maxclinic.ru/excels/error.php
91.189.114.8301 Moved Permanently 370 B URL HTTP/1.1 maxclinic.ru/excels/error.php
IP 91.189.114.8:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b71e4be1ae3c45acf72e7a9bc76dc291
6ab32ad4cecf98caa360aff2f8c978287d510843
ae070c3dcff74a04054d21c4f857c225867d1e6302019b092f6ee8c5377663bf
Analyzer Verdict Alert fortinet Phishing
GET /excels/error.php HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: openresty
Date: Sat, 08 Oct 2022 03:38:07 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 370
Connection: keep-alive
Location: https://maxclinic.ru/excels/error.php
firefox.settings.services.mozilla.com/v1/
54.230.111.7200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: s6-TTy3fqBbzrbomF_ukB9FPHX9uDVmlS9ZWDXDS2L8TI53Bi4Tjvg==
Age: 215449
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf768e41672570b0a4a9fe86045915fc
2249064a86b2ba11e28208b9fba1c9f1db4f3e9e
a049499f78078df12f4d1c5180f1f36715a5c99db4f31c18ee06bcf0b6382b30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A049499F78078DF12F4D1C5180F1F36715A5C99DB4F31C18EE06BCF0B6382B30"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3798
Expires: Sat, 08 Oct 2022 04:41:25 GMT
Date: Sat, 08 Oct 2022 03:38:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17715
Expires: Sat, 08 Oct 2022 08:33:23 GMT
Date: Sat, 08 Oct 2022 03:38:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OT74hdCj5Fvp6C77uHVLWATjm/FA0PdTmdNbltSzbSvfjRGx04yzcAxJYV+tNz6JpYM/iy0neb8=
x-amz-request-id: 4QFNAC2VZ6P19THV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 08 Oct 2022 03:31:28 GMT
age: 400
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash d6d690923dc9dfa0c4c6409ae65138c0
4734331852036f304c049d4a3a6173307b848202
5f5eadc40a1e9cb8b40d2356ae33ea4c4d5215f80a38e7e6bfeaf449077d833f
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 03:38:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 12 Oct 2022 03:38:07 GMT
ETag: "4734331852036f304c049d4a3a6173307b848202"
Last-Modified: Sat, 08 Oct 2022 03:38:08 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 756bd7884a85b51b-OSL
maxclinic.ru/excels/error.php
91.189.114.8301 Moved Permanently 0 B URL HTTP/2 maxclinic.ru/excels/error.php
IP 91.189.114.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /excels/error.php HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://maxclinic.ru
x-powered-by: PHP/7.4.29
expires: Sat, 08 Oct 2022 04:38:08 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.7200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 08 Oct 2022 03:29:41 GMT
Cache-Control: max-age=3600
Expires: Sat, 08 Oct 2022 04:22:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JOKDqVu2VSsEB5KquGFyGvUVsGDcvDDsPSAHNvACISZkX-gwlBJU4Q==
Age: 507
maxclinic.ru/wp-content/plugins/comfortable-reading/css/custom.css?ver=6.0.2
91.189.114.8200 OK 978 B URL HTTP/2 maxclinic.ru/wp-content/plugins/comfortable-reading/css/custom.css?ver=6.0.2
IP 91.189.114.8:0
File type ASCII text, with CRLF line terminators
Hash 9431a36057ec36f14e1e59e6aba2af87
e07868288e296de18935be3683e29952ddf179a4
60a84abaf12e44b36fee2b789a4b6ef13cfdca1f3bd7f4912598b57cd29dc2d3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/comfortable-reading/css/custom.css?ver=6.0.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
content-length: 978
last-modified: Tue, 17 Mar 2020 06:14:01 GMT
etag: "5e706aa9-3d2"
accept-ranges: bytes
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/themes/jupiter/assets/images/jupiter-logo.png
91.189.114.8200 OK 12 kB URL HTTP/2 maxclinic.ru/wp-content/themes/jupiter/assets/images/jupiter-logo.png
IP 91.189.114.8:0
File type PNG image data, 200 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash 41e336581fc561fccaec696add576b6a
dc6e0cac65c8143f1e697c7d50569d46daba77c7
215c4e746976358e5868721da1a32282406f027c529e09508fb0364bb7caeff0
GET /wp-content/themes/jupiter/assets/images/jupiter-logo.png HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: image/png
content-length: 11826
last-modified: Tue, 01 Feb 2022 02:47:48 GMT
etag: "61f89f54-2e32"
accept-ranges: bytes
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/revslider/public/assets/assets/dummy.png
91.189.114.8200 OK 68 B URL HTTP/2 maxclinic.ru/wp-content/plugins/revslider/public/assets/assets/dummy.png
IP 91.189.114.8:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 2a637d3d825673c0e3462fa4ed9a1c5c
81668d396da22832d75a986407ff10035e0d5899
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
GET /wp-content/plugins/revslider/public/assets/assets/dummy.png HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: image/png
content-length: 68
last-modified: Mon, 18 Apr 2022 01:39:38 GMT
etag: "625cc15a-44"
accept-ranges: bytes
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/2016/07/logo-nft-2.png
91.189.114.8200 OK 6.6 kB URL HTTP/2 maxclinic.ru/wp-content/uploads/2016/07/logo-nft-2.png
IP 91.189.114.8:0
File type PNG image data, 262 x 80, 8-bit/color RGB, non-interlaced\012- data
Hash 0703074d9e19bb94f0d1c21f81eeb663
17d20e668f823805e401214134ce7ec1fe8e6e64
62ed2e5e99eebe04a5bbb2c27b0e0d1e57692920da24980bdfc996f3bad8f1f8
GET /wp-content/uploads/2016/07/logo-nft-2.png HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: image/png
content-length: 6607
last-modified: Mon, 23 Apr 2018 16:22:55 GMT
etag: "5ade085f-19cf"
accept-ranges: bytes
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/themes/jupiter/custom.css?ver=6.0.2
91.189.114.8200 OK 23 B URL HTTP/2 maxclinic.ru/wp-content/themes/jupiter/custom.css?ver=6.0.2
IP 91.189.114.8:0
Hash dc905e8a035c135da58dbf3b2e7ff2ad
1bd78a6df2336c4fb311311c5c381e02ede71dd0
ac53f1881f7a8792b927ececbaa641e4e84e444307b9298ab8dbb46ae15fb47f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jupiter/custom.css?ver=6.0.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
content-length: 23
last-modified: Wed, 02 Nov 2016 00:26:17 GMT
etag: "581932a9-17"
accept-ranges: bytes
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
91.189.114.8200 OK 7.5 kB URL HTTP/2 maxclinic.ru/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
IP 91.189.114.8:0
File type Web Open Font Format, TrueType, length 7536, version 1.0\012- data
Hash 04eb8fc57f27498e5ae37523e3bfb2c7
d942ae11706c3f7e511e3c49b0e4574d7ad199c4
f7b9c3065e55fa3b9e320093612e7b30dcb14355a44ec461247b495a3e729686
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: font/woff
content-length: 7536
last-modified: Mon, 18 Apr 2022 01:39:38 GMT
etag: "625cc15a-1d70"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 00776157dc98913405595c4b126e9ee2
8ee3950fa60340b03e0c53c8e5e07d18321a69f0
daa313ad6f0cb705d8a4fdb55aa65ffd6c1695326409c2ccf378e3c7e36de35c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxclinic.ru/wp-content/plugins/team-members/inc/css/tmm_style.css?ver=6.0.2
91.189.114.8200 OK 1.9 kB URL HTTP/2 maxclinic.ru/wp-content/plugins/team-members/inc/css/tmm_style.css?ver=6.0.2
IP 91.189.114.8:0
Hash ab2f311cfbc235ebd5edf50c49d1ea3c
ee0b97f0f2cae9279a4a692c4a654d8f0c760c09
f8eb0142467a1cbdc8763eec2ec6716d79d00e6fe8b25a674651741b20e1905f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/team-members/inc/css/tmm_style.css?ver=6.0.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 23:17:15 GMT
vary: Accept-Encoding
etag: W/"6316837b-17a9"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.8.2
91.189.114.8200 OK 3.7 kB URL HTTP/2 maxclinic.ru/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.8.2
IP 91.189.114.8:0
Hash 8784a8a62173392eaf67d3f4399b351a
1cbbb530e924a34df5c05b70c7ec8d5709894b2a
0983b046e6d4a030b577f65ad19e184c93e7b98e79e500615d66cc3a249fea07
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.8.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 23:16:46 GMT
vary: Accept-Encoding
etag: W/"6316835e-2e3b"
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 579e733097a7260db68f6ab5fc4ab3c9
bcee618650f7eb1595974812db6995d7ee0e9764
c025aa32afae5edb4c793bcc3076c86ae945438c7d2e96f7847054aeb1ed690b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-127651383-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-127651383-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash f623011b90656dd39b5b7d58c47ec810
b1583da0056ed3aabf038f2151ea59a6b0016c58
f36cfd5c14d8745f913cc2ef9a60b3be9ed025ffccab30fd4130963209543cbe
GET /gtag/js?id=UA-127651383-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 08 Oct 2022 03:38:08 GMT
expires: Sat, 08 Oct 2022 03:38:08 GMT
cache-control: private, max-age=900
last-modified: Sat, 08 Oct 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=c4wp_onloadCallback&render=explicit&hl=en
142.250.74.164200 OK 583 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=c4wp_onloadCallback&render=explicit&hl=en
IP 142.250.74.164:0
File type ASCII text, with very long lines (914), with no line terminators
Hash 5dd29e30045fc9e2fc39cfa226b29fe3
2cb89d2c4bbff89f0127df4e9b0c130728f87a0a
f9fb1813e8bcba8ce54816a45f808ed9cb9c93fdbd7cff001537312f0cd86d4f
GET /recaptcha/api.js?onload=c4wp_onloadCallback&render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 08 Oct 2022 03:38:08 GMT
date: Sat, 08 Oct 2022 03:38:08 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 583
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 00776157dc98913405595c4b126e9ee2
8ee3950fa60340b03e0c53c8e5e07d18321a69f0
daa313ad6f0cb705d8a4fdb55aa65ffd6c1695326409c2ccf378e3c7e36de35c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 74b63831a0a449c3e37b584db0009072
929f9f036c4a6a078c51c3b3dc2a7f902c9ee9ac
686845b4cf9a67078f03cb221ce13175a72074f6aa3804ba4fa06623ab856bae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxclinic.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
91.189.114.8200 OK 76 kB URL HTTP/2 maxclinic.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 91.189.114.8:0
Hash e64f643d057d9bb49f0b36ec646a0a85
6d694a52ce9aa89c43520075d7e9435cc2d9c586
35c9a11bf236803e3c4f47ffa8ae17d8a299e43991407ceaafe7a21043a4cbbd
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 20 Sep 2021 00:13:51 GMT
vary: Accept-Encoding
etag: W/"6147d23f-15db1"
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&ver=6.0.2
142.250.74.10200 OK 27 kB URL HTTP/2 fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&ver=6.0.2
IP 142.250.74.10:0
Hash a49d25c6876f3d4691c9c4409ebbf9e0
07bf7f702778acb543b431f10ad4361d790157e5
f475854569db7ed4aba0b34406d02da0a219e1e558ef1e19d3e92070bcff48ca
GET /css?family=Abril+Fatface%3Aregular&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 08 Oct 2022 03:38:08 GMT
date: Sat, 08 Oct 2022 03:38:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.155.157.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.157.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jXNOLgl3eaUtjSC74E3QZw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HufOQbGIOV8XmaQmsOAMnznZCmk=
fonts.googleapis.com/css?family=Roboto:400&display=swap
142.250.74.10200 OK 995 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400&display=swap
IP 142.250.74.10:0
Hash 2b6dfa19f2dee15170e42fb5e67965a8
e4e6a4305abd179550f05058c9d2b71c2d574c46
d1c2eead21c2be839b8dfb93866a71fc85512a15f369bfc28eca98953c47c57d
GET /css?family=Roboto:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 08 Oct 2022 03:38:08 GMT
date: Sat, 08 Oct 2022 03:38:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maxclinic.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
91.189.114.8200 OK 4.9 kB URL HTTP/2 maxclinic.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 91.189.114.8:0
Hash 2fb50003ada782ad44932ae96ebd1190
defdcabc4ec0455c9c3cafb8316ca8d2e2750b58
4ce02f557a4f25723c68a96739d13fcca3ef87ccff0b37002795f2ebd311a709
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 20 Sep 2021 00:13:51 GMT
vary: Accept-Encoding
etag: W/"6147d23f-2bd8"
content-encoding: gzip
X-Firefox-Spdy: h2
crm.hotlead.io/collector.js/34319543712181fa693d10bbb3bcf61d
95.181.203.36200 OK 7.0 kB URL HTTP/1.1 crm.hotlead.io/collector.js/34319543712181fa693d10bbb3bcf61d
IP 95.181.203.36:0
File type ASCII text, with very long lines (12168)
Hash 3c7239759eb76665710986f0fc12a3a0
cff05b253b68efc88e73270f22299c79f7d73494
b9ca449d3b1721c76d85a1e20d26b5bef87a84b5f38fb31a08d29876ee223acb
GET /collector.js/34319543712181fa693d10bbb3bcf61d HTTP/1.1
Host: crm.hotlead.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Sat, 08 Oct 2022 03:38:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Set-Cookie: PHPSESSID=succ5f4hidqg9jhg7nro2qpd75; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
216.58.207.195200 OK 48 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 47952, version 1.0\012- data
Hash 17b406b7b8caa297435fa358e194f5a1
e2132f0e97781af56fa966c0fabb49132f2af203
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maxclinic.ru
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 18:59:14 GMT
expires: Tue, 03 Oct 2023 18:59:14 GMT
cache-control: public, max-age=31536000
age: 376735
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 74b63831a0a449c3e37b584db0009072
929f9f036c4a6a078c51c3b3dc2a7f902c9ee9ac
686845b4cf9a67078f03cb221ce13175a72074f6aa3804ba4fa06623ab856bae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 74b63831a0a449c3e37b584db0009072
929f9f036c4a6a078c51c3b3dc2a7f902c9ee9ac
686845b4cf9a67078f03cb221ce13175a72074f6aa3804ba4fa06623ab856bae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans%3A100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%2C100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900&ver=6.0.2
142.250.74.10200 OK 1.6 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%2C100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900&ver=6.0.2
IP 142.250.74.10:0
Hash 52da6e79a0cf70ca0b3aa16518ec1013
e041d908916512699df557bf12d70b25bb7ad61a
207605bf3111abf489b3cf505b504ef24eaeab3dab561ec85fbc644cc97b8f44
GET /css?family=Open+Sans%3A100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%2C100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 08 Oct 2022 03:38:08 GMT
date: Sat, 08 Oct 2022 03:38:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/js_composer_theme/assets/css/js_composer.min.css?ver=4.12.2
91.189.114.8200 OK 44 kB URL HTTP/2 maxclinic.ru/wp-content/plugins/js_composer_theme/assets/css/js_composer.min.css?ver=4.12.2
IP 91.189.114.8:0
Hash 0080dfc167a8e55c23403921b7124b2d
66545397b1e73c8aced4ed28452142fdd62ed210
4291fa70401bc06478f02dc3330c847d5bd4a6c4b0ee643692b41f6bfeef0eda
GET /wp-content/plugins/js_composer_theme/assets/css/js_composer.min.css?ver=4.12.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2016 00:25:38 GMT
vary: Accept-Encoding
etag: W/"58193282-6f602"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/mk_assets/theme-options-production.css?ver=1665138196
91.189.114.8200 OK 5.7 kB URL HTTP/2 maxclinic.ru/wp-content/uploads/mk_assets/theme-options-production.css?ver=1665138196
IP 91.189.114.8:0
Hash dc7899a9868cb61139e9240f96a8c5a4
492b1320a6d51551d2b4445002d37041cd9593aa
da18f3817acbf57184c7801c9f6a6db3073da92559a5861ccae21f24d68e2121
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/mk_assets/theme-options-production.css?ver=1665138196 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Fri, 07 Oct 2022 07:02:06 GMT
vary: Accept-Encoding
etag: W/"633fceee-8c63"
content-encoding: gzip
X-Firefox-Spdy: h2
crm.hotlead.io/calltracking/allocate/phone/34319543712181fa693d10bbb3bcf61d
95.181.203.36200 OK 20 B URL HTTP/1.1 crm.hotlead.io/calltracking/allocate/phone/34319543712181fa693d10bbb3bcf61d
IP 95.181.203.36:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /calltracking/allocate/phone/34319543712181fa693d10bbb3bcf61d HTTP/1.1
Host: crm.hotlead.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Sat, 08 Oct 2022 03:38:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Set-Cookie: PHPSESSID=6c34m3k4fgl66v33fuppq1q4d4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
maxclinic.ru/wp-content/plugins/revslider/public/assets/assets/loader.gif
91.189.114.8200 OK 2.5 kB URL HTTP/2 maxclinic.ru/wp-content/plugins/revslider/public/assets/assets/loader.gif
IP 91.189.114.8:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash 4b3afb84b2b71ef56df09997a350bd04
accdac8a7abeab0e21c49539aad0a973addb28ef
9034d5d34015e4b05d2c1d1a8dc9f6ec9d59bd96d305eb9e24e24e65c591a645
GET /wp-content/plugins/revslider/public/assets/assets/loader.gif HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:10 GMT
content-type: image/gif
content-length: 2545
last-modified: Mon, 18 Apr 2022 01:39:38 GMT
etag: "625cc15a-9f1"
accept-ranges: bytes
X-Firefox-Spdy: h2
www.youtube.com/embed/Aho7COW2pdA?feature=oembed
142.250.74.110200 OK 28 kB URL HTTP/2 www.youtube.com/embed/Aho7COW2pdA?feature=oembed
IP 142.250.74.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58594)
Hash c0476c4bd98284055ba21eeb714e3aad
24851b1711423aaad0212717cb01918026380ff1
efa537d708d7bf20e5041332036ce8d098b6408dfafe73a005fe3987032ab29b
GET /embed/Aho7COW2pdA?feature=oembed HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 08 Oct 2022 03:38:09 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=wp6tlGHaRHE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=fJo5CQ4doCw; Domain=.youtube.com; Expires=Thu, 06-Apr-2023 03:38:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+217; expires=Mon, 07-Oct-2024 03:38:09 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/embed/zoy-GO6KFyk?feature=oembed
142.250.74.110200 OK 28 kB URL HTTP/2 www.youtube.com/embed/zoy-GO6KFyk?feature=oembed
IP 142.250.74.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58589)
Hash c3a66dd116526deb3d6958925ca8dd38
19c8ebda1da908c6d04ffacf2bc89a8b324abcc5
742408b6b465c7dbad1927d9ecd1b7993d2e3400cff99eb779f2c36f7f24bcc3
GET /embed/zoy-GO6KFyk?feature=oembed HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 08 Oct 2022 03:38:09 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=pJVDmnZMLSs; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=Gf5o4cDCD6Y; Domain=.youtube.com; Expires=Thu, 06-Apr-2023 03:38:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+619; expires=Mon, 07-Oct-2024 03:38:09 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: JYDg0-KelCPr__4bKtpARLrwiE1CHGICcFI6I9_TFCMcmESbykNhXQ==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 22:08:50 GMT
age: 19760
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.youtube.com/embed/3lEWcLVs_7Q?feature=oembed
142.250.74.110200 OK 33 kB URL HTTP/2 www.youtube.com/embed/3lEWcLVs_7Q?feature=oembed
IP 142.250.74.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58588)
Hash 3f4d45ba2a2aba0c6f497d4d4cae9a52
57b1bc2d9208fc48cc2f2e52de01653d0c54b558
e99bdbcf6e2af05f55557e655da6a1de309f918233fa7fcff03af8ded9f5413f
GET /embed/3lEWcLVs_7Q?feature=oembed HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 08 Oct 2022 03:38:09 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Az6EkfKMqEw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=SpAwnN96-OA; Domain=.youtube.com; Expires=Thu, 06-Apr-2023 03:38:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+410; expires=Mon, 07-Oct-2024 03:38:09 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/embed/kNXYZC6izcM?feature=oembed
142.250.74.110200 OK 42 kB URL HTTP/2 www.youtube.com/embed/kNXYZC6izcM?feature=oembed
IP 142.250.74.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58532)
Hash cd44f251d5edf3a886f3c3ea2c6b05c7
4a4e90d1eba8598ade109ccc482021f3f9c42168
c8b6e5aa29d91c1011cc319562e09c5af1275400f22a39381f7dad5bedde30ec
GET /embed/kNXYZC6izcM?feature=oembed HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 08 Oct 2022 03:38:09 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=5rNCJ5qcVv8; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=qJ1GMXUPyBE; Domain=.youtube.com; Expires=Thu, 06-Apr-2023 03:38:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+366; expires=Mon, 07-Oct-2024 03:38:09 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/comfortable-reading/js/jquery.cookie.js?ver=1.1
91.189.114.8200 OK 7.3 kB URL HTTP/2 maxclinic.ru/wp-content/plugins/comfortable-reading/js/jquery.cookie.js?ver=1.1
IP 91.189.114.8:0
Hash 2f819f4b221b3fe016f3aa57f3bd60eb
e51919d94bfc4d934f1cb75eab48022e564cf2cb
ff1c4ec22a12bb0b7c196140008574df952697132aaf8d2e601f600047858073
GET /wp-content/plugins/comfortable-reading/js/jquery.cookie.js?ver=1.1 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Tue, 17 Mar 2020 06:14:01 GMT
vary: Accept-Encoding
etag: W/"5e706aa9-8b8"
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9176a06a-294d-4b65-8535-846b9386ccc6.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9176a06a-294d-4b65-8535-846b9386ccc6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97c7f371036a91fd437db5abc3decdfd
46583b7657dadcffbea286bd45fad99a10f81335
7da3c89d51447ee13c701c892e6b7a4094da97cd1cd7c08322e085d0f49586b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9176a06a-294d-4b65-8535-846b9386ccc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6766
x-amzn-requestid: 8534c4a9-161b-4f7d-a956-36f5d35fde26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1DmGLzIAMFxbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb0-7b2d96e3559d6d057f27d9cf;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NV1e4Qk40mQQBEQsD87vjiyz0yqsw8UYCfyq27LIgA5aOfZkRpKmFQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:56:05 GMT
age: 20525
etag: "46583b7657dadcffbea286bd45fad99a10f81335"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.youtube.com/embed/vd2mlQwFvqI?feature=oembed
142.250.74.110200 OK 33 kB URL HTTP/2 www.youtube.com/embed/vd2mlQwFvqI?feature=oembed
IP 142.250.74.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58594)
Hash 4c40114c6d897c623db0eaad4bb43652
971505fb769cd84027bf8341add0f1a1c7e93f5c
e973b20e2fd7bebb43411a3c41c11f89a33124b4ebb227417f9469c166346572
GET /embed/vd2mlQwFvqI?feature=oembed HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 08 Oct 2022 03:38:09 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=UAqIk7Tw-vg; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=C2n4JMuCWKc; Domain=.youtube.com; Expires=Thu, 06-Apr-2023 03:38:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+035; expires=Mon, 07-Oct-2024 03:38:09 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maxclinic.ru/wp-admin/admin-ajax.php
91.189.114.8200 OK 76 B URL HTTP/2 maxclinic.ru/wp-admin/admin-ajax.php
IP 91.189.114.8:0
File type ASCII text, with no line terminators
Hash 4f1d48641fb50877776198aad8fd8b5c
1bd4182f17c329e5ba643c6dece4e52cfc32dbf4
4877e09a2465783f8ba74d8532a4d1b10265b30264448c8971a3c3fdd90277ce
Analyzer Verdict Alert fortinet Phishing
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 30
Origin: https://maxclinic.ru
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:10 GMT
content-type: text/html; charset=UTF-8
content-length: 76
x-powered-by: PHP/7.4.29
access-control-allow-origin: https://maxclinic.ru
access-control-allow-credentials: true
x-robots-tag: noindex
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/2016/07/cropped-%D0%BB%D0%BE%D0%B3%D0%BE-192x192.png
91.189.114.8200 OK 40 kB URL HTTP/2 maxclinic.ru/wp-content/uploads/2016/07/cropped-%D0%BB%D0%BE%D0%B3%D0%BE-192x192.png
IP 91.189.114.8:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 55a60a646cd86b24aed30cc9cb1a4cb7
f1ed00a91a174c9b57ef162e0008f0f25c21998c
fff419f47767f784b4f2666c0a481cc0bf43c7ede37d9973d6854f411f40b132
GET /wp-content/uploads/2016/07/cropped-%D0%BB%D0%BE%D0%B3%D0%BE-192x192.png HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:10 GMT
content-type: image/png
content-length: 39840
last-modified: Tue, 01 Feb 2022 02:40:29 GMT
etag: "61f89d9d-9ba0"
accept-ranges: bytes
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/2016/07/cropped-%D0%BB%D0%BE%D0%B3%D0%BE-32x32.png
91.189.114.8200 OK 2.4 kB URL HTTP/2 maxclinic.ru/wp-content/uploads/2016/07/cropped-%D0%BB%D0%BE%D0%B3%D0%BE-32x32.png
IP 91.189.114.8:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 56ad2f657153926493db8b093f88cf42
410581441368ef31bf7e58443127a951a39ed57e
289a971a60f9873c2ea9c7966079a0b477672fdfd96d8e16ba1708efb75853bf
GET /wp-content/uploads/2016/07/cropped-%D0%BB%D0%BE%D0%B3%D0%BE-32x32.png HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:10 GMT
content-type: image/png
content-length: 2438
last-modified: Tue, 01 Feb 2022 02:40:29 GMT
etag: "61f89d9d-986"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 17ae94004f4d02cd428a11f78ddc7cae
aea255ba97b169f3bac5b427583c5b5c4bfc374f
538ed6a85792a3b44fc5a2bcbfd2cd1bb6138fdc9a3bea32837dd2cb66c518e5
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 03:38:10 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 12 Oct 2022 01:26:51 GMT
ETag: "aea255ba97b169f3bac5b427583c5b5c4bfc374f"
Last-Modified: Sat, 08 Oct 2022 01:26:52 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2155
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 756bd797e91eb51b-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 17ae94004f4d02cd428a11f78ddc7cae
aea255ba97b169f3bac5b427583c5b5c4bfc374f
538ed6a85792a3b44fc5a2bcbfd2cd1bb6138fdc9a3bea32837dd2cb66c518e5
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 03:38:10 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 12 Oct 2022 01:26:51 GMT
ETag: "aea255ba97b169f3bac5b427583c5b5c4bfc374f"
Last-Modified: Sat, 08 Oct 2022 01:26:52 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2155
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 756bd797f927b51b-OSL
maxclinic.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
91.189.114.8200 OK 198 kB URL HTTP/2 maxclinic.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 91.189.114.8:0
Size 198 kB (198048 bytes)
Hash 4f0e527de7f0a935673014b269e08831
4d174e492c4f820041d95ed53aa4f0bd31c3a54a
84abce7b4c3737f978a8c02758469dc4496bbbaa73f8026db86b3c6e67b335e5
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 05:24:59 GMT
vary: Accept-Encoding
etag: W/"6315882b-15b64"
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 17ae94004f4d02cd428a11f78ddc7cae
aea255ba97b169f3bac5b427583c5b5c4bfc374f
538ed6a85792a3b44fc5a2bcbfd2cd1bb6138fdc9a3bea32837dd2cb66c518e5
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Oct 2022 03:38:10 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 12 Oct 2022 01:26:51 GMT
ETag: "aea255ba97b169f3bac5b427583c5b5c4bfc374f"
Last-Modified: Sat, 08 Oct 2022 01:26:52 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2155
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 756bd797ff0db52d-OSL
crm.hotlead.io/cbapi/34319543712181fa693d10bbb3bcf61d?timezone=UTC&callback=jsonCallback
95.181.203.36204 No Content 0 B URL HTTP/1.1 crm.hotlead.io/cbapi/34319543712181fa693d10bbb3bcf61d?timezone=UTC&callback=jsonCallback
IP 95.181.203.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cbapi/34319543712181fa693d10bbb3bcf61d?timezone=UTC&callback=jsonCallback HTTP/1.1
Host: crm.hotlead.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.14.0
Date: Sat, 08 Oct 2022 03:38:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Set-Cookie: PHPSESSID=hvv0ik591q2veg1t3sa5os4ve6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
status.geotrust.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 350dc19c65718bb4ffdc88be3ec08e9a
1ea2bd028e68b67e21487ab6675dc53628d3648f
cdc704c05d48bcff418f0330a828977e56dcfe6f5f05efe18dce58f8aee961bb
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5633
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:10 GMT
Last-Modified: Sat, 08 Oct 2022 02:04:17 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
status.geotrust.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 350dc19c65718bb4ffdc88be3ec08e9a
1ea2bd028e68b67e21487ab6675dc53628d3648f
cdc704c05d48bcff418f0330a828977e56dcfe6f5f05efe18dce58f8aee961bb
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5633
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:10 GMT
Last-Modified: Sat, 08 Oct 2022 02:04:17 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
mc.yandex.ru/metrika/watch.js
93.158.134.119200 OK 58 kB URL HTTP/2 mc.yandex.ru/metrika/watch.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash 460146be452f208c1f6522551302a015
b0fa6e22cabc464df86ead41b64ef8611f0a2864
79cc70749200e05b4080f11d05ff2e544e15f4fd2571013619f0f3d88e0c28ea
GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 57462
date: Sat, 08 Oct 2022 03:38:10 GMT
access-control-allow-origin: *
etag: "633fab48-e076"
expires: Sat, 08 Oct 2022 04:38:10 GMT
last-modified: Fri, 07 Oct 2022 07:30:00 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
top-fwz1.mail.ru/counter?id=3063232;t=384;l=1
95.163.52.67302 Found 0 B URL HTTP/2 top-fwz1.mail.ru/counter?id=3063232;t=384;l=1
IP 95.163.52.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /counter?id=3063232;t=384;l=1 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 08 Oct 2022 03:38:10 GMT
content-length: 0
location: https://top-fwz1.mail.ru/counter2?id=3063232;t=384;l=1
set-cookie: FTID=1RMYgQ0tkIID:1665200290:3063232:::; path=/; expires=Mon, 09-Oct-23 03:38:10 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (731)
Hash 64adf2282f72dc350e916cb82af41ab7
d5c10f65a7ac0cce6eb0c78df805965a9a3ad017
4942011d5f3623476ceff936e757245d89ce2af664558a7031497d370a3d3771
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73219
date: Sat, 08 Oct 2022 03:38:10 GMT
access-control-allow-origin: *
etag: "633fab48-11e03"
expires: Sat, 08 Oct 2022 04:38:10 GMT
last-modified: Fri, 07 Oct 2022 07:30:00 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
top-fwz1.mail.ru/counter?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;title=%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200291079%3A1%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga;visible=true;_=0.72151113619252
95.163.52.67302 Found 0 B URL HTTP/2 top-fwz1.mail.ru/counter?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;title=%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200291079%3A1%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga;visible=true;_=0.72151113619252
IP 95.163.52.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /counter?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;title=%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200291079%3A1%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga;visible=true;_=0.72151113619252 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 08 Oct 2022 03:38:11 GMT
content-length: 0
location: https://top-fwz1.mail.ru/counter2?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;title=%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200291079%3A1%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga;visible=true;_=0.72151113619252
set-cookie: FTID=1RMYgQ0tkIID:1665200291:3063232:::; path=/; expires=Mon, 09-Oct-23 03:38:11 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23be53f0796c8e41706dcd00284560fc
9608740dde2b8801081f68b9aa0afe9ae048e3fb
08efc4c1977aef68123a25c191e9af752bf3ffc9d9c3a1790ae3ec350a239206
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-219192435-1&cid=1521386750.1665200291&jid=1810484650&gjid=385045278&_gid=1174653751.1665200291&_u=YGDAgUABAAAAAGAAI~&z=506319064
173.194.73.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-219192435-1&cid=1521386750.1665200291&jid=1810484650&gjid=385045278&_gid=1174653751.1665200291&_u=YGDAgUABAAAAAGAAI~&z=506319064
IP 173.194.73.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-219192435-1&cid=1521386750.1665200291&jid=1810484650&gjid=385045278&_gid=1174653751.1665200291&_u=YGDAgUABAAAAAGAAI~&z=506319064 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://maxclinic.ru
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://maxclinic.ru
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 08 Oct 2022 03:38:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23be53f0796c8e41706dcd00284560fc
9608740dde2b8801081f68b9aa0afe9ae048e3fb
08efc4c1977aef68123a25c191e9af752bf3ffc9d9c3a1790ae3ec350a239206
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
top-fwz1.mail.ru/counter2?id=3063232;t=384;l=1
95.163.52.67200 OK 1.5 kB URL HTTP/2 top-fwz1.mail.ru/counter2?id=3063232;t=384;l=1
IP 95.163.52.67:0
File type GIF image data, version 89a, 88 x 18\012- data
Hash 81c4231b60120b4dcf82b64c503424f8
c89dacdb1ad470152c592e5d3bd5f1401a43afb2
def020e77e93dac0c50e2532d362a881c3ee9f6b7d77fe527bd9a93b6593901b
GET /counter2?id=3063232;t=384;l=1 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://maxclinic.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 03:38:11 GMT
content-type: image/gif
content-length: 1516
set-cookie: FTID=1RMYgQ0tkIID:1665200291:3063232:::; path=/; expires=Mon, 09-Oct-23 03:38:11 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
91.189.114.8200 OK 29 kB URL HTTP/2 maxclinic.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
IP 91.189.114.8:0
Hash 0093cd7438b0ccbad533488817ccedea
53fe64cd010875c40816d719ad5093fbc6f2db88
ad26e9089307a68e1d5932442d8fe39ce183b2ec85cfba52e937641fae974fb8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 23:16:40 GMT
vary: Accept-Encoding
etag: W/"63168358-aab"
content-encoding: gzip
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 488 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash 271d40017b386de1f8ff9c36384e09df
a897e79117f74cae6cd437d1a3000c229308f794
6d222f1cc3c467fe6028a6cb5ac1c75852ae077ae5ff6737285772fbff1bedc1
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.doubleclick.net/instream/ad_status.js
142.250.74.166200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.166:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Oct 2022 03:27:37 GMT
expires: Sat, 08 Oct 2022 03:42:37 GMT
cache-control: public, max-age=900
age: 635
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ebcacb94db1196ad457d9d0f99f1f05c
c29dd9bb8f75a26b57712af80eeed8a224c8869b
3683d9f0309804614cff247d22fd62443e039b180c763bc953582aad45cab8dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 7.4 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
File type gzip compressed data, from Unix\012- data
Hash f1e1bbb8c9293fc3a9be9d6029e4b456
efdce525970aa17b1b486071206015ff532ab7c7
18164cc7cf2e00f61fd145e72ebd95611e85d6ba206a1c0b6491531e63af7ec4
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/watch/43608179?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lptml46owy1i81m1iing%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A919166362492%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200291%3Ac%3A1%3Arn%3A740841911%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200291%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 426 B URL HTTP/2 mc.yandex.ru/watch/43608179?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lptml46owy1i81m1iing%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A919166362492%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200291%3Ac%3A1%3Arn%3A740841911%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200291%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (426), with no line terminators
Hash 6179e3e1d73d0d81b246ef1f8b2787ca
f029e318a3f8afb3f6f575d80e2badf5144b9167
c958feed771f917716224c16e8704fefd858eb3eb39ef2fbf1fb945d386c7bfd
GET /watch/43608179?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lptml46owy1i81m1iing%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A919166362492%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200291%3Ac%3A1%3Arn%3A740841911%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200291%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maxclinic.ru
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/43608179/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8lptml46owy1i81m1iing%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A919166362492%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200291%3Ac%3A1%3Arn%3A740841911%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200291%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 08 Oct 2022 03:38:11 GMT
access-control-allow-origin: https://maxclinic.ru
set-cookie: yandexuid=7313153351665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7313153351665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2507604031665200291; Path=/; SameSite=None; Secure
i=RexKkvk2RORvgF/8Fl5yq+8P+4/iZ5QDOCqhx8InVN0tclLRXRISQ7N6JY9jHCGaqKGr1jH9GSLiyrIt41okV2Lu7Iw=; Expires=Tue, 05-Oct-2032 03:38:08 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696736291.yrts.1665200291#1696736291.yrtsi.1665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 08-Oct-2022 03:38:11 GMT
last-modified: Sat, 08-Oct-2022 03:38:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
top-fwz1.mail.ru/counter2?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;title=%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200291079%3A1%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga;visible=true;_=0.72151113619252
95.163.52.67200 OK 43 B URL HTTP/2 top-fwz1.mail.ru/counter2?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;title=%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200291079%3A1%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga;visible=true;_=0.72151113619252
IP 95.163.52.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /counter2?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;title=%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200291079%3A1%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga;visible=true;_=0.72151113619252 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://maxclinic.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 03:38:12 GMT
content-type: image/gif
content-length: 43
set-cookie: FTID=1RMYgQ0tkIID:1665200292:3063232:::; path=/; expires=Mon, 09-Oct-23 03:38:12 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ebcacb94db1196ad457d9d0f99f1f05c
c29dd9bb8f75a26b57712af80eeed8a224c8869b
3683d9f0309804614cff247d22fd62443e039b180c763bc953582aad45cab8dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/50737834/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1591979230362%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A544042690%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 433 B URL HTTP/2 mc.yandex.ru/watch/50737834/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1591979230362%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A544042690%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (433), with no line terminators
Hash 5f724483001cb0d5d01090ed244c8a86
343bcb46f4caf1d7141670377debca3354bd3ecd
694961daa4b4d2825df4783ea586f18590b7cda76842aca8b3e370b3cc9d4876
GET /watch/50737834/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1591979230362%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A544042690%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maxclinic.ru
Referer: https://maxclinic.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 433
date: Sat, 08 Oct 2022 03:38:12 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://maxclinic.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 08-Oct-2022 03:38:12 GMT
last-modified: Sat, 08-Oct-2022 03:38:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/revslider/public/assets/assets/transparent.png
91.189.114.8200 OK 122 B URL HTTP/2 maxclinic.ru/wp-content/plugins/revslider/public/assets/assets/transparent.png
IP 91.189.114.8:0
File type PNG image data, 300 x 200, 1-bit grayscale, non-interlaced\012- data
Hash 86c58b484b48eac285e131e8b55d2ce7
3d3ee4c137a6f36e5fbee31e21a4d08f2c38d20e
9603ffeb6772f1cf745e0097d5d6c046eaf16151e5bc521f20764bba5ddb7713
GET /wp-content/plugins/revslider/public/assets/assets/transparent.png HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Cookie: tmr_reqNum=1; tmr_lvid=a372215f4ebc7096fbc7def81fb86f93; tmr_lvidTS=1665200291072; _ga=GA1.2.1521386750.1665200291; _gid=GA1.2.1174653751.1665200291; _gat_gtag_UA_127651383_1=1; _dc_gtm_UA-219192435-1=1; _ym_uid=1665200291854051067; _ym_d=1665200291
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:12 GMT
content-type: image/png
content-length: 122
last-modified: Mon, 18 Apr 2022 01:39:38 GMT
etag: "625cc15a-7a"
accept-ranges: bytes
X-Firefox-Spdy: h2
mc.yandex.ru/watch/87367626/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A4%3Adp%3A0%3Als%3A298000461460%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A806283839%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%280%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 407 B URL HTTP/2 mc.yandex.ru/watch/87367626/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A4%3Adp%3A0%3Als%3A298000461460%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A806283839%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%280%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash 5cd91515702f29bfbcd26ae8129c0e27
fdd5dfcfc50cc8e150a726146a21eccf9a178667
09581aa776efc0a6d56dea518289cb421c073a449a6a03bd2e007b3c6f0d14be
GET /watch/87367626/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A4%3Adp%3A0%3Als%3A298000461460%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A806283839%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%280%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maxclinic.ru
Referer: https://maxclinic.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Sat, 08 Oct 2022 03:38:12 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://maxclinic.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 08-Oct-2022 03:38:12 GMT
last-modified: Sat, 08-Oct-2022 03:38:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.234200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 08 Oct 2022 03:38:12 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.234200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.234:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 0205812bb4c2b1558a858a2580ff8536
a7c6065ab8eb2bfdef9d6923bae5c98668313567
691415519a00a0a33eeaa0150f7eeb17aa554a8e6a5a9af31bebcd1d58823f1b
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 08 Oct 2022 03:38:12 GMT
server: ESF
cache-control: private
content-length: 31024
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/2022/08/1-%D1%81%D0%B0%D0%B9%D1%82%20%D0%BC%D0%B0%D0%BA%D1%81.jpg
91.189.114.8200 OK 480 kB URL HTTP/2 maxclinic.ru/wp-content/uploads/2022/08/1-%D1%81%D0%B0%D0%B9%D1%82%20%D0%BC%D0%B0%D0%BA%D1%81.jpg
IP 91.189.114.8:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Macintosh), datetime=2022:08:17 15:29:24], progressive, precision 8, 1343x872, components 3\012- data
Size 480 kB (480250 bytes)
Hash 04f2acf06dbc18d8d7ab10af23da62cd
637fdb8fa88296e649c8622a18210b2628d43123
28e9d694d214ea913aa95b9a5775f8d7fce328abe44f6e9d42a659863a215120
GET /wp-content/uploads/2022/08/1-%D1%81%D0%B0%D0%B9%D1%82%20%D0%BC%D0%B0%D0%BA%D1%81.jpg HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Cookie: tmr_reqNum=1; tmr_lvid=a372215f4ebc7096fbc7def81fb86f93; tmr_lvidTS=1665200291072; _ga=GA1.2.1521386750.1665200291; _gid=GA1.2.1174653751.1665200291; _gat_gtag_UA_127651383_1=1; _dc_gtm_UA-219192435-1=1; _ym_uid=1665200291854051067; _ym_d=1665200291
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:12 GMT
content-type: image/jpeg
content-length: 480250
last-modified: Wed, 17 Aug 2022 07:40:02 GMT
etag: "62fc9b52-753fa"
accept-ranges: bytes
X-Firefox-Spdy: h2
mc.yandex.ru/watch/82498771/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A3%3Adp%3A0%3Als%3A357834529228%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A716975942%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 442 B URL HTTP/2 mc.yandex.ru/watch/82498771/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A3%3Adp%3A0%3Als%3A357834529228%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A716975942%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (442), with no line terminators
Hash 8953f9bedc821e56c3fe205f8e6b9da6
c52a110ab44ab12d9fdf09b85c748975bd8c7ce9
6a2cfb9e7dea48c126cf961684bd18ba731141e47927598d1c49ab1a21cb22ba
GET /watch/82498771/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A3%3Adp%3A0%3Als%3A357834529228%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A716975942%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maxclinic.ru
Referer: https://maxclinic.ru/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 442
date: Sat, 08 Oct 2022 03:38:12 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://maxclinic.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 08-Oct-2022 03:38:12 GMT
last-modified: Sat, 08-Oct-2022 03:38:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 08 Oct 2022 03:38:12 GMT
access-control-allow-origin: *
etag: "633fab48-2b"
expires: Sat, 08 Oct 2022 04:38:12 GMT
accept-ranges: bytes
last-modified: Fri, 07 Oct 2022 07:30:00 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1cfaa533e9824a6356e191c5f6d1752a
f6ab903ced2dbf86204334502d4cb7f4d32934c5
1d9f324978a89d84236dc4ed22d38f270b7ddaeb1d01ab0bfe7d79d558b13f1b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/vd2mlQwFvqI/sddefault.webp
142.250.74.182200 OK 15 kB URL HTTP/2 i.ytimg.com/vi_webp/vd2mlQwFvqI/sddefault.webp
IP 142.250.74.182:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1e5a6bab412ed0653f68bad7cdab9a7d
7f498618ffbbcd8eb9d8efd9139fa78cd82f233b
e3c7134ae2ad110332906006822b19e72bb5c8f6bdba5979703e6af555c94fe6
GET /vi_webp/vd2mlQwFvqI/sddefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 14784
date: Sat, 08 Oct 2022 03:38:12 GMT
expires: Sat, 08 Oct 2022 05:38:12 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.234200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.234:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 542dd9c821b1ed264b28486050f682f5
c4b6848574086f26ea0b8a27276a6477a87203cd
4d9ea8dbb35294be815af44656ada880b635f92ad8da46b1a7b403b7c6e8f3d4
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 08 Oct 2022 03:38:12 GMT
server: ESF
cache-control: private
content-length: 30969
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1cfaa533e9824a6356e191c5f6d1752a
f6ab903ced2dbf86204334502d4cb7f4d32934c5
1d9f324978a89d84236dc4ed22d38f270b7ddaeb1d01ab0bfe7d79d558b13f1b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3c653b7d4151c89bf97b26a6bf854af2
cbcefae0da43945c106c7ab708bb851348b35481
d273d605cfa789a4350cf4e9d56016820eb8b7999e71c1ef9ecbeb3da62b82b5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
redirector.googlevideo.com/initplayback?source=youtube&orc=1&oeis=1&ip=91.90.42.154&c=WEB_EMBEDDED_PLAYER&oad=3200&ovd=3200&oaad=3200&oavd=3200&ocs=700&oewis=1&oputc=1&ofpcc=1&msp=1&odeak=1&odepv=1&osfc=1&alr=yes&id=72500
142.250.74.78200 OK 244 B URL HTTP/2 redirector.googlevideo.com/initplayback?source=youtube&orc=1&oeis=1&ip=91.90.42.154&c=WEB_EMBEDDED_PLAYER&oad=3200&ovd=3200&oaad=3200&oavd=3200&ocs=700&oewis=1&oputc=1&ofpcc=1&msp=1&odeak=1&odepv=1&osfc=1&alr=yes&id=72500
IP 142.250.74.78:0
File type ASCII text, with very long lines (318), with no line terminators
Hash 525a9db76f75931a729376f36c46fdb7
e7605a5e9a6b9a626d97b24444fde50306d7dbec
8c0452e8fa3ce5151ea6136972e2187e2f1e1689324af9d7d61bf69981d760d3
GET /initplayback?source=youtube&orc=1&oeis=1&ip=91.90.42.154&c=WEB_EMBEDDED_PLAYER&oad=3200&ovd=3200&oaad=3200&oavd=3200&ocs=700&oewis=1&oputc=1&ofpcc=1&msp=1&odeak=1&odepv=1&osfc=1&alr=yes&id=72500 HTTP/1.1
Host: redirector.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 03:38:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
content-type: text/plain; charset=UTF-8
content-encoding: gzip
server: ClientMapServer
content-length: 244
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yt3.ggpht.com/ytc/AMLnZu_MXSdB03EieJPwgF3w3bOHJcPaRh4qjAJivg=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 987 B URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu_MXSdB03EieJPwgF3w3bOHJcPaRh4qjAJivg=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash 3a1de8801f92232b1796aa75cbf6d17c
1a7669f3ec6cb62a277f5704ff124dfbd3a64074
67969c31d91fb97e9ff1747f102c8ca57aef166128669d6809ddaf83a58fc6b5
GET /ytc/AMLnZu_MXSdB03EieJPwgF3w3bOHJcPaRh4qjAJivg=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Sun, 09 Oct 2022 03:38:12 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sat, 08 Oct 2022 03:38:12 GMT
server: fife
content-length: 987
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3c653b7d4151c89bf97b26a6bf854af2
cbcefae0da43945c106c7ab708bb851348b35481
d273d605cfa789a4350cf4e9d56016820eb8b7999e71c1ef9ecbeb3da62b82b5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxclinic.ru/wp-content/uploads/2022/02/1-fgds.jpg
91.189.114.8200 OK 844 kB URL HTTP/2 maxclinic.ru/wp-content/uploads/2022/02/1-fgds.jpg
IP 91.189.114.8:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Macintosh), datetime=2022:02:03 10:40:39], progressive, precision 8, 1880x1218, components 3\012- data
Size 844 kB (843723 bytes)
Hash 751c3ee630ab85710175260ab4ced23f
aa4f780a754583bb908dc93343c775deced6783b
38fb0d62666c49691dd59f5ef958d64937a243f12ed01d7ccc63b618bcc90eee
GET /wp-content/uploads/2022/02/1-fgds.jpg HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Cookie: tmr_reqNum=1; tmr_lvid=a372215f4ebc7096fbc7def81fb86f93; tmr_lvidTS=1665200291072; _ga=GA1.2.1521386750.1665200291; _gid=GA1.2.1174653751.1665200291; _gat_gtag_UA_127651383_1=1; _dc_gtm_UA-219192435-1=1; _ym_uid=1665200291854051067; _ym_d=1665200291; _ym_isad=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:12 GMT
content-type: image/jpeg
content-length: 843723
last-modified: Thu, 03 Feb 2022 02:18:26 GMT
etag: "61fb3b72-cdfcb"
accept-ranges: bytes
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/2022/02/1-urologiya.jpg
91.189.114.8200 OK 780 kB URL HTTP/2 maxclinic.ru/wp-content/uploads/2022/02/1-urologiya.jpg
IP 91.189.114.8:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Macintosh), datetime=2022:02:03 10:40:25], progressive, precision 8, 1880x1221, components 3\012- data
Size 780 kB (779880 bytes)
Hash 98cb69890c8f8369192b7ce5aea3e0a1
bf82d46a2769db70d2394753675f91b967e95fd3
3057de095df46048936dece6037617a4456a8aee39eb59fc5748be14191fbf00
GET /wp-content/uploads/2022/02/1-urologiya.jpg HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Cookie: tmr_reqNum=1; tmr_lvid=a372215f4ebc7096fbc7def81fb86f93; tmr_lvidTS=1665200291072; _ga=GA1.2.1521386750.1665200291; _gid=GA1.2.1174653751.1665200291; _gat_gtag_UA_127651383_1=1; _dc_gtm_UA-219192435-1=1; _ym_uid=1665200291854051067; _ym_d=1665200291; _ym_isad=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:12 GMT
content-type: image/jpeg
content-length: 779880
last-modified: Thu, 03 Feb 2022 02:30:39 GMT
etag: "61fb3e4f-be668"
accept-ranges: bytes
X-Firefox-Spdy: h2
top-fwz1.mail.ru/tracker?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;nt=0/0/1665200287619/////764/764/764/764/764/764/772/964/964/980/2265/2299/2315/5740/5740/;ni=;lvid=1665200291072%3A1665200293403%3A2%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.7742349351583192;e=RT/load;et=1665200293401
95.163.52.67200 OK 43 B URL HTTP/2 top-fwz1.mail.ru/tracker?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;nt=0/0/1665200287619/////764/764/764/764/764/764/772/964/964/980/2265/2299/2315/5740/5740/;ni=;lvid=1665200291072%3A1665200293403%3A2%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.7742349351583192;e=RT/load;et=1665200293401
IP 95.163.52.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /tracker?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;nt=0/0/1665200287619/////764/764/764/764/764/764/772/964/964/980/2265/2299/2315/5740/5740/;ni=;lvid=1665200291072%3A1665200293403%3A2%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.7742349351583192;e=RT/load;et=1665200293401 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 03:38:13 GMT
content-type: image/gif
content-length: 43
set-cookie: FTID=1RMYgQ0tkIID:1665200293:3063232:::; path=/; expires=Mon, 09-Oct-23 03:38:13 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/artbees-captcha/generate-captcha.php
91.189.114.8200 OK 3.2 kB URL HTTP/2 maxclinic.ru/wp-content/plugins/artbees-captcha/generate-captcha.php
IP 91.189.114.8:0
File type PNG image data, 200 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash 2768134c7cb64152a96c46b369af161e
a22dacadc8ead43c4c5525c2b532d2ce663e2f63
e35e03cfd2d4447306faca59514a2aac5c8f1aba7d2a071b1441a00b3b5b2756
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/artbees-captcha/generate-captcha.php HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Cookie: tmr_reqNum=2; tmr_lvid=a372215f4ebc7096fbc7def81fb86f93; tmr_lvidTS=1665200291072; _ga=GA1.2.1521386750.1665200291; _gid=GA1.2.1174653751.1665200291; _gat_gtag_UA_127651383_1=1; _dc_gtm_UA-219192435-1=1; _ym_uid=1665200291854051067; _ym_d=1665200291; _ym_isad=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:13 GMT
content-type: image/png
content-length: 3245
x-powered-by: PHP/7.4.29
set-cookie: PHPSESSID=52e47546b5504e23f36348e14532eaec; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da5f54e2d234b159e435039798b4f58c
115cbe08795735df780e8d1a5fb31141187c074e
20fefe2ac7fcd44ae4d6714ff2148b54810a8e7b7f66103e4bbe9c0156b7b2fa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-219192435-1&cid=1521386750.1665200291&jid=1810484650&_u=YGDAgUABAAAAAGAAI~&z=904293656
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-219192435-1&cid=1521386750.1665200291&jid=1810484650&_u=YGDAgUABAAAAAGAAI~&z=904293656
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-219192435-1&cid=1521386750.1665200291&jid=1810484650&_u=YGDAgUABAAAAAGAAI~&z=904293656 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 08 Oct 2022 03:38:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da5f54e2d234b159e435039798b4f58c
115cbe08795735df780e8d1a5fb31141187c074e
20fefe2ac7fcd44ae4d6714ff2148b54810a8e7b7f66103e4bbe9c0156b7b2fa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 03:38:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d2aa46d-cfbd-49e3-8f25-0498668c50a9.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d2aa46d-cfbd-49e3-8f25-0498668c50a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a15dc9ba26fe131b3b4833fb309155cd
334a9163f63c76e4379912c1f2f955f5362de899
36725a6aca89237de25a2234d01472f0100a6bbc09093ee638c9ef0fe3226a07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d2aa46d-cfbd-49e3-8f25-0498668c50a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6963
x-amzn-requestid: 85900f7a-41ed-483e-92f5-a214e79cbfea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZolXeG_YoAMFlpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63401c2f-5fdd70c5679fcf26476383a5;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 12:31:43 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: y5WAY20QAO4OlpbwetBtvhxEA93lTq-NEUFz0ZuYeyja-BaOV1IYsg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:39:48 GMT
etag: "334a9163f63c76e4379912c1f2f955f5362de899"
content-type: image/jpeg
age: 21509
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/50737834?wv-check=54281&wv-type=0&wmode=0&wv-part=1&wv-hit=554931825&page-url=https%3A%2F%2Fmaxclinic.ru%2F&rn=53652885&browser-info=gdpr%3A14%3Aet%3A1665200297%3Aw%3A1268x939%3Av%3A912%3Az%3A0%3Ai%3A20221008033817%3Au%3A1665200291854051067%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Awe%3A1%3Ast%3A1665200297&t=gdpr(14)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/50737834?wv-check=54281&wv-type=0&wmode=0&wv-part=1&wv-hit=554931825&page-url=https%3A%2F%2Fmaxclinic.ru%2F&rn=53652885&browser-info=gdpr%3A14%3Aet%3A1665200297%3Aw%3A1268x939%3Av%3A912%3Az%3A0%3Ai%3A20221008033817%3Au%3A1665200291854051067%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Awe%3A1%3Ast%3A1665200297&t=gdpr(14)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/50737834?wv-check=54281&wv-type=0&wmode=0&wv-part=1&wv-hit=554931825&page-url=https%3A%2F%2Fmaxclinic.ru%2F&rn=53652885&browser-info=gdpr%3A14%3Aet%3A1665200297%3Aw%3A1268x939%3Av%3A912%3Az%3A0%3Ai%3A20221008033817%3Au%3A1665200291854051067%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Awe%3A1%3Ast%3A1665200297&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 44
Origin: https://maxclinic.ru
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 08 Oct 2022 03:38:17 GMT
access-control-allow-origin: https://maxclinic.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 08-Oct-2022 03:38:17 GMT
last-modified: Sat, 08-Oct-2022 03:38:17 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
top-fwz1.mail.ru/tracker?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200297318%3A3%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.701196776851808;e=RT/unload;et=1665200297317;pvt=7433;vtauto=6256
95.163.52.67200 OK 43 B URL HTTP/2 top-fwz1.mail.ru/tracker?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200297318%3A3%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.701196776851808;e=RT/unload;et=1665200297317;pvt=7433;vtauto=6256
IP 95.163.52.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /tracker?js=13;id=3063232;u=https%3A//maxclinic.ru/;st=1665200289884;s=1280*1024;vp=1268*939;touch=0;hds=1;frame=0;flash=;sid=e1ea4be37e8ff5e4;ver=60.3.0;tz=0%2FUTC;ni=;lvid=1665200291072%3A1665200297318%3A3%3Aa372215f4ebc7096fbc7def81fb86f93;opts=dl%2Cjst-gtag-ga-ym;visible=true;_=0.701196776851808;e=RT/unload;et=1665200297317;pvt=7433;vtauto=6256 HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 03:38:17 GMT
content-type: image/gif
content-length: 43
set-cookie: FTID=1RMYgQ0tkIID:1665200297:3063232:::; path=/; expires=Mon, 09-Oct-23 03:38:17 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/82498771?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A3%3Adp%3A0%3Als%3A357834529228%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A716975942%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 31 B URL HTTP/2 mc.yandex.ru/watch/82498771?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A3%3Adp%3A0%3Als%3A357834529228%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A716975942%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
Hash 0517a608635a116d279530f9e79f46c6
d039de7440a05934e6a9f517ef98c460efa701c4
fcdc48636aaf6e5c6123f43decdec565c7a7614a1729283815ecdfb7ae1bef63
GET /watch/82498771?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A3%3Adp%3A0%3Als%3A357834529228%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A716975942%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maxclinic.ru
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/82498771/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A3%3Adp%3A0%3Als%3A357834529228%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A716975942%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 08 Oct 2022 03:38:11 GMT
access-control-allow-origin: https://maxclinic.ru
set-cookie: yandexuid=5631559261665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5631559261665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2671349311665200291; Path=/; SameSite=None; Secure
i=EsPjis73ocMP2GDvKr2DbJDsN+k9k8/yt1f40y2OFRrVhilNkKsMrHHbAASPgV16T57+XOPaN5eLB5p5cK3089EjYPs=; Expires=Tue, 05-Oct-2032 03:38:08 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696736291.yrts.1665200291#1696736291.yrtsi.1665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 08-Oct-2022 03:38:11 GMT
last-modified: Sat, 08-Oct-2022 03:38:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
maxclinic.ru/
91.189.114.8200 OK 0 B IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.29
link: <https://maxclinic.ru/wp-json/>; rel="https://api.w.org/", <https://maxclinic.ru/wp-json/wp/v2/pages/8>; rel="alternate"; type="application/json", <https://maxclinic.ru/>; rel=shortlink
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.20
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.20
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.20 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Mon, 18 Apr 2022 01:39:38 GMT
vary: Accept-Encoding
etag: W/"625cc15a-e245"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 23:16:40 GMT
vary: Accept-Encoding
etag: W/"63168358-2fb3"
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=PT+Sans+Narrow&subset=cyrillic,latin
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=PT+Sans+Narrow&subset=cyrillic,latin
IP 142.250.74.10:0
GET /css?family=PT+Sans+Narrow&subset=cyrillic,latin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 08 Oct 2022 03:38:08 GMT
date: Sat, 08 Oct 2022 03:38:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/masterslider/public/assets/css/masterslider.main.css?ver=3.6.1
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/plugins/masterslider/public/assets/css/masterslider.main.css?ver=3.6.1
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/masterslider/public/assets/css/masterslider.main.css?ver=3.6.1 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Mon, 18 Apr 2022 01:37:55 GMT
vary: Accept-Encoding
etag: W/"625cc0f3-13540"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 05:24:59 GMT
vary: Accept-Encoding
etag: W/"6315882b-48b9"
content-encoding: gzip
X-Firefox-Spdy: h2
top-fwz1.mail.ru/js/code.js
95.163.52.67200 OK 0 B URL HTTP/2 top-fwz1.mail.ru/js/code.js
IP 95.163.52.67:0
GET /js/code.js HTTP/1.1
Host: top-fwz1.mail.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 03:38:10 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 17:32:31 GMT
set-cookie: FTID=1RMYgQ0tkIID:1665200290:0:::; path=/; expires=Mon, 09-Oct-23 03:38:10 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
etag: W/"6320beaf-7ecc"
expires: Sat, 08 Oct 2022 04:38:10 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: max-age=3600, private
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
content-encoding: gzip
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/1f60a.svg
192.0.77.48200 OK 0 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f60a.svg
IP 192.0.77.48:0
GET /images/core/emoji/14.0.0/svg/1f60a.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 03:38:09 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/mk_assets/components-production.min.css?ver=1665138196
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/uploads/mk_assets/components-production.min.css?ver=1665138196
IP 91.189.114.8:0
GET /wp-content/uploads/mk_assets/components-production.min.css?ver=1665138196 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Fri, 07 Oct 2022 10:23:16 GMT
vary: Accept-Encoding
etag: W/"633ffe14-13ce7"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 91.189.114.8:0
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 23:16:40 GMT
vary: Accept-Encoding
etag: W/"63168358-25d0"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/themes/jupiter/assets/js/plugins/wp-enqueue/smoothscroll.js?ver=1.0
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/themes/jupiter/assets/js/plugins/wp-enqueue/smoothscroll.js?ver=1.0
IP 91.189.114.8:0
GET /wp-content/themes/jupiter/assets/js/plugins/wp-enqueue/smoothscroll.js?ver=1.0 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2016 00:26:09 GMT
vary: Accept-Encoding
etag: W/"581932a1-51e9"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/themes/jupiter/assets/js/core-scripts.js?ver=1.0
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/themes/jupiter/assets/js/core-scripts.js?ver=1.0
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jupiter/assets/js/core-scripts.js?ver=1.0 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2016 00:26:09 GMT
vary: Accept-Encoding
etag: W/"581932a1-621cc"
content-encoding: gzip
X-Firefox-Spdy: h2
www.youtube.com/embed/ikicIPXAAg8?feature=oembed
142.250.74.110200 OK 0 B URL HTTP/2 www.youtube.com/embed/ikicIPXAAg8?feature=oembed
IP 142.250.74.110:0
GET /embed/ikicIPXAAg8?feature=oembed HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 08 Oct 2022 03:38:09 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=PYeBl4VqmDM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=Mx1yAUGhnK0; Domain=.youtube.com; Expires=Thu, 06-Apr-2023 03:38:09 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+013; expires=Mon, 07-Oct-2024 03:38:09 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/1f604.svg
192.0.77.48200 OK 0 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f604.svg
IP 192.0.77.48:0
GET /images/core/emoji/14.0.0/svg/1f604.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 03:38:09 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 03:53:43 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/themes/jupiter-child/style.css?ver=6.0.2
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/themes/jupiter-child/style.css?ver=6.0.2
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jupiter-child/style.css?ver=6.0.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Thu, 03 Nov 2016 09:54:55 GMT
vary: Accept-Encoding
etag: W/"581b096f-13cb"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/comfortable-reading/js/jquery.comfortable.reading.js?ver=1.1
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/plugins/comfortable-reading/js/jquery.comfortable.reading.js?ver=1.1
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/comfortable-reading/js/jquery.comfortable.reading.js?ver=1.1 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Tue, 17 Mar 2020 06:14:01 GMT
vary: Accept-Encoding
etag: W/"5e706aa9-17f8"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.18
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.18
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.18 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 18 Apr 2022 01:39:38 GMT
vary: Accept-Encoding
etag: W/"625cc15a-1f69c"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-includes/js/comment-reply.min.js?ver=6.0.2
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-includes/js/comment-reply.min.js?ver=6.0.2
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/comment-reply.min.js?ver=6.0.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 05 Sep 2022 05:24:59 GMT
vary: Accept-Encoding
etag: W/"6315882b-ba5"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.20
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.20
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.20 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Mon, 18 Apr 2022 01:39:38 GMT
vary: Accept-Encoding
etag: W/"625cc15a-5ec80"
content-encoding: gzip
X-Firefox-Spdy: h2
mc.yandex.ru/watch/50737834?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1591979230362%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A544042690%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/50737834?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1591979230362%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A544042690%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
GET /watch/50737834?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1591979230362%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A544042690%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maxclinic.ru
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/50737834/1?wmode=7&page-url=https%3A%2F%2Fmaxclinic.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A1386%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1591979230362%3Ahid%3A554931825%3Az%3A0%3Ai%3A20221008033811%3Aet%3A1665200292%3Ac%3A1%3Arn%3A544042690%3Arqn%3A1%3Au%3A1665200291854051067%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C191%2C0%2C764%2C0%2C%2C1302%2C17%2C%2C%2C%2C2299%3Ans%3A1665200287619%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665200292%3At%3A%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F%20-%20%D0%9C%D0%B0%D0%BA%D1%81%20%D0%9A%D0%BB%D0%B8%D0%BD%D0%B8%D0%BA&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 08 Oct 2022 03:38:11 GMT
access-control-allow-origin: https://maxclinic.ru
set-cookie: yandexuid=5186942311665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5186942311665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=608013391665200291; Path=/; SameSite=None; Secure
i=C4U0AHkzVruJnAXq2NYYapmMbZBo4UVrKdBl7bqwJbHnWoPiKqhocQso0xE/O1nBhKbxxoY3keK5RshdqXqQeiaWjhg=; Expires=Tue, 05-Oct-2032 03:38:08 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696736291.yrts.1665200291#1696736291.yrtsi.1665200291; Expires=Sun, 08-Oct-2023 03:38:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 08-Oct-2022 03:38:11 GMT
last-modified: Sat, 08-Oct-2022 03:38:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/themes/jupiter/assets/stylesheet/min/core-styles.css?ver=1.0
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/themes/jupiter/assets/stylesheet/min/core-styles.css?ver=1.0
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jupiter/assets/stylesheet/min/core-styles.css?ver=1.0 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2016 00:26:09 GMT
vary: Accept-Encoding
etag: W/"581932a1-3d1ec"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/masterslider/custom.css?ver=3.7
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/uploads/masterslider/custom.css?ver=3.7
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/masterslider/custom.css?ver=3.7 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: text/css
last-modified: Mon, 18 Apr 2022 01:38:09 GMT
vary: Accept-Encoding
etag: W/"625cc101-3675"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/uploads/mk_assets/components-production.min.js?ver=1665138196
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/uploads/mk_assets/components-production.min.js?ver=1665138196
IP 91.189.114.8:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/mk_assets/components-production.min.js?ver=1665138196 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Fri, 07 Oct 2022 10:23:16 GMT
vary: Accept-Encoding
etag: W/"633ffe14-1e26"
content-encoding: gzip
X-Firefox-Spdy: h2
maxclinic.ru/wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.js?ver=4.12.2
91.189.114.8200 OK 0 B URL HTTP/2 maxclinic.ru/wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.js?ver=4.12.2
IP 91.189.114.8:0
GET /wp-content/plugins/js_composer_theme/assets/js/dist/js_composer_front.min.js?ver=4.12.2 HTTP/1.1
Host: maxclinic.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maxclinic.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sat, 08 Oct 2022 03:38:08 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2016 00:25:38 GMT
vary: Accept-Encoding
etag: W/"58193282-4a97"
content-encoding: gzip
X-Firefox-Spdy: h2