dtyod-dtyod.dtyod-dtyod.mainger.online/
45.131.46.244302 Found 0 B URL HTTP/1.1 dtyod-dtyod.dtyod-dtyod.mainger.online/
IP 45.131.46.244:0
ASN #212913 FOP Hornostay Mykhaylo Ivanovych
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: dtyod-dtyod.dtyod-dtyod.mainger.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 17 Nov 2022 23:55:02 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: http://hay.gerl-may.online/?s1=ptt1
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d27590a1d3cbe1e9632b8ae92aaae3f4
202b34e8a0c3b88c8826fd56c6227b34f2cd6f46
6bcfa518476658128c1fb4ea2435c4e58531454cf97138dce7ece9def589aead
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BCFA518476658128C1FB4EA2435C4E58531454CF97138DCE7ECE9DEF589AEAD"
Last-Modified: Wed, 16 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6405
Expires: Fri, 18 Nov 2022 01:41:47 GMT
Date: Thu, 17 Nov 2022 23:55:02 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash be1be806b5dca7facbb45a6c3db44652
7ae9380a2f3eca959fe6ff6b3832a17cffd12cf4
1f3338058f8e9cae5c9fdd733c74564312726b01c6efdcd628d851d0c99876b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1881
Cache-Control: max-age=126462
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 23:55:02 GMT
Etag: "63760d7b-1d7"
Expires: Sat, 19 Nov 2022 11:02:44 GMT
Last-Modified: Thu, 17 Nov 2022 10:31:23 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a38b6dd8a4cc335c026aebf2ed348b6
8a386e0ccb0ca4dc502746c45b2ebc3aa3f83cf8
8b4040a645cec1841a00a22765eb3a74978559daf15c54bd4b41b6b48aab7f95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2189
Expires: Fri, 18 Nov 2022 00:31:31 GMT
Date: Thu, 17 Nov 2022 23:55:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 17 Nov 2022 23:44:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 605
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gnAKPSp3kJoo/KNXVn6GLJvJobqzT4oKM6KoRcDipEA6AKISRiijjXwCOWNJcV6zaaMCmv4oCqE=
x-amz-request-id: QEPBHGRWBZ5EVYN0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 17 Nov 2022 23:15:20 GMT
age: 2382
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 17 Nov 2022 23:55:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 17 Nov 2022 23:25:01 GMT
cache-control: public,max-age=3600
age: 1801
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
hay.gerl-may.online/?s1=ptt1
193.3.23.32200 OK 4.1 kB URL HTTP/1.1 hay.gerl-may.online/?s1=ptt1
IP 193.3.23.32:0
ASN #212913 FOP Hornostay Mykhaylo Ivanovych
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 5f15be826a5347a7a6b497713d02cb2b
9c4b94d1868cb820e1e77ebd2eb0ad30dfa13743
c1ac61d9fe67413735e8184fd744d9d02233e4578d0806f5740699285ed25f60
GET /?s1=ptt1 HTTP/1.1
Host: hay.gerl-may.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 17 Nov 2022 23:55:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6ImNudmhOdy9UZFR5djhYUzRFc3dURlE9PSIsInZhbHVlIjoiRFQxeXJ1c2RtU1I2bzVkOSs3ck40R2E5My9KRnlHNlFiWDBvSlBNdEJ6RVFrZTJxMFZiTGxnS2hFKzJuS2pkZiIsIm1hYyI6IjExYTZkYWViZTY5YzlhMWJmZTVhMzlkMzM0NGJkMWE4MTc5NDI0YzBmNWZlZjE1Mjg4YTdmZDU3ODIzMjAxMWYifQ%3D%3D; expires=Fri, 18-Nov-2022 01:55:02 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImhEV1FFRFdZNXkzK2hXREJFdDdCcFE9PSIsInZhbHVlIjoiWk5udWtzc2ovYmdWdUlUT3NibmQ1WExydy9KMG0zM2NnSmxPOEhlMGFNR01PNGF1dDN3a2s0QjUwVnJpSFMyTSIsIm1hYyI6IjljZjQyZjFkM2ZhMWU1MGI5OTYyZGY5NjM2ZTdlN2E4NmY5OTk0MzIzOTZiMjg1ZGRmNTQyZTY4MjM3YTViYzEifQ%3D%3D; expires=Fri, 18-Nov-2022 01:55:02 GMT; Max-Age=7200; path=/; httponly; samesite=lax
SRVNAME=w1; path=/
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 872c27c317bb27152f5a81567b9db0ae
a7d823462810db5251413815b5df0da13ec56a73
5d8985941890ea88d2634908e96350571953322a567289f5391ae5212b044e54
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5D8985941890EA88D2634908E96350571953322A567289F5391AE5212B044E54"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6197
Expires: Fri, 18 Nov 2022 01:38:19 GMT
Date: Thu, 17 Nov 2022 23:55:02 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c10055ce87434f700ff8b20e3be1f919
477b3c9f1da0c464282bb54572737e76b6e346da
4d78eb296876122e5ff40fcd7667adf1bf8a4b1ee4c8203c88a63ce8d7910a57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6061
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 23:55:02 GMT
Last-Modified: Thu, 17 Nov 2022 22:14:01 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 872c27c317bb27152f5a81567b9db0ae
a7d823462810db5251413815b5df0da13ec56a73
5d8985941890ea88d2634908e96350571953322a567289f5391ae5212b044e54
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "5D8985941890EA88D2634908E96350571953322A567289F5391AE5212B044E54"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6196
Expires: Fri, 18 Nov 2022 01:38:19 GMT
Date: Thu, 17 Nov 2022 23:55:03 GMT
Connection: keep-alive
hay.gerl-may.online/landings/33/fonts/vendor.css
193.3.23.32200 OK 8.5 kB URL HTTP/1.1 hay.gerl-may.online/landings/33/fonts/vendor.css
IP 193.3.23.32:0
ASN #212913 FOP Hornostay Mykhaylo Ivanovych
File type ASCII text, with very long lines (8491), with no line terminators
Hash b23e5efb64c17fdf6c79b9c5d0ae5c7e
590810d8398e12e683b34dcd88ec98423e4404d6
31945bbfa6b11f72e785474744b4d227b69e7a45e8cce6fe29007feb37d083a1
GET /landings/33/fonts/vendor.css HTTP/1.1
Host: hay.gerl-may.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hay.gerl-may.online/?s1=ptt1
Cookie: XSRF-TOKEN=eyJpdiI6ImNudmhOdy9UZFR5djhYUzRFc3dURlE9PSIsInZhbHVlIjoiRFQxeXJ1c2RtU1I2bzVkOSs3ck40R2E5My9KRnlHNlFiWDBvSlBNdEJ6RVFrZTJxMFZiTGxnS2hFKzJuS2pkZiIsIm1hYyI6IjExYTZkYWViZTY5YzlhMWJmZTVhMzlkMzM0NGJkMWE4MTc5NDI0YzBmNWZlZjE1Mjg4YTdmZDU3ODIzMjAxMWYifQ%3D%3D; laravel_session=eyJpdiI6ImhEV1FFRFdZNXkzK2hXREJFdDdCcFE9PSIsInZhbHVlIjoiWk5udWtzc2ovYmdWdUlUT3NibmQ1WExydy9KMG0zM2NnSmxPOEhlMGFNR01PNGF1dDN3a2s0QjUwVnJpSFMyTSIsIm1hYyI6IjljZjQyZjFkM2ZhMWU1MGI5OTYyZGY5NjM2ZTdlN2E4NmY5OTk0MzIzOTZiMjg1ZGRmNTQyZTY4MjM3YTViYzEifQ%3D%3D; SRVNAME=w1
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 17 Nov 2022 23:55:03 GMT
Content-Type: text/css
Content-Length: 8491
Connection: keep-alive
last-modified: Tue, 15 Nov 2022 13:48:58 GMT
etag: "637398ca-212b"
accept-ranges: bytes
push.services.mozilla.com/
34.218.159.206101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.159.206:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8Iaaqvnj/DUa0q2oAitIjw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UpMGiTLhaQzcNA2UnJ1lukeboI8=
hay.gerl-may.online/landings/33/js/vendor.js
193.3.23.32200 OK 99 kB URL HTTP/1.1 hay.gerl-may.online/landings/33/js/vendor.js
IP 193.3.23.32:0
ASN #212913 FOP Hornostay Mykhaylo Ivanovych
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 8ce8d4894185981072382b7da89a6703
396a0d229712335e96c2a66f8ebcf67dfca9fc7e
0cf2a33968a1f3efec0c5c9163a95ffdf0e86f5d4d0a919344f4f7834023a565
Analyzer Verdict Alert fortinet Phishing
GET /landings/33/js/vendor.js HTTP/1.1
Host: hay.gerl-may.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hay.gerl-may.online/?s1=ptt1
Cookie: XSRF-TOKEN=eyJpdiI6ImNudmhOdy9UZFR5djhYUzRFc3dURlE9PSIsInZhbHVlIjoiRFQxeXJ1c2RtU1I2bzVkOSs3ck40R2E5My9KRnlHNlFiWDBvSlBNdEJ6RVFrZTJxMFZiTGxnS2hFKzJuS2pkZiIsIm1hYyI6IjExYTZkYWViZTY5YzlhMWJmZTVhMzlkMzM0NGJkMWE4MTc5NDI0YzBmNWZlZjE1Mjg4YTdmZDU3ODIzMjAxMWYifQ%3D%3D; laravel_session=eyJpdiI6ImhEV1FFRFdZNXkzK2hXREJFdDdCcFE9PSIsInZhbHVlIjoiWk5udWtzc2ovYmdWdUlUT3NibmQ1WExydy9KMG0zM2NnSmxPOEhlMGFNR01PNGF1dDN3a2s0QjUwVnJpSFMyTSIsIm1hYyI6IjljZjQyZjFkM2ZhMWU1MGI5OTYyZGY5NjM2ZTdlN2E4NmY5OTk0MzIzOTZiMjg1ZGRmNTQyZTY4MjM3YTViYzEifQ%3D%3D; SRVNAME=w1
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 17 Nov 2022 23:55:03 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 99445
Connection: keep-alive
last-modified: Tue, 15 Nov 2022 13:48:58 GMT
etag: "637398ca-18475"
accept-ranges: bytes
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 937 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash c0a45e66862a7079dc515e9160afa200
db551108fa64175cdb5bc345725e5cc95f325754
21f00031ef128d8ea10de620959467eda4c617c296d225a04aad1fe3096a7dc3
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 23:55:04 GMT
Content-Type: application/ocsp-response
Content-Length: 937
Connection: keep-alive
Expires: Mon, 21 Nov 2022 22:17:22 GMT
ETag: "db551108fa64175cdb5bc345725e5cc95f325754"
Last-Modified: Thu, 17 Nov 2022 22:17:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 523
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76bc65267d90b503-OSL
mc.yandex.ru/metrika/tag.js
87.250.250.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.250.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash 6bb9990fc521832208f25ccf5261b719
be8acfb80dfc034d5cbd7dabb318ea8853762c10
677f03256dacdc519c12971fd422fe1afa0ecca3864f4e8f7aa0bed4eecd9c38
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73397
date: Thu, 17 Nov 2022 23:55:04 GMT
access-control-allow-origin: *
etag: "63575841-11eb5"
expires: Fri, 18 Nov 2022 00:55:04 GMT
last-modified: Tue, 25 Oct 2022 06:30:09 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
hay.gerl-may.online/favicon.ico
193.3.23.32200 OK 0 B URL HTTP/1.1 hay.gerl-may.online/favicon.ico
IP 193.3.23.32:0
ASN #212913 FOP Hornostay Mykhaylo Ivanovych
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: hay.gerl-may.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hay.gerl-may.online/?s1=ptt1
Cookie: XSRF-TOKEN=eyJpdiI6ImNudmhOdy9UZFR5djhYUzRFc3dURlE9PSIsInZhbHVlIjoiRFQxeXJ1c2RtU1I2bzVkOSs3ck40R2E5My9KRnlHNlFiWDBvSlBNdEJ6RVFrZTJxMFZiTGxnS2hFKzJuS2pkZiIsIm1hYyI6IjExYTZkYWViZTY5YzlhMWJmZTVhMzlkMzM0NGJkMWE4MTc5NDI0YzBmNWZlZjE1Mjg4YTdmZDU3ODIzMjAxMWYifQ%3D%3D; laravel_session=eyJpdiI6ImhEV1FFRFdZNXkzK2hXREJFdDdCcFE9PSIsInZhbHVlIjoiWk5udWtzc2ovYmdWdUlUT3NibmQ1WExydy9KMG0zM2NnSmxPOEhlMGFNR01PNGF1dDN3a2s0QjUwVnJpSFMyTSIsIm1hYyI6IjljZjQyZjFkM2ZhMWU1MGI5OTYyZGY5NjM2ZTdlN2E4NmY5OTk0MzIzOTZiMjg1ZGRmNTQyZTY4MjM3YTViYzEifQ%3D%3D; SRVNAME=w1
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 17 Nov 2022 23:55:04 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
last-modified: Tue, 15 Nov 2022 13:48:57 GMT
etag: "637398c9-0"
accept-ranges: bytes
hay.gerl-may.online/landings/33/img/bg.webp
193.3.23.32200 OK 24 kB URL HTTP/1.1 hay.gerl-may.online/landings/33/img/bg.webp
IP 193.3.23.32:0
ASN #212913 FOP Hornostay Mykhaylo Ivanovych
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1366x818, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c470c8b09fd530f2bc5095176909d419
aa043653ab830c8d1891547eb13f172bb0a3a1eb
8f7f3a307aacf223868ffcff42bad6ec4b057192d30e02a48f8a61e4c6d96766
Analyzer Verdict Alert fortinet Phishing
GET /landings/33/img/bg.webp HTTP/1.1
Host: hay.gerl-may.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hay.gerl-may.online/landings/33/fonts/vendor.css
Cookie: XSRF-TOKEN=eyJpdiI6ImNudmhOdy9UZFR5djhYUzRFc3dURlE9PSIsInZhbHVlIjoiRFQxeXJ1c2RtU1I2bzVkOSs3ck40R2E5My9KRnlHNlFiWDBvSlBNdEJ6RVFrZTJxMFZiTGxnS2hFKzJuS2pkZiIsIm1hYyI6IjExYTZkYWViZTY5YzlhMWJmZTVhMzlkMzM0NGJkMWE4MTc5NDI0YzBmNWZlZjE1Mjg4YTdmZDU3ODIzMjAxMWYifQ%3D%3D; laravel_session=eyJpdiI6ImhEV1FFRFdZNXkzK2hXREJFdDdCcFE9PSIsInZhbHVlIjoiWk5udWtzc2ovYmdWdUlUT3NibmQ1WExydy9KMG0zM2NnSmxPOEhlMGFNR01PNGF1dDN3a2s0QjUwVnJpSFMyTSIsIm1hYyI6IjljZjQyZjFkM2ZhMWU1MGI5OTYyZGY5NjM2ZTdlN2E4NmY5OTk0MzIzOTZiMjg1ZGRmNTQyZTY4MjM3YTViYzEifQ%3D%3D; SRVNAME=w1
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Thu, 17 Nov 2022 23:55:04 GMT
Content-Type: image/webp
Content-Length: 24412
Connection: keep-alive
last-modified: Tue, 15 Nov 2022 13:48:58 GMT
etag: "637398ca-5f5c"
accept-ranges: bytes
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 17 Nov 2022 23:55:04 GMT
access-control-allow-origin: *
etag: "63575841-2b"
expires: Fri, 18 Nov 2022 00:55:04 GMT
accept-ranges: bytes
last-modified: Tue, 25 Oct 2022 06:30:09 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4936
Expires: Fri, 18 Nov 2022 01:17:20 GMT
Date: Thu, 17 Nov 2022 23:55:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4936
Expires: Fri, 18 Nov 2022 01:17:20 GMT
Date: Thu, 17 Nov 2022 23:55:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4936
Expires: Fri, 18 Nov 2022 01:17:20 GMT
Date: Thu, 17 Nov 2022 23:55:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4936
Expires: Fri, 18 Nov 2022 01:17:20 GMT
Date: Thu, 17 Nov 2022 23:55:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4936
Expires: Fri, 18 Nov 2022 01:17:20 GMT
Date: Thu, 17 Nov 2022 23:55:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e567bc1-d4b1-4dd2-b17e-3595ad1753e5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e567bc1-d4b1-4dd2-b17e-3595ad1753e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 35da1192dcadc6e329a9e60c16904301
90a146aef85765630a5e09e46a0a8682e204bec1
816d1387a3a91a82f0bdaa2b703b45aa30be206d30d4dd1e8ac5deca13de57ad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e567bc1-d4b1-4dd2-b17e-3595ad1753e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10281
x-amzn-requestid: 11dffc4e-71d7-4195-8890-62c8a2092728
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-77EWaIAMF3WA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7f-3c0dc7e43023af827ac26958;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 48wUhxwMgsEj2J01EWOTCfWLNZPwFrjjXd6V_uSp8yae4YtGTTVlxA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:14:12 GMT
age: 6052
etag: "90a146aef85765630a5e09e46a0a8682e204bec1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/56301838?wmode=7&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afp%3A1946%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A636884176420%3Ahid%3A238937662%3Az%3A0%3Ai%3A20221117235502%3Aet%3A1668729303%3Ac%3A1%3Arn%3A583179357%3Arqn%3A1%3Au%3A1668729303825685758%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C26%2C423%2C3%2C336%2C0%2C%2C1102%2C5%2C%2C%2C%2C1947%3Ans%3A1668729300487%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668729303%3At%3AGirl&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/56301838?wmode=7&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afp%3A1946%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A636884176420%3Ahid%3A238937662%3Az%3A0%3Ai%3A20221117235502%3Aet%3A1668729303%3Ac%3A1%3Arn%3A583179357%3Arqn%3A1%3Au%3A1668729303825685758%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C26%2C423%2C3%2C336%2C0%2C%2C1102%2C5%2C%2C%2C%2C1947%3Ans%3A1668729300487%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668729303%3At%3AGirl&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 73fa4329d791cdbe9c39949382dfe53f
4616ce0f3c19f85f47dcf5c00da5b91136d6afe3
fbd7fba3d1fed11fbdba1cd98250a52f6eafda67b877186e8edfab765559209e
GET /watch/56301838?wmode=7&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afp%3A1946%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A636884176420%3Ahid%3A238937662%3Az%3A0%3Ai%3A20221117235502%3Aet%3A1668729303%3Ac%3A1%3Arn%3A583179357%3Arqn%3A1%3Au%3A1668729303825685758%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C26%2C423%2C3%2C336%2C0%2C%2C1102%2C5%2C%2C%2C%2C1947%3Ans%3A1668729300487%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668729303%3At%3AGirl&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hay.gerl-may.online
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/56301838/1?wmode=7&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afp%3A1946%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A636884176420%3Ahid%3A238937662%3Az%3A0%3Ai%3A20221117235502%3Aet%3A1668729303%3Ac%3A1%3Arn%3A583179357%3Arqn%3A1%3Au%3A1668729303825685758%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C26%2C423%2C3%2C336%2C0%2C%2C1102%2C5%2C%2C%2C%2C1947%3Ans%3A1668729300487%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668729303%3At%3AGirl&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 17 Nov 2022 23:55:04 GMT
access-control-allow-origin: http://hay.gerl-may.online
set-cookie: yandexuid=2333919561668729304; Expires=Fri, 17-Nov-2023 23:55:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2333919561668729304; Expires=Fri, 17-Nov-2023 23:55:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=623385251668729304; Path=/; SameSite=None; Secure
i=Ienf0qW1+T3onZmx9nBXdZRUIpUYh4WlJlKGUTTdOTPEwfNszeFsR1cr+icZl96JpX8I2uKGfIDR0byh2NWfVH/E1fI=; Expires=Sun, 14-Nov-2032 23:54:46 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1700265304.yrts.1668729304#1700265304.yrtsi.1668729304; Expires=Fri, 17-Nov-2023 23:55:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 17-Nov-2022 23:55:04 GMT
last-modified: Thu, 17-Nov-2022 23:55:04 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4724f84-de93-48d7-8d33-1427f27e15a0.webp
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4724f84-de93-48d7-8d33-1427f27e15a0.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 55801be30fc7e7d24ba2418d00ce4ca2
31935f7d11269f0f4177a48d2c166e09fec1f377
05e58892cab261aca3abe7e29ff482b51f5f7e4261b8579e7b9f85487f53eeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4724f84-de93-48d7-8d33-1427f27e15a0.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7539
x-amzn-requestid: 96d0ad29-0b25-4e4b-93ea-da9fde83aa8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw9V5E2boAMFbiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376a8f2-33f7f4592f8574486987e233;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: r1X3PUyrso5VkyphYHqBQdYo6lmmIvTQdA_kPA5I-lds8qn9RtEIpw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:05:38 GMT
etag: "31935f7d11269f0f4177a48d2c166e09fec1f377"
content-type: image/jpeg
age: 6566
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05289172c1455c4134e496c6f4606efd
ce1bb33256b0754f9acc01e7e9f3e5dc85f89244
a8b4411a0310cc376efe2aec7c0830b8d3b63b8827631b0ff43ec092f1f80f82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12065
x-amzn-requestid: 45c97153-71c7-4985-a1ad-fc21a509d153
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K5FyVIAMFtDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-0f9d22dd544a4580570f3089;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dxT2WJB7m5tUhgBn2PwTIN4Zskzm3X7CW-29hl1nCyNPbKt5j6q5iA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:27 GMT
age: 7177
etag: "ce1bb33256b0754f9acc01e7e9f3e5dc85f89244"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: ae092a0a-1709-4497-9f07-0348a28d2491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqZOIEN7oAMFlaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637408c0-5ac595df302a8f1d3703ad8d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:46:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c_SJMaV3uYSUysTSOFV--jQqDUxw-fBp8cXWWUZw9vUjt0d6PsOpxA==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 02:49:36 GMT
age: 75928
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3007b4f3-f5db-4eb7-b71a-f9f854ae287e.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3007b4f3-f5db-4eb7-b71a-f9f854ae287e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b2b393e36ee2c9649d90db136aa49542
e88c5832ff0c49bab181d948c3a510d88343bb6f
8b524701df43bff56ac52a021ff0fbd964e06f00e84b4861aa557ec6ae6b4ffd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3007b4f3-f5db-4eb7-b71a-f9f854ae287e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7631
x-amzn-requestid: b47e545d-1fb6-4a62-ab45-28cdb9d3f0b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-vQE0XoAMFS3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab2e-56365eed3d4c082c53b172b3;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qpoQa1Lhe-h27dGooXDCtujesSTg7Tb0Ov-PNLnUP0288ZofwHxkhQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:52:40 GMT
age: 7344
etag: "e88c5832ff0c49bab181d948c3a510d88343bb6f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57ba71d8-c0f3-4d43-a49a-3576bdcfb322.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57ba71d8-c0f3-4d43-a49a-3576bdcfb322.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 292dc2edef978e128f70b96ee4b2b3e2
1530f860e2b54b7b382f59654db63eaed59c5f95
f74b08f1bdd35ea7ebb6e2887fc6c02abc76f9e276cd30d1d7d6475e667b5624
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57ba71d8-c0f3-4d43-a49a-3576bdcfb322.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4310
x-amzn-requestid: 6452483a-f96e-4f27-a18e-55e9206e7be6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-78FiToAMFQag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7f-4e366d3612f39c5c421e864e;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0biXrpW2TGcLKgAOqLdsgFkZ5lKewM0VFGeNTTrmHX7QEcuNzuwnvQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:14:32 GMT
age: 6032
etag: "1530f860e2b54b7b382f59654db63eaed59c5f95"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/56301838/1?page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&charset=utf-8&hittoken=1668729304_d17bf47ceaca1adca72529493c85fcbd376d2c08f52a3f7e46aaba2ec8f73dd9&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A636884176420%3Ahid%3A238937662%3Az%3A0%3Ai%3A20221117235503%3Aet%3A1668729303%3Ac%3A1%3Arn%3A951058592%3Arqn%3A2%3Au%3A1668729303825685758%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2488%2C2488%2C0%2C%3Ans%3A1668729300487%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668729303&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/56301838/1?page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&charset=utf-8&hittoken=1668729304_d17bf47ceaca1adca72529493c85fcbd376d2c08f52a3f7e46aaba2ec8f73dd9&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A636884176420%3Ahid%3A238937662%3Az%3A0%3Ai%3A20221117235503%3Aet%3A1668729303%3Ac%3A1%3Arn%3A951058592%3Arqn%3A2%3Au%3A1668729303825685758%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2488%2C2488%2C0%2C%3Ans%3A1668729300487%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668729303&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/56301838/1?page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&charset=utf-8&hittoken=1668729304_d17bf47ceaca1adca72529493c85fcbd376d2c08f52a3f7e46aaba2ec8f73dd9&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A636884176420%3Ahid%3A238937662%3Az%3A0%3Ai%3A20221117235503%3Aet%3A1668729303%3Ac%3A1%3Arn%3A951058592%3Arqn%3A2%3Au%3A1668729303825685758%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Apri%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2488%2C2488%2C0%2C%3Ans%3A1668729300487%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668729303&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(2)aw(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 137
Origin: http://hay.gerl-may.online
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 17 Nov 2022 23:55:04 GMT
access-control-allow-origin: http://hay.gerl-may.online
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 17-Nov-2022 23:55:04 GMT
last-modified: Thu, 17-Nov-2022 23:55:04 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/56301838?wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=115888497&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1668729305%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235505%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729305&t=gdpr(14)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/56301838?wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=115888497&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1668729305%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235505%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729305&t=gdpr(14)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/56301838?wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=115888497&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1668729305%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235505%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729305&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 5527
Origin: http://hay.gerl-may.online
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 17 Nov 2022 23:55:06 GMT
access-control-allow-origin: http://hay.gerl-may.online
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 17-Nov-2022 23:55:06 GMT
last-modified: Thu, 17-Nov-2022 23:55:06 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/56301838?wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=183158815&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1668729306%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235505%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729306&t=gdpr(14)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/56301838?wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=183158815&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1668729306%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235505%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729306&t=gdpr(14)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/56301838?wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=183158815&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1668729306%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235505%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729306&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 54
Origin: http://hay.gerl-may.online
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 17 Nov 2022 23:55:07 GMT
access-control-allow-origin: http://hay.gerl-may.online
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 17-Nov-2022 23:55:07 GMT
last-modified: Thu, 17-Nov-2022 23:55:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/56301838?wv-check=27168&wv-type=0&wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=1042362660&browser-info=gdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/56301838?wv-check=27168&wv-type=0&wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=1042362660&browser-info=gdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/56301838?wv-check=27168&wv-type=0&wmode=0&wv-part=1&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=1042362660&browser-info=gdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 44
Origin: http://hay.gerl-may.online
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 17 Nov 2022 23:55:11 GMT
access-control-allow-origin: http://hay.gerl-may.online
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 17-Nov-2022 23:55:11 GMT
last-modified: Thu, 17-Nov-2022 23:55:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/56301838?wmode=0&wv-part=2&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=112620257&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/56301838?wmode=0&wv-part=2&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=112620257&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/56301838?wmode=0&wv-part=2&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=112620257&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 21
Origin: http://hay.gerl-may.online
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 17 Nov 2022 23:55:11 GMT
access-control-allow-origin: http://hay.gerl-may.online
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 17-Nov-2022 23:55:11 GMT
last-modified: Thu, 17-Nov-2022 23:55:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/56301838?wmode=0&wv-part=2&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=471428452&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/56301838?wmode=0&wv-part=2&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=471428452&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/56301838?wmode=0&wv-part=2&wv-hit=238937662&page-url=http%3A%2F%2Fhay.gerl-may.online%2F%3Fs1%3Dptt1&rn=471428452&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1668729310%3Aw%3A1268x939%3Av%3A921%3Az%3A0%3Ai%3A20221117235509%3Au%3A1668729303825685758%3Avf%3Ahc77qkb9hqc2jb24budq4%3Awe%3A1%3Ast%3A1668729310&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 15
Origin: http://hay.gerl-may.online
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 17 Nov 2022 23:55:11 GMT
access-control-allow-origin: http://hay.gerl-may.online
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 17-Nov-2022 23:55:11 GMT
last-modified: Thu, 17-Nov-2022 23:55:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
svntrk.com/assets/ptt1_6376c9d6a5644.js
104.21.82.62200 OK 0 B URL HTTP/2 svntrk.com/assets/ptt1_6376c9d6a5644.js
IP 104.21.82.62:0
GET /assets/ptt1_6376c9d6a5644.js HTTP/1.1
Host: svntrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hay.gerl-may.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 17 Nov 2022 23:55:03 GMT
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: BYPASS
set-cookie: svnimp=6376c9d6efbb4; path=/; secure; httponly; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMwwi%2FcIT1%2BvEvNQ1bP%2BPqRb%2BwvrGwzgA0j6W6fLJZvwyJw42e5ia74EDZfJCNJe9wpz0TuJ3XThSEUGmMHCpvlVl%2BK5eX0pPUkjoYm%2BrI7T%2Fjecu8Op6%2FjRxyjr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76bc651f0f6afabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2