBgrOMdG%2BCu9NXEPCa2zT2tK%2F00s9ZngUYy73yLSOFeFKu22yDkQfu1%2FAkDoYF88w0hamuQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"9b7-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 83877\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\ncf-ray: 96b49923d9f20b65-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1729\u0026min_rtt=554\u0026rtt_var=1427\u0026sent=383\u0026recv=529\u0026lost=0\u0026retrans=0\u0026sent_bytes=25312\u0026recv_bytes=29631\u0026delivery_rate=329160\u0026ss_exit_cwnd=14896\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=5783e9267c46b1c9\u0026ts=1028\u0026inflight_dur=42\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2487,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 81 x 30","md5":"e6e60f34a712eb50e8783b7d5798cd19","sha1":"edd102808f38d2c3e2d980bb903ee07f2d932150","sha256":"f04b184eb5417b9a81ab455fc07378efa326bbed2a5c74869b3d876b287307d8","sha512":"e6da396de37314a42dc4a9974998ec73059eace453e7414909083930279089ea67a57bc8cd7c3efe7bed73ee356b791fd7defd9834b64ebcf547ab3e03f869ae","ssdeep":"","tlshash":"3f512ba3bc1456e7f6571f38a561042c88d59f41af96e1b431402f24e0f221bbaaad55","first_seen":"2023-05-21T11:00:05Z","last_seen":"2026-03-29T07:13:34.36317Z","times_seen":58,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/chimichanga/galets.js","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","date":"2025-08-07T06:08:13.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"123tt.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 23:16:34 GMT","end":"Tue, 09 Sep 2025 00:11:23 GMT"},"fingerprint":{"sha1":"33:C9:E3:85:7A:15:06:3B:6A:7F:B8:0B:01:6F:F7:BF:9A:88:7A:26","sha256":"57:7C:B3:AF:43:E6:6E:D8:E5:72:3D:6A:C5:E0:6C:6A:DF:DC:57:D9:48:DB:03:B8:C7:0F:0F:99:D0:F2:75:03"}}},"request":{"raw":"GET /chimichanga/galets.js HTTP/1.1\r\nHost: 6-wbpbqewx.123tt.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/\r\nCookie: korjik_test=1; crackers_days=1; crackers_visited=1; crackers_time_visited=1754546891; crackers_views=1; somechange_js_korjik=1; t_e4719dd21a=1; rocketteam_counter=1; pokemoky_counter=1; jassyandjames_rand=2; poke_counter_up=Thu%2C%2007%20Aug%202025%2018%3A08%3A13%20GMT; poke_counter=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 604\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 13 Sep 2022 10:15:43 GMT\r\netag: \"601-5e88c4b7b71c0-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VQuLPmWEQEYk4xI629OtPH6Int3TauIGaWr5RVxDhhPmwRDZL4kzt5aXGvRIJYlli6Ct9btBFo1X%2FqQo20mOaLKkXLHDtAH5x0GwFYlJWcsO\"}]}\r\naccess-control-allow-origin: chrome-extension://pmlihfbibgfoklgdkkeipenneifojopk\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: office, content-type, Content-Type, Accept, x-requested-with\r\naccess-control-allow-methods: GET, OPTIONS, POST\r\ncf-ray: 96b4992559aa56c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1537,"size_decoded":0,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"37607a50e5c3055c37745b8a8523f5fe","sha1":"b65d14449e609c6ecffbc73e17aa2f05b0acf210","sha256":"7462330295488346f30edebf0a6d2e847eb2cc135e7d735310504e128217db6a","sha512":"0a652beb49d0e1bf408a0f7428ecc0bc793ed261a18acc641b7deda39226133cb67fa2978b9fc5329d5bd2f8f85a9eb07c66608a1e1e639c170c2ea04a0ae0f8","ssdeep":"","tlshash":"31318e98359e701d918423467a7510deac3ce7b102db91bce5deb472609081b8e3d9f6","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.367557Z","times_seen":59,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cmr.bidderstack.com/sape/cm?user_id=0600007FCE42946823014F990293B552","fqdn":"cmr.bidderstack.com","domain":"bidderstack.com","tld":"com"},"ip":{"addr":"185.149.242.234","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bidderstack.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 26 Dec 2024 14:42:05 GMT","end":"Wed, 14 Jan 2026 11:07:44 GMT"},"fingerprint":{"sha1":"D3:CF:38:0C:FA:18:1C:F8:E8:E3:18:35:3E:3D:E6:82:B4:44:12:C1","sha256":"C6:91:A1:27:F0:56:52:64:73:25:39:60:8B:AA:DA:0C:92:DF:DD:2B:3C:50:92:0B:D8:7F:AF:F4:5B:3C:A8:79"}}},"request":{"raw":"GET /sape/cm?user_id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: cmr.bidderstack.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Type: image/gif\r\nContent-Length: 44\r\nConnection: keep-alive\r\nx-from: nrr-2\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]},{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]}],"data":{"size":44,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"f9d60352c70a2ba15616d1c9421f3844","sha1":"e9abc8bea7721a4b6a50295850d13c515006a95c","sha256":"82cb517a8f80c91dfcec543c6d140deb3baaf463ea9e77655475096eba7bc7d9","sha512":"c236b22bcd48790ff970b8bc566061eae734e0d34c1a68cd8d6160415303e0b0b51fe5780fafe7349cf71cb10089c9f322495267eee019cc63f879727263df4b","ssdeep":"","tlshash":"49900003eb80c002c2a2c0300e0ccb802b88b030ae28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-06T18:33:49Z","last_seen":"2026-04-05T10:49:20.977264Z","times_seen":4258,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/css/pluso-like-small.js?10","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /css/pluso-like-small.js?10 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 972\r\ncf-ray: 96b4991d3f0a569d-OSL\r\nlast-modified: Sat, 24 Jun 2023 16:08:50 GMT\r\netag: \"8da-5fee25541e880-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 227412\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=SWKa2rBAZCJS22a%2BIxUSmQYFj8jNDMRgkhgx1D78rOSf88vEpu6ggH0lGs1rO0iIa6Fn2TkcJ4nA9d3JextZrYJpueVPpsNm2to3NRS1ep3%2FWT5ypRVl%2BR6ToSRonpy10A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=53\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=48796\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=107\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2266,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"dae4b00893641d10303a88837aa5c45f","sha1":"a7514fb190fa8ba489b2dde5dbee92dd0fe7ecb7","sha256":"e786f1e87ef6054b4aab3d26780d3525a14975b8d4de5bae54f095fa07ed5b08","sha512":"f42bd1cf7edca40d2d1bcdbd35c6f36bee9c62172dea1afcc9b0db07139a94cb9d4ead6f3401f7d0ba34d66ab08a5a2be88786def635d2809ef1110d646669f3","ssdeep":"","tlshash":"67411d78bf29722e4172106ff50f744ac0b4842ac4596c8f5f75a1be2da1b6b736c638","first_seen":"2023-07-07T18:06:31Z","last_seen":"2026-03-29T07:13:34.407757Z","times_seen":73,"resource_available":true,"data":null}},"time_used":107,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":42,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pix.bumlam.com/sync/sape/sync_ok?guid=e80cd184-7354-11f0-86e0-002590c0647c","fqdn":"pix.bumlam.com","domain":"bumlam.com","tld":"com"},"ip":{"addr":"31.172.81.160","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bumlam.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 06:16:05 GMT","end":"Sat, 18 Oct 2025 06:16:04 GMT"},"fingerprint":{"sha1":"63:39:BB:B3:0F:06:C3:B8:0F:8B:09:D7:EB:99:F3:72:4A:AB:94:27","sha256":"E7:AF:31:40:0B:59:D5:B3:32:9C:37:13:F5:35:8E:06:36:67:4D:FD:5A:6A:CD:46:CF:09:8C:3B:7C:E2:24:BA"}}},"request":{"raw":"GET /sync/sape/sync_ok?guid=e80cd184-7354-11f0-86e0-002590c0647c HTTP/1.1\r\nHost: pix.bumlam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: suuid3=IiRlODBjZDE4NC03MzU0LTExZjAtODZlMC0wMDI1OTBjMDY0N2M*\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Type: image/gif\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://www.acint.net\r\nAccess-Control-Allow-Credentials: true\r\nTiming-Allow-Origin: *\r\nCross-Origin-Resource-Policy: cross-origin\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0, proxy-revalidate, s-maxage=0\r\nPragma: no-cache\r\nExpires: 05-Jun-2005 22:00:00 GMT\r\nX-Xss-Protection: 0\r\nP3P: policyref=\"https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml\", CP=\"CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nLocation: https://e80cd184-7354-11f0-86e0-002590c0647c.n2.sync.bumlam.com/?src=sape\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/css/web-mirror.css?2","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /css/web-mirror.css?2 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/css;charset=UTF-8\r\ncontent-length: 83\r\ncf-ray: 96b4991d8f76569d-OSL\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 3054\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nlast-modified: Thu, 07 Aug 2025 05:17:18 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=15bmB%2Fakc9QAjyHRtfCYIMwwwgeAau6VfOrNK%2BBcKEybegVqm%2FyInPXCytelrNck7NAmzqR4%2FnsEvs3H5xmDeR9ZujdXLR3HUIuDICEjxyj6x292fT6g6fifERJcjMbzAg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1946\u0026min_rtt=431\u0026rtt_var=1638\u0026sent=107\u0026recv=43\u0026lost=0\u0026retrans=1\u0026sent_bytes=101065\u0026recv_bytes=3038\u0026delivery_rate=6779933\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=153\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":63,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"d408fe886be98e8f774d6f47a3157a8b","sha1":"2a25fd6f2822a6b158cfec4116284996e2d55078","sha256":"b8388dd9cf762de7fb6dbcc5191fb91666cb5f477fee21779bf576ac9180a026","sha512":"5b4d1c5148c3fb306a4c96ccdd678e7c3c83cadd10dc909178becb981e939c1bfe629bd153adcac4459ada81af88431ee8a1e36de872a21a043a9561a400bc91","ssdeep":"","tlshash":"c4a0020374d703616227c5150d8b737aa87eb14253048e8dcd4052363eef2d30dc2e91","first_seen":"2023-05-21T11:00:04Z","last_seen":"2026-03-29T07:13:34.399846Z","times_seen":35,"resource_available":false,"data":null}},"time_used":332,"timings":{"blocked":137,"dns":21,"connect":1,"send":0,"wait":28,"receive":1,"ssl":79},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=gtnt\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=gtnt\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://px.adhigh.net/p/cm/skyadvert?u=be111d13-3093-7179-ccf5-a905f05c0c3f\r\nset-cookie: sky_uuid=be111d13-3093-7179-ccf5-a905f05c0c3f; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/csync?cn=otclkbid\u0026bid=VUlIRVup0AuRYc9","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/csync?cn=otclkbid\u0026bid=VUlIRVup0AuRYc9 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\nset-cookie: otclkbid=VUlIRVup0AuRYc9; max-age=86400; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/match?dp=394\u0026euid=db88453e-ac61-4a2c-885d-6fdd6cc874ac","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match?dp=394\u0026euid=db88453e-ac61-4a2c-885d-6fdd6cc874ac HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/match?dp=98\u0026euid=3aaf6890-99de-4344-aa16-1f2d1fa700b4","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match?dp=98\u0026euid=3aaf6890-99de-4344-aa16-1f2d1fa700b4 HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/oci.js?t=1754546894740","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /oci.js?t=1754546894740 HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 09 Jan 2023 08:01:14 GMT\r\netag: W/\"63bbc9ca-7dac\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32169,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (32168)","md5":"c3fa5133b6899a2abb39fb79ed94300f","sha1":"dc1d5c75420b38cd7509a783ed09345d0ff78ac4","sha256":"66b141eb9ae44c86efc510844a71cf208c02d02abe03af3a7d8cc26736d3e19c","sha512":"db171b491636ef67596c4874d2b3e553eac016e303a713f12eb1e5c5116cab5f5c904b6aaf358268c04011016484b6920b227cf2d72c2de30f79bd16eba59bad","ssdeep":"384:ixcLKIHRnN2xFRhKv3E6mXHHKvaloLG2+KlLqK/CSuxAjUd0jJFKOEyEqWiodJVb:1BHRN6AIeJZKOgIJANJVEEvDHIoOI","tlshash":"64e219ccb2c3b02d0263a9ba047f6046763bbd59250c4883d5bad5d17ca9e5a513bfb8","first_seen":"2023-03-12T19:09:04Z","last_seen":"2026-03-15T10:53:33.326269Z","times_seen":5562,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.utraff.com/sync?ssp=8\u0026id=0600007FCE42946823014F990293B552","fqdn":"a.utraff.com","domain":"utraff.com","tld":"com"},"ip":{"addr":"104.21.47.61","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"utraff.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 23 Jul 2025 01:28:17 GMT","end":"Tue, 21 Oct 2025 02:25:54 GMT"},"fingerprint":{"sha1":"F1:89:88:96:E0:8D:79:6C:6B:6F:94:BE:CC:F9:AF:ED:FB:D5:8F:FA","sha256":"F5:0E:49:C1:75:7E:79:08:2D:28:A2:6F:15:8B:7C:11:9C:E7:78:AE:EC:20:B1:AB:02:DC:A1:C5:F4:8E:A6:C1"}}},"request":{"raw":"GET /sync?ssp=8\u0026id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: a.utraff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jA2Xfb9XJSw2OJuxF38Dn6pNcriYXETBwctuGA6QiqbK8RmburEvBvuYzD5gmIKJalcuGzKZLwNIOjqaub7EAqnHKofWIqGj8xU%3D\"}]}\r\nset-cookie: preutid=1; SameSite=None; Secure; Path=/; Domain=itraff.net; Expires=Sat, 06 Sep 2025 09:08:15 GMT\npreutid=1; SameSite=None; Secure; Path=/; Domain=utraff.com; Expires=Sat, 06 Sep 2025 09:08:15 GMT\r\ncf-ray: 96b49930acd1b503-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":7,"connect":1,"send":0,"wait":109,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp.al-adtech.com/api/sync/sape","fqdn":"ssp.al-adtech.com","domain":"al-adtech.com","tld":"com"},"ip":{"addr":"45.139.25.120","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.al-adtech.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Wed, 30 Jul 2025 13:05:13 GMT","end":"Tue, 28 Oct 2025 13:05:12 GMT"},"fingerprint":{"sha1":"31:D5:11:77:6F:8B:30:77:36:D0:F2:F5:1E:7B:1D:FD:4F:F1:30:F9","sha256":"2C:90:CC:F4:B5:D4:7C:71:05:04:5B:A4:C1:AF:1A:92:14:66:83:DE:98:6A:97:6F:07:C4:4D:24:BF:8C:71:4F"}}},"request":{"raw":"GET /api/sync/sape HTTP/1.1\r\nHost: ssp.al-adtech.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nCookie: afp_cookie=gAAAAABolELOoGq3xv65fDS47Gv4q4sKeRO0-nmZUbjYE4Ri19oS1jNENuDVPFIlvOgYat2BjpqL4wlEoxF0eIwPXr3IF6GfuyXwudJScW2bBNr_yB6Cng5teTTmk_oFAo1JpZMrldkfohplN2ALRggfJJqpc337mftqhOXErSW2L07cWxIF0-5CUYw2EP1ys-KWx5dF5bDnxuj5h35AGVA54p4rFiXNqg==$\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.20.1\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin\r\nAccess-Control-Allow-Origin: \r\nAccess-Control-Allow-Credentials: true\r\nLocation: https://mc.acint.net/rmatch?dp=261\u0026euid=c855bde2-bdd3-499b-9b32-bd9e0d953c17\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D261\r\nSet-Cookie: afp_cookie=gAAAAABolELPOslKD6GXvZMgb9vFXf_s5SopWyQ5dXF7n7ljKwWqqFo6vmh0iYfKUZssEl5097GHI9EuGJcBIxTqWR8bN0a5Bybd-pif7LEYiKNRLmBk3SBKaoy6qEG6Q4cnDNqCNy-OKy8GgTSkHJH0hgsrw7jQZEWVkT_P0v-Ay6ER2UgaXY-m1Pjt3YFherMFmpeciAT5tonuf7f3oj3fewKjUWAGKg==$; expires=Sun, 07 Sep 2025 06:08:15 GMT; path=/; secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adspector.io/sync?ssp=6","fqdn":"a.adspector.io","domain":"adspector.io","tld":"io"},"ip":{"addr":"104.21.15.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"adspector.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 11:59:48 GMT","end":"Wed, 15 Oct 2025 12:58:32 GMT"},"fingerprint":{"sha1":"0F:EB:81:AD:E0:60:9A:C6:EC:7C:F8:DA:21:11:57:50:A3:0A:5A:6B","sha256":"CC:18:35:CD:76:F9:4E:0C:04:86:64:0F:14:59:A9:8A:A0:BD:F7:38:E6:3F:F7:B1:41:36:96:79:BA:BF:96:64"}}},"request":{"raw":"GET /sync?ssp=6 HTTP/1.1\r\nHost: a.adspector.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Gkxk2eiUxzBTSIE0y12WvSjRhWS4t6K9fq4t3m1ucP6ks9vyZwf6h8jEd%2BYFnmqWQlNzshg8qpUVvhaJ17%2BtnxyNsVeeDx81PdXvWw%3D%3D\"}]}\r\nset-cookie: preadspector=1; SameSite=None; Secure; Path=/; Domain=adspector.io; Expires=Sat, 06 Sep 2025 09:08:15 GMT\r\ncf-ray: 96b499324ea4b503-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":6,"connect":12,"send":0,"wait":159,"receive":0,"ssl":99},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/rmatch?dp=167\u0026euid=01d1390a-94db-c5e4-b839-534579de15be\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D%24%7BUSER_ID%7D","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?dp=167\u0026euid=01d1390a-94db-c5e4-b839-534579de15be\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D%24%7BUSER_ID%7D HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: /rmatch?r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D$%7BUSER_ID%7D\u0026dp=167\u0026tc=1\u0026euid=01d1390a-94db-c5e4-b839-534579de15be\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nset-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Thu, 07-Aug-25 06:18:14 GMT\naid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":39,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/cmatch?dp=14","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /cmatch?dp=14 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://ads.betweendigital.com/match?bidder_id=73\u0026external_user_id=0600007FCE42946823014F990293B552\r\nset-cookie: cSyncDp7v3=1754546896; expires=Sat, 06-Sep-25 06:08:16 GMT; path=/; Secure; SameSite=None; domain=.acint.net\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/cmatch?dp=261","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /cmatch?dp=261 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://ads.betweendigital.com/match?bidder_id=73\u0026external_user_id=0600007FCE42946823014F990293B552\r\nset-cookie: cSyncDp7v3=1754546896; expires=Sat, 06-Sep-25 06:08:16 GMT; path=/; Secure; SameSite=None; domain=.acint.net\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/match?dp=186\u0026euid=b973c51d-e412-4ee6-a6f4-c3a865ff9781","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match?dp=186\u0026euid=b973c51d-e412-4ee6-a6f4-c3a865ff9781 HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/sync/sape?u=0600007FCE42946823014F990293B552\u0026f=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsolta%26bid%3DaJRCzsCW2cs\u0026n=2","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/sync/sape?u=0600007FCE42946823014F990293B552\u0026f=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsolta%26bid%3DaJRCzsCW2cs\u0026n=2 HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: n=2; f=https%3A%2F%2Fmatch.ohmy.bid%2Fcm%3Fdsp_id%3D83%26uid%3DaJRCzuiMv9Y; sm=QgBolELO; da=kFeECwAAAAFnkJYmAAAAASi6r3IAAAAB; u=aJRCzuiMv9Y~ZbJn6r51RlGWkng-ak3cLTg-qwU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nset-cookie: as=97USd2iUQtA; path=/rtb; max-age=604800; samesite=none; httponly; secure\nda=KLqvcgAAAAGQV4QLAAAAAQ; path=/rtb; max-age=604800; samesite=none; httponly; secure\nf=; max-age=0; samesite=none; httponly; secure\nn=; max-age=0; samesite=none; httponly; secure\r\nlocation: https://code.moviead55.ru/go/csync?cn=solta\u0026bid=aJRCzsCW2cs\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s13a;dur=0.0007\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/cmatch?dp=95","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /cmatch?dp=95 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://ads.betweendigital.com/match?bidder_id=73\u0026external_user_id=0600007FCE42946823014F990293B552\r\nset-cookie: cSyncDp7v3=1754546896; expires=Sat, 06-Sep-25 06:08:16 GMT; path=/; Secure; SameSite=None; domain=.acint.net\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"logger.moviead55.ru/logger?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026t=player_init\u0026a=\u0026m=%7B%22vis%22%3A100%2C%22dv%22%3Atrue%2C%22jmap%22%3A0%2C%22blen%22%3A1%2C%22bounds%22%3A%7B%22x%22%3A0%2C%22y%22%3A0%2C%22width%22%3A400%2C%22height%22%3A225%2C%22top%22%3A0%2C%22right%22%3A400%2C%22bottom%22%3A225%2C%22left%22%3A0%7D%7D\u0026o=\u0026s2=2","fqdn":"logger.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.162","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:17.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /logger?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026t=player_init\u0026a=\u0026m=%7B%22vis%22%3A100%2C%22dv%22%3Atrue%2C%22jmap%22%3A0%2C%22blen%22%3A1%2C%22bounds%22%3A%7B%22x%22%3A0%2C%22y%22%3A0%2C%22width%22%3A400%2C%22height%22%3A225%2C%22top%22%3A0%2C%22right%22%3A400%2C%22bottom%22%3A225%2C%22left%22%3A0%7D%7D\u0026o=\u0026s2=2 HTTP/1.1\r\nHost: logger.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:17 GMT\r\ncontent-type: Content-Type: image/png\r\nvary: Accept-Encoding\r\nx-logger-le: true\r\nx-logger-tdb: default\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"b357a19c87624c7c4d131aeeb4ae677f","sha1":"c7a9c45fd419815a5ab1998503a9f03514c0e229","sha256":"497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581","sha512":"794ee916028e48775103a2f1974a7d7d92089f45dffa86c5c342afa073fa41d4a589340ad126789854a7c8e9ac19a5cc7955ebf80fd349f17959a3277f3b6069","ssdeep":"","tlshash":"81a022e32ba0bc3cca30203300088b30ca3020a000220e8e000e803e3c022e000882a3","first_seen":"2023-04-11T22:59:57Z","last_seen":"2026-04-05T14:28:29.233573Z","times_seen":2871,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/agrrr/img/movies_btn.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /agrrr/img/movies_btn.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libbb.yotor.ru/css/css.css?27047\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 3036\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=3QDbxp8VSufS8u8I6rdP%2BSVOhVMb84vjmgPSQ349RKucHwuUBD0oNuL1fxhBJHTD0%2BS7EJNOCM8wPkK6kNH%2BsetLCKOvyS4UAIkmVYJEy%2FaQcP%2B%2BSytZIpOS1crAUa1ZFA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Sun, 15 Mar 2015 23:32:06 GMT\r\netag: \"bdc-5115c243a0980\"\r\naccept-ranges: bytes\r\nage: 1108976\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\ncf-ray: 96b49923d9f30b65-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1513\u0026min_rtt=0\u0026rtt_var=1502\u0026sent=388\u0026recv=530\u0026lost=0\u0026retrans=0\u0026sent_bytes=31379\u0026recv_bytes=29676\u0026delivery_rate=1096461\u0026ss_exit_cwnd=14896\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=5783e9267c46b1c9\u0026ts=1033\u0026inflight_dur=45\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3036,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 170 x 34","md5":"986dea298e550985fea4a222d746a9f0","sha1":"eaaa5ecb37610c35ca8516f909158d39d5059524","sha256":"00568b506987f6412fbceb9b5880521a0212706d7e392eb48c315dabc7a900e5","sha512":"8ef07daa68374e9f6439346ed16db1c5c62e50176f160db59744365860748d3458b9200374dcf4c33905d3ca1330633c0fc5e0e564e81dc18009c27af345e0e1","ssdeep":"","tlshash":"9d514d0ab855cea03c7807b3c570bb4aef53cb0c8bc4151a024f56a8639963e4136e27","first_seen":"2023-05-21T11:00:05Z","last_seen":"2026-03-29T07:13:34.358134Z","times_seen":64,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/pixel?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026maid=29290dc5-7ba6-4e37-a05b-6b0576ed0eee\u0026r=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026fmt_id=1\u0026rnd=1754546894.2725916","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/pixel?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026maid=29290dc5-7ba6-4e37-a05b-6b0576ed0eee\u0026r=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026fmt_id=1\u0026rnd=1754546894.2725916 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\nx-skyadvert-udata: cache,parsed,10327\r\nx-skyadvert-cors-qex: Referer\r\nx-skyadvert-path: /\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://6-wbpbqewx.123tt.ru\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/csync?cn=ohmybid\u0026bid=c584c8ff-df38-4dce-9d16-6e9066d612c1","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/csync?cn=ohmybid\u0026bid=c584c8ff-df38-4dce-9d16-6e9066d612c1 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b; otclkbid=VUlIRVup0AuRYc9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\nset-cookie: ohmybid=c584c8ff-df38-4dce-9d16-6e9066d612c1; max-age=86400; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=hbrdcookie2\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=hbrdcookie2\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://dm-eu.hybrid.ai/match?id=185\u0026burl=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dhbrdcookie2%26bid%3D%24%7BVID%7D\r\nset-cookie: sky_uuid=a9e3e47a-293e-ea84-cfab-404bc729fccc; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/rmatch?dp=202\u0026r=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fsape%3Fu%3D%24%7BUSER_ID%7D%26f%3Dhttps%253A%252F%252Fcode.moviead55.ru%252Fgo%252Fcsync%253Fcn%253Dsolta%2526bid%253DaJRCzsCW2cs%26n%3D2","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?dp=202\u0026r=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fsape%3Fu%3D%24%7BUSER_ID%7D%26f%3Dhttps%253A%252F%252Fcode.moviead55.ru%252Fgo%252Fcsync%253Fcn%253Dsolta%2526bid%253DaJRCzsCW2cs%26n%3D2 HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://kimberlite.io/rtb/sync/sape?u=0600007FCE42946823014F990293B552\u0026f=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsolta%26bid%3DaJRCzsCW2cs\u0026n=2\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"myroledance.com/services/?id=146839","fqdn":"myroledance.com","domain":"myroledance.com","tld":"com"},"ip":{"addr":"193.200.64.24","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"myroledance.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Jun 2025 12:51:50 GMT","end":"Mon, 08 Sep 2025 12:51:49 GMT"},"fingerprint":{"sha1":"28:54:94:B7:CE:F3:8D:76:48:8A:D7:66:E9:0B:36:65:4D:E5:0B:F9","sha256":"9F:43:67:DC:FD:68:89:97:6F:54:E7:21:02:3F:3A:BC:F2:7E:64:45:43:4C:CA:22:D0:1B:89:A4:95:67:59:A3"}}},"request":{"raw":"GET /services/?id=146839 HTTP/1.1\r\nHost: myroledance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:12 GMT\r\nContent-Type: text/javascript; charset=utf-8\r\nContent-Length: 1587\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1587,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1587), with no line terminators","md5":"c6e7178496ea3dc9d022b2d002ce070c","sha1":"721f877e58ecfdf755aa10ecfb3c8ef353076252","sha256":"92877890d7a3e2aeb8fb40e3d783bc2663f9e89a3c847f0842060c38920cc370","sha512":"8e9e93d66655439c963df4cd3641135678aa84c006b60382f7b4c7fae258df07e60d86aa9a684dc005c73c684e31a5f557b0d71525b9ff1899b160bc5698dc27","ssdeep":"","tlshash":"b23134dcb60a0e6bcfd158ecf442cef5d42b7243ca5c5a149209cb7d2ea059a1223877","first_seen":"2025-08-07T06:08:50.924319Z","last_seen":"2025-08-07T06:08:50.924319Z","times_seen":1,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":25,"connect":24,"send":0,"wait":20,"receive":1,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/t/news_line.jpg","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/t/news_line.jpg HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libbb.yotor.ru/parse/s.rutor.org/css.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 815\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Qw0Z0E%2B44LjOrnE135kfJm4bRigrhWHxwXXX0W%2BiNBcshveg5wVJvKRN%2FeDLwTy5iwHvAvEt0zrOi7BXv0W5FROukWE2xUH1zdQRsf%2Fb7SI7tjhUgY6hOYIGlIQlewJoPw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"32f-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 1108976\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\ncf-ray: 96b49923c9f00b65-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1729\u0026min_rtt=554\u0026rtt_var=1427\u0026sent=386\u0026recv=529\u0026lost=0\u0026retrans=0\u0026sent_bytes=28579\u0026recv_bytes=29631\u0026delivery_rate=329160\u0026ss_exit_cwnd=14896\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=5783e9267c46b1c9\u0026ts=1029\u0026inflight_dur=42\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":815,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 400x1, components 3","md5":"0ae0cab0ed0d41e3dd26ccbb8c17b4d9","sha1":"c539f0433f976b2509490fc5b5fa9f358b10fa2b","sha256":"8b9592e1f87ca0409266d4b98fd553dec8c9905ec2782f1c0526db1178e48757","sha512":"940d5ba88d0229daac27d0d5289507dea8e8e7d6ecb262b1f52194bdb045ad01d5101f8d603d13d91d93b142d2a07e14693f686443d91738954c58c62f3f1f1e","ssdeep":"","tlshash":"1a01feda570f72d09f33b4b61d15e1a79289798e3dd477301aa142a5cde0ff48048a4c","first_seen":"2023-05-12T09:34:13Z","last_seen":"2026-03-29T07:13:34.376996Z","times_seen":83,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.gonet-ads.com/match/SkyAdvert?id=2c64a1ec-a958-eb05-90df-00fdd4b6eeee","fqdn":"sync.gonet-ads.com","domain":"gonet-ads.com","tld":"com"},"ip":{"addr":"188.42.104.140","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gonet-ads.com","organization":"Go Mobile Inc"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 10 Jun 2025 00:00:00 GMT","end":"Fri, 19 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:9B:E1:71:D4:17:D5:18:6C:A4:F9:5F:2F:DD:DE:56:8C:CB:EC:5F","sha256":"A2:75:01:34:62:6B:85:83:76:99:89:B4:24:0B:18:DF:F2:6E:B4:35:EE:60:EC:E8:1C:4D:E1:23:9E:07:6B:1D"}}},"request":{"raw":"GET /match/SkyAdvert?id=2c64a1ec-a958-eb05-90df-00fdd4b6eeee HTTP/1.1\r\nHost: sync.gonet-ads.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":20,"connect":28,"send":0,"wait":19,"receive":0,"ssl":172},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/match?dp=217\u0026euid=98585537-2050-4d71-a9a4-acd6931ac979","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match?dp=217\u0026euid=98585537-2050-4d71-a9a4-acd6931ac979 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsn.24smi.net/6/5/24832/15500.js?t=1701324258","fqdn":"jsn.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/under_desc/","date":"2025-08-07T06:08:14.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.24smi.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 12:16:56 GMT","end":"Mon, 22 Sep 2025 12:16:55 GMT"},"fingerprint":{"sha1":"8E:C9:F0:9A:F3:A2:9C:57:A6:BA:EA:93:07:93:78:6B:B3:89:EC:B5","sha256":"85:69:6C:70:8D:71:10:1C:DB:51:9C:4B:53:9E:F4:DC:8C:02:10:D6:52:BB:B5:0C:C2:6F:A4:39:6E:69:85:41"}}},"request":{"raw":"GET /6/5/24832/15500.js?t=1701324258 HTTP/1.1\r\nHost: jsn.24smi.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: smi_uid=fFBJimKKi\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 23 Jan 2025 14:56:34 GMT\r\netag: W/\"679258a2-1107e\"\r\nexpires: Thu, 07 Aug 2025 06:18:14 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=0\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69758,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (65485), with no line terminators","md5":"b333fb37ab7853633b4d49ae200f0ddc","sha1":"b5685803ebd54bf43b9f87a8863324e0590e5afe","sha256":"bd4343661544c27548817e0450edce453088c5dfec9f5f5b2d3d590a5ca387ae","sha512":"9e1bbdb625a30a072b668f90ba4bc1e4d5d8497557fc362e001d14deb748390fa47bd47f7bc09750be98052f9e43cf2156c417ba59856ecf50c5bd3feb30791b","ssdeep":"1536:o2ixk34H8puTMUsvErZQtMUsvErZQLUsvErZQW:o2ixkoH8uMU2yKtMU2yKLU2yKW","tlshash":"3063b5334a5e71b72a38783782d9bc4ca10de3824dd29755e6ab5cd4c41b2672a073fe","first_seen":"2023-12-04T19:34:56Z","last_seen":"2026-01-10T20:38:16.578672Z","times_seen":48,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adx.com.ru/sync/init/sapePlazkart?uid=0600007FCE42946823014F990293B552","fqdn":"adx.com.ru","domain":"adx.com.ru","tld":"com.ru"},"ip":{"addr":"83.222.105.118","port":443,"asn":42632,"as":"MnogoByte LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adx.com.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 20 Jun 2025 13:13:33 GMT","end":"Wed, 22 Jul 2026 13:13:32 GMT"},"fingerprint":{"sha1":"0F:34:EC:CE:BC:17:E9:5F:83:40:15:65:EF:68:EC:37:03:9C:C8:9C","sha256":"87:20:22:42:36:6F:88:B8:4D:D7:3A:11:7B:17:9F:56:7B:CD:5A:0C:00:F3:42:3C:BE:28:DE:11:8E:AD:F5:FE"}}},"request":{"raw":"GET /sync/init/sapePlazkart?uid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: adx.com.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.26.3\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dsp.solta.io/match/sape?id=0600007FCE42946823014F990293B552","fqdn":"sync.dsp.solta.io","domain":"solta.io","tld":"io"},"ip":{"addr":"217.199.220.72","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dsp.solta.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 04 Aug 2025 11:49:51 GMT","end":"Sat, 05 Sep 2026 11:49:50 GMT"},"fingerprint":{"sha1":"47:08:04:35:5D:1F:29:FE:9D:B8:04:FB:41:AA:98:1C:B3:95:76:78","sha256":"F4:28:D6:EC:60:7B:5B:18:1C:90:EA:96:70:90:94:81:60:02:76:08:87:8B:89:2E:6B:35:EB:89:97:42:D1:75"}}},"request":{"raw":"GET /match/sape?id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.dsp.solta.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":12,"connect":75,"send":0,"wait":60,"receive":0,"ssl":308},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.opendsp.ru/match/sape_ex?id=0600007FCE42946823014F990293B552","fqdn":"sync.opendsp.ru","domain":"opendsp.ru","tld":"ru"},"ip":{"addr":"185.175.47.157","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.opendsp.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 05 Aug 2025 11:37:07 GMT","end":"Sun, 06 Sep 2026 11:37:06 GMT"},"fingerprint":{"sha1":"A6:D2:A4:C1:9C:FF:E8:4A:C2:A7:58:7A:3B:98:4B:CC:11:C8:FF:1F","sha256":"26:E3:31:B9:C2:C0:30:F6:85:B7:6E:2F:0E:4F:B0:C6:E5:39:D0:1A:8A:86:02:1E:55:68:94:B1:95:F1:4A:A7"}}},"request":{"raw":"GET /match/sape_ex?id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.opendsp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cs.agency2.ru/p?ssp=sp\u0026uid=0600007FCE42946823014F990293B552","fqdn":"cs.agency2.ru","domain":"agency2.ru","tld":"ru"},"ip":{"addr":"23.111.107.44","port":443,"asn":39134,"as":"Edinaya Set Limited Liability Company","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.agency2.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 25 Jul 2024 11:24:45 GMT","end":"Tue, 26 Aug 2025 11:24:44 GMT"},"fingerprint":{"sha1":"51:DD:44:C1:B3:84:0D:7D:C0:0C:80:3C:1F:03:2D:E4:AE:FF:58:16","sha256":"4B:34:0C:92:55:ED:34:69:19:B7:95:81:23:63:A0:F0:33:DA:98:1C:90:3C:BA:71:C7:A4:62:39:7A:5E:EE:13"}}},"request":{"raw":"GET /p?ssp=sp\u0026uid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: cs.agency2.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nServer: fasthttp\r\nCache-Control: no-store, no-cache, must-revalidate\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nLocation: https://www.acint.net/match?dp=186\u0026euid=b973c51d-e412-4ee6-a6f4-c3a865ff9781\r\nSet-Cookie: uuid=b973c51d-e412-4ee6-a6f4-c3a865ff9781; expires=Wed, 29 Jul 2026 06:08:15 GMT; domain=agency2.ru; path=/; secure; SameSite=None\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, DELETE\r\nAccess-Control-Allow-Headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT\r\nX-Host: 23.111.107.44\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":441,"timings":{"blocked":-1,"dns":3,"connect":47,"send":0,"wait":41,"receive":0,"ssl":335},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.opendsp.ru/match/sape?id=0600007FCE42946823014F990293B552","fqdn":"sync.opendsp.ru","domain":"opendsp.ru","tld":"ru"},"ip":{"addr":"185.175.47.157","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.opendsp.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 05 Aug 2025 11:37:07 GMT","end":"Sun, 06 Sep 2026 11:37:06 GMT"},"fingerprint":{"sha1":"A6:D2:A4:C1:9C:FF:E8:4A:C2:A7:58:7A:3B:98:4B:CC:11:C8:FF:1F","sha256":"26:E3:31:B9:C2:C0:30:F6:85:B7:6E:2F:0E:4F:B0:C6:E5:39:D0:1A:8A:86:02:1E:55:68:94:B1:95:F1:4A:A7"}}},"request":{"raw":"GET /match/sape?id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.opendsp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/css/pluso.css?12s5","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /css/pluso.css?12s5 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/css\r\ncontent-length: 6982\r\ncf-ray: 96b4991daf8a569d-OSL\r\nlast-modified: Wed, 27 Mar 2019 07:21:56 GMT\r\netag: \"137a8-5850e4ae34d00-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 227412\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=jD%2Bz0QlIToBLQsCmotnbpRBmCvdjGaHmnbEmMQPKiYTw0QpZBWaw%2FBysQ5D34kIc%2BywRKT81SuJY57hPU2gCCeA%2FtF0x5ZZKj2JpeGYIliWC1C0iueOGGIhbPdq%2FHWrrPw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1514\u0026min_rtt=431\u0026rtt_var=1154\u0026sent=123\u0026recv=49\u0026lost=0\u0026retrans=1\u0026sent_bytes=113045\u0026recv_bytes=3305\u0026delivery_rate=14552763\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=173\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":79784,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"c2908a25b09fc6863f9549e24f6c846d","sha1":"7f82c7cb6c53b8a9d935755a79a74dc3e8509506","sha256":"9bdc9500d9c5b13f9e5581d12caa13fd71feb0f5c2e61d4de26944b159bad332","sha512":"8c795581dfb50841b49aacf844a1433d7ab29e587ec18d77ead9b3d8fb0c45776639dbc16e24750c6f61607bd0e0f2b44377b59c5083b4ed8e64d39039db741e","ssdeep":"768:AcCh0C1CyacaNG+ReOw2ivyqwueX6K1u6Pe+XSWdy2nUW5QWgiwFKkiUOFEiSwq/:AcnmP","tlshash":"9073e5c299fe322cbd07dd23b650b980da3d3111d5253ebd819d3db9a28a4d8f01766e","first_seen":"2023-05-21T11:00:04Z","last_seen":"2026-03-29T07:13:34.391263Z","times_seen":69,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":148,"dns":15,"connect":30,"send":0,"wait":17,"receive":1,"ssl":87},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vak345.com/csn/202508070908.js?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026_t=1754546893558.558","fqdn":"vak345.com","domain":"vak345.com","tld":"com"},"ip":{"addr":"87.242.104.43","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vak345.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 17:45:27 GMT","end":"Thu, 30 Oct 2025 17:45:26 GMT"},"fingerprint":{"sha1":"B9:7C:3A:DC:DE:01:2D:7C:9D:C6:3F:02:C0:CA:1B:0A:46:ED:90:03","sha256":"CB:AC:06:11:55:51:91:7F:E1:24:EB:DF:FB:71:51:A6:CE:EB:7D:8C:96:33:6C:72:24:22:4E:ED:3D:62:39:0B"}}},"request":{"raw":"GET /csn/202508070908.js?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026_t=1754546893558.558 HTTP/1.1\r\nHost: vak345.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\nvary: Accept-Encoding\r\nx-skyadvert-udata: cache,parsed,1785295\r\nserver-timing: APP;dur=0.0000, cache;dur=0.0000, udata;dur=0.0000, config;dur=0.0000, key_checks;dur=0.0000, keyManager;dur=0.0000, country_accepts;dur=0.0000, dataArr;dur=0.0000, tpl_transform;dur=0.0000, tpl_get;dur=0.0000, tpl_replace;dur=0.0000\r\nx-build: 42666c3f\r\nx-host: nginx3\r\nset-cookie: sky_uuid=54b2c4c0-5d6e-60f4-801d-ec34837fc101; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100336,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65401), with no line terminators","md5":"5b22bef57b9c55e207246c60be5b4b88","sha1":"cc165620252be52b46b7343e549f138f7ca89fa9","sha256":"c0432516293ff447155b785890ad70de15133a2eda93fe72899312d37255626e","sha512":"cbe1a6240f9e50a33611dc11c03185d6f36e2285a7e28e2598a0faafa410359fca2914bf32085f281a60747b8f8fcb441e5a316f3fc9a6f826bd71d32b80cf4f","ssdeep":"1536:mLVI/2tNOVuxALFJGHe5LENtV0MsBwj23ZoREl5i+Ep1fMeDA:x/7lFJGHe5ANtD2pBviHjDA","tlshash":"fba3f9633212e93546f2c0ea61765602f326619cb8c6461cb5accdd768ecd4371bebf8","first_seen":"2025-08-07T06:08:50.929842Z","last_seen":"2025-08-07T06:08:50.929842Z","times_seen":1,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"logger.moviead55.ru/logger?t=target_country_load\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026a=\u0026m=%7B%22browser%22%3A%22%7B%5C%22name%5C%22%3A%5C%22firefox%5C%22%2C%5C%22version%5C%22%3A%5C%22134%5C%22%7D%22%2C%22isMobile%22%3Afalse%2C%22format%22%3A%22new%22%2C%22time%22%3A112%7D\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026o=","fqdn":"logger.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.162","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /logger?t=target_country_load\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026a=\u0026m=%7B%22browser%22%3A%22%7B%5C%22name%5C%22%3A%5C%22firefox%5C%22%2C%5C%22version%5C%22%3A%5C%22134%5C%22%7D%22%2C%22isMobile%22%3Afalse%2C%22format%22%3A%22new%22%2C%22time%22%3A112%7D\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026o= HTTP/1.1\r\nHost: logger.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: Content-Type: image/png\r\nvary: Accept-Encoding\r\nx-logger-le: true\r\nx-logger-tdb: default\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"b357a19c87624c7c4d131aeeb4ae677f","sha1":"c7a9c45fd419815a5ab1998503a9f03514c0e229","sha256":"497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581","sha512":"794ee916028e48775103a2f1974a7d7d92089f45dffa86c5c342afa073fa41d4a589340ad126789854a7c8e9ac19a5cc7955ebf80fd349f17959a3277f3b6069","ssdeep":"","tlshash":"81a022e32ba0bc3cca30203300088b30ca3020a000220e8e000e803e3c022e000882a3","first_seen":"2023-04-11T22:59:57Z","last_seen":"2026-04-05T14:28:29.233573Z","times_seen":2871,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":68,"dns":5,"connect":20,"send":0,"wait":17,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=sapecookie\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=sapecookie\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://www.acint.net/rmatch?dp=167\u0026euid=01d1390a-94db-c5e4-b839-534579de15be\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D%24%7BUSER_ID%7D\r\nset-cookie: sky_uuid=01d1390a-94db-c5e4-b839-534579de15be; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/rutor-logo.jpg","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /rutor-logo.jpg HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 40987\r\ncf-ray: 96b4991d3f10569d-OSL\r\nlast-modified: Sun, 06 Oct 2013 21:18:39 GMT\r\netag: \"a01b-4e819144909c0\"\r\naccept-ranges: bytes\r\nage: 726849\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=rGOUVhdolQ6ntEWVCCaOQv%2B8QTYjE3jIQARvAaDe3TZkXt19FqsASQ7zH2hAPMNHavW63fM4MzPoXXGqy7sNqx6YWYsdfsGCBoHp6ehZ%2FiZRqosbYiuegCPjf7VynA9BRQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=20\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=6327\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=106\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40987,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 420x110, components 3","md5":"dfc84b0055c981234dd3f48bb8ea7ec2","sha1":"43124eced811630622b81e968590e11071c31040","sha256":"c22baf90cbd403ab7d173f6fa65999a6246d71612d6859181ea7642e98a75279","sha512":"4aa9f868d4cfa7f798429b206763ef9e5680e0f6ee46f790f5002fd2219242802445bb54de02a691b62ca5b7521aa3326e471a38b4952d67485a85aaed389fde","ssdeep":"768:Gsy1cuV6mpkH1V6YDDI15+sV1gemJvCk8dpKZvijAsNwlFwKftTR:Gs3joi6YA1J1gemJvVsGv2KzwK3","tlshash":"8103f278f171948595a49894c7e2e78fc2414c4bc8f9b3a2a3d24f919052072edfcbdd","first_seen":"2023-05-21T11:00:04Z","last_seen":"2026-03-29T07:13:34.402288Z","times_seen":66,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":35,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"data.24smi.net/informer?psw=1280\u0026psh=1024\u0026pow=1280\u0026poh=1024\u0026pdpr=1\u0026pdt=1754546894\u0026ptz=0\u0026pl=en-US\u0026object=24415\u0026template_id=14536\u0026num=3\u0026ref=https%3A%2F%2F6-wbpbqewx.123tt.ru\u0026output=json\u0026chash=ea4Dkpnf6O\u0026extids=\u0026page=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026yhb_price=0\u0026formats=1\u0026show_id=daf4bf5b-1aed-4272-8181-4fcdcbc4c491\u0026callback=__smiCb1754546893933","fqdn":"data.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","date":"2025-08-07T06:08:14.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.24smi.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 12:16:56 GMT","end":"Mon, 22 Sep 2025 12:16:55 GMT"},"fingerprint":{"sha1":"8E:C9:F0:9A:F3:A2:9C:57:A6:BA:EA:93:07:93:78:6B:B3:89:EC:B5","sha256":"85:69:6C:70:8D:71:10:1C:DB:51:9C:4B:53:9E:F4:DC:8C:02:10:D6:52:BB:B5:0C:C2:6F:A4:39:6E:69:85:41"}}},"request":{"raw":"GET /informer?psw=1280\u0026psh=1024\u0026pow=1280\u0026poh=1024\u0026pdpr=1\u0026pdt=1754546894\u0026ptz=0\u0026pl=en-US\u0026object=24415\u0026template_id=14536\u0026num=3\u0026ref=https%3A%2F%2F6-wbpbqewx.123tt.ru\u0026output=json\u0026chash=ea4Dkpnf6O\u0026extids=\u0026page=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026yhb_price=0\u0026formats=1\u0026show_id=daf4bf5b-1aed-4272-8181-4fcdcbc4c491\u0026callback=__smiCb1754546893933 HTTP/1.1\r\nHost: data.24smi.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: smi_uid=fFBJimKKi\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: no-store\r\nset-cookie: smi_uid=fFBJimKKi; max-age=31536000; domain=.24smi.net; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"36c891fa9dc2296a6fea5720f7962b08","sha1":"fad81d38e84965581f12085a28ca2cf2c90f0b64","sha256":"19c3871bc1d666d5ccb3184a62425bf269415f55dd71af2926232aeb3ffa2e04","sha512":"ca19a883deb9e340f86a9122669f1b318fccc95deb4d1c65cd0e730143fffe348b09115ca0db0c51688d229830d51695390b539aaac940bbd0f2c539f70a16df","ssdeep":"","tlshash":"f2b01290491019b450d8c52102057b055dc001362511d80855b041ac93bf14304e248f","first_seen":"2025-08-07T06:08:50.944954Z","last_seen":"2025-08-07T06:08:50.944954Z","times_seen":1,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.gonet-ads.com/match/sape.js?id=0600007FCE42946823014F990293B552","fqdn":"sync.gonet-ads.com","domain":"gonet-ads.com","tld":"com"},"ip":{"addr":"188.42.104.140","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gonet-ads.com","organization":"Go Mobile Inc"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 10 Jun 2025 00:00:00 GMT","end":"Fri, 19 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DC:9B:E1:71:D4:17:D5:18:6C:A4:F9:5F:2F:DD:DE:56:8C:CB:EC:5F","sha256":"A2:75:01:34:62:6B:85:83:76:99:89:B4:24:0B:18:DF:F2:6E:B4:35:EE:60:EC:E8:1C:4D:E1:23:9E:07:6B:1D"}}},"request":{"raw":"GET /match/sape.js?id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.gonet-ads.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pix.bumlam.com/sync/sape/done","fqdn":"pix.bumlam.com","domain":"bumlam.com","tld":"com"},"ip":{"addr":"31.172.81.160","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:17.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bumlam.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 06:16:05 GMT","end":"Sat, 18 Oct 2025 06:16:04 GMT"},"fingerprint":{"sha1":"63:39:BB:B3:0F:06:C3:B8:0F:8B:09:D7:EB:99:F3:72:4A:AB:94:27","sha256":"E7:AF:31:40:0B:59:D5:B3:32:9C:37:13:F5:35:8E:06:36:67:4D:FD:5A:6A:CD:46:CF:09:8C:3B:7C:E2:24:BA"}}},"request":{"raw":"GET /sync/sape/done HTTP/1.1\r\nHost: pix.bumlam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: suuid3=IiRlODBjZDE4NC03MzU0LTExZjAtODZlMC0wMDI1OTBjMDY0N2M*\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:17 GMT\r\nContent-Type: image/gif\r\nContent-Length: 43\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://www.acint.net\r\nAccess-Control-Allow-Credentials: true\r\nTiming-Allow-Origin: *\r\nCross-Origin-Resource-Policy: cross-origin\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0, proxy-revalidate, s-maxage=0\r\nPragma: no-cache\r\nExpires: 05-Jun-2005 22:00:00 GMT\r\nX-Xss-Protection: 0\r\nP3P: policyref=\"https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml\", CP=\"CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/parse/s.rutor.org/i/poisk_bg.gif","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"123tt.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 23:16:34 GMT","end":"Tue, 09 Sep 2025 00:11:23 GMT"},"fingerprint":{"sha1":"33:C9:E3:85:7A:15:06:3B:6A:7F:B8:0B:01:6F:F7:BF:9A:88:7A:26","sha256":"57:7C:B3:AF:43:E6:6E:D8:E5:72:3D:6A:C5:E0:6C:6A:DF:DC:57:D9:48:DB:03:B8:C7:0F:0F:99:D0:F2:75:03"}}},"request":{"raw":"GET /parse/s.rutor.org/i/poisk_bg.gif HTTP/1.1\r\nHost: 6-wbpbqewx.123tt.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: korjik_test=1; crackers_days=1; crackers_visited=1; crackers_time_visited=1754546891; crackers_views=1; somechange_js_korjik=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 1998\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"7ce-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sWqZJKaAOy0%2F%2Fkl7EaLBe5QYD93PKcWqmwaY7PMRL146AA9gcg0JIXycFQ1O9DUxzahEegOaDvVRRcOplPK2dm2DrMRaaU4RmG1e073wPefx\"}]}\r\naccess-control-allow-origin: chrome-extension://pmlihfbibgfoklgdkkeipenneifojopk\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: office, content-type, Content-Type, Accept, x-requested-with\r\naccess-control-allow-methods: GET, OPTIONS, POST\r\ncf-ray: 96b49924099d56c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1998,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 46 x 56","md5":"76118a48fd5ae4b926e34f4edb427386","sha1":"4aa5f228e3f511bf626afa6703488d1d7c6df5e0","sha256":"4912841156c4582948d016867a6c71845a0221f1dd6419ea911f6f83bbc431d7","sha512":"1f929eb2a0a9bee00d0a7efa41991625ef4d05c1db107af99b4ea76e5f40435c5b14b8df3d3d3545e899f60fde2ea34dab55a3b65692aa766766e417b513e3d1","ssdeep":"","tlshash":"a141079a5b90cb9cc2ec70f3120486c80232c0f804a0b7060173e4cdea983712b28381","first_seen":"2023-05-10T15:46:50Z","last_seen":"2026-04-01T09:23:20.271927Z","times_seen":353,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/t/functions.js","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/t/functions.js HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 1327\r\ncf-ray: 96b4991d3f01569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"d40-4f8f8b3aed540-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 227419\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=lB3D4IJDVJWDNrsH11aGBCytoknOInlrMHm%2B5s%2Bakhab98FSBlkHuz%2FdWH3N30wLudgCqcsCotiVqhIDmbLXpaafWykpFbyn2zybHSYg%2FNeh7Mz8fhq4u1N6sYEW0A0RLQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=17\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=4460\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=106\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3392,"size_decoded":0,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text","md5":"e1807e6a8009ef9a06b54a0586ee8884","sha1":"2691a68a2209485cbe526d8914c54113daf773df","sha256":"d47ad6a2c2fa3bbd326ea77e4a328ea45e13f67593684237859ef21ed594222d","sha512":"99bde3ae5264e92d6288bf01bda8cf48eac02d7e2c9d51ddaeceaeaaec439f61bec916355253a29eb18c614bfc66080dae36f19910cca9027825600c4e87280b","ssdeep":"","tlshash":"82613219b9c1502a872710353def364a34b90573d085da62b86cb9606f64e34577eef8","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.406875Z","times_seen":73,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":71,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ck.silvermob.com/sync?pid=533\u0026uid=0600007FCE42946823014F990293B552\u0026rd=1\u0026r=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D274%26euid%3D%5BUSER_ID%5D","fqdn":"ck.silvermob.com","domain":"silvermob.com","tld":"com"},"ip":{"addr":"212.95.41.187","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.silvermob.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV CA","organization":"GoGetSSL"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Tue, 18 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"70:2E:03:9D:B3:64:0A:E3:03:C3:4B:D3:B6:0D:2B:1E:EA:03:DE:6B","sha256":"A7:57:54:F6:D4:B9:E7:62:E6:BD:9E:0B:D0:E0:57:9F:BD:CE:95:C0:30:CA:8E:98:D9:F2:50:D6:28:10:E6:AE"}}},"request":{"raw":"GET /sync?pid=533\u0026uid=0600007FCE42946823014F990293B552\u0026rd=1\u0026r=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D274%26euid%3D%5BUSER_ID%5D HTTP/1.1\r\nHost: ck.silvermob.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nConnection: close\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":546,"timings":{"blocked":-1,"dns":21,"connect":37,"send":0,"wait":56,"receive":0,"ssl":415},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/match?dp=366\u0026euid=VUnZUsbWsOWu9RE","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match?dp=366\u0026euid=VUnZUsbWsOWu9RE HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/ut?v=1\u0026u=%2C%2C%2C%2C%2C%2Cf769c27b3221fff6aac3efadd35596aa%2C","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:16.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/ut?v=1\u0026u=%2C%2C%2C%2C%2C%2Cf769c27b3221fff6aac3efadd35596aa%2C HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://6-wbpbqewx.123tt.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sm=QgBolELO; da=KLqvcgAAAAGQV4QLAAAAAQ; as=97USd2iUQtA; u=aJRCzuiMv9Y~ZbJn6r51RlGWkng-ak3cLTg-qwU\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:17 GMT\r\nConnection: keep-alive\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://6-wbpbqewx.123tt.ru\r\nset-cookie: u=aJRCzuiMv9Y~ZbJn6r51RlGWkng-ak3cLTg-qwU; path=/; max-age=7776000; samesite=none; httponly; secure\r\nserver-timing: app;srv=s3a;dur=0.0002\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","date":"2025-08-07T06:08:14.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css2?family=Inter:wght@500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 07 Aug 2025 06:08:14 GMT\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2591,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"ef44ae0b8f25dc41fa5b07cf3be27c04","sha1":"ebb849762e48645f1d923edf460be36428466378","sha256":"82a2759304a0f2ab6027c9f83dcf00bb0e20e130c7a99523ed6cc431b24e03c2","sha512":"7ffe052a6f84c60913a2f2a0b1c26f33e3d7d9482d051c4533915aa736cf92cfb8cfe5e9e7fd61c853b1fb27de3c12f984df6b7211566525e1b2e608194fd1a9","ssdeep":"","tlshash":"4e51cce1402b95009a4b1dc227cf3f2aaede21482485c5ba5bfd1cc59ceed264369b4e","first_seen":"2025-06-04T00:49:12.003342Z","last_seen":"2025-09-01T18:11:40.002141Z","times_seen":39,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":116,"dns":0,"connect":28,"send":0,"wait":31,"receive":0,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.kimberlite.io/js/thumbmark.umd.js","fqdn":"static.kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"212.8.232.117","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /js/thumbmark.umd.js HTTP/1.1\r\nHost: static.kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://6-wbpbqewx.123tt.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kimberlite.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 30 Jul 2025 22:26:59 GMT\r\netag: W/\"688a9c33-4d0c\"\r\naccess-control-allow-origin: https://6-wbpbqewx.123tt.ru\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH\r\naccess-control-allow-headers: Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19724,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19681)","md5":"549ae72e6f04a1be3845c2467b00f5cb","sha1":"23a1fa40e24b07810b0db9d77ad69f02fe8e47c1","sha256":"ee78100bc66cf23fd224b83821eccdfeec4c4f8007af640ec96c4f7b0ffeb6b4","sha512":"afb73d447c310052b73a4885b3bf5a85896f19cfd7ca854a22253f2e0b36f3183400fb4f5c67c1596090e064d91c94732f5a81cfb6c7bafae57415f15d87bd72","ssdeep":"384:lrjNO+S3AcKS9jfnsxVlZv0dUEusSKcC2vZlR5S03NjtTgFqtWkxJ59yCJKZf2+T:l1asxVlZsdUEusY9vZP5SoNjtiwJ59Ve","tlshash":"049228a9b934203f426f3997a037400ba17db714360b8459f12d45866ad7e8e63fbf6c","first_seen":"2025-07-11T04:58:14.321758Z","last_seen":"2026-02-16T11:46:34.214394Z","times_seen":359,"resource_available":true,"data":null}},"time_used":317,"timings":{"blocked":91,"dns":13,"connect":55,"send":0,"wait":72,"receive":0,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/rmatch?dp=95\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D95\u0026euid=MKMJRNKW","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?dp=95\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D95\u0026euid=MKMJRNKW HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://mc.acint.net/cmatch?dp=95\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/sape-banner?uid=0600007FCE42946823014F990293B552\u0026url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D126","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.71","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Mon, 23 Sep 2024 00:00:00 GMT","end":"Mon, 29 Sep 2025 23:59:59 GMT"},"fingerprint":{"sha1":"AD:3D:5A:FB:EA:0C:06:C6:DD:3E:69:73:36:2A:74:3B:95:70:1E:67","sha256":"73:D5:51:B5:32:C9:CE:3F:65:12:83:12:96:96:39:A9:AD:83:3D:BB:9B:DD:F5:77:84:D8:C9:2A:75:F5:D4:48"}}},"request":{"raw":"GET /cookiesync/dsp/sape-banner?uid=0600007FCE42946823014F990293B552\u0026url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D126 HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 269\r\nlocation: /cookiesync/dsp/sape-banner?set_buzzoola_cookie=t\u0026uid=0600007FCE42946823014F990293B552\u0026url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D126\r\nset-cookie: uuid=687fc80e-a16d-4a39-6602-a6eb00f5b525; Path=/; Domain=buzzoola.com; Expires=Sat, 06 Sep 2025 06:08:15 GMT; Max-Age=2592000; Secure; SameSite=None\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/js/plz.somechange.new.mn.js?211","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /js/plz.somechange.new.mn.js?211 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-length: 1144\r\ncf-ray: 96b499226c55569d-OSL\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=2678400\r\ncf-cache-status: MISS\r\nlast-modified: Thu, 07 Aug 2025 06:08:13 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=fZvoSr%2BFAU09dNOjznSnKjR8ZGTdFETjpm5IICBRuyfrtNljOMukNTostDpNYheyy76i24AwiRjPAl44ut8bVw1wXT3QWh3CFKgReTxYR9f59GPcOCF%2FvNNAFis%2B6dqj5A%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1285\u0026min_rtt=431\u0026rtt_var=646\u0026sent=151\u0026recv=55\u0026lost=0\u0026retrans=1\u0026sent_bytes=145849\u0026recv_bytes=3402\u0026delivery_rate=37938864\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=1034\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3293,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2859)","md5":"88ec660122b6599c6fe8d645cc5f3b44","sha1":"21bd9f609fd0332363752e1d04a6b5cca625c14d","sha256":"ec2adeb3f8361c1907d58b0597cafad01b6826a48852b7f239493d7a3ede6952","sha512":"6cfb295af1f463e5ca28e1309861d86d16f8c62ecc80b37373d4e5488d75fd1673b57e0ffa7dd3f06f43d18226dcc84453730c40cd537c7c6139711dbf5249b7","ssdeep":"","tlshash":"88613ff9ac73d435e5af20abe03df31a6ab81f4bb1c8e061754ccd994741adc5485c88","first_seen":"2024-10-17T23:59:15.818153Z","last_seen":"2025-08-12T06:34:34.496538Z","times_seen":22,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":118,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/backgr.png","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/backgr.png HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libbb.yotor.ru/parse/s.rutor.org/css.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 2869\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=tqEHI%2BRkSbrtAGaFCXlF1oMynCqMyWV7QJXKiFuK7OHfYAmQzY2%2FPXddV0kVJrTDDD3MoE5bFCtyaWBidSZ2xHxSq2MevN%2Bd%2FvmV56EgZNKKue309FfFWjBEObgnBh%2FeGg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"b35-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 726840\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\ncf-ray: 96b49923d9f40b65-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1335\u0026min_rtt=0\u0026rtt_var=1482\u0026sent=390\u0026recv=531\u0026lost=0\u0026retrans=0\u0026sent_bytes=34179\u0026recv_bytes=29720\u0026delivery_rate=1370577\u0026ss_exit_cwnd=14896\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=5783e9267c46b1c9\u0026ts=1035\u0026inflight_dur=47\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2869,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2 x 40, 8-bit/color RGB, non-interlaced","md5":"c3ce2bb8d4c132e9de2119357cc9996a","sha1":"a9852953a234009e3f2269bd8b2cc4f2f2c432c9","sha256":"169a94c46ca015567d2a42296bc93f41bbf6251b46ddbe476d6843da2a1360d6","sha512":"108eb584f9d6f13f4e76778a80dc4d241caa91390dd62105e938a9f7efcb40c2ef0fdee4b7e6af4233fa838f02214da94c6421b270af03c08f546c3a9ff749c3","ssdeep":"","tlshash":"60516bafc9b0a48f6ced75810dcd0202e768327c9a67363894c265de1055e077f25075","first_seen":"2023-05-21T11:00:05Z","last_seen":"2026-03-29T07:13:34.388289Z","times_seen":102,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sp.ohmy.bid/cmft","fqdn":"sp.ohmy.bid","domain":"ohmy.bid","tld":"bid"},"ip":{"addr":"37.0.127.200","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ohmy.bid","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 15:12:54 GMT","end":"Sat, 18 Oct 2025 15:12:53 GMT"},"fingerprint":{"sha1":"AE:15:A3:A4:41:D3:DA:E5:B7:41:38:D6:C9:5B:70:83:47:0B:5B:C8","sha256":"0E:15:23:C8:20:5B:EE:67:6D:A1:5C:CE:0E:A4:E3:41:59:F4:F6:58:3C:C3:7B:8A:CD:2F:21:D5:DD:A6:08:AB"}}},"request":{"raw":"GET /cmft HTTP/1.1\r\nHost: sp.ohmy.bid\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uid=98585537-2050-4d71-a9a4-acd6931ac979.689442ce.dae9e882cc3bd006\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Type: text/html\r\nContent-Length: 709\r\nConnection: keep-alive\r\nBidder: bid-04 1.2104.4452ce78\r\nContent-Encoding: gzip\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2149,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2149), with no line terminators","md5":"e1ab8bc97d8e17ae69633a526523607e","sha1":"e6ea469cbca3d646adbef158016692b9f629358d","sha256":"828c77ea2e73937458c45d9332ca4b2bd2108da2df6dbf2f44bcdf60e28cca1a","sha512":"7ff8450ad2e6b54298f83f2571ebd9f3d1144b7dbff323c14a77d1cd2dcdc29556311ff84c3596f89c43b74d8c2634a2d2a98469caf066d79314fbd19ce7bc63","ssdeep":"","tlshash":"3c41bef2b65a248eeb0097b5d450599c690f640f1b514e6efd38307f33055ea9cd2a7c","first_seen":"2025-08-07T06:08:50.953568Z","last_seen":"2025-08-07T06:08:50.953568Z","times_seen":1,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/oci/?v=0.7.1\u0026uid=38f3c079-c3bb-4ef0-99ed-d9b34f896a4b\u0026dp=167\u0026tz=%2B00%3A00\u0026nc=819080\u0026oid=52c23a0593a416c46c93b04c0a432175","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:16.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /oci/?v=0.7.1\u0026uid=38f3c079-c3bb-4ef0-99ed-d9b34f896a4b\u0026dp=167\u0026tz=%2B00%3A00\u0026nc=819080\u0026oid=52c23a0593a416c46c93b04c0a432175 HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894; cSyncDp7v3=1754546896\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=bzcookie\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=bzcookie\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://exchange.buzzoola.com/cookiesync/redirect/skyadvert?redirect_url=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dbzcookie%26bid%3D%24%7BUUID%7D\r\nset-cookie: sky_uuid=734420b7-6670-1a56-6755-ca1738f7563e; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/ujs?ymss=skyadvert","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/ujs?ymss=skyadvert HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 906\r\nConnection: keep-alive\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nset-cookie: u=aJRCzuiMv9Y~ZbJn6r51RlGWkng-ak3cLTg-qwU; path=/; max-age=7776000; samesite=none; httponly; secure\nsm=QgBolELO; path=/rtb; max-age=604800; samesite=none; httponly; secure\r\ncontent-encoding: gzip\r\nserver-timing: app;srv=s13a;dur=0.0002\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1530,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (588)","md5":"177d50353544da216402c730c9e6dd1e","sha1":"092cfbfe0f7aeb2f356019cf218993d944bbcbf5","sha256":"bd338292ccff53562314eaf5adaaef714d6b56776866bc0a5fc069946fefab6f","sha512":"0514b2feb0de44c6867e446d56670713f1d51600a28125f6173b91df3d777d12e6e6b0ba9044228596b72c53f78c475260a115e94a4987872adf5625dc2c7724","ssdeep":"","tlshash":"a83185a328c8907c863000dbe13e8748b9760b6468ad9c6bd63f4e403959d4bec99dac","first_seen":"2025-08-07T06:08:50.95569Z","last_seen":"2025-08-07T06:08:50.95569Z","times_seen":1,"resource_available":true,"data":null}},"time_used":621,"timings":{"blocked":265,"dns":1,"connect":56,"send":0,"wait":76,"receive":0,"ssl":218},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp.al-adtech.com/api/sync/skyadvert","fqdn":"ssp.al-adtech.com","domain":"al-adtech.com","tld":"com"},"ip":{"addr":"45.139.25.120","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.al-adtech.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Wed, 30 Jul 2025 13:05:13 GMT","end":"Tue, 28 Oct 2025 13:05:12 GMT"},"fingerprint":{"sha1":"31:D5:11:77:6F:8B:30:77:36:D0:F2:F5:1E:7B:1D:FD:4F:F1:30:F9","sha256":"2C:90:CC:F4:B5:D4:7C:71:05:04:5B:A4:C1:AF:1A:92:14:66:83:DE:98:6A:97:6F:07:C4:4D:24:BF:8C:71:4F"}}},"request":{"raw":"GET /api/sync/skyadvert HTTP/1.1\r\nHost: ssp.al-adtech.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.20.1\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin\r\nAccess-Control-Allow-Origin: \r\nAccess-Control-Allow-Credentials: true\r\nLocation: https://code.moviead55.ru/go/csync?cn=astlb\u0026bid=c855bde2-bdd3-499b-9b32-bd9e0d953c17\r\nSet-Cookie: afp_cookie=gAAAAABolELOoGq3xv65fDS47Gv4q4sKeRO0-nmZUbjYE4Ri19oS1jNENuDVPFIlvOgYat2BjpqL4wlEoxF0eIwPXr3IF6GfuyXwudJScW2bBNr_yB6Cng5teTTmk_oFAo1JpZMrldkfohplN2ALRggfJJqpc337mftqhOXErSW2L07cWxIF0-5CUYw2EP1ys-KWx5dF5bDnxuj5h35AGVA54p4rFiXNqg==$; expires=Sun, 07 Sep 2025 06:08:14 GMT; path=/; secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":561,"timings":{"blocked":251,"dns":53,"connect":50,"send":0,"wait":50,"receive":0,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"data.24smi.net/informer?psw=1280\u0026psh=1024\u0026pow=1280\u0026poh=1024\u0026pdpr=1\u0026pdt=1754546894\u0026ptz=0\u0026pl=en-US\u0026object=24832\u0026template_id=15500\u0026num=4\u0026ref=https%3A%2F%2F6-wbpbqewx.123tt.ru\u0026output=json\u0026chash=ea4Dkpnf6O\u0026extids=\u0026page=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026yhb_price=0\u0026formats=1\u0026show_id=ed46f086-90a7-49c0-9ca0-18e050d898d4\u0026callback=__smiCb1754546894062","fqdn":"data.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/under_desc/","date":"2025-08-07T06:08:14.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.24smi.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 12:16:56 GMT","end":"Mon, 22 Sep 2025 12:16:55 GMT"},"fingerprint":{"sha1":"8E:C9:F0:9A:F3:A2:9C:57:A6:BA:EA:93:07:93:78:6B:B3:89:EC:B5","sha256":"85:69:6C:70:8D:71:10:1C:DB:51:9C:4B:53:9E:F4:DC:8C:02:10:D6:52:BB:B5:0C:C2:6F:A4:39:6E:69:85:41"}}},"request":{"raw":"GET /informer?psw=1280\u0026psh=1024\u0026pow=1280\u0026poh=1024\u0026pdpr=1\u0026pdt=1754546894\u0026ptz=0\u0026pl=en-US\u0026object=24832\u0026template_id=15500\u0026num=4\u0026ref=https%3A%2F%2F6-wbpbqewx.123tt.ru\u0026output=json\u0026chash=ea4Dkpnf6O\u0026extids=\u0026page=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026yhb_price=0\u0026formats=1\u0026show_id=ed46f086-90a7-49c0-9ca0-18e050d898d4\u0026callback=__smiCb1754546894062 HTTP/1.1\r\nHost: data.24smi.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: smi_uid=fFBJimKKi\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: no-store\r\nset-cookie: smi_uid=fFBJimKKi; max-age=31536000; domain=.24smi.net; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"3d30a01c41fd9ab78f3b6184ff17cc33","sha1":"9ca83d36e3800f8ed6f501c2d03c539e26407eec","sha256":"d398e4cac44f2994b6b016fce7ea5d81db32aa24c9d02a412b18f6fd6a1e68e7","sha512":"045481a3a1e3227740b3f60476ab26e38baf1ee8bfff6a2a32c92673cb0fc404160346974846f70eadcbb0088374800dec5f9a42f21d689c4c28e09585026a2b","ssdeep":"","tlshash":"30b01240441118b41198c51102016b055dc04b2625119c18d6b091ac43b714304d244f","first_seen":"2025-08-07T06:08:50.957609Z","last_seen":"2025-08-07T06:08:50.957609Z","times_seen":1,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=otmbid\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=otmbid\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://sync.dmp.otm-r.com/match/skyadvert\r\nset-cookie: sky_uuid=16ce49cc-1229-134b-09f1-ee4fc2b3d5eb; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pxltag.com/match?id=aed2070256c34c4c8098476a32bf5b32\u0026external_id=0600007FCE42946823014F990293B552","fqdn":"pxltag.com","domain":"pxltag.com","tld":"com"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pxltag.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Jun 2025 13:30:31 GMT","end":"Wed, 17 Sep 2025 13:30:30 GMT"},"fingerprint":{"sha1":"04:F8:46:06:7B:1C:F3:AD:81:E7:6E:9E:DC:27:7E:84:D5:F2:87:89","sha256":"CE:24:FB:EC:86:0D:8C:A7:87:37:36:A2:5F:06:B0:A7:93:CB:8B:38:61:53:DC:80:4C:9C:2F:96:53:3C:D8:1A"}}},"request":{"raw":"GET /match?id=aed2070256c34c4c8098476a32bf5b32\u0026external_id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: pxltag.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-length: 0\r\nlocation: https://mc.acint.net/match?dp=337\u0026euid=P56Tj7o20\r\nset-cookie: smi_uid=P56Tj7o20; max-age=31536000; domain=pxltag.com; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":6,"connect":38,"send":0,"wait":78,"receive":0,"ssl":238},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adiam.tech/sync?ssp=29","fqdn":"a.adiam.tech","domain":"adiam.tech","tld":"tech"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"adiam.tech","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Jun 2025 10:46:03 GMT","end":"Fri, 19 Sep 2025 11:44:28 GMT"},"fingerprint":{"sha1":"71:D1:E6:15:D8:EB:10:87:A3:FC:88:14:E7:CB:E9:04:F2:64:F5:38","sha256":"C5:89:D2:39:D5:2A:F2:2C:7D:5B:16:B9:30:53:98:7F:76:3A:29:9C:E5:04:28:1A:21:E7:88:F0:60:92:82:BE"}}},"request":{"raw":"GET /sync?ssp=29 HTTP/1.1\r\nHost: a.adiam.tech\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ji8tL7MD1HKkvJi%2FzjlcSfNbEQ1hf9BUlVpC3xVdxzvc7pLZfs5j%2BbBOyrU%2BOnvSgrp1VjbHRjD%2BWLpPOlcUlCjL9Plwj5%2BfMNM%3D\"}]}\r\nset-cookie: preadiam=1; SameSite=None; Secure; Path=/; Domain=adiam.tech; Expires=Sat, 06 Sep 2025 09:08:16 GMT\r\ncf-ray: 96b499339dca56a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":441,"timings":{"blocked":-1,"dns":16,"connect":1,"send":0,"wait":170,"receive":0,"ssl":237},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=btwcookie\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=btwcookie\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://ads.betweendigital.com/match?bidder_id=34348\u0026callback_url=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dbtwcookie%26bid%3D%24%7BUSER_ID%7D\r\nset-cookie: sky_uuid=bdd6b644-7006-f29e-4b16-5922f322d53a; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"match.new-programmatic.com/userbind?src=sape\u0026id=0600007FCE42946823014F990293B552","fqdn":"match.new-programmatic.com","domain":"new-programmatic.com","tld":"com"},"ip":{"addr":"217.65.2.150","port":443,"asn":3175,"as":"Citytelecom LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ad.ad-blast.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Jun 2025 07:47:50 GMT","end":"Sat, 27 Sep 2025 07:47:49 GMT"},"fingerprint":{"sha1":"2F:A0:3F:43:D0:CF:CE:AF:4E:B8:01:26:77:7D:14:6F:93:7C:A2:FA","sha256":"9E:D7:30:A4:1A:32:70:44:B3:D5:00:46:26:04:E3:A4:BC:E2:04:11:85:55:D3:DE:D8:05:92:0A:12:51:D9:03"}}},"request":{"raw":"GET /userbind?src=sape\u0026id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: match.new-programmatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.22.1\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":25,"dns":12,"connect":58,"send":0,"wait":59,"receive":0,"ssl":135},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.videohead.tech/sync?ssp=68","fqdn":"a.videohead.tech","domain":"videohead.tech","tld":"tech"},"ip":{"addr":"104.21.16.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"videohead.tech","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 08 Jul 2025 17:51:38 GMT","end":"Mon, 06 Oct 2025 18:50:11 GMT"},"fingerprint":{"sha1":"54:16:E9:9E:C1:B5:BC:11:91:0F:21:EC:0C:A5:D3:CD:42:7F:BD:41","sha256":"A2:13:62:8F:22:6D:29:0D:F7:B9:9A:F6:B2:04:85:62:EA:23:AE:3C:C1:F4:05:AD:26:AF:E1:0A:4F:8C:5E:B4"}}},"request":{"raw":"GET /sync?ssp=68 HTTP/1.1\r\nHost: a.videohead.tech\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5t60PAYG6qLNDFcjQA%2BLVDDKyz0JehIcfVmJCnE4V78Xj6PvkQ2He9GegYZYPx2iemvwTE%2BLQS86W3F2PBFZjrZLrG4nRWIPWAvmPo8B\"}]}\r\nset-cookie: prevhead=1; SameSite=None; Secure; Path=/; Domain=videohead.tech; Expires=Sat, 06 Sep 2025 09:08:15 GMT\r\ncf-ray: 96b499337b9a569a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":396,"timings":{"blocked":-1,"dns":13,"connect":9,"send":0,"wait":143,"receive":0,"ssl":217},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/d.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/d.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 359\r\ncf-ray: 96b4991d3f14569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"167-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 3096\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=KrHURxr%2B6%2BWuPhdR8HsOM0Iyu1mvYxjWhxEi%2Fpv3x3evxJ6f%2BRa51Qau2hvN8lRWNxDiS0H0wIP7K5Ek0%2Bn%2FH5xnc%2Fe5jn26CvzyM6VfusrT1IcCaV9mw3DimOW3trRrVg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=57\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=50814\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=6573\u0026cid=b8662fcef48bfa2a\u0026ts=108\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":359,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 13 x 13","md5":"3def66024a583b6ca763e249acb3c426","sha1":"82f2f897d3e2746181b889811ac675565dcaf0fa","sha256":"7d4fb7d5a9e681b2313ca88338e3255364aa452f243d6397aa905783e98bfca0","sha512":"ced956d62e7e8e57633cafed83041bca728181a026178bea0277e5b92ebdf5fcb17211709486c5e4be7c7ace81488fa02bd0cd1bfad64cedb6e0e1a824f525c7","ssdeep":"","tlshash":"7be07d55326aa9d1cd01d1f008a1a0a10055b9a4b85a025f3c34112d5e6846f4c80c1e","first_seen":"2023-04-27T14:24:27Z","last_seen":"2026-04-01T09:23:20.212417Z","times_seen":391,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":59,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/m.png","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/m.png HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 656\r\ncf-ray: 96b4991d3f15569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"290-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 591847\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=XFa8mR5KwyJN9lvGsx%2BLeupEBa8pHzRRi1cHyByZqQOx%2FyjrHmzsZvsqYX8VsEgsg8I%2BXqW0tZJ%2FkOorsueZNRJlu7FIbm5%2By971WzrwR80TraQ%2B5Vl%2BuHiv4NpX72VPrQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=69\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=67404\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=10449\u0026cid=b8662fcef48bfa2a\u0026ts=110\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":656,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced","md5":"1c923e4247dd2fbbc7e407beecf6028c","sha1":"37a7cd424c135206071cad59df92511df4fb6e5e","sha256":"efb2d84b9882f1e58d07b358cb77ad0b67fcce154bc7dc70086532abe8f57fff","sha512":"6d9182c919c300bd2f27908ef356c5ae73e40dbc10052038cf275261c77a4333bde3c3467a992f0efea28ffbf3db3665e78fc1fcf907ea656e0c2a5bcfd15a52","ssdeep":"","tlshash":"55f0fea3eec70375eaa0098d8f6285645c47098524a601db61a24eec28fcb0096bae90","first_seen":"2023-05-13T07:55:03Z","last_seen":"2026-04-01T09:23:20.258474Z","times_seen":270,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/sync/skyadvert?u=388e359b-1fe3-100d-3926-f83e6759748e","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.86","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/sync/skyadvert?u=388e359b-1fe3-100d-3926-f83e6759748e HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nset-cookie: u=aJRCzsCW2Ms~K4S-EAb5oMubKeAOE4P8Pw7Ha4A; path=/; max-age=7776000; samesite=none; httponly; secure\nda=KLqvcgAAAAE; path=/rtb; max-age=604800; samesite=none; httponly; secure\nf=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsolta%26bid%3DaJRCzsCW2cs; max-age=30; samesite=none; httponly; secure\nn=1; max-age=30; samesite=none; httponly; secure\r\nlocation: https://sm.rtb.mts.ru/p?ssp=toptraffic\u0026id=aJRCzsCW2Ms\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s11a;dur=0.0006\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":322,"timings":{"blocked":-1,"dns":1,"connect":64,"send":0,"wait":62,"receive":0,"ssl":183},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/css/jquery.tablesorter.new-rutor.min.js?1","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /css/jquery.tablesorter.new-rutor.min.js?1 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 5693\r\ncf-ray: 96b4991d3f08569d-OSL\r\nlast-modified: Sat, 14 Jun 2014 10:27:07 GMT\r\netag: \"48bf-4fbc93c6394c0-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 83956\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=lxFXIJd2hE8RrzMGPtNPvtsKDSFcHv8dsMCRfd7ElikNNnmJeXRwQh86NS9urBiwP%2BPP26Kj76n9QIYRLwNhecQ9nf9JmAfIfmgkvn4nb6E125hJn16MCQU8KZwbUPI2iQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=56\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=50329\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=107\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18623,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11120)","md5":"6de84298187380f0dd15bfa17ace1a7d","sha1":"8dadf1532d9651d168bfbd73ff139e8494198e4e","sha256":"fb736e8586695a5db7c37884ebfd5860cb016a3a587b00b17fcc3053b5681048","sha512":"2e7edeeba1afebe8b9fe0703c59ff8f108d48ee9782a924a3c65bcf9c6f9a09371f0aecbe9333c880dc00ef7202a4bd0c0f21438a345ada598d672254ad9b5bc","ssdeep":"384:RGyqkRzzWBYEfmHtYyR0GPr4h6I/uaa6TYWAZVszlEAWhS5b:Rg+zWBVfmHtYt6+UuQh4","tlshash":"4282c69573ad346390dab4b0886e0859bd315fa39908c435ad35e4872df4e8cc6bbf78","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.374043Z","times_seen":74,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":48,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/sync/sape2?u=0600007FCE42946823014F990293B552","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/sync/sape2?u=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nCookie: f=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsolta%26bid%3DaJRCzsCW2cs; n=1; sm=QgBolELO; da=KLqvcgAAAAE; u=aJRCzuiMv9Y~ZbJn6r51RlGWkng-ak3cLTg-qwU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nlocation: https://www.acint.net/rmatch?dp=202\u0026r=https%3A%2F%2Fkimberlite.io%2Frtb%2Fsync%2Fsape%3Fu%3D%24%7BUSER_ID%7D%26f%3Dhttps%253A%252F%252Fcode.moviead55.ru%252Fgo%252Fcsync%253Fcn%253Dsolta%2526bid%253DaJRCzsCW2cs%26n%3D2\r\nset-cookie: da=KLqvcgAAAAFnkJYmAAAAAQ; path=/rtb; max-age=604800; samesite=none; httponly; secure\nf=; max-age=0; samesite=none; httponly; secure\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s6;dur=0.0007\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kllastroad.com/green/island.js?24469\u0026v=3\u0026u=null\u0026a=0.9401812389300818","fqdn":"kllastroad.com","domain":"kllastroad.com","tld":"com"},"ip":{"addr":"193.200.65.68","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kllastroad.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Jun 2025 12:54:45 GMT","end":"Mon, 08 Sep 2025 12:54:44 GMT"},"fingerprint":{"sha1":"CF:EB:E4:2D:04:44:97:36:CF:81:64:85:D3:0F:D6:C1:85:D3:E0:ED","sha256":"AA:FB:F3:33:7D:15:AB:FE:1D:B9:22:AD:65:65:B2:ED:F1:24:8B:8B:54:63:37:06:DA:F7:4F:C3:BB:31:05:10"}}},"request":{"raw":"GET /green/island.js?24469\u0026v=3\u0026u=null\u0026a=0.9401812389300818 HTTP/1.1\r\nHost: kllastroad.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Type: text/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nP3P: CP=\"NON DSP COR CURa TIA\"\r\nSet-Cookie: uuid=17545468943695071175; expires=Sat, 07-Aug-2027 06:08:14 GMT; Max-Age=63072000; path=/; samesite=None; domain=.kllastroad.com; secure\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36096,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (358)","md5":"d5543f2b1001445da35073854a81cb9a","sha1":"4461171aac3caa3ad375fab85cbabec93faf9e84","sha256":"661a751a180b84661761d65017ab0c6cabc9e9e40a73c94eae4e795b898d035b","sha512":"bdd0b469783185e44e3c93c8e7351d2bd448f15e782426429949abc1892f97702352101cec6e08bc501c22e47ce62aadd64dd3203a6c5483da0df5646a4a3d7a","ssdeep":"768:xwT/7d3VZb+mtjfptkwIL9HBlyQQwMs3NEaWlcb3JH:xwT/7d3VZb+mtjxtkww9HBlyQQwMCNE+","tlshash":"d0f2934e66e710320197a43f6fdf81487570c1973248e91cbdac46486f58e29cafabde","first_seen":"2025-08-07T06:08:50.963385Z","last_seen":"2025-08-07T06:08:50.963385Z","times_seen":1,"resource_available":true,"data":null}},"time_used":184,"timings":{"blocked":71,"dns":13,"connect":17,"send":0,"wait":41,"receive":1,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.adspend.space/sape?uid=0600007FCE42946823014F990293B552","fqdn":"sync.adspend.space","domain":"adspend.space","tld":"space"},"ip":{"addr":"172.67.69.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adspend.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 02:32:47 GMT","end":"Mon, 29 Sep 2025 03:32:44 GMT"},"fingerprint":{"sha1":"46:F0:BA:DB:73:58:EB:A9:1D:95:70:7D:B3:93:5D:9E:98:6A:B3:D4","sha256":"82:50:E1:68:D7:D9:F3:5A:E2:4C:32:8C:FF:F3:63:D9:09:36:E7:F5:A6:84:37:0F:5C:A6:B8:C2:BC:6D:F4:56"}}},"request":{"raw":"GET /sape?uid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.adspend.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://sync.adspend.space/check?r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D98%26euid%3D3aaf6890-99de-4344-aa16-1f2d1fa700b4\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N6cN7SI1M713kzv4QhJP2yzSJrgWHWQRC3e4lqG1bAeDAc3A%2BfZtG4Nx1IMok3xzB%2B3liOsmEdA%2F1AcerXECnBgJqUbRFiRQRFH4a2i9yg%3D%3D\"}]}\r\nset-cookie: as-user=3aaf6890-99de-4344-aa16-1f2d1fa700b4; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=31536000\r\ncf-ray: 96b499310e2c569b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":9,"connect":13,"send":0,"wait":108,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtb.dynotech.io/sape/sync/","fqdn":"rtb.dynotech.io","domain":"dynotech.io","tld":"io"},"ip":{"addr":"82.202.197.102","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtb.dynotech.io","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 07:29:03 GMT","end":"Thu, 14 Aug 2025 07:29:02 GMT"},"fingerprint":{"sha1":"86:76:61:04:21:AD:22:AB:B0:9C:97:6E:29:B1:FF:29:B1:0E:F8:6A","sha256":"F4:30:32:E1:D5:EE:C6:2E:D8:A5:2A:F6:73:B9:54:B7:90:C0:CC:7F:83:45:F6:87:7D:17:FA:C9:08:4C:44:A0"}}},"request":{"raw":"GET /sape/sync/ HTTP/1.1\r\nHost: rtb.dynotech.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=0; includeSubDomains; preload;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":473,"timings":{"blocked":4,"dns":6,"connect":64,"send":0,"wait":58,"receive":0,"ssl":334},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"match.ohmy.bid/cm?ssp=sape\u0026redirect_url=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D217%26euid%3D%7Buid%7D","fqdn":"match.ohmy.bid","domain":"ohmy.bid","tld":"bid"},"ip":{"addr":"37.0.127.200","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ohmy.bid","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 15:12:54 GMT","end":"Sat, 18 Oct 2025 15:12:53 GMT"},"fingerprint":{"sha1":"AE:15:A3:A4:41:D3:DA:E5:B7:41:38:D6:C9:5B:70:83:47:0B:5B:C8","sha256":"0E:15:23:C8:20:5B:EE:67:6D:A1:5C:CE:0E:A4:E3:41:59:F4:F6:58:3C:C3:7B:8A:CD:2F:21:D5:DD:A6:08:AB"}}},"request":{"raw":"GET /cm?ssp=sape\u0026redirect_url=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D217%26euid%3D%7Buid%7D HTTP/1.1\r\nHost: match.ohmy.bid\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nCookie: uid=98585537-2050-4d71-a9a4-acd6931ac979.689442ce.dae9e882cc3bd006\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nBidder: bid-01 1.2104.4452ce78\r\nLocation: https://mc.acint.net/match?dp=217\u0026euid=98585537-2050-4d71-a9a4-acd6931ac979\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/t/top.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/t/top.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 612\r\ncf-ray: 96b4991d5f46569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"264-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 642762\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=linuhNsmU%2BVz%2BFAb6vh%2Ba0%2B9VovZRCiWCg2bsmJP9cjfRtF1DPUzodLifz4yOEX6gFSlElAMhyXe1Q9Sk9xgEtZ7RHcvKHstQDPlLV%2FFGJeiXfFSfxYIXjnYJNU9CjScyA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1103\u0026min_rtt=431\u0026rtt_var=917\u0026sent=85\u0026recv=36\u0026lost=0\u0026retrans=1\u0026sent_bytes=85369\u0026recv_bytes=2769\u0026delivery_rate=5537284\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=124\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":612,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 24 x 24","md5":"ab3755cddb40723270164fa84b8f0362","sha1":"a7e6700d02578c03bd76b217b23c55b4fba997ea","sha256":"79df9f5b18cac4dbaec0808448c15e094b5fe20d04aabfe7bed9e6ae07739dfd","sha512":"5abc1bb158bf7cc0ac5c8812f5ac8c9b4545a2622393129ec54b377c05e21de0bcd1840642646ee7e051152af9d6f33d7fc371f0441fc844a8b084504c98d5c8","ssdeep":"","tlshash":"05f0541439558b21e5ff73b5fb6c5f37225ebe1412c8c52738330b134311455c160a6b","first_seen":"2023-05-10T15:46:50Z","last_seen":"2026-04-01T09:23:20.254421Z","times_seen":347,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":75,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acint.net/aci.js","fqdn":"acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /aci.js HTTP/1.1\r\nHost: acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 8799\r\nlast-modified: Thu, 17 Oct 2024 09:42:59 GMT\r\netag: \"6710dc23-225f\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 07 Aug 2025 18:08:14 GMT\r\ncache-control: max-age=43200\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31372,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (31372), with no line terminators","md5":"20f0381069e78a636d53b3d505e967c7","sha1":"800464b5f1400a923482d4298b472e17cda20737","sha256":"7b2d18d3dc9861604cbbde63dd9218e12a6cac1a06f52b877eddf61f9f7c3b37","sha512":"5aa6d98aca4d9881d5bf2c8dd71ff3d35e534a09ee749bf248c3d6f838f240f0d77edf06f8f2eae1b7a3797d9d447fe2da922395243f22547a13c4b6ea9981a2","ssdeep":"768:EMNY2uNr6tm67+DVRhNk6L0Wbha0XByPcf0:EMN/uNWo67+DLhNZaMByks","tlshash":"1ce2f98a7191f47306d3a179c12f050bf136696620e8d0e4f536dce0aeb858e6577f3a","first_seen":"2024-10-20T11:06:54.910201Z","last_seen":"2026-01-29T05:23:48.922533Z","times_seen":4303,"resource_available":true,"data":null}},"time_used":219,"timings":{"blocked":73,"dns":16,"connect":26,"send":0,"wait":27,"receive":31,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"otclick-adv.ru/core/match.gif?s=30\u0026reference=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dotclkbid%26bid%3D%23%7BUID%7D","fqdn":"otclick-adv.ru","domain":"otclick-adv.ru","tld":"ru"},"ip":{"addr":"139.45.228.133","port":443,"asn":57304,"as":"JSC RetnNet","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.otclick-adv.ru","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 17:12:12 GMT","end":"Tue, 16 Sep 2025 17:12:11 GMT"},"fingerprint":{"sha1":"82:3B:8D:57:59:5E:94:AB:01:1E:CC:AC:48:8F:CE:60:DB:FD:94:56","sha256":"E7:C2:EC:9D:64:5E:B9:9C:7D:BA:75:B7:CC:CA:80:9D:3B:D0:4A:3D:DF:3E:DF:03:CC:02:8E:02:E5:22:CB:D2"}}},"request":{"raw":"GET /core/match.gif?s=30\u0026reference=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dotclkbid%26bid%3D%23%7BUID%7D HTTP/1.1\r\nHost: otclick-adv.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Length: 124\r\nConnection: keep-alive\r\nP3P: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA\r\nCache-Control: no-cache, max-age=0, must-revalidate, no-store\r\nPragma: no-cache\r\nExpires: Thursday, 01-Jan-1970 00:00:00 GMT\r\nSet-Cookie: idntfy=VUlIRVup0AuRYc9; expires=Sun, 05-Aug-2035 06:08:14 GMT; domain=otclick-adv.ru; path=/c/; SameSite=None; Secure\nidntfy=VUlIRVup0AuRYc9; expires=Sun, 05-Aug-2035 06:08:14 GMT; domain=otclick-adv.ru; path=/core/; SameSite=None; Secure\r\nLocation: https://code.moviead55.ru/go/csync?cn=otclkbid\u0026bid=VUlIRVup0AuRYc9\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":97,"dns":5,"connect":28,"send":0,"wait":28,"receive":0,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=dgm2\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=dgm2\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://sync.opendsp.ru/match/MovieAds?id=e256bdd2-f38c-6f61-28aa-7947e78696c4\r\nset-cookie: sky_uuid=e256bdd2-f38c-6f61-28aa-7947e78696c4; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/hit/?v=0.7.1\u0026uid=38f3c079-c3bb-4ef0-99ed-d9b34f896a4b\u0026dp=167\u0026tz=%2B00%3A00\u0026nc=714868\u0026u=\u0026r=\u0026rs=1280x1024\u0026t=\u0026oE=1\u0026oP=1\u0026dT=2025-08-07T06%3A08%3A14.735\u0026fu=17e5192c-e0d6-4794-8289-997ba6bb382e\u0026if=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /hit/?v=0.7.1\u0026uid=38f3c079-c3bb-4ef0-99ed-d9b34f896a4b\u0026dp=167\u0026tz=%2B00%3A00\u0026nc=714868\u0026u=\u0026r=\u0026rs=1280x1024\u0026t=\u0026oE=1\u0026oP=1\u0026dT=2025-08-07T06%3A08%3A14.735\u0026fu=17e5192c-e0d6-4794-8289-997ba6bb382e\u0026if=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sp.kombinat.digital/cm?ssp=sape\u0026redirect_url=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D433%26euid%3D%7Buid%7D","fqdn":"sp.kombinat.digital","domain":"kombinat.digital","tld":"digital"},"ip":{"addr":"77.223.120.36","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.kombinat.digital","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Jun 2025 17:28:33 GMT","end":"Sun, 14 Sep 2025 17:28:32 GMT"},"fingerprint":{"sha1":"44:0D:B5:16:F1:EC:03:60:AB:DC:42:D2:7E:2F:CB:4F:4C:37:51:10","sha256":"9C:00:4A:31:C2:1E:D9:0B:03:F1:95:EE:9A:42:9B:95:B6:B1:A6:DE:88:E5:81:C8:10:67:39:3F:90:A0:4C:7E"}}},"request":{"raw":"GET /cm?ssp=sape\u0026redirect_url=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D433%26euid%3D%7Buid%7D HTTP/1.1\r\nHost: sp.kombinat.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nBidder: bid-01 1.48.6d4640f\r\nLocation: https://mc.acint.net/match?dp=433\u0026euid=25d0e21e-11cc-4e6d-9e9c-6f3160d5b28c\r\nSet-Cookie: uid=25d0e21e-11cc-4e6d-9e9c-6f3160d5b28c.689442d0.acbbd127636e2b68; domain=.kombinat.digital; path=/; expires=Sat, 06-Sep-2025 06:08:16 GMT; SameSite=None; Secure;\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":432,"timings":{"blocked":47,"dns":6,"connect":29,"send":0,"wait":30,"receive":0,"ssl":310},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dmp.otm-r.com/match/sape?id=0600007FCE42946823014F990293B552","fqdn":"sync.dmp.otm-r.com","domain":"otm-r.com","tld":"com"},"ip":{"addr":"194.55.244.189","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sync.dmp.otm-r.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:33:19 GMT","end":"Fri, 24 Oct 2025 10:33:18 GMT"},"fingerprint":{"sha1":"73:CB:E4:07:8B:A8:CE:7D:8A:1A:81:05:89:63:AF:54:5E:AB:E3:AE","sha256":"46:32:4A:BE:51:0A:51:BD:7A:8E:10:EA:DF:90:3E:22:0A:79:9E:F3:36:E3:78:A9:A5:C9:33:8F:62:AF:8D:12"}}},"request":{"raw":"GET /match/sape?id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.dmp.otm-r.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nCookie: mpid=Njg5NDQyY2UwZTM1Mzk2YQ==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.23.4\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 94\r\naccess-control-allow-origin: *\r\nlocation: https://www.acint.net/match?dp=68\u0026euid=Njg5NDQyY2UwZTM1Mzk2YQ%3D%3D\r\nset-cookie: mpid=Njg5NDQyY2UwZTM1Mzk2YQ==; Path=/; Domain=otm-r.com; Max-Age=31536000; Secure; SameSite=None\nmpid=Njg5NDQyY2UwZTM1Mzk2YQ==; Path=/; Domain=otm-r.com; Max-Age=31536000; Secure; SameSite=None; Partitioned\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.23.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp.bidvol.com/usersync?dspcsid=8\u0026redirect=1","fqdn":"ssp.bidvol.com","domain":"bidvol.com","tld":"com"},"ip":{"addr":"194.85.16.23","port":443,"asn":8985,"as":"Join-stock company Internet ExchangeMSK-IX","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ssp.bidvol.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Jun 2025 18:17:31 GMT","end":"Fri, 19 Sep 2025 18:17:30 GMT"},"fingerprint":{"sha1":"77:10:DC:AC:86:75:0B:90:9A:F8:33:CF:64:0C:1C:B6:08:C6:D5:EF","sha256":"D4:45:65:03:AD:6B:CC:52:EF:5A:06:96:D0:D7:18:5C:00:E1:3E:26:CF:A4:43:1E:AF:4B:D4:D5:CE:C3:CB:94"}}},"request":{"raw":"GET /usersync?dspcsid=8\u0026redirect=1 HTTP/1.1\r\nHost: ssp.bidvol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-request-id: 6f1bf8cd-6cdf-48e3-93d5-55bcd44b7b3a\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nsurrogate-control: no-store\r\nset-cookie: bvuid=6n5itw4i1t; Max-Age=2147483647; Domain=.bidvol.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; SameSite=None\nbvuid2=6n5itw4i1t; Max-Age=2147483647; Domain=.bidvol.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":433,"timings":{"blocked":60,"dns":27,"connect":74,"send":0,"wait":113,"receive":0,"ssl":149},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sp.kombinat.digital/cmf","fqdn":"sp.kombinat.digital","domain":"kombinat.digital","tld":"digital"},"ip":{"addr":"77.223.120.36","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://sp.ohmy.bid/cmft","date":"2025-08-07T06:08:16.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.kombinat.digital","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Jun 2025 17:28:33 GMT","end":"Sun, 14 Sep 2025 17:28:32 GMT"},"fingerprint":{"sha1":"44:0D:B5:16:F1:EC:03:60:AB:DC:42:D2:7E:2F:CB:4F:4C:37:51:10","sha256":"9C:00:4A:31:C2:1E:D9:0B:03:F1:95:EE:9A:42:9B:95:B6:B1:A6:DE:88:E5:81:C8:10:67:39:3F:90:A0:4C:7E"}}},"request":{"raw":"GET /cmf HTTP/1.1\r\nHost: sp.kombinat.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sp.ohmy.bid/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nBidder: bid-03 1.48.6d4640f\r\nLocation: /cmft\r\nSet-Cookie: uid=243aae9f-20ba-4f5b-a1ba-6438b2b9a953.689442d0.9fcda7036c126d5a; domain=.kombinat.digital; path=/; expires=Sat, 06-Sep-2025 06:08:16 GMT; SameSite=None; Secure;\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":317,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":29,"dns":1,"connect":31,"send":0,"wait":31,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/match?dp=433\u0026euid=25d0e21e-11cc-4e6d-9e9c-6f3160d5b28c","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match?dp=433\u0026euid=25d0e21e-11cc-4e6d-9e9c-6f3160d5b28c HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/css.css","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/css.css HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/css\r\ncontent-length: 2055\r\ncf-ray: 96b4991d2efd569d-OSL\r\nlast-modified: Fri, 13 Mar 2015 12:51:21 GMT\r\netag: \"1c0f-5112af50b2440-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 227412\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=hfdYfl9hYcN4B7u19g89ROgn2Nzujk5%2FuIG8tJhRR5JEJkaZ7tRTWpHC9Y1RYhcevppA9qcaam32j3UeD9kxZx%2FYYMYLUpZb1qKyssPk0%2FaoInK%2Ffbfxl8q1jdr1ohIPNA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1186\u0026min_rtt=431\u0026rtt_var=1002\u0026sent=81\u0026recv=35\u0026lost=0\u0026retrans=1\u0026sent_bytes=82739\u0026recv_bytes=2769\u0026delivery_rate=1675925\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=123\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7183,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"212a2bc682ef7adee0a380aefce98638","sha1":"82dd244f1a0decdf011b4775b94c4296ff67c460","sha256":"aa3d36b7b649920bc8419fee4edece4f5801a9fbd828dab2fdf4179935af1b2a","sha512":"420e7341fe5806b7eb909cd4759a092d93b7406f63fd1e52ea2fafc10fcef65d161e159795d821b9b07203cdb75b8b00db27bef5205487a27ef7d372d004744b","ssdeep":"192:n2/21hLTynEWAYJ6jjIuYV0rY1lHI1wiY+6U9ZgI8:ncShinEW96jMu3cHI19SU9mJ","tlshash":"0ce1412367862cc6b14b90adeeb4db10662f1442fe1f5fb9f67a766ce3500d1227624c","first_seen":"2023-05-21T11:00:04Z","last_seen":"2026-03-29T07:13:34.38354Z","times_seen":51,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":89,"dns":20,"connect":1,"send":0,"wait":77,"receive":1,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/css/css.css?27047","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /css/css.css?27047 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/css\r\ncontent-length: 2749\r\ncf-ray: 96b4991d7f6f569d-OSL\r\nlast-modified: Sun, 29 Jun 2025 21:18:46 GMT\r\netag: \"22a5-638bc74de5980-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 204617\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=gfj4yQc45CR74CE6FM29rTJzWgAuMk8z8F%2FMIKrGmYhYPD%2BtBU0WlddabOepF05J21UyiEOr4ou2YfSDfUrdyyQRUYDl0ugd9XgyABaCKxaBE7PZ9LowAFzW27irJIYIbA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1600\u0026min_rtt=431\u0026rtt_var=1259\u0026sent=103\u0026recv=42\u0026lost=0\u0026retrans=1\u0026sent_bytes=97740\u0026recv_bytes=3038\u0026delivery_rate=6779933\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=147\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8869,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"a30a1bf9f5a23d25dc8a564c1d479de1","sha1":"fc5eebb9f8d2083ef211126a64c17d66c535846e","sha256":"75d0c69972f189d1516b0794007eb554e3c01ee926e5d51189e36acb589d9647","sha512":"c08c6986ef1bd449714d65a372f12794d83e7a2db79ad4990cfbad86eacec2e9a9daa70735d2f6e837a147f44a75dcf9334bf5e0ea94a488aabe606c9e6cf283","ssdeep":"96:8sOdlxjgpdtUj2BBNhwOAptCe1oBojIo7ml7HAId1K1+FWo9Rd4JbOZHy:8pj2hra8e1oijIo7ml7HAIft/lHy","tlshash":"0a029711b2843449701fc1babc76a339673f4017a6446f7da6b97978c78d0a780b33ad","first_seen":"2025-07-09T19:13:06.335697Z","last_seen":"2025-11-28T23:40:32.490071Z","times_seen":9,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":135,"dns":21,"connect":1,"send":0,"wait":31,"receive":1,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/lupa.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/lupa.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 3079\r\ncf-ray: 96b4991d7f5f569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"c07-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 400924\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=nlzvN2M1xadfoL7Vm6xiRuKiGCg0q3zOcJX0368cCGVRt5amc%2FnWR2kc9VQ7CXvfsqR9FCznLx8TgtfT6bH0UIGKxTn7B3BaqrZj%2FiKNRgjkqT%2Fpr4ONljiJ4yzLyEBISA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1255\u0026min_rtt=431\u0026rtt_var=760\u0026sent=98\u0026recv=41\u0026lost=0\u0026retrans=1\u0026sent_bytes=94124\u0026recv_bytes=3038\u0026delivery_rate=6779933\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=141\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3079,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 55 x 56","md5":"e2c8f8537818f7880be3ae505852b9ff","sha1":"2a1f5572e6f4c9efc1700f34d6c6969bedbd8535","sha256":"6946c64a41b61a1e8708b7bcf8274274c71cdc23932aab32da5b868d19212b3a","sha512":"02e22d3a890ca47d0235655094ed35b13dc32a0add2454ce4ae9630b7bd4f9e37f966827143e59f5312cbad5c383892069a741d45824457613aab2c0dc301cbc","ssdeep":"","tlshash":"e151299ab8ec472acaab7834f5879fc81da5661c844366ca490b4d27153c8d94c3ba51","first_seen":"2023-05-10T15:46:50Z","last_seen":"2026-04-01T09:23:20.25054Z","times_seen":356,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":73,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.adspend.space/check?r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D98%26euid%3D3aaf6890-99de-4344-aa16-1f2d1fa700b4","fqdn":"sync.adspend.space","domain":"adspend.space","tld":"space"},"ip":{"addr":"172.67.69.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adspend.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 02:32:47 GMT","end":"Mon, 29 Sep 2025 03:32:44 GMT"},"fingerprint":{"sha1":"46:F0:BA:DB:73:58:EB:A9:1D:95:70:7D:B3:93:5D:9E:98:6A:B3:D4","sha256":"82:50:E1:68:D7:D9:F3:5A:E2:4C:32:8C:FF:F3:63:D9:09:36:E7:F5:A6:84:37:0F:5C:A6:B8:C2:BC:6D:F4:56"}}},"request":{"raw":"GET /check?r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D98%26euid%3D3aaf6890-99de-4344-aa16-1f2d1fa700b4 HTTP/1.1\r\nHost: sync.adspend.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: as-user=3aaf6890-99de-4344-aa16-1f2d1fa700b4\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://www.acint.net/match?dp=98\u0026euid=3aaf6890-99de-4344-aa16-1f2d1fa700b4\r\nserver: cloudflare\r\nstrict-transport-security: max-age=15724800; includeSubDomains\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: PUT, GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type, authorization\r\naccess-control-max-age: 1728000\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KUn9hqmbwo9wR9RfZ9wDb9%2FqtYQulYCk7fwHIyWyMzwjU2q5fuMMCbjroGPLe%2FKiHg33T0ovGq83PQ6ZBHlFHtoO0SiR%2FQproIrZfd9O2w%3D%3D\"}]}\r\ncf-ray: 96b499347901569b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.kimberlite.io/js/botd.js","fqdn":"static.kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"212.8.232.117","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /js/botd.js HTTP/1.1\r\nHost: static.kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://6-wbpbqewx.123tt.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kimberlite.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 05 Aug 2025 14:22:27 GMT\r\netag: W/\"689213a3-3b5c\"\r\naccess-control-allow-origin: https://6-wbpbqewx.123tt.ru\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH\r\naccess-control-allow-headers: Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15196,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15005)","md5":"234a8c1c15df9b03c65e9e14c82fc872","sha1":"e5ca36727846aede7dfbc07e88b2b025eb0cae90","sha256":"29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89","sha512":"9aeee4e620de49e0ed303917e9afc1806da0815896bc5feef3add9f89e0429678bfe0d9f0ad3fc940bd8e48f7e235e5c8d23463407c42b6fbc740b50c43a0b53","ssdeep":"384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA","tlshash":"bd62a4cef996b07553bb34a1503f2206b2362655745e84a0cf2bc2c16879e5ac23bf6d","first_seen":"2024-04-04T09:37:24Z","last_seen":"2026-04-05T08:51:36.249753Z","times_seen":12523,"resource_available":true,"data":null}},"time_used":384,"timings":{"blocked":102,"dns":10,"connect":60,"send":0,"wait":116,"receive":0,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dmp.otm-r.com/match/skyadvert?otcm_check=1754546894","fqdn":"sync.dmp.otm-r.com","domain":"otm-r.com","tld":"com"},"ip":{"addr":"194.55.244.189","port":443,"asn":34959,"as":"Kviktel LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sync.dmp.otm-r.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 26 Jul 2025 10:33:19 GMT","end":"Fri, 24 Oct 2025 10:33:18 GMT"},"fingerprint":{"sha1":"73:CB:E4:07:8B:A8:CE:7D:8A:1A:81:05:89:63:AF:54:5E:AB:E3:AE","sha256":"46:32:4A:BE:51:0A:51:BD:7A:8E:10:EA:DF:90:3E:22:0A:79:9E:F3:36:E3:78:A9:A5:C9:33:8F:62:AF:8D:12"}}},"request":{"raw":"GET /match/skyadvert?otcm_check=1754546894 HTTP/1.1\r\nHost: sync.dmp.otm-r.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: mpid=Njg5NDQyY2UwZTM1Mzk2YQ==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.23.4\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 104\r\naccess-control-allow-origin: *\r\nlocation: https://code.moviead55.ru/go/csync?cn=otmbid\u0026bid=Njg5NDQyY2UwZTM1Mzk2YQ%3D%3D\r\nset-cookie: mpid=Njg5NDQyY2UwZTM1Mzk2YQ==; Path=/; Domain=otm-r.com; Max-Age=31536000; Secure; SameSite=None\nmpid=Njg5NDQyY2UwZTM1Mzk2YQ==; Path=/; Domain=otm-r.com; Max-Age=31536000; Secure; SameSite=None; Partitioned\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.23.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sp.kombinat.digital/cmft","fqdn":"sp.kombinat.digital","domain":"kombinat.digital","tld":"digital"},"ip":{"addr":"77.223.120.36","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://sp.ohmy.bid/cmft","date":"2025-08-07T06:08:16.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.kombinat.digital","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Jun 2025 17:28:33 GMT","end":"Sun, 14 Sep 2025 17:28:32 GMT"},"fingerprint":{"sha1":"44:0D:B5:16:F1:EC:03:60:AB:DC:42:D2:7E:2F:CB:4F:4C:37:51:10","sha256":"9C:00:4A:31:C2:1E:D9:0B:03:F1:95:EE:9A:42:9B:95:B6:B1:A6:DE:88:E5:81:C8:10:67:39:3F:90:A0:4C:7E"}}},"request":{"raw":"GET /cmft HTTP/1.1\r\nHost: sp.kombinat.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sp.ohmy.bid/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uid=243aae9f-20ba-4f5b-a1ba-6438b2b9a953.689442d0.9fcda7036c126d5a\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Type: text/html\r\nContent-Length: 234\r\nConnection: keep-alive\r\nBidder: bid-02 1.48.6d4640f\r\nContent-Encoding: gzip\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":317,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (317), with no line terminators","md5":"b87f7ff1047732a6d8f1e3aec20744f0","sha1":"b324c6cf876e91bc189133bf07a4abdc8ff7868e","sha256":"792a0de864f46556ce6b4ecd7967cc72b878e5d40e2fa0a4c465719100fe07fc","sha512":"c23f67a2773a5058dbab85917cf9289f054cc93993319489ef1e741380d4e032e1b8e12579dd2eadfadfde6acf339e958135185b3de28bfe8d42383dd75e4b9b","ssdeep":"","tlshash":"e8e07df5b486108efb5263f1c9405acc685fec4b62000e15fc58265eb205187cc6737c","first_seen":"2025-08-07T06:08:50.969889Z","last_seen":"2025-08-07T06:08:50.969889Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/csync?cn=otmbid\u0026bid=Njg5NDQyY2UwZTM1Mzk2YQ%3D%3D","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:16.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/csync?cn=otmbid\u0026bid=Njg5NDQyY2UwZTM1Mzk2YQ%3D%3D HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b; otclkbid=VUlIRVup0AuRYc9; bzcookie=67bf8269-20cd-48f9-6739-b6c095b9e86c; ohmybid=c584c8ff-df38-4dce-9d16-6e9066d612c1; astlb=c855bde2-bdd3-499b-9b32-bd9e0d953c17\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\nset-cookie: otmbid=Njg5NDQyY2UwZTM1Mzk2YQ==; max-age=86400; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Ubuntu:wght@400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","date":"2025-08-07T06:08:14.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css2?family=Ubuntu:wght@400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 07 Aug 2025 06:08:14 GMT\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5997,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"65cee11f9b6d01cdb7356f04429af2c1","sha1":"fff67973cac7ecc7321763e3593e132138b54e8c","sha256":"fbde9640f7bead77cc29df5c627f30d711f18e9f3d28456072a530b90c21c233","sha512":"e4740aa93aa41c5397d6cb834865adbf914cebf52f91f4e30e1f749dd69426c7ce0293b8acab687a3f8aa5474fbcc3ac6197c759e3de3ca794e339c00f62f4cf","ssdeep":"96:rOEa1bOEabFZUOEaHOEaEVOEaCJc+uoOEakN4OXaQbOXa4FZUOXaOOXaSbVOXanA:M18vAEqKeTQD96EZzdHzlczfH47o","tlshash":"07c1c192045ba404ea434dc233cfbf369d8f61556445c5ba6bfe1cc8ace6c3a4326b4d","first_seen":"2025-01-06T14:54:48.613657Z","last_seen":"2026-02-20T03:26:33.815436Z","times_seen":104,"resource_available":false,"data":null}},"time_used":390,"timings":{"blocked":176,"dns":0,"connect":32,"send":0,"wait":31,"receive":0,"ssl":146},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/csync?cn=bzcookie\u0026bid=67bf8269-20cd-48f9-6739-b6c095b9e86c","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/csync?cn=bzcookie\u0026bid=67bf8269-20cd-48f9-6739-b6c095b9e86c HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b; otclkbid=VUlIRVup0AuRYc9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\nset-cookie: bzcookie=67bf8269-20cd-48f9-6739-b6c095b9e86c; max-age=86400; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"data.24smi.net/cfg?object=24832\u0026ver=79\u0026pio=true\u0026pps=true\u0026callback=__smiCb1754546894061","fqdn":"data.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/under_desc/","date":"2025-08-07T06:08:14.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.24smi.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 12:16:56 GMT","end":"Mon, 22 Sep 2025 12:16:55 GMT"},"fingerprint":{"sha1":"8E:C9:F0:9A:F3:A2:9C:57:A6:BA:EA:93:07:93:78:6B:B3:89:EC:B5","sha256":"85:69:6C:70:8D:71:10:1C:DB:51:9C:4B:53:9E:F4:DC:8C:02:10:D6:52:BB:B5:0C:C2:6F:A4:39:6E:69:85:41"}}},"request":{"raw":"GET /cfg?object=24832\u0026ver=79\u0026pio=true\u0026pps=true\u0026callback=__smiCb1754546894061 HTTP/1.1\r\nHost: data.24smi.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: smi_uid=fFBJimKKi\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncache-control: no-store\r\nset-cookie: smi_uid=fFBJimKKi; max-age=31536000; domain=.24smi.net; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":567,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (567), with no line terminators","md5":"6c13e7bdcf1f3b5803361a17446c4122","sha1":"24a44c635f20c9ebec5647a0c08a7725eda16263","sha256":"1ac8fcbaf824df89112f1b0f33d520e55318b8e982ff622ef4ed235cff76fe89","sha512":"e9a89c552d6c7b1ca0b1d358f6c6eaa89a062f7ba265f5f98e42fee08a9a222d550baa5e78fad5c7be0e02f577f988272534071e301bce5cd30efc015f0e2b80","ssdeep":"","tlshash":"e9f046418606a5f48357a65280143d92893d26338b8a24a6f9d84a3dd4bdeab324a50f","first_seen":"2025-08-07T06:08:50.972188Z","last_seen":"2025-08-07T06:08:50.972188Z","times_seen":1,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=plzkrt\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=plzkrt\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://adx.com.ru/sync/init/skyadvert-banner-rtb?uid=41398fa6-5923-6e62-f768-ffc6ff8a6773\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dplzkrt%26bid%3D%7Buserid%7D\r\nset-cookie: sky_uuid=41398fa6-5923-6e62-f768-ffc6ff8a6773; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"logger.moviead55.ru/logger?t=player_frame_loaded_new\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026a=\u0026m=0\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026o=","fqdn":"logger.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.162","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.548Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /logger?t=player_frame_loaded_new\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026a=\u0026m=0\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026o= HTTP/1.1\r\nHost: logger.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: Content-Type: image/png\r\nvary: Accept-Encoding\r\nx-logger-le: true\r\nx-logger-tdb: default\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"b357a19c87624c7c4d131aeeb4ae677f","sha1":"c7a9c45fd419815a5ab1998503a9f03514c0e229","sha256":"497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581","sha512":"794ee916028e48775103a2f1974a7d7d92089f45dffa86c5c342afa073fa41d4a589340ad126789854a7c8e9ac19a5cc7955ebf80fd349f17959a3277f3b6069","ssdeep":"","tlshash":"81a022e32ba0bc3cca30203300088b30ca3020a000220e8e000e803e3c022e000882a3","first_seen":"2023-04-11T22:59:57Z","last_seen":"2026-04-05T14:28:29.233573Z","times_seen":2871,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/match/?dp=361\u0026euid=VUlIRVup0AuRYc9","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /match/?dp=361\u0026euid=VUlIRVup0AuRYc9 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e80cd184-7354-11f0-86e0-002590c0647c.n2.sync.bumlam.com/?src=sape","fqdn":"e80cd184-7354-11f0-86e0-002590c0647c.n2.sync.bumlam.com","domain":"bumlam.com","tld":"com"},"ip":{"addr":"188.120.241.50","port":443,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:17.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.n0.sync.bumlam.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 May 2025 13:30:23 GMT","end":"Sun, 24 Aug 2025 13:30:22 GMT"},"fingerprint":{"sha1":"5A:FB:00:79:3E:08:BF:04:80:5D:17:A8:6E:3A:1B:E3:5E:87:9F:D5","sha256":"F8:6C:3F:FA:72:7F:0C:C6:46:5C:C8:98:AE:78:91:C1:34:00:7A:04:D2:37:F2:32:14:FF:E1:7D:45:17:BE:19"}}},"request":{"raw":"GET /?src=sape HTTP/1.1\r\nHost: e80cd184-7354-11f0-86e0-002590c0647c.n2.sync.bumlam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: suuid3=IiRlODBjZDE4NC03MzU0LTExZjAtODZlMC0wMDI1OTBjMDY0N2M*\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx/1.22.1\r\nDate: Thu, 07 Aug 2025 06:08:17 GMT\r\nContent-Length: 0\r\nConnection: close\r\nLocation: https://pix.bumlam.com/sync/sape/done\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":452,"timings":{"blocked":193,"dns":76,"connect":65,"send":0,"wait":26,"receive":0,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/forum.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/forum.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 6049\r\ncf-ray: 96b4991d6f57569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"17a1-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 3096\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=04TyqiYAZk0ZA01i6RBA6Q6m5NIcgxKgtDVqQ72rLcLkeb1fltsJl2m5usSgVwtZ6%2B%2FGFOV%2BJUrfJwKbN7IGOp%2FP5LhGSq9nMQvAgTXA5sg7NQjAMnadT8Zoqp4dI2hWVA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1221\u0026min_rtt=431\u0026rtt_var=922\u0026sent=90\u0026recv=38\u0026lost=0\u0026retrans=1\u0026sent_bytes=87530\u0026recv_bytes=2863\u0026delivery_rate=6464285\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=134\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6049,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 250 x 42","md5":"6ed3646afac817366089cc05d97bc358","sha1":"0c27adfd80ae76f705fe1c6093ea92c720124e15","sha256":"d9fd75312b80aa988432407952a1fa963f6a6ca7496d5a7533242475b20c600e","sha512":"eabd29f64c64eee9287f0efdc06b2037889cd075f99df1dae05f053917f38ad45799c9e498ee1fdc8e099625031a78869163982bdd792ebfed63333ba297f9f0","ssdeep":"96:f19JPLJ0kz1EUFu8anogZUmhPHnxTR2ci21YSCOBy0DosckEup9uCAnTMzbWySOd:99NLJ5flaoaUgPHnx92ciIYSCOMKosNF","tlshash":"d8c17d45ec39f7a7fc136878553f362ede15ea2db0471a6691063ec90306e6049718b5","first_seen":"2023-05-21T11:00:04Z","last_seen":"2026-03-29T07:13:34.387322Z","times_seen":62,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":68,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=solta\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=solta\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://kimberlite.io/rtb/sync/skyadvert?u=388e359b-1fe3-100d-3926-f83e6759748e\r\nset-cookie: sky_uuid=388e359b-1fe3-100d-3926-f83e6759748e; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/bmap?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026sub_id=ap\u0026fmt_id=4\u0026pl_key=banner\u0026testad=no\u0026r=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026tanc=\u0026ancs=\u0026maid=29290dc5-7ba6-4e37-a05b-6b0576ed0eee","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/bmap?v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026sub_id=ap\u0026fmt_id=4\u0026pl_key=banner\u0026testad=no\u0026r=https%3A%2F%2F6-wbpbqewx.123tt.ru%2F\u0026tanc=\u0026ancs=\u0026maid=29290dc5-7ba6-4e37-a05b-6b0576ed0eee HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\nvary: Accept-Encoding\r\nx-skyadvert-udata: cache,parsed,33308\r\nx-skyadvert-cors-qex: Referer\r\nx-skyadvert-path: /\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://6-wbpbqewx.123tt.ru\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44966,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (44966), with no line terminators","md5":"842ac6f89e0bebbe386b9b49a9a80b67","sha1":"c5704f51642cefaf603fa9474188ac2f981a14d1","sha256":"058d8c5271b5168d3688800da4dfc022926310afbf63734ec5feda9ae61929ed","sha512":"6e7b655d85b1f687f357630578037f14ca0434a5d0610b897789aeebf90e037a427c9d97dfa162784cceae2fc50fcc9d05fc6190bb81625243be955a4cd375d4","ssdeep":"768:zbuYPHS8X2wiwJlVAPiFok3sPlhOf2vpwrlholKpCf2uKz8T7VOyLnzpBshONw:zbuYf3GwLXV4Xk3EYevpXlKpCf4YfV34","tlshash":"a21394a522a4f0b5196f22fb6a2b60e9d51c7baf718c041df0286d61f68523cf12dd7c","first_seen":"2025-08-07T06:08:50.973905Z","last_seen":"2025-08-07T06:08:50.973905Z","times_seen":1,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acint.net/rmatch?dp=14\u0026euid=5603420ACF4294687B01E9A702681B93\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D14","fqdn":"acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?dp=14\u0026euid=5603420ACF4294687B01E9A702681B93\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D14 HTTP/1.1\r\nHost: acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://mc.acint.net/cmatch?dp=14\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/cmatch?dp=126","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:17.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /cmatch?dp=126 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894; cSyncDp7v3=1754546896; cSyncDp241v2=1754546896\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nlast-modified: Mon, 28 Sep 1970 06:00:00 GMT\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T14:47:51.309416Z","times_seen":327863,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/t/arrowdown.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/t/arrowdown.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 51\r\ncf-ray: 96b4991d3f23569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"33-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 3054\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=JkZSSo%2FuhovDXMBtD3FlXfW04c1cs09KfyYDomD%2B7M%2B2GiEzfEDkIw7LtNfQDuVFOBaVdjMkvsxGwYIb01jtjcXZYbLLjrG4Dp%2FVHt6xlln2MXVnVRm6xgNY868p%2F4rNEQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1324\u0026min_rtt=431\u0026rtt_var=1372\u0026sent=76\u0026recv=29\u0026lost=0\u0026retrans=1\u0026sent_bytes=76876\u0026recv_bytes=2674\u0026delivery_rate=10669473\u0026cwnd=257\u0026unsent_bytes=5270\u0026cid=b8662fcef48bfa2a\u0026ts=115\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":51,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 5 x 8","md5":"fe98a58fe6509fb7cb897d25228329d3","sha1":"34d9e63fe61d4b543f84003c70d0473b6893926f","sha256":"a045e7b1f5ceaefbab2ef782b86b12de0a41fc2ca34c43cbf6b8b8a107d339ff","sha512":"dc044c6b3160559db9d448285bc87db4fd0f75e0dd1844346fb72ebef81eeb83a9ef8fb7cc558902695cdce14dde14a0561ed638749594f1f4b61ee1024f0e15","ssdeep":"","tlshash":"e4900470ddccc401c131d4f4457d43d53754d14f05dd0707117510055c5c31743030d5","first_seen":"2023-05-13T07:55:03Z","last_seen":"2026-04-01T09:23:20.26914Z","times_seen":338,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"psyduck-beak.yotor.ru/inc/sisjoy/gen.php","fqdn":"psyduck-beak.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /inc/sisjoy/gen.php HTTP/1.1\r\nHost: psyduck-beak.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 520 No Reason Phrase\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nreferrer-policy: same-origin\r\ncf-ray: 96b49924fa0c0b65-OSL\r\nserver: cloudflare\r\ncontent-length: 7255\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=vq1sP95E0cL0h8HmU2UI0MUdad4rYIXuGM6elbEzZYZpjQL1zt9iXrP%2B0b1pzliLLs0O6ZoO%2BMdF1lOhhufAb9DRiEY1Fj4mz986k11AowE4uYgUUdSb26ZG%2BTHFnO69f%2FIMsjsNxc8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nx-frame-options: SAMEORIGIN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1591\u0026min_rtt=0\u0026rtt_var=1488\u0026sent=604\u0026recv=612\u0026lost=0\u0026retrans=0\u0026sent_bytes=310669\u0026recv_bytes=34228\u0026delivery_rate=22283413\u0026ss_exit_cwnd=14896\u0026ss_exit_reason=2\u0026cwnd=21997\u0026unsent_bytes=0\u0026cid=5783e9267c46b1c9\u0026ts=1267\u0026inflight_dur=95\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"520","status_text":"No Reason Phrase","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mediatoday.ru/core/match.gif?s=34\u0026id={visitor_id}","fqdn":"mediatoday.ru","domain":"mediatoday.ru","tld":"ru"},"ip":{"addr":"194.186.91.198","port":443,"asn":3216,"as":"PVimpelCom","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sp.ohmy.bid/cmft","date":"2025-08-07T06:08:16.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mediatoday.ru","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 May 2025 21:36:14 GMT","end":"Tue, 12 Aug 2025 21:36:13 GMT"},"fingerprint":{"sha1":"90:68:45:C0:72:AE:6F:3B:29:E7:54:04:04:FC:5E:F7:5E:BC:BD:24","sha256":"30:C8:C7:59:56:13:D8:A7:AA:F3:A1:AB:22:00:FF:2B:62:78:AC:38:CB:7A:F8:FB:49:81:21:A8:F1:A3:A4:0B"}}},"request":{"raw":"GET /core/match.gif?s=34\u0026id={visitor_id} HTTP/1.1\r\nHost: mediatoday.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sp.ohmy.bid/\r\nCookie: idntfy=VUnZUsbWsOWu9RE\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\ncache-control: no-cache, max-age=0, must-revalidate, no-store\r\npragma: no-cache\r\nexpires: Thursday, 01-Jan-1970 00:00:00 GMT\r\nalt-svc: h3=\":443\"; ma=86400,h3-29=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"325472601571f31e1bf00674c368d335","sha1":"2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a","sha256":"b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b","sha512":"717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc","ssdeep":"","tlshash":"bf900003ea80c002c2a2c0300e0ccb802b88b0308a28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-05T06:29:39Z","last_seen":"2026-04-05T14:50:00.578966Z","times_seen":76071,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"statmedia.ru/counter/sync.gif?system=sape\u0026cb=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D399%26euid%3D%24UID","fqdn":"statmedia.ru","domain":"statmedia.ru","tld":"ru"},"ip":{"addr":"46.161.36.24","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"statmedia.ru","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sat, 24 May 2025 11:38:06 GMT","end":"Fri, 22 Aug 2025 11:38:05 GMT"},"fingerprint":{"sha1":"92:A5:D7:DE:A2:CC:29:0C:E8:88:74:BB:CA:91:40:7F:2F:04:91:17","sha256":"D8:74:E4:F1:AD:C5:56:8C:21:93:F2:98:75:A6:49:8C:DB:F7:10:2F:8B:66:00:F7:0D:96:5E:9F:5B:F4:47:6D"}}},"request":{"raw":"GET /counter/sync.gif?system=sape\u0026cb=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D399%26euid%3D%24UID HTTP/1.1\r\nHost: statmedia.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Type: image/gif\r\nContent-Length: 43\r\nConnection: keep-alive\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"df3e567d6f16d040326c7a0ea29a4f41","sha1":"ea7df583983133b62712b5e73bffbcd45cc53736","sha256":"548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87","sha512":"b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041","ssdeep":"","tlshash":"c2900003caa08002c2a2c0300a0a03002f88a2300228030e80bc30acec3a3a22c02000","first_seen":"2023-04-05T03:49:37Z","last_seen":"2026-04-05T14:42:42.328496Z","times_seen":91780,"resource_available":true,"data":null}},"time_used":342,"timings":{"blocked":-1,"dns":27,"connect":64,"send":0,"wait":56,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acint.net/rmatch?dp=368\u0026euid=NT_2_0600007FCE42946823014F990293B552_825962002165438_xddDho\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D368","fqdn":"acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?dp=368\u0026euid=NT_2_0600007FCE42946823014F990293B552_825962002165438_xddDho\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D368 HTTP/1.1\r\nHost: acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://mc.acint.net/cmatch?dp=368\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/ic24.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/ic24.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2362\r\ncf-ray: 96b4991d3f12569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"93a-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 718703\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=QBQbNi1840wldnYLMW03EzNSUPlTfoYEk09ht3zHcPwJvgVmxuHt6uCrV9pB%2BbA1oiXJCXe1MEmILukpCS%2FTY9yqn4hNGz1jAxlU5kseMrW95OfFJrj5ZicD09K96rqZXQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1324\u0026min_rtt=431\u0026rtt_var=1372\u0026sent=76\u0026recv=29\u0026lost=0\u0026retrans=1\u0026sent_bytes=76876\u0026recv_bytes=2674\u0026delivery_rate=10669473\u0026cwnd=257\u0026unsent_bytes=2361\u0026cid=b8662fcef48bfa2a\u0026ts=112\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2362,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 60 x 41","md5":"976d75e1c6afb21afa4241fca3aa0aaf","sha1":"8da3af404aad55e592caecbb640936facba38856","sha256":"8cebaa55f91e1628a7b4729ef423d6947dd2efad0d0bf06bd0371912cdd21404","sha512":"1bc97907135353c0d6be9918eb816b953059f3ebe1b30f076c39a0348961e60c41286f15861b9766b6ceb2aa1d494edbe2c44dbecc0a7eea87ffa2f80ee55526","ssdeep":"","tlshash":"1e411ad9e9e2ef08d157933b495aa17aa12481248113088b67dee870a3d47cb4309112","first_seen":"2023-05-21T10:05:04Z","last_seen":"2026-04-01T09:23:20.243844Z","times_seen":75,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":59,"dns":0,"connect":0,"send":0,"wait":72,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/pokemoky.js?48d","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /pokemoky.js?48d HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-length: 16392\r\ncf-ray: 96b4991d3f0c569d-OSL\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 1934846\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nlast-modified: Tue, 15 Jul 2025 20:40:46 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=PsSFvLptx8MOVsxBTDi%2Bdw2vpdrt7ib0m1pu3Ev5Cey7rN7a%2FR3KUcLcK2wcskELqPTDxrH9jKHDvvZVm%2F68OyEzXz65cZAjLIvOvUrm9xmj7aK1AHV6rdJaWx%2F2ZluX9Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=57\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=50814\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=7474\u0026cid=b8662fcef48bfa2a\u0026ts=108\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":86848,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2045)","md5":"5eefc1f7d0796d34520a56f42baf2c1a","sha1":"10f69fb4a0e2f51a757c3e425777a2c75cd09cb9","sha256":"bcd273007ad9efb689cf0cd2beaf6b211569720a7971425f2db177506d87af14","sha512":"f82cd40427772f582366dd84d0a1579f1ecb8c4e828d2b9c60de05356e3baf0f9602176fa51ea9ccabe79bb667f304b6edc156f73a32ce7812ae945694ee9fa2","ssdeep":"768:N/EgW8iCORMC7g2ZIbCCLG/qPdVBMcv/k7N5R:hEg1CCLIpcv/k73R","tlshash":"9383c5a9dfad0259d1e3004baea15aca647d83777214dc12bc1c1a5873c1dde8b7a3bc","first_seen":"2025-07-18T09:21:09.181733Z","last_seen":"2026-03-29T07:13:34.375973Z","times_seen":13,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":29,"dns":0,"connect":0,"send":0,"wait":65,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Rubik:wght@400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/under_desc/","date":"2025-08-07T06:08:14.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css2?family=Rubik:wght@400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 07 Aug 2025 06:08:14 GMT\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7878,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (649)","md5":"3bf2385e7591fd42f7590d03bc445157","sha1":"5211d33f00aba28e7be15f1317eec2d18c6c5de8","sha256":"912c34b992ca8859a45c48f3db410dced93c782fd3cca0591141b659c5c2e2ba","sha512":"c591808125381e72b7523b415ea94376d9929c0f80fd6eb31d97aa14c2a45da602810b6036572e523cc3b1c9418eac8180ed4c4e9abb3163a71a4db008403f70","ssdeep":"192:BmCl8f0NOPuPmClDfbONPthmCllf9ErPLc:NlU6lD4lpH","tlshash":"87f1bbe0481f6040bf472cc663ce6d27ed0e62553490c5298afd1b9aacbbd22335578d","first_seen":"2025-06-04T13:42:19.234325Z","last_seen":"2025-09-07T15:15:30.266785Z","times_seen":108,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.bumlam.com/?src=sap1\u0026uid=0600007FCE42946823014F990293B552","fqdn":"sync.bumlam.com","domain":"bumlam.com","tld":"com"},"ip":{"addr":"31.172.81.145","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bumlam.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 06:16:05 GMT","end":"Sat, 18 Oct 2025 06:16:04 GMT"},"fingerprint":{"sha1":"63:39:BB:B3:0F:06:C3:B8:0F:8B:09:D7:EB:99:F3:72:4A:AB:94:27","sha256":"E7:AF:31:40:0B:59:D5:B3:32:9C:37:13:F5:35:8E:06:36:67:4D:FD:5A:6A:CD:46:CF:09:8C:3B:7C:E2:24:BA"}}},"request":{"raw":"GET /?src=sap1\u0026uid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.bumlam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nSet-Cookie: suuid3=IiRlODBjZDE4NC03MzU0LTExZjAtODZlMC0wMDI1OTBjMDY0N2M*; Path=/; Expires=Wed, 02 Aug 2045 06:08:15 GMT; Domain=bumlam.com; SameSite=None; Secure\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nLocation: //sync.bumlam.com/?src=sap1\u0026s_data=CAIQARjPhdHEBmIgMDYwMDAwN0ZDRTQyOTQ2ODIzMDE0Rjk5MDI5M0I1NTKiARDoDNGEc1QR8IbgACWQwGR8\r\nETag: e80cd184-7354-11f0-86e0-002590c0647c\r\nCache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":4,"connect":25,"send":0,"wait":42,"receive":0,"ssl":110},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vak345.com/s.js?v=4b9e9f8a5456f3d3f097a92cdd8ec336","fqdn":"vak345.com","domain":"vak345.com","tld":"com"},"ip":{"addr":"87.242.104.43","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vak345.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 17:45:27 GMT","end":"Thu, 30 Oct 2025 17:45:26 GMT"},"fingerprint":{"sha1":"B9:7C:3A:DC:DE:01:2D:7C:9D:C6:3F:02:C0:CA:1B:0A:46:ED:90:03","sha256":"CB:AC:06:11:55:51:91:7F:E1:24:EB:DF:FB:71:51:A6:CE:EB:7D:8C:96:33:6C:72:24:22:4E:ED:3D:62:39:0B"}}},"request":{"raw":"GET /s.js?v=4b9e9f8a5456f3d3f097a92cdd8ec336 HTTP/1.1\r\nHost: vak345.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\nvary: Accept-Encoding\r\nx-raw: \r\nx-build: 42666c3f\r\nx-host: nginx4\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24878,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (24878), with no line terminators","md5":"40f3aaa843659973596ebe649ec9acd2","sha1":"fa4e06f5660f8251e10ddfa8dea0a3bfff6effe0","sha256":"79724190d47e3ff332e2fc9b07b26b151d00bc4869825950a2e5336c993bd55a","sha512":"453c261b8adfcce21d7e8a8e24c42e7ca92520b76524d4295856821567b7df7f1dc437796a653e16363703e30e56b0f515b3b5654014e163057fc3eed8436ba0","ssdeep":"768:E4gj8m4M2LpG+9BTl1OvaF/0a+EbFKm7awn8uPm+beS05FI8x2WM4BvxUofG5YiH:NFEVdFIeDR5iHjKxo","tlshash":"6bb2509225d4b4a947b317b7620ef2c6e02a5cede4440edeb30cf9a4f198503fba9571","first_seen":"2025-08-07T06:08:50.979306Z","last_seen":"2025-08-07T06:08:50.979306Z","times_seen":1,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":117,"dns":26,"connect":38,"send":0,"wait":31,"receive":0,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/css/img/pluso/sprite.png?1","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /css/img/pluso/sprite.png?1 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libbb.yotor.ru/css/pluso.css?12s5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 259091\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=LGWS1xRJhrfgi6KPPLGF5eCZtTG%2Bt%2BAOgBKfJ7oR3shxyPWeTQi8prbLqU4gP3oSd5Hoa%2BTWwiHos7PtDeUbmxkGYdQWEytvZ78JHmYyGLceds0LLfHJkHsBAYqqXa5dOg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Tue, 14 Apr 2015 04:47:19 GMT\r\netag: \"3f413-513a7eced63c0\"\r\naccept-ranges: bytes\r\nage: 2875\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\ncf-ray: 96b49923c9ef0b65-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1729\u0026min_rtt=554\u0026rtt_var=1427\u0026sent=383\u0026recv=529\u0026lost=0\u0026retrans=0\u0026sent_bytes=25312\u0026recv_bytes=29631\u0026delivery_rate=329160\u0026ss_exit_cwnd=14896\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=5783e9267c46b1c9\u0026ts=1028\u0026inflight_dur=42\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":259091,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1120 x 520, 8-bit/color RGBA, non-interlaced","md5":"b41edc2ebadcc210059384019530364b","sha1":"53bf7e638084d5d3edb78be83d3a8dd8b318562b","sha256":"59dd7e1dce6b861ded439efde90acabebbe955f48f96c990abdd471af1b5f026","sha512":"42c90b4aa24f7ec95780ffcff3c70143dd38f19bb983591149cf9e4f8e9e1d70dab090a5df37f2becc12cc6a8a2b9f6312712272e7e6de7c5dafbfb3b3b0c43f","ssdeep":"6144:xTbFOPiFwrmO8FTYw8sb/RIbDygZKd29m7/+je9G:xTb46Fwr+38s/RU+a","tlshash":"884422ce2c5c690c3fbc76051b9b5798a6d9981bb02089b2e4beb1b3d122f5d3d131d5","first_seen":"2023-06-17T11:09:52Z","last_seen":"2026-03-29T07:13:34.346326Z","times_seen":48,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/chimichanga/galets.js","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/under_desc/","date":"2025-08-07T06:08:13.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"123tt.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 23:16:34 GMT","end":"Tue, 09 Sep 2025 00:11:23 GMT"},"fingerprint":{"sha1":"33:C9:E3:85:7A:15:06:3B:6A:7F:B8:0B:01:6F:F7:BF:9A:88:7A:26","sha256":"57:7C:B3:AF:43:E6:6E:D8:E5:72:3D:6A:C5:E0:6C:6A:DF:DC:57:D9:48:DB:03:B8:C7:0F:0F:99:D0:F2:75:03"}}},"request":{"raw":"GET /chimichanga/galets.js HTTP/1.1\r\nHost: 6-wbpbqewx.123tt.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/kimjongun/under_desc/\r\nCookie: korjik_test=1; crackers_days=1; crackers_visited=1; crackers_time_visited=1754546891; crackers_views=1; somechange_js_korjik=1; t_e4719dd21a=1; rocketteam_counter=1; pokemoky_counter=1; jassyandjames_rand=2; poke_counter_up=Thu%2C%2007%20Aug%202025%2018%3A08%3A13%20GMT; poke_counter=1; _ma=29290dc5-7ba6-4e37-a05b-6b0576ed0eee\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 604\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 13 Sep 2022 10:15:43 GMT\r\netag: \"601-5e88c4b7b71c0-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NQkzln8QqB3f8osnXKTBsOs7Xed64IH5ls%2FKE23XEickSx2N5d%2BLSjUVO%2FyXrfHWwMN%2FtYE%2BftGnpNMFRrd7Z8RtivqeogZiAPP1p%2FHHcDWz\"}]}\r\naccess-control-allow-origin: chrome-extension://pmlihfbibgfoklgdkkeipenneifojopk\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: office, content-type, Content-Type, Accept, x-requested-with\r\naccess-control-allow-methods: GET, OPTIONS, POST\r\ncf-ray: 96b4992709b556c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1537,"size_decoded":0,"mime_type":"text/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"37607a50e5c3055c37745b8a8523f5fe","sha1":"b65d14449e609c6ecffbc73e17aa2f05b0acf210","sha256":"7462330295488346f30edebf0a6d2e847eb2cc135e7d735310504e128217db6a","sha512":"0a652beb49d0e1bf408a0f7428ecc0bc793ed261a18acc641b7deda39226133cb67fa2978b9fc5329d5bd2f8f85a9eb07c66608a1e1e639c170c2ea04a0ae0f8","ssdeep":"","tlshash":"31318e98359e701d918423467a7510deac3ce7b102db91bce5deb472609081b8e3d9f6","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.367557Z","times_seen":59,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/dsp/sape-banner?set_buzzoola_cookie=t\u0026uid=0600007FCE42946823014F990293B552\u0026url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D126","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.71","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Mon, 23 Sep 2024 00:00:00 GMT","end":"Mon, 29 Sep 2025 23:59:59 GMT"},"fingerprint":{"sha1":"AD:3D:5A:FB:EA:0C:06:C6:DD:3E:69:73:36:2A:74:3B:95:70:1E:67","sha256":"73:D5:51:B5:32:C9:CE:3F:65:12:83:12:96:96:39:A9:AD:83:3D:BB:9B:DD:F5:77:84:D8:C9:2A:75:F5:D4:48"}}},"request":{"raw":"GET /cookiesync/dsp/sape-banner?set_buzzoola_cookie=t\u0026uid=0600007FCE42946823014F990293B552\u0026url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D126 HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uuid=687fc80e-a16d-4a39-6602-a6eb00f5b525\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 156\r\nlocation: https://mc.acint.net/rmatch?dp=126\u0026euid=687fc80e-a16d-4a39-6602-a6eb00f5b525\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D126\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/rmatch?dp=261\u0026euid=c855bde2-bdd3-499b-9b32-bd9e0d953c17\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D261","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?dp=261\u0026euid=c855bde2-bdd3-499b-9b32-bd9e0d953c17\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D261 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://mc.acint.net/cmatch?dp=261\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/bbackgr.png","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/bbackgr.png HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://libbb.yotor.ru/parse/s.rutor.org/css.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 2859\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=BdM5aREYWebtD1%2FBLwTwR49Q%2BSJttCmAYIZgAPTU3%2Fwsm5VXG%2BHZswnSMO5IRg%2B8CzbahaT%2BJnm0zUpVE8gHV2ZoEV2LpGtuM1SpoCxeHkp97Nn%2F8HQEAf34Uf6DtMlcTA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"b2b-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 726850\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\ncf-ray: 96b49923d9f10b65-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1729\u0026min_rtt=554\u0026rtt_var=1427\u0026sent=386\u0026recv=529\u0026lost=0\u0026retrans=0\u0026sent_bytes=28579\u0026recv_bytes=29631\u0026delivery_rate=329160\u0026ss_exit_cwnd=14896\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=5783e9267c46b1c9\u0026ts=1029\u0026inflight_dur=42\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2859,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2 x 30, 8-bit/color RGB, non-interlaced","md5":"556ed9fbc3543fde2370f99c737be049","sha1":"420c334349f796ee85f261bed6753719221a2fe9","sha256":"a682fdf55d12206673fd39d71e37893badd8286e7c511dfa95e05c0b509b9618","sha512":"c2d94bfae7bc0ab871aeec53c18df1920d14985c28fb85a7ba3871c727ff5660cb5be4a5624168ee16998a7213c9bcd6a907c1fee32bdacacaa3161621c2afb1","ssdeep":"","tlshash":"a7518caf8970b08f78dd79520dcd4202e36c227c8a67373890c269cf4492e47af2a0b5","first_seen":"2023-05-21T11:00:05Z","last_seen":"2026-03-29T07:13:34.378846Z","times_seen":113,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cmr.bidderstack.com/skyadvert/cm?user_id=723d667b-2b9a-b6da-af71-288b0d948408","fqdn":"cmr.bidderstack.com","domain":"bidderstack.com","tld":"com"},"ip":{"addr":"185.149.242.234","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bidderstack.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 26 Dec 2024 14:42:05 GMT","end":"Wed, 14 Jan 2026 11:07:44 GMT"},"fingerprint":{"sha1":"D3:CF:38:0C:FA:18:1C:F8:E8:E3:18:35:3E:3D:E6:82:B4:44:12:C1","sha256":"C6:91:A1:27:F0:56:52:64:73:25:39:60:8B:AA:DA:0C:92:DF:DD:2B:3C:50:92:0B:D8:7F:AF:F4:5B:3C:A8:79"}}},"request":{"raw":"GET /skyadvert/cm?user_id=723d667b-2b9a-b6da-af71-288b0d948408 HTTP/1.1\r\nHost: cmr.bidderstack.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Angie\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 44\r\nConnection: keep-alive\r\nx-from: nrr-3\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"C","description":"C is a general-purpose, procedural computer programming language supporting structured programming, lexical variable scope, and recursion, with a static type system.","website":"https://www.open-std.org/jtc1/sc22/wg14/","common_platform_enumeration":"","icon":"C.png","categories":["Programming languages"]},{"name":"Perl","description":"Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.","website":"https://perl.org","common_platform_enumeration":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*","icon":"Perl.png","categories":["Programming languages"]},{"name":"Angie","description":"Angie is a drop-in replacement for the Nginx web server aiming to extend the functionality of the original version.","website":"https://angie.software/en/","common_platform_enumeration":"","icon":"default.svg","categories":["Web servers"]}],"data":{"size":44,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"f9d60352c70a2ba15616d1c9421f3844","sha1":"e9abc8bea7721a4b6a50295850d13c515006a95c","sha256":"82cb517a8f80c91dfcec543c6d140deb3baaf463ea9e77655475096eba7bc7d9","sha512":"c236b22bcd48790ff970b8bc566061eae734e0d34c1a68cd8d6160415303e0b0b51fe5780fafe7349cf71cb10089c9f322495267eee019cc63f879727263df4b","ssdeep":"","tlshash":"49900003eb80c002c2a2c0300e0ccb802b88b030ae28030fb0fc3baeec3a3a20c23000","first_seen":"2023-04-06T18:33:49Z","last_seen":"2026-04-05T10:49:20.977264Z","times_seen":4258,"resource_available":false,"data":null}},"time_used":624,"timings":{"blocked":275,"dns":13,"connect":64,"send":0,"wait":56,"receive":0,"ssl":206},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp-statistics.dsp.nt.technology/api/cookie-sync/eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJSVEIgU2FwZV8xNzM4MDUyODgwODQ3In0.rWWFhvjxIbuujG1GTFwQklSMJiKgptBwYzz4p8BSesmEm5CqjbMhkVs5mVteVVlfMbT4wiTf22YGI6HFl8Snrw/sync?sspUserId=0600007FCE42946823014F990293B552\u0026r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D368%26euid%3D%24%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D368","fqdn":"ssp-statistics.dsp.nt.technology","domain":"nt.technology","tld":"technology"},"ip":{"addr":"54.76.133.2","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dsp.nt.technology","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Wed, 15 Jan 2025 00:00:00 GMT","end":"Fri, 13 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C2:37:6A:CC:E8:44:B1:19:D2:4B:0D:0B:C2:32:F7:6E:7F:4B:49:3E","sha256":"D6:68:84:30:34:51:0A:CA:62:C7:16:62:E6:3B:C7:B0:BF:04:97:03:A7:C8:87:B8:32:98:C7:1B:2B:BE:80:75"}}},"request":{"raw":"GET /api/cookie-sync/eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJSVEIgU2FwZV8xNzM4MDUyODgwODQ3In0.rWWFhvjxIbuujG1GTFwQklSMJiKgptBwYzz4p8BSesmEm5CqjbMhkVs5mVteVVlfMbT4wiTf22YGI6HFl8Snrw/sync?sspUserId=0600007FCE42946823014F990293B552\u0026r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D368%26euid%3D%24%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D368 HTTP/1.1\r\nHost: ssp-statistics.dsp.nt.technology\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-length: 0\r\nlocation: https://acint.net/rmatch?dp=368\u0026euid=NT_2_0600007FCE42946823014F990293B552_825962002165438_xddDho\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D368\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1 ; mode=block\r\nreferrer-policy: no-referrer\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":495,"timings":{"blocked":-1,"dns":17,"connect":47,"send":0,"wait":39,"receive":0,"ssl":381},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adlook.tech/sync?ssp=895","fqdn":"a.adlook.tech","domain":"adlook.tech","tld":"tech"},"ip":{"addr":"104.21.57.83","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"adlook.tech","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 03 Jul 2025 19:11:54 GMT","end":"Wed, 01 Oct 2025 20:09:22 GMT"},"fingerprint":{"sha1":"44:0D:7A:F1:AE:54:10:72:02:BA:E6:C2:78:3C:60:6A:7B:6D:CF:B4","sha256":"CE:F4:C2:52:9D:74:AA:86:55:4D:3B:6F:3F:4B:65:4E:43:61:AA:71:CE:F6:07:8F:47:2C:56:77:2D:04:B4:E2"}}},"request":{"raw":"GET /sync?ssp=895 HTTP/1.1\r\nHost: a.adlook.tech\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oR4%2FnSnF5Ve%2FpA8kwzEzJmSwHlkCYAXzxD8y%2BfYjhjfx0tuPRdscf9cI%2FZHKvAedFXtiu8F0WuxiLbVCp%2FX6sSELsJazoVAI4pIm\"}]}\r\nset-cookie: preadlook=1; SameSite=None; Secure; Path=/; Domain=adlook.tech; Expires=Sat, 06 Sep 2025 09:08:16 GMT\r\ncf-ray: 96b49933dfa20b3d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":445,"timings":{"blocked":27,"dns":14,"connect":8,"send":0,"wait":156,"receive":0,"ssl":234},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.acint.net/rmatch?dp=126\u0026euid=687fc80e-a16d-4a39-6602-a6eb00f5b525\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D126","fqdn":"mc.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?dp=126\u0026euid=687fc80e-a16d-4a39-6602-a6eb00f5b525\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D126 HTTP/1.1\r\nHost: mc.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://mc.acint.net/cmatch?dp=126\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sp.ohmy.bid/cmf?0.34964205666760306","fqdn":"sp.ohmy.bid","domain":"ohmy.bid","tld":"bid"},"ip":{"addr":"37.0.127.200","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ohmy.bid","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 15:12:54 GMT","end":"Sat, 18 Oct 2025 15:12:53 GMT"},"fingerprint":{"sha1":"AE:15:A3:A4:41:D3:DA:E5:B7:41:38:D6:C9:5B:70:83:47:0B:5B:C8","sha256":"0E:15:23:C8:20:5B:EE:67:6D:A1:5C:CE:0E:A4:E3:41:59:F4:F6:58:3C:C3:7B:8A:CD:2F:21:D5:DD:A6:08:AB"}}},"request":{"raw":"GET /cmf?0.34964205666760306 HTTP/1.1\r\nHost: sp.ohmy.bid\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nBidder: bid-17 1.2104.4452ce78\r\nLocation: /cmft\r\nSet-Cookie: uid=98585537-2050-4d71-a9a4-acd6931ac979.689442ce.dae9e882cc3bd006; domain=.ohmy.bid; path=/; expires=Sat, 06-Sep-2025 06:08:14 GMT; SameSite=None; Secure;\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2149,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":19,"connect":56,"send":0,"wait":55,"receive":0,"ssl":153},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sp.linkssp.ru/cm?key=edc11c69abfc708136ed44d548263e69\u0026location=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D394%26euid%3D%7Buid%7D%0A","fqdn":"sp.linkssp.ru","domain":"linkssp.ru","tld":"ru"},"ip":{"addr":"188.246.224.210","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.linkssp.ru","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Mon, 19 May 2025 10:58:08 GMT","end":"Sun, 17 Aug 2025 10:58:07 GMT"},"fingerprint":{"sha1":"35:13:0F:47:EA:94:CB:99:DC:43:0B:D6:55:1D:E9:A2:6D:BB:29:A3","sha256":"40:CF:09:DF:51:73:F5:31:19:64:84:66:05:B5:EA:0A:14:71:0E:62:0A:CD:8B:43:55:B5:8C:9C:4E:68:8E:B7"}}},"request":{"raw":"GET /cm?key=edc11c69abfc708136ed44d548263e69\u0026location=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D394%26euid%3D%7Buid%7D%0A HTTP/1.1\r\nHost: sp.linkssp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nBidder: bid-04 1.304.36ed9db\r\nLocation: https://mc.acint.net/match?dp=394\u0026euid=db88453e-ac61-4a2c-885d-6fdd6cc874ac\r\nSet-Cookie: uid=db88453e-ac61-4a2c-885d-6fdd6cc874ac.689442d0.36e447dbe10dbd19; domain=.linkssp.ru; path=/; expires=Sat, 06-Sep-2025 06:08:16 GMT; SameSite=None; Secure;\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":473,"timings":{"blocked":-1,"dns":14,"connect":62,"send":0,"wait":61,"receive":0,"ssl":330},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/t/arrowup.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/t/arrowup.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 52\r\ncf-ray: 96b4991d3f1d569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"34-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 3105\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=CTkYmwozht0gVKgCq%2F0%2F%2BpzOxlmvB7rsCbcX9i4jcNBdPW53VsGzDEkD%2F1qchcjGjnTaY3N6AtHYU3OSUQd4pCCvWDll5RRcPIFkWUVfovD%2BhNAWP3aSfbaZFUvxF24Uyw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=57\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=50814\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=5798\u0026cid=b8662fcef48bfa2a\u0026ts=108\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 5 x 8","md5":"7cbfc089fd0b0d261187a0c1ef0826af","sha1":"1583fd0ccdd6a7dcb24ef670761ab01387cf87cf","sha256":"b88cfd011c972f65586f207621005b8b3336773a252e2a309ddbd9b7dda7b8b9","sha512":"0cab267c42446b8d4fcf6d660e4e538c891a45c4e19592dd2048e803d1b5b22b07a644ec1d7828b6c05a0ce58e0dbf756c106fd63c9ccc737cee16131c063d7d","ssdeep":"","tlshash":"1d900400f5d4d001d0377075477f43703d07c307051503431035110c5f541753143571","first_seen":"2023-05-13T07:55:03Z","last_seen":"2026-04-01T09:23:20.273855Z","times_seen":340,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":59,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/com.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/com.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 295\r\ncf-ray: 96b4991d5f43569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"127-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 83877\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=tVLA%2Fk0VjZVNj2NpMvieyf9KqlI%2BDpsLHFak22uVTFcZgvNM12GBdow%2FKq4%2FxA4jfgVakhTv4O8lzy8UP26al6ZRW83ngpIRtMUlJqiuWCf6YgG5%2FzmX4ueLH41dQ65vbg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1103\u0026min_rtt=431\u0026rtt_var=917\u0026sent=88\u0026recv=36\u0026lost=0\u0026retrans=1\u0026sent_bytes=86521\u0026recv_bytes=2769\u0026delivery_rate=5537284\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=124\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":295,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 11 x 9","md5":"e91f48c29a8f6285ade898585e58f8ad","sha1":"c171b970bbdb33210c1e9714bc7fa96e42bdb0bf","sha256":"30bacf9c5db02b0b5fdbe670c15301ec8231d2e526ab20ea5f8dfb8692e02f17","sha512":"43844fd130cb484f8641493014e56fd8aa45077b53def7f2d516341e54633b590923f599e4d76e088be6f546dc8796b4f2afba7cbe4292915ec4ed60b9ef9aa7","ssdeep":"","tlshash":"7fe023018346904ed4c5c0fd0c6cf3182f823582927c55cbe608200c03020204040741","first_seen":"2023-05-13T07:55:03Z","last_seen":"2026-04-01T09:23:20.263351Z","times_seen":322,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":76,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=hpr\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=hpr\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://cmr.bidderstack.com/skyadvert/cm?user_id=723d667b-2b9a-b6da-af71-288b0d948408\r\nset-cookie: sky_uuid=723d667b-2b9a-b6da-af71-288b0d948408; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.vqserve.com/match/stream","fqdn":"sync.vqserve.com","domain":"vqserve.com","tld":"com"},"ip":{"addr":"80.93.187.134","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vqserve.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 02 Oct 2024 00:00:00 GMT","end":"Thu, 02 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D7:B2:A2:51:6C:19:09:65:AB:29:3E:C2:8A:42:8E:E5:56:AE:46:1C","sha256":"49:60:7F:53:21:01:5B:49:B4:7F:C6:16:AA:70:4C:F9:25:EC:4F:C1:46:B8:ED:C7:C8:4F:AA:34:0D:6C:C1:BA"}}},"request":{"raw":"GET /match/stream HTTP/1.1\r\nHost: sync.vqserve.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.27.4\r\nDate: Thu, 07 Aug 2025 06:08:14 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https://sm.rtb.mts.ru/p?ssp=viqeo\u0026id=A1TGS2doidPqoJGVUWT74Z9aXd\r\nSet-Cookie: rid=A1TGS2doidPqoJGVUWT74Z9aXd; expires=Sat, 06 Sep 2025 06:08:14 GMT; domain=adx.bid; path=/; HttpOnly; secure; SameSite=None\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.27.4","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":643,"timings":{"blocked":283,"dns":8,"connect":54,"send":0,"wait":54,"receive":0,"ssl":237},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsn.24smi.net/smi.js","fqdn":"jsn.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/under_desc/","date":"2025-08-07T06:08:13.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.24smi.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 12:16:56 GMT","end":"Mon, 22 Sep 2025 12:16:55 GMT"},"fingerprint":{"sha1":"8E:C9:F0:9A:F3:A2:9C:57:A6:BA:EA:93:07:93:78:6B:B3:89:EC:B5","sha256":"85:69:6C:70:8D:71:10:1C:DB:51:9C:4B:53:9E:F4:DC:8C:02:10:D6:52:BB:B5:0C:C2:6F:A4:39:6E:69:85:41"}}},"request":{"raw":"GET /smi.js HTTP/1.1\r\nHost: jsn.24smi.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 31 Jul 2025 08:26:17 GMT\r\netag: W/\"688b28a9-1a620\"\r\nexpires: Thu, 07 Aug 2025 06:18:13 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=0\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108064,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b4ba6035f650dda50dbd3ba367e03dbb","sha1":"0384ec281fc67ec906eeb10b75daf9ff2df40a8a","sha256":"9a7ce92d40730fd8da81d7108f05d988bd9b87cbf14e75484e9be3fa5087c8da","sha512":"2a97564449ce215cb01c4f7fb905588902875b348fcecbc6905eab7ccd4f8d0e997726d6c58ab085c642e678212c33c1831db337c62774f822e6771cca7f3b1e","ssdeep":"1536:BRSu24xbb5suVmDmkR5MgiQ5rra/Qfh00sHqnJk8/DSdCItiWs:BR1PS00sHqJX/DCCVX","tlshash":"abb3d88c7d85f42a43d361f1807f054fb2372e1d688d6550e2aad8e53eb884d612bfad","first_seen":"2025-08-03T08:36:22.377769Z","last_seen":"2025-08-12T06:34:34.474459Z","times_seen":3,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kimberlite.io/rtb/sync/ohmybid","fqdn":"kimberlite.io","domain":"kimberlite.io","tld":"io"},"ip":{"addr":"37.0.127.92","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sp.ohmy.bid/cmft","date":"2025-08-07T06:08:16.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kimberlite.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 03 Mar 2025 10:28:30 GMT","end":"Sat, 04 Apr 2026 10:28:29 GMT"},"fingerprint":{"sha1":"D5:F7:CA:61:DC:40:4D:B7:43:BC:F1:6F:13:3A:45:A0:D0:53:09:FA","sha256":"BD:79:98:BE:D4:24:4A:51:5B:6D:A8:A1:58:2B:4E:1D:6B:90:66:40:1F:2C:E3:4A:C4:9F:7E:A3:A2:F6:79:12"}}},"request":{"raw":"GET /rtb/sync/ohmybid HTTP/1.1\r\nHost: kimberlite.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sp.ohmy.bid/\r\nCookie: n=1; sm=QgBolELO; da=KLqvcgAAAAFnkJYmAAAAAQ; u=aJRCzuiMv9Y~ZbJn6r51RlGWkng-ak3cLTg-qwU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\ncache-control: no-store\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nset-cookie: da=kFeECwAAAAFnkJYmAAAAASi6r3IAAAAB; path=/rtb; max-age=604800; samesite=none; httponly; secure\nf=https%3A%2F%2Fmatch.ohmy.bid%2Fcm%3Fdsp_id%3D83%26uid%3DaJRCzuiMv9Y; max-age=30; samesite=none; httponly; secure\nn=2; max-age=30; samesite=none; httponly; secure\r\nlocation: https://sync.dsp.solta.io/match/kimberlite?id=aJRCzuiMv9Y\r\nreferrer-policy: no-referrer\r\nserver-timing: app;srv=s13a;dur=0.0006\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mediatoday.ru/c/m.gif?s=32\u0026id=366\u0026reference=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D366%26euid%3D%7Bvisitor_id%7D","fqdn":"mediatoday.ru","domain":"mediatoday.ru","tld":"ru"},"ip":{"addr":"194.186.91.198","port":443,"asn":3216,"as":"PVimpelCom","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mediatoday.ru","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 May 2025 21:36:14 GMT","end":"Tue, 12 Aug 2025 21:36:13 GMT"},"fingerprint":{"sha1":"90:68:45:C0:72:AE:6F:3B:29:E7:54:04:04:FC:5E:F7:5E:BC:BD:24","sha256":"30:C8:C7:59:56:13:D8:A7:AA:F3:A1:AB:22:00:FF:2B:62:78:AC:38:CB:7A:F8:FB:49:81:21:A8:F1:A3:A4:0B"}}},"request":{"raw":"GET /c/m.gif?s=32\u0026id=366\u0026reference=https%3A%2F%2Fmc.acint.net%2Fmatch%3Fdp%3D366%26euid%3D%7Bvisitor_id%7D HTTP/1.1\r\nHost: mediatoday.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-length: 124\r\ncache-control: no-cache, max-age=0, must-revalidate, no-store\r\npragma: no-cache\r\nexpires: Thursday, 01-Jan-1970 00:00:00 GMT\r\nset-cookie: idntfy=VUnZUsbWsOWu9RE; expires=Sun, 05-Aug-2035 06:08:15 GMT; domain=mediatoday.ru; path=/c/; SameSite=None; Secure\nidntfy=VUnZUsbWsOWu9RE; expires=Sun, 05-Aug-2035 06:08:15 GMT; domain=mediatoday.ru; path=/core/; SameSite=None; Secure\r\nlocation: https://mc.acint.net/match?dp=366\u0026euid=VUnZUsbWsOWu9RE\r\nalt-svc: h3=\":443\"; ma=86400,h3-29=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":-1,"dns":8,"connect":66,"send":0,"wait":81,"receive":0,"ssl":167},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dsp.solta.io/match/kimberlite?id=aJRCzuiMv9Y","fqdn":"sync.dsp.solta.io","domain":"solta.io","tld":"io"},"ip":{"addr":"217.199.220.72","port":443,"asn":61400,"as":"Start LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sp.ohmy.bid/cmft","date":"2025-08-07T06:08:16.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dsp.solta.io","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 04 Aug 2025 11:49:51 GMT","end":"Sat, 05 Sep 2026 11:49:50 GMT"},"fingerprint":{"sha1":"47:08:04:35:5D:1F:29:FE:9D:B8:04:FB:41:AA:98:1C:B3:95:76:78","sha256":"F4:28:D6:EC:60:7B:5B:18:1C:90:EA:96:70:90:94:81:60:02:76:08:87:8B:89:2E:6B:35:EB:89:97:42:D1:75"}}},"request":{"raw":"GET /match/kimberlite?id=aJRCzuiMv9Y HTTP/1.1\r\nHost: sync.dsp.solta.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-07T06:08:11.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"123tt.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 23:16:34 GMT","end":"Tue, 09 Sep 2025 00:11:23 GMT"},"fingerprint":{"sha1":"33:C9:E3:85:7A:15:06:3B:6A:7F:B8:0B:01:6F:F7:BF:9A:88:7A:26","sha256":"57:7C:B3:AF:43:E6:6E:D8:E5:72:3D:6A:C5:E0:6C:6A:DF:DC:57:D9:48:DB:03:B8:C7:0F:0F:99:D0:F2:75:03"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 6-wbpbqewx.123tt.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 20748\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: office, content-type, Content-Type, Accept, x-requested-with\r\naccess-control-allow-methods: GET, OPTIONS, POST\r\naccess-control-allow-origin: chrome-extension://pmlihfbibgfoklgdkkeipenneifojopk\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0WluKffXJT92QXjTrGGP4pMYz53xqc9uFBkAa2eZ3R2P0dgSWlb%2BxiSMV0TqeFYsl8bjAcFXBYlmrrkGhwpK6726OlHkx5ISujmxlXcAIGcP\"}]}\r\nset-cookie: korjik_test=1; Path=/; Domain=6-wbpbqewx.123tt.ru\ncrackers_days=1; Path=/; Max-Age=31104000; Expires=Sun, 02 Aug 2026 06:08:11 GMT\ncrackers_visited=1; Path=/; Max-Age=86400; Expires=Fri, 08 Aug 2025 06:08:11 GMT\ncrackers_time_visited=1754546891; Path=/; Max-Age=72000; Expires=Fri, 08 Aug 2025 02:08:11 GMT\ncrackers_views=1; Path=/; Max-Age=72000; Expires=Fri, 08 Aug 2025 02:08:11 GMT\r\ncf-ray: 96b499192ca85691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":134140,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (55505), with CRLF, CR, LF line terminators","md5":"61df96b47e338ed7b12b61fd80e1afba","sha1":"9ec7d72d926ed01702225d7d3244e7f5a701edd2","sha256":"45278218890e6fdac3442dcb8f533fa81cc5beaee54d3a3b7d7c5beff7b0388c","sha512":"9558932ae43327931a5e0e3c81d8d9a10f337b033676d890f9ed02280b42f37b4b39aac5b1d38a8c719f2e72b9b20ece2f2211ab54e172df052aa0d74e9194cf","ssdeep":"3072:2grzFeeiQe7eoDHTqA8cskyP+4LtOqkkR2F0MK5hiG1Uv24/dqAQE92Hjqrk/tlJ:2grzFeeiQe7eoDHTR8cskyP+4LtOqkkL","tlshash":"b0d3139a80c345b723c261d0e9153e66edd314bfd1b10906e9ff26aaf985eecef42114","first_seen":"2025-08-07T06:08:50.983525Z","last_seen":"2025-08-07T06:08:50.983525Z","times_seen":1,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":28,"dns":1,"connect":1,"send":0,"wait":160,"receive":48,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=otclkbid\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=otclkbid\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://otclick-adv.ru/core/match.gif?s=30\u0026reference=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dotclkbid%26bid%3D%23%7BUID%7D\r\nset-cookie: sky_uuid=1e43dc23-8551-7763-ed31-fc1fd993cd96; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adx.com.ru/sync/init/skyadvert-banner-rtb?uid=41398fa6-5923-6e62-f768-ffc6ff8a6773\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dplzkrt%26bid%3D%7Buserid%7D","fqdn":"adx.com.ru","domain":"adx.com.ru","tld":"com.ru"},"ip":{"addr":"83.222.105.118","port":443,"asn":42632,"as":"MnogoByte LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adx.com.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 20 Jun 2025 13:13:33 GMT","end":"Wed, 22 Jul 2026 13:13:32 GMT"},"fingerprint":{"sha1":"0F:34:EC:CE:BC:17:E9:5F:83:40:15:65:EF:68:EC:37:03:9C:C8:9C","sha256":"87:20:22:42:36:6F:88:B8:4D:D7:3A:11:7B:17:9F:56:7B:CD:5A:0C:00:F3:42:3C:BE:28:DE:11:8E:AD:F5:FE"}}},"request":{"raw":"GET /sync/init/skyadvert-banner-rtb?uid=41398fa6-5923-6e62-f768-ffc6ff8a6773\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dplzkrt%26bid%3D%7Buserid%7D HTTP/1.1\r\nHost: adx.com.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.26.3\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.26.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":6,"connect":68,"send":0,"wait":56,"receive":0,"ssl":176},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"otclick-adv.ru/core/match.gif?s=56\u0026reference=https%3A%2F%2Fmc.acint.net%2Fmatch%2F%3Fdp%3D361%26euid%3D%23%7BUID%7D","fqdn":"otclick-adv.ru","domain":"otclick-adv.ru","tld":"ru"},"ip":{"addr":"139.45.228.133","port":443,"asn":57304,"as":"JSC RetnNet","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.otclick-adv.ru","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Jun 2025 17:12:12 GMT","end":"Tue, 16 Sep 2025 17:12:11 GMT"},"fingerprint":{"sha1":"82:3B:8D:57:59:5E:94:AB:01:1E:CC:AC:48:8F:CE:60:DB:FD:94:56","sha256":"E7:C2:EC:9D:64:5E:B9:9C:7D:BA:75:B7:CC:CA:80:9D:3B:D0:4A:3D:DF:3E:DF:03:CC:02:8E:02:E5:22:CB:D2"}}},"request":{"raw":"GET /core/match.gif?s=56\u0026reference=https%3A%2F%2Fmc.acint.net%2Fmatch%2F%3Fdp%3D361%26euid%3D%23%7BUID%7D HTTP/1.1\r\nHost: otclick-adv.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nCookie: idntfy=VUlIRVup0AuRYc9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Length: 124\r\nConnection: keep-alive\r\nP3P: policyref=/w3c/p3p.xml, CP=NON CUR ADM DEV PSA PSD OUR IND UNI NAV INT STA\r\nCache-Control: no-cache, max-age=0, must-revalidate, no-store\r\nPragma: no-cache\r\nExpires: Thursday, 01-Jan-1970 00:00:00 GMT\r\nLocation: https://mc.acint.net/match/?dp=361\u0026euid=VUlIRVup0AuRYc9\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.acint.net/mc/?dp=167","fqdn":"www.acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /mc/?dp=167 HTTP/1.1\r\nHost: www.acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/html\r\nset-cookie: cSyncDp14v6=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp17v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp45v5=1754546894; expires=Fri, 08-Aug-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp53v5=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp62v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp67v5=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp68v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp71v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp85v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp95v4=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp98v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp104v3=1754546894; expires=Thu, 21-Aug-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp107v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp125v4=1754546894; expires=Fri, 22-Aug-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp126v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp129v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp136v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp148v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp149v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp151v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp251v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp186v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp217v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp226v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp239v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp243v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp260v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp244v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp248v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp261v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp264=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp274=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp289v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp296v3=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp312v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp313v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp368v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp331v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp337v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp351v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp361v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp353v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp362v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp366v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp390v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp399v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp394v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp415v1=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp420v2=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp424=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp424=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp431=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\ncSyncDp433=1754546894; expires=Sat, 06-Sep-25 06:08:14 GMT; path=/; Secure; SameSite=None; domain=.acint.net\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9473,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (452), with CRLF, LF line terminators","md5":"25ce55a63750fb92f9a201a5275035c6","sha1":"bbb520ea5643b2ab28fa12a81f37148aa40ba4f5","sha256":"b10f58d389732d7ab19809c7c99dcd6f19d932e6fe736d08bbc84af3b26fa482","sha512":"94241b2e8fcda534b26090d25dfeb1458a77dbca5f11993ab9387c89f72d230b59d1c78a82103e94a7bec560aa7a12502b47c5499c92e8e21652b187e647af4a","ssdeep":"192:DFZBBbeZz5fRvLtJTxqvGDvivWHX/177XAMWTvhCvx0vNbQRkvTO:DFZBBbeZ9f5xJTxmGbcWHPl7wMChu2SN","tlshash":"ba12ee7385c65feb261bb7d1e35477c9a432120b2eeb184aee2e645332864bec4079c5","first_seen":"2025-08-07T06:08:50.984983Z","last_seen":"2025-08-07T06:08:50.984983Z","times_seen":1,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D14","fqdn":"ssp-rtb.sape.ru","domain":"sape.ru","tld":"ru"},"ip":{"addr":"193.3.184.217","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.sape.ru","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Jun 2025 23:43:00 GMT","end":"Sun, 07 Sep 2025 23:42:59 GMT"},"fingerprint":{"sha1":"08:60:43:B7:E2:55:22:75:33:FC:38:49:1D:E3:74:E1:DD:D1:70:6F","sha256":"86:6A:B8:7C:64:78:BE:EE:4B:DB:65:63:D1:4C:6B:0E:20:C6:17:B4:90:85:04:D2:86:E1:60:03:16:4D:32:21"}}},"request":{"raw":"GET /rmatch/?r=https%3A%2F%2Facint.net%2Frmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D14 HTTP/1.1\r\nHost: ssp-rtb.sape.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: openresty\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Type: text/html\r\nContent-Length: 142\r\nConnection: keep-alive\r\nP3P: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET\r\nLocation: https://acint.net/rmatch?dp=14\u0026euid=5603420ACF4294687B01E9A702681B93\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D14\r\nExpires: Wed, 19 Apr 2000 11:43:00 GMT\r\nCache-Control: private, no-cache, no-store, must-revalidate, max-age=0\r\nSet-Cookie: sspuid=CkIDVmiUQs+n6QF7kxtoApyjKPYF4eBTXogcAFaq4MsyM1NY; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.ssp-rtb.sape.ru; path=/; Secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":8,"connect":26,"send":0,"wait":34,"receive":1,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pix.bumlam.com/sync/sape/check?sspuid=0600007FCE42946823014F990293B552","fqdn":"pix.bumlam.com","domain":"bumlam.com","tld":"com"},"ip":{"addr":"31.172.81.160","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bumlam.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 06:16:05 GMT","end":"Sat, 18 Oct 2025 06:16:04 GMT"},"fingerprint":{"sha1":"63:39:BB:B3:0F:06:C3:B8:0F:8B:09:D7:EB:99:F3:72:4A:AB:94:27","sha256":"E7:AF:31:40:0B:59:D5:B3:32:9C:37:13:F5:35:8E:06:36:67:4D:FD:5A:6A:CD:46:CF:09:8C:3B:7C:E2:24:BA"}}},"request":{"raw":"GET /sync/sape/check?sspuid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: pix.bumlam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:15 GMT\r\nContent-Type: image/gif\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://www.acint.net\r\nAccess-Control-Allow-Credentials: true\r\nTiming-Allow-Origin: *\r\nCross-Origin-Resource-Policy: cross-origin\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0, proxy-revalidate, s-maxage=0\r\nPragma: no-cache\r\nExpires: 05-Jun-2005 22:00:00 GMT\r\nX-Xss-Protection: 0\r\nP3P: policyref=\"https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml\", CP=\"CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nLocation: https://sync.bumlam.com/?src=sape\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":12,"connect":32,"send":0,"wait":35,"receive":0,"ssl":106},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/grannypatries/s.css?9912s37","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /grannypatries/s.css?9912s37 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/css\r\ncontent-length: 2742\r\ncf-ray: 96b4991daf89569d-OSL\r\nlast-modified: Fri, 13 Jun 2025 17:53:56 GMT\r\netag: \"22e9-63777baddd500-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 63751\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=U3kPBb2rB2ha8vml2ikrhxYBwgd1T9rj9MDJc6cUahf7tkRReLTXgJxg10yZ77L03C5ytDe9MRJ3ysO94%2BKpXKLTn3eH0t%2F29XJjpe4s6c542UeO4DVS3IU95c5rrbYtbw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1639\u0026min_rtt=431\u0026rtt_var=1205\u0026sent=119\u0026recv=48\u0026lost=0\u0026retrans=1\u0026sent_bytes=109707\u0026recv_bytes=3305\u0026delivery_rate=14552763\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=172\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8937,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (493)","md5":"be5ffe5dcc2204b0de7154d859cd0349","sha1":"bfba1e2846755a90d2d313acbb7ea0d2d6c0738f","sha256":"648f3c45e59890c6a50825f8b4ea58e48abc5e7fa711850b1c9700545f69817a","sha512":"c65549f360307e5106e2c52df64ba674709fff6a11df9ffd1757b161eb9a23fe960abd4000854c241909de92c7d83d8e7dfb40ada5fb670a35ff5dcb0f775ce7","ssdeep":"192:Um1mWiWrzRXf64h4XPsWbPK49cFYhLoiWNWN5NPM9EQcbaa:Um1mNcz5f684UAPNaFYhUiaWN5NPMeQW","tlshash":"c0025542a7502189b11b81aabeee73f9363f40039f075dbb8a543678a74e39281751df","first_seen":"2025-06-23T14:43:08.389299Z","last_seen":"2026-03-29T07:13:34.375274Z","times_seen":19,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":150,"dns":16,"connect":21,"send":0,"wait":18,"receive":1,"ssl":89},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/southcentral/js.js?08","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /southcentral/js.js?08 HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-length: 1131\r\ncf-ray: 96b4991d3f03569d-OSL\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 227419\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nlast-modified: Mon, 04 Aug 2025 14:57:52 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Icecze9Gd9%2F27iPDg8qriKKOOjUu20s33uZucIgoEGL89zc6%2FnReS9dAMxB2EQXTIg4vHWuU1ssC3XjQh1D%2BhiGhIZoW4K%2BUziGKHbBAWsmu2Sv2XOPSWxUNbVVZoee3cg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=57\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=50814\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=24545\u0026cid=b8662fcef48bfa2a\u0026ts=109\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2898,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (869)","md5":"48f15eb2a5b8ee7b68b032c16d4f9ee8","sha1":"8797e04b9c5a05dc71c8aac4cc8b145ae6bde3e2","sha256":"6ede838c510b030a60f27b0e3466376607a480c6d0cab4e0d2f2f19d92d16af9","sha512":"2832b9fe25e789c3552227ac05c1c4672c27833784f468920a5f3520d6802bfb3302661cea000ec709e13dcf32ce0f52cd16e12109ddd3a9a41776047c1b82e3","ssdeep":"","tlshash":"2c510d4cf75de11c94d603857ead02ee387ca5233242852dfd5d6e606278c3a8a3cdb5","first_seen":"2023-03-08T19:46:28Z","last_seen":"2026-03-29T07:13:34.373332Z","times_seen":74,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":70,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/i/zaiti.gif","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/i/zaiti.gif HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/gif\r\ncontent-length: 3070\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=GndDxNk3rOvn%2BJSo1HAdjPQL9uvcsqT2SlZ%2FvxLCWXmtENGeS%2Bj2oHk0JDCCIi1mCQ%2BJDzitW%2F4lDjUoDCLxOYo9OJLcj%2Bw4YRQG%2FKTTMHg3s1uBkx%2FNRExNXtYAZWdGNA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"bfe-4f8f8b3aed540\"\r\naccept-ranges: bytes\r\nage: 1216295\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\ncf-ray: 96b49924aa0b0b65-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=1596\u0026min_rtt=0\u0026rtt_var=1971\u0026sent=600\u0026recv=610\u0026lost=0\u0026retrans=0\u0026sent_bytes=306819\u0026recv_bytes=33842\u0026delivery_rate=22283413\u0026ss_exit_cwnd=14896\u0026ss_exit_reason=2\u0026cwnd=21997\u0026unsent_bytes=0\u0026cid=5783e9267c46b1c9\u0026ts=1161\u0026inflight_dur=92\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3070,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 99 x 30","md5":"9815ec4cdd376b7d71df61b74a7ce6c6","sha1":"962c557ce627cc0332bc6ee175914946ff4bd2a1","sha256":"a1d3e2383ecd387242844341a7200834f5cf3517ab846f17d276a2adc0286421","sha512":"ec65c616a7adeb7b7c48d0c2ddcf2facde5c6ad0f67541a46c31a2ffbec424df42b468d9d7095959529eb9ce4694b89625f94e3cd78cdeb77413bc4c2fd0c036","ssdeep":"","tlshash":"d5515ec8a47b26dff21c467c5e95cbb51fe514c016b9ccb0a0d5371748560ec1129715","first_seen":"2023-05-10T15:46:50Z","last_seen":"2026-04-01T09:23:20.232838Z","times_seen":306,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/kimjongun/under_desc/","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"123tt.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 23:16:34 GMT","end":"Tue, 09 Sep 2025 00:11:23 GMT"},"fingerprint":{"sha1":"33:C9:E3:85:7A:15:06:3B:6A:7F:B8:0B:01:6F:F7:BF:9A:88:7A:26","sha256":"57:7C:B3:AF:43:E6:6E:D8:E5:72:3D:6A:C5:E0:6C:6A:DF:DC:57:D9:48:DB:03:B8:C7:0F:0F:99:D0:F2:75:03"}}},"request":{"raw":"GET /kimjongun/under_desc/ HTTP/1.1\r\nHost: 6-wbpbqewx.123tt.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: korjik_test=1; crackers_days=1; crackers_visited=1; crackers_time_visited=1754546891; crackers_views=1; somechange_js_korjik=1; t_e4719dd21a=1; rocketteam_counter=1; pokemoky_counter=1; jassyandjames_rand=2; poke_counter_up=Thu%2C%2007%20Aug%202025%2018%3A08%3A13%20GMT; poke_counter=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: text/html\r\naccess-control-allow-methods: GET, OPTIONS, POST\r\nlast-modified: Thu, 01 Jun 2023 11:52:16 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PYFkO8gAzeMEoM6aw5MRAEYshtBvmsD35szJBWYwQKCs7cUVxGK4WSr5Qie6YUQdU5rrCbHESODGoTbQWvWqLw1bZFWQbSoZgYf%2BszKXGqNY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\netag: W/\"64788670-df1\"\r\naccess-control-allow-origin: chrome-extension://pmlihfbibgfoklgdkkeipenneifojopk\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: office, content-type, Content-Type, Accept, x-requested-with\r\ncf-ray: 96b49924f9a356c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3569,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"a208a127a479351a0c768d2e076d5539","sha1":"4f76ca9b31c7cd14308633d2aaf589977b1f88a5","sha256":"ca727f73a0dd622c6c3ad24d02d76883807e5e57dffd7b986177a9763d2cfe2a","sha512":"3db07b0fcb8b69eebe479d89b76196faef8d4e1b3ccf53b722a7e1897b26735bfca7028a50b5c365cb8f8aef5e2fdf9f8d0d99b877278fd4a7694c100d778c39","ssdeep":"","tlshash":"4171ef2f6081183485bba66aa939634dfe27811beb43144139fc0f2a8fb5d108867e94","first_seen":"2023-06-17T11:09:52Z","last_seen":"2026-03-29T07:13:34.395284Z","times_seen":25,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.techdsp.ru/sync?src=sape\u0026dmp=2\u0026uid=0600007FCE42946823014F990293B552","fqdn":"sync.techdsp.ru","domain":"techdsp.ru","tld":"ru"},"ip":{"addr":"212.41.28.182","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.techdsp.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 19 Feb 2025 14:03:23 GMT","end":"Mon, 23 Mar 2026 14:03:22 GMT"},"fingerprint":{"sha1":"E0:51:62:A1:08:10:67:51:3A:43:8B:07:2F:EC:40:2D:BA:A8:2E:5C","sha256":"8E:DA:37:A7:45:0C:02:8B:99:79:9E:F6:0F:CF:98:2D:C0:9F:74:B4:18:E8:2E:F5:D7:DD:D8:3C:3C:43:5C:85"}}},"request":{"raw":"GET /sync?src=sape\u0026dmp=2\u0026uid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.techdsp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-length: 0\r\nlocation: https://dmg.digitaltarget.ru/1/7686/i/i?a=4110\u0026e=ffUs1AyrRla1Hox3UgkIww\u0026i=7426960723556469065\r\nreferrer-policy: no-referrer\r\nset-cookie: uid=ffUs1AyrRla1Hox3UgkIww; Path=/; Max-Age=31536000; Secure; SameSite=None\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":736,"timings":{"blocked":-1,"dns":18,"connect":60,"send":0,"wait":53,"receive":0,"ssl":596},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.programmatica.com/match/ohmybid?id=98585537-2050-4d71-a9a4-acd6931ac979","fqdn":"sync.programmatica.com","domain":"programmatica.com","tld":"com"},"ip":{"addr":"77.246.157.45","port":443,"asn":29182,"as":"JSC IOT","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sp.ohmy.bid/cmft","date":"2025-08-07T06:08:16.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sync.programmatica.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 27 May 2025 11:11:41 GMT","end":"Mon, 25 Aug 2025 11:11:40 GMT"},"fingerprint":{"sha1":"82:33:E0:D6:E3:5E:DF:37:4D:CA:3D:41:2C:E3:50:4E:B0:FA:64:83","sha256":"04:9E:8B:46:1A:5F:01:BF:BE:41:C7:0C:99:7B:BA:AC:C8:B1:7B:9A:3C:31:B6:C2:B6:C9:F3:E1:41:1C:78:74"}}},"request":{"raw":"GET /match/ohmybid?id=98585537-2050-4d71-a9a4-acd6931ac979 HTTP/1.1\r\nHost: sync.programmatica.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sp.ohmy.bid/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":311,"timings":{"blocked":80,"dns":29,"connect":44,"send":0,"wait":69,"receive":0,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pixel.dsp.onetarget.ru/sape/pixel?id=0600007FCE42946823014F990293B552","fqdn":"pixel.dsp.onetarget.ru","domain":"onetarget.ru","tld":"ru"},"ip":{"addr":"130.193.53.230","port":443,"asn":200350,"as":"Yandex.Cloud LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pixel.dsp.onetarget.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 13 Jul 2025 01:10:27 GMT","end":"Sat, 11 Oct 2025 01:10:26 GMT"},"fingerprint":{"sha1":"4D:90:AC:E9:7F:FD:1A:32:A8:4E:F0:F5:A4:AC:6D:35:1D:26:9F:49","sha256":"C7:62:9B:20:A2:DA:1F:60:A1:6A:AE:D2:A6:64:74:9C:99:0E:A9:8E:FE:B5:AA:77:07:C8:8C:D1:74:0B:71:F8"}}},"request":{"raw":"GET /sape/pixel?id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: pixel.dsp.onetarget.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-length: 0\r\nlocation: https://x01.aidata.io/0.gif?pid=5813217\u0026id=564b0cac-5ef5-4ce9-87f8-e20d0a5f9500\r\nset-cookie: USER_ID=564b0cac-5ef5-4ce9-87f8-e20d0a5f9500;max-age=2147483647;Secure;HttpOnly;SameSite=None\nSAPE_USER_ID=0600007FCE42946823014F990293B552;max-age=30758400;Secure;HttpOnly;SameSite=None\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-max-age: 1728000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":311,"timings":{"blocked":-1,"dns":13,"connect":45,"send":0,"wait":51,"receive":1,"ssl":193},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acint.net/rmatch?dp=14\u0026euid=1603420ACF4294687D01836B023F85BE\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D$%7BUSER_ID%7D","fqdn":"acint.net","domain":"acint.net","tld":"net"},"ip":{"addr":"193.3.184.135","port":443,"asn":50214,"as":"QWARTA LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:16.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.acint.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 21 Jul 2025 00:05:04 GMT","end":"Sun, 19 Oct 2025 00:05:03 GMT"},"fingerprint":{"sha1":"1E:EA:C8:2A:91:1E:88:BC:CB:69:E1:43:AA:9C:21:21:A8:17:8C:4C","sha256":"01:EE:C9:A4:ED:C2:9A:09:D3:35:66:EF:87:C6:56:0D:FC:91:E6:75:FC:AF:BA:71:73:ED:24:13:43:26:C4:76"}}},"request":{"raw":"GET /rmatch?dp=14\u0026euid=1603420ACF4294687D01836B023F85BE\u0026r=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dsapecookie%26bid%3D$%7BUSER_ID%7D HTTP/1.1\r\nHost: acint.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: test_cookie=CheckForPermission; aid=fwAABmiUQs6ZTwEjUrWTAvACTsRFEEhg8jYRhRtAynxgB6Tu; cSyncDp14v6=1754546894; cSyncDp17v2=1754546894; cSyncDp45v5=1754546894; cSyncDp53v5=1754546894; cSyncDp62v2=1754546894; cSyncDp67v5=1754546894; cSyncDp68v3=1754546894; cSyncDp71v2=1754546894; cSyncDp85v2=1754546894; cSyncDp95v4=1754546894; cSyncDp98v3=1754546894; cSyncDp104v3=1754546894; cSyncDp107v2=1754546894; cSyncDp125v4=1754546894; cSyncDp126v3=1754546894; cSyncDp129v2=1754546894; cSyncDp136v3=1754546894; cSyncDp148v2=1754546894; cSyncDp149v3=1754546894; cSyncDp151v2=1754546894; cSyncDp251v3=1754546894; cSyncDp186v2=1754546894; cSyncDp217v2=1754546894; cSyncDp226v1=1754546894; cSyncDp239v3=1754546894; cSyncDp243v2=1754546894; cSyncDp260v2=1754546894; cSyncDp244v2=1754546894; cSyncDp248v3=1754546894; cSyncDp261v1=1754546894; cSyncDp264=1754546894; cSyncDp274=1754546894; cSyncDp289v2=1754546894; cSyncDp296v3=1754546894; cSyncDp312v1=1754546894; cSyncDp313v1=1754546894; cSyncDp368v1=1754546894; cSyncDp331v1=1754546894; cSyncDp337v1=1754546894; cSyncDp351v1=1754546894; cSyncDp361v1=1754546894; cSyncDp353v1=1754546894; cSyncDp362v1=1754546894; cSyncDp366v1=1754546894; cSyncDp390v1=1754546894; cSyncDp399v1=1754546894; cSyncDp394v1=1754546894; cSyncDp415v1=1754546894; cSyncDp420v2=1754546894; cSyncDp424=1754546894; cSyncDp431=1754546894; cSyncDp433=1754546894; cSyncDp14v4=1754546894; cSyncDp7v3=1754546896\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: text/html\r\ncontent-length: 154\r\nlocation: https://code.moviead55.ru/go/csync?cn=sapecookie\u0026bid=0600007FCE42946823014F990293B552\r\np3p: CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND ONL\"\r\nexpires: Wed, 19 Apr 2000 11:43:00 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.dvgroup.com/match/sape?id=0600007FCE42946823014F990293B552","fqdn":"sync.dvgroup.com","domain":"dvgroup.com","tld":"com"},"ip":{"addr":"82.148.21.217","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtb.dvgroup.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Sun, 06 Jul 2025 11:36:23 GMT","end":"Sat, 04 Oct 2025 11:36:22 GMT"},"fingerprint":{"sha1":"E9:E5:0C:FD:45:86:97:72:DA:7B:8D:26:25:38:64:95:A5:25:B0:13","sha256":"2B:3B:3C:CD:EC:0B:C5:A1:26:7E:D8:A2:28:9E:A0:1B:9E:42:13:36:C1:F6:E5:B7:6F:D1:DC:87:9B:2E:BF:E1"}}},"request":{"raw":"GET /match/sape?id=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.dvgroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":418,"timings":{"blocked":29,"dns":12,"connect":36,"send":0,"wait":31,"receive":0,"ssl":303},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/csync?cn=solta\u0026bid=aJRCzsCW2cs","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:17.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/csync?cn=solta\u0026bid=aJRCzsCW2cs HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b; otclkbid=VUlIRVup0AuRYc9; bzcookie=67bf8269-20cd-48f9-6739-b6c095b9e86c; ohmybid=c584c8ff-df38-4dce-9d16-6e9066d612c1; astlb=c855bde2-bdd3-499b-9b32-bd9e0d953c17; otmbid=Njg5NDQyY2UwZTM1Mzk2YQ==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\nset-cookie: solta=aJRCzsCW2cs; max-age=86400; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/csync?cn=sapecookie\u0026bid=0600007FCE42946823014F990293B552","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:17.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/csync?cn=sapecookie\u0026bid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b; otclkbid=VUlIRVup0AuRYc9; bzcookie=67bf8269-20cd-48f9-6739-b6c095b9e86c; ohmybid=c584c8ff-df38-4dce-9d16-6e9066d612c1; astlb=c855bde2-bdd3-499b-9b32-bd9e0d953c17; otmbid=Njg5NDQyY2UwZTM1Mzk2YQ==; solta=aJRCzsCW2cs\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\nset-cookie: sapecookie=0600007FCE42946823014F990293B552; max-age=86400; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"libbb.yotor.ru/parse/s.rutor.org/jquery.cookie-min.js","fqdn":"libbb.yotor.ru","domain":"yotor.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:12.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yotor.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 12:07:16 GMT","end":"Sun, 07 Sep 2025 13:05:47 GMT"},"fingerprint":{"sha1":"CB:B8:85:CE:B5:D1:57:28:0A:73:01:70:3F:E6:72:A0:AA:7E:DC:28","sha256":"86:B6:AB:9D:0A:D2:2A:94:EB:0E:C6:82:79:67:63:93:AE:1A:28:0A:48:95:20:DC:5B:C4:28:62:B2:F3:D2:6C"}}},"request":{"raw":"GET /parse/s.rutor.org/jquery.cookie-min.js HTTP/1.1\r\nHost: libbb.yotor.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 07 Aug 2025 06:08:12 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 421\r\ncf-ray: 96b4991d3eff569d-OSL\r\nlast-modified: Fri, 09 May 2014 14:49:17 GMT\r\netag: \"2dc-4f8f8b3aed540-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 1168114\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=yEOinwTJyGStfKd8JyiLS%2F3cOz%2BwgZkQpZyZiE%2FRUv%2BXIaNl28NXdbWASSa2CYw6FrKPUAkwZhlg1OE54yPddPE1ujkfhhEN%2FA91FGJRdAdSyNP0PDQjDEoMktGH%2FREbbw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=863\u0026min_rtt=431\u0026rtt_var=878\u0026sent=14\u0026recv=26\u0026lost=0\u0026retrans=1\u0026sent_bytes=3276\u0026recv_bytes=2488\u0026delivery_rate=7121311\u0026cwnd=257\u0026unsent_bytes=0\u0026cid=b8662fcef48bfa2a\u0026ts=105\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":732,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (732), with no line terminators","md5":"ce56bb0d2daafc993b2866ccc1af86fc","sha1":"fe46733587f81da245f6b3e16d6bbbd8a1cb2fea","sha256":"874d19eae19d9f20a884d976ccca6092c91da6ee8c71d8be1c5c893acbad9159","sha512":"b3191b1e1e2626f0b30c71e074024d90dc89e9dde13d563cdf92520c4cc37c3d65dbcaa5c2ad8f160e18878b1442cfab5a9939d4ccfc3887f2916dfc1fa03d3a","ssdeep":"","tlshash":"3f01152cb1a9195845fe0221377daa86b411eb214999b07cd787e87423b84410db3d71","first_seen":"2023-03-07T12:22:05Z","last_seen":"2026-04-04T14:40:59.388024Z","times_seen":1755,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":72,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=ohmybid\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=ohmybid\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://match.ohmy.bid/cm?ssp=skyadv\u0026redirect_url=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dohmybid%26bid%3D%7Buid%7D\r\nset-cookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b; max-age=157680000; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange.buzzoola.com/cookiesync/redirect/skyadvert?redirect_url=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dbzcookie%26bid%3D%24%7BUUID%7D","fqdn":"exchange.buzzoola.com","domain":"buzzoola.com","tld":"com"},"ip":{"addr":"45.138.161.71","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buzzoola.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Mon, 23 Sep 2024 00:00:00 GMT","end":"Mon, 29 Sep 2025 23:59:59 GMT"},"fingerprint":{"sha1":"AD:3D:5A:FB:EA:0C:06:C6:DD:3E:69:73:36:2A:74:3B:95:70:1E:67","sha256":"73:D5:51:B5:32:C9:CE:3F:65:12:83:12:96:96:39:A9:AD:83:3D:BB:9B:DD:F5:77:84:D8:C9:2A:75:F5:D4:48"}}},"request":{"raw":"GET /cookiesync/redirect/skyadvert?redirect_url=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dbzcookie%26bid%3D%24%7BUUID%7D HTTP/1.1\r\nHost: exchange.buzzoola.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 114\r\nlocation: https://code.moviead55.ru/go/csync?cn=bzcookie\u0026bid=67bf8269-20cd-48f9-6739-b6c095b9e86c\r\nserverid: TODO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":10,"connect":31,"send":0,"wait":28,"receive":0,"ssl":184},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssp.bestssp.com/sspmatch?url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D95%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D95%26euid%3D","fqdn":"ssp.bestssp.com","domain":"bestssp.com","tld":"com"},"ip":{"addr":"83.222.96.170","port":443,"asn":42632,"as":"MnogoByte LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bestssp.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 05 Aug 2025 15:49:38 GMT","end":"Mon, 03 Nov 2025 15:49:37 GMT"},"fingerprint":{"sha1":"1C:D6:24:73:A4:E5:D7:BA:C5:01:0A:B5:3E:CE:05:12:F6:D1:18:60","sha256":"85:99:AF:BA:A2:45:DA:68:FB:82:3C:47:E2:76:DA:22:1B:35:8B:B9:84:9D:3B:2E:CC:CD:66:DD:52:1C:65:26"}}},"request":{"raw":"GET /sspmatch?url=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D95%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D95%26euid%3D HTTP/1.1\r\nHost: ssp.bestssp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.22.0\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 126\r\nlocation: https://mc.acint.net/rmatch?dp=95\u0026r=https%3A%2F%2Fmc.acint.net%2Fcmatch%3Fdp%3D95\u0026euid=MKMJRNKW\r\nset-cookie: uid=MKMJRNKW; Expires=Sun, 05 Aug 2035 06:08:15 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.22.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":389,"timings":{"blocked":66,"dns":30,"connect":66,"send":0,"wait":57,"receive":0,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/cinit?cn=btwckrus\u0026rnd=1754546894","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/cinit?cn=btwckrus\u0026rnd=1754546894 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=bdd6b644-7006-f29e-4b16-5922f322d53a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-length: 0\r\nlocation: https://ads.betweendigital.com/match?bidder_id=46203\u0026callback_url=https%3A%2F%2Fcode.moviead55.ru%2Fgo%2Fcsync%3Fcn%3Dbtwckrus%26bid%3D%24%7BUSER_ID%7D\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dm-eu.hybrid.ai/match?id=106\u0026vid=0600007FCE42946823014F990293B552","fqdn":"dm-eu.hybrid.ai","domain":"hybrid.ai","tld":"ai"},"ip":{"addr":"37.230.131.21","port":443,"asn":200197,"as":"Hybrid Adtech Sp.z.o.o.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.hybrid.ai","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Sep 2024 00:00:00 GMT","end":"Sun, 05 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"C1:9A:FB:0B:9B:BA:F6:60:5C:85:23:14:04:BB:28:06:F8:94:11:9E","sha256":"33:9B:C1:FB:EA:07:A0:6E:71:00:E7:A3:D8:39:79:6B:1B:7E:2F:BE:5C:BA:62:4C:3B:1D:37:9B:63:E9:08:10"}}},"request":{"raw":"GET /match?id=106\u0026vid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: dm-eu.hybrid.ai\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncache-control: no-cache, no-store\r\npragma: no-cache\r\nexpires: -1\r\np3p: CP=\"NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC\"\r\nx-mode: 0598\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-origin: https://www.acint.net\r\naccess-control-allow-credentials: true\r\nserver: Hybrid Web Server\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"logger.moviead55.ru/logger?t=cdiv\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026a=\u0026m=47\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026o=","fqdn":"logger.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.162","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /logger?t=cdiv\u0026c=d2095f88-afcb-a617-3490-24065a27e2b9\u0026a=\u0026m=47\u0026v=4b9e9f8a5456f3d3f097a92cdd8ec336\u0026o= HTTP/1.1\r\nHost: logger.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: Content-Type: image/png\r\nvary: Accept-Encoding\r\nx-logger-le: true\r\nx-logger-tdb: default\r\nx-movieads-country: NO\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced","md5":"b357a19c87624c7c4d131aeeb4ae677f","sha1":"c7a9c45fd419815a5ab1998503a9f03514c0e229","sha256":"497790947d4666760ce38f3c00e852c71fdb66cae849bae8e9ede352719e1581","sha512":"794ee916028e48775103a2f1974a7d7d92089f45dffa86c5c342afa073fa41d4a589340ad126789854a7c8e9ac19a5cc7955ebf80fd349f17959a3277f3b6069","ssdeep":"","tlshash":"81a022e32ba0bc3cca30203300088b30ca3020a000220e8e000e803e3c022e000882a3","first_seen":"2023-04-11T22:59:57Z","last_seen":"2026-04-05T14:28:29.233573Z","times_seen":2871,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.bumlam.com/?src=sape","fqdn":"sync.bumlam.com","domain":"bumlam.com","tld":"com"},"ip":{"addr":"31.172.81.147","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:16.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bumlam.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 06:16:05 GMT","end":"Sat, 18 Oct 2025 06:16:04 GMT"},"fingerprint":{"sha1":"63:39:BB:B3:0F:06:C3:B8:0F:8B:09:D7:EB:99:F3:72:4A:AB:94:27","sha256":"E7:AF:31:40:0B:59:D5:B3:32:9C:37:13:F5:35:8E:06:36:67:4D:FD:5A:6A:CD:46:CF:09:8C:3B:7C:E2:24:BA"}}},"request":{"raw":"GET /?src=sape HTTP/1.1\r\nHost: sync.bumlam.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.acint.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: suuid3=IiRlODBjZDE4NC03MzU0LTExZjAtODZlMC0wMDI1OTBjMDY0N2M*\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Thu, 07 Aug 2025 06:08:16 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nSet-Cookie: suuid3=IiRlODBjZDE4NC03MzU0LTExZjAtODZlMC0wMDI1OTBjMDY0N2M*; Path=/; Expires=Wed, 02 Aug 2045 06:08:16 GMT; Domain=bumlam.com; SameSite=None; Secure\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nLocation: https://pix.bumlam.com/sync/sape/sync_ok?guid=e80cd184-7354-11f0-86e0-002590c0647c\r\nCache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0\r\nAccess-Control-Allow-Origin: https://acint.net\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":20,"dns":4,"connect":20,"send":0,"wait":30,"receive":1,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.opendsp.ru/match/MovieAds?id=e256bdd2-f38c-6f61-28aa-7947e78696c4","fqdn":"sync.opendsp.ru","domain":"opendsp.ru","tld":"ru"},"ip":{"addr":"185.175.47.157","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:14.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.opendsp.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2025","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 05 Aug 2025 11:37:07 GMT","end":"Sun, 06 Sep 2026 11:37:06 GMT"},"fingerprint":{"sha1":"A6:D2:A4:C1:9C:FF:E8:4A:C2:A7:58:7A:3B:98:4B:CC:11:C8:FF:1F","sha256":"26:E3:31:B9:C2:C0:30:F6:85:B7:6E:2F:0E:4F:B0:C6:E5:39:D0:1A:8A:86:02:1E:55:68:94:B1:95:F1:4A:A7"}}},"request":{"raw":"GET /match/MovieAds?id=e256bdd2-f38c-6f61-28aa-7947e78696c4 HTTP/1.1\r\nHost: sync.opendsp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"07fff40b5dd495aca2ac4e1c3fbc60aa","sha1":"e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4","sha256":"a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7","sha512":"49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a","ssdeep":"","tlshash":"55900003caa0800bc2a2c0300a080320ab80a23002080b0e80ac32a8ec2a2a20c00000","first_seen":"2023-04-05T13:33:10Z","last_seen":"2026-04-05T14:25:48.406721Z","times_seen":31366,"resource_available":true,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":6,"connect":26,"send":0,"wait":55,"receive":0,"ssl":203},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.moviead55.ru/go/csync?cn=astlb\u0026bid=c855bde2-bdd3-499b-9b32-bd9e0d953c17","fqdn":"code.moviead55.ru","domain":"moviead55.ru","tld":"ru"},"ip":{"addr":"193.200.65.164","port":443,"asn":6681,"as":"Giveme Cloud Sp Z O O","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:15.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.moviead55.ru","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 May 2025 09:51:02 GMT","end":"Thu, 14 Aug 2025 09:51:01 GMT"},"fingerprint":{"sha1":"7C:A1:97:B6:9B:88:F8:AF:9F:6D:C5:89:80:7E:A1:81:79:C0:4B:96","sha256":"A0:56:B6:C9:7C:42:46:A8:2F:75:D5:14:68:F7:F4:13:6B:AA:59:F9:C5:D9:CB:3D:0D:67:82:25:F0:BE:38:6D"}}},"request":{"raw":"GET /go/csync?cn=astlb\u0026bid=c855bde2-bdd3-499b-9b32-bd9e0d953c17 HTTP/1.1\r\nHost: code.moviead55.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: sky_uuid=5661213c-66bc-99d7-3c73-ab4af9ba7d3b; otclkbid=VUlIRVup0AuRYc9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 06:08:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 0\r\nset-cookie: astlb=c855bde2-bdd3-499b-9b32-bd9e0d953c17; max-age=86400; path=/; HttpOnly; secure; SameSite=None\r\nx-movieads-country: NO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6-wbpbqewx.123tt.ru/parse/s.rutor.org/favicon.ico","fqdn":"6-wbpbqewx.123tt.ru","domain":"123tt.ru","tld":"ru"},"ip":{"addr":"104.21.85.62","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://6-wbpbqewx.123tt.ru/","date":"2025-08-07T06:08:13.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"123tt.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 23:16:34 GMT","end":"Tue, 09 Sep 2025 00:11:23 GMT"},"fingerprint":{"sha1":"33:C9:E3:85:7A:15:06:3B:6A:7F:B8:0B:01:6F:F7:BF:9A:88:7A:26","sha256":"57:7C:B3:AF:43:E6:6E:D8:E5:72:3D:6A:C5:E0:6C:6A:DF:DC:57:D9:48:DB:03:B8:C7:0F:0F:99:D0:F2:75:03"}}},"request":{"raw":"GET /parse/s.rutor.org/favicon.ico HTTP/1.1\r\nHost: 6-wbpbqewx.123tt.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: korjik_test=1; crackers_days=1; crackers_visited=1; crackers_time_visited=1754546891; crackers_views=1; somechange_js_korjik=1; t_e4719dd21a=1; rocketteam_counter=1; pokemoky_counter=1; jassyandjames_rand=2; poke_counter_up=Thu%2C%2007%20Aug%202025%2018%3A08%3A13%20GMT; poke_counter=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\naccess-control-allow-methods: GET, OPTIONS, POST\r\ncontent-encoding: br\r\nlast-modified: Fri, 30 May 2014 11:59:48 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IAFfV4ya9UevSBTIbOvwfdPfeizfWFGdyw98uxYuLmtgOY4DYnAHQ%2F5ImMUE04jyvdFeIVpiDQAMBNu18E7SPH24iXRb%2BW284s6ED5%2FIb7Oy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\netag: W/\"37e-4fa9cc83b1500\"\r\naccess-control-allow-origin: chrome-extension://pmlihfbibgfoklgdkkeipenneifojopk\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: office, content-type, Content-Type, Accept, x-requested-with\r\ncf-ray: 96b4992539a956c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":894,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel","md5":"ab55f59a775976829d8352a7a0584d3e","sha1":"e4b29ec4ac46d97ea15c582d61d02c523dd0485b","sha256":"e68d4b7f22b5027fef4672cc5ba884fb52ac248fd1ca4648c9ac89d95b0e58f4","sha512":"1dae2e3cdf25e072174d2289ce96c423095e4fa8095a7ac33b319f389d1add9ba2f7f7280f4c8cc70351342a324a6bbeaa526381dd4125a3d3594557535b09ab","ssdeep":"","tlshash":"fa118ac555d10e0cfc4595fcb363462511e6cceb2e8092574d53491f3cb128669a4a45","first_seen":"2023-05-06T09:54:57Z","last_seen":"2026-04-01T09:23:20.228046Z","times_seen":536,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sync.techdsp.ru/sync?src=sape\u0026uid=0600007FCE42946823014F990293B552","fqdn":"sync.techdsp.ru","domain":"techdsp.ru","tld":"ru"},"ip":{"addr":"212.41.28.182","port":443,"asn":49505,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.acint.net/mc/?dp=167","date":"2025-08-07T06:08:15.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.techdsp.ru","organization":""},"issuer":{"commonName":"GlobalSign GCC R6 AlphaSSL CA 2023","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 19 Feb 2025 14:03:23 GMT","end":"Mon, 23 Mar 2026 14:03:22 GMT"},"fingerprint":{"sha1":"E0:51:62:A1:08:10:67:51:3A:43:8B:07:2F:EC:40:2D:BA:A8:2E:5C","sha256":"8E:DA:37:A7:45:0C:02:8B:99:79:9E:F6:0F:CF:98:2D:C0:9F:74:B4:18:E8:2E:F5:D7:DD:D8:3C:3C:43:5C:85"}}},"request":{"raw":"GET /sync?src=sape\u0026uid=0600007FCE42946823014F990293B552 HTTP/1.1\r\nHost: sync.techdsp.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.acint.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 07 Aug 2025 06:08:16 GMT\r\ncontent-length: 0\r\nlocation: https://x01.aidata.io/0.gif?pid=0914828\u0026id=hoTM6n9yRruRUykWw4iZcg\u0026dest=https%3A%2F%2Fmc.acint.net%2Frmatch%3Fdp%3D351%26euid%3DhoTM6n9yRruRUykWw4iZcg%26r%3Dhttps%253A%252F%252Fmc.acint.net%252Fcmatch%253Fdp%253D351\r\nreferrer-policy: no-referrer\r\nset-cookie: uid=hoTM6n9yRruRUykWw4iZcg; Path=/; Max-Age=31536000; Secure; SameSite=None\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":637,"timings":{"blocked":-1,"dns":8,"connect":65,"send":0,"wait":54,"receive":0,"ssl":497},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jsn.24smi.net/6/4/24415/14536.js?t=1702619098","fqdn":"jsn.24smi.net","domain":"24smi.net","tld":"net"},"ip":{"addr":"212.41.11.107","port":443,"asn":50340,"as":"JSC Selectel","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/pikachu_bar_8/?jassyandjames_rand=2\u0026pokemoky=1\u0026v=3\u0026f=/#0","date":"2025-08-07T06:08:14.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.24smi.net","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Jun 2025 12:16:56 GMT","end":"Mon, 22 Sep 2025 12:16:55 GMT"},"fingerprint":{"sha1":"8E:C9:F0:9A:F3:A2:9C:57:A6:BA:EA:93:07:93:78:6B:B3:89:EC:B5","sha256":"85:69:6C:70:8D:71:10:1C:DB:51:9C:4B:53:9E:F4:DC:8C:02:10:D6:52:BB:B5:0C:C2:6F:A4:39:6E:69:85:41"}}},"request":{"raw":"GET /6/4/24415/14536.js?t=1702619098 HTTP/1.1\r\nHost: jsn.24smi.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nCookie: smi_uid=fFBJimKKi\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Thu, 07 Aug 2025 06:08:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 23 Jan 2025 14:55:21 GMT\r\netag: W/\"67925859-c864\"\r\nexpires: Thu, 07 Aug 2025 06:18:13 GMT\r\ncache-control: max-age=600\r\nstrict-transport-security: max-age=0\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51300,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (51224), with no line terminators","md5":"645f399924685f6720e22d285f36748d","sha1":"cb5012304f0a6d0dc916edd8d16d56b37a5a7a1e","sha256":"9afe1e31cd187105708989928f24c8f5cb702c52e2c83dd73afa04a4572d4140","sha512":"09fdf2ec018120a63f7c2f618efa694f8dd26431052a93f84b96aadcb2596f68e5d5d3884fc3917cc78a576e49c2613d6c91f87e1bbfc9b69e5b12b29f6d8dbd","ssdeep":"768:Xnm2ixk3NQSyoSxs+YFr6AHovKQaYFr6AHovKQ/YFr6AHovKQmS:W2ixk3zSgFwyQbFwyQQFwyQz","tlshash":"a5331b32544e72f927351923a1faee0db11e9247c9a187b5d9efcd54e00a2b921133fe","first_seen":"2023-12-15T12:56:08Z","last_seen":"2025-10-29T19:25:09.722301Z","times_seen":46,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Fira%20Sans:wght@400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://6-wbpbqewx.123tt.ru/kimjongun/under_desc/","date":"2025-08-07T06:08:14.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css2?family=Fira%20Sans:wght@400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://6-wbpbqewx.123tt.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 07 Aug 2025 06:08:14 GMT\r\ndate: Thu, 07 Aug 2025 06:08:14 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7364,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"7fcf5d4dc6b735c99d72186610618c48","sha1":"5351d97cc00073b2f91c0e1c6e770a0d93f2bd9e","sha256":"7f456d352ab85773fa8a360fb4033395cebbaceaea0e4c59a3618a38a6949092","sha512":"97eec799ae90cd44f0cc0980d90d3ba669b5468e04e9bc2d56acc78af86ee70dc7f879e607b2ec10a9dc4e635a205ed9739df5f57552c81c30accc3d1be7c576","ssdeep":"192:iTSyby3L3k04TBqTW3kcobJovpYJ3uxj9U:2283tSP","tlshash":"2ce1ac90006ba548aa971cc173cf7e335d5ea1162051c5ba6ffe2c88ecdac362364b5d","first_seen":"2024-12-11T23:40:18.655144Z","last_seen":"2025-08-25T15:27:58.424069Z","times_seen":29,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}