GET https://vstat.info/api/getVisits/all-ib.ru HTTP/1.1
Host: vstat.info
Connection: keep-alive
Cache-Control: max-age=0
accept: application/json
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
content-type: text/plain
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9
Cookie: _ym_uid=1720024615628207253; _ym_d=1720024615; _ym_isad=2; _ym_visorc=w; vstat_session=BDKeUMNKw0tNLMDIsfiG7NFbFfkb4oaTzafZDlWe


GET https://vstat.info/api.php?v=13&ext=edge&page=get_urls&method=similartech&extv=3.111 HTTP/1.1
Host: vstat.info
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9
Cookie: _ym_uid=1720024615628207253; _ym_d=1720024615; _ym_isad=2; _ym_visorc=w; vstat_session=BDKeUMNKw0tNLMDIsfiG7NFbFfkb4oaTzafZDlWe




GET https://data.similarweb.com/api/v1/data?domain=ww1.citymanager.com HTTP/1.1
Host: data.similarweb.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9



GET https://addon.similartech.com/addons/a/0.11.4/chrome/75.0.3770.143/discover?url=ww1.citymanager.com HTTP/1.1
Host: addon.similartech.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="124", "YaBrowser";v="24.6", "Not-A.Brand";v="99", "Yowser";v="2.5"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9


GET https://addon.similartech.com/api/technologies/list?includeEmpty=true&dataDate=undefined HTTP/1.1
Host: addon.similartech.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="124", "YaBrowser";v="24.6", "Not-A.Brand";v="99", "Yowser";v="2.5"
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://addon.similartech.com/addons/a/0.11.4/chrome/75.0.3770.143/discover?url=ww1.citymanager.com
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9



GET https://addon.similartech.com/api/similarweb/traffic/ww1.citymanager.com HTTP/1.1
Host: addon.similartech.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="124", "YaBrowser";v="24.6", "Not-A.Brand";v="99", "Yowser";v="2.5"
Accept: */*
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://addon.similartech.com/addons/a/0.11.4/chrome/75.0.3770.143/discover?url=ww1.citymanager.com
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9



GET https://vstat.info/ext/popup.html?popup=2&vers=3.111&lang=ru&loc=gogetlinks.net HTTP/1.1
Host: vstat.info
Connection: keep-alive
sec-ch-ua: "Chromium";v="124", "YaBrowser";v="24.6", "Not-A.Brand";v="99", "Yowser";v="2.5"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9
Cookie: _ym_uid=1720024615628207253; _ym_d=1720024615; _ym_isad=2; _ym_visorc=w; vstat_session=BDKeUMNKw0tNLMDIsfiG7NFbFfkb4oaTzafZDlWe; XSRF-TOKEN=eyJpdiI6IkpIcmgyWVE2Z0NBRUk1ODZISDFEQ2c9PSIsInZhbHVlIjoiQk9YR0Q1MnVxcWlNYVljNmJ3ekdGSFFFWExaYkxseDRvWHJPbEVnZXhpL1dUbkhreEMzUzJmTENyRGxRdzRXQ2w4dkt5SXVCVm9aWE9sMWxJaFpXdTJkekhtc21IS3RtWmJKZjhoYjJuVTVhYlJlNCt5YUhCaVhoT0VDd25OVW8iLCJtYWMiOiIwMGY0ZmE1MzczYWFmYWE1YWQ0ZjM4NDdkZjRhMzUyOTZmMWJhZmQyNDFjODA5MWI1ZGE3MTNkOTkwZmExMzhkIiwidGFnIjoiIn0%3D



GET https://vstat.info/api/getVisits/gogettraffic.ru HTTP/1.1
Host: vstat.info
Connection: keep-alive
Cache-Control: max-age=0
accept: application/json
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
content-type: text/plain
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9
Cookie: _ym_uid=1720024615628207253; _ym_d=1720024615; _ym_isad=2; _ym_visorc=w; vstat_session=BDKeUMNKw0tNLMDIsfiG7NFbFfkb4oaTzafZDlWe; XSRF-TOKEN=eyJpdiI6Iithb2JFN2tkSGEwZ1hVMEg0SWJmNkE9PSIsInZhbHVlIjoiSW9tdFp5elB6NUFtMWw1SFJvYlI1cGpjVGd0M0lSWGFNODY0dHozbFN3K3ZCV09hd0Z0MVlQZTNUWEl3UmE5ejVGN2xVL0dpcFozME4rUkVTaXJieWNObUdra0N2ay9xN2dmVy9TTkovTDhiNzl4bFNlY2paT0ZvSng0eklOSEUiLCJtYWMiOiI3ZmRkYzMyYzI2ZDg5NWQ2ZGFhNWY5Mjc0YWY3YWE5ZWZmYTlhN2JmZWZiNTdhMTlkYmFjNTgyYTI2NmNjMmZiIiwidGFnIjoiIn0%3D


Раз в несколько минут идет запрос
GET https://vstat.info/api.php?v=13&ext=edge&page=get_urls&method=similartech&extv=3.111 HTTP/1.1
Host: vstat.info
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9
Cookie: _ym_uid=1720024615628207253; _ym_d=1720024615; _ym_isad=2; _ym_visorc=w; vstat_session=BDKeUMNKw0tNLMDIsfiG7NFbFfkb4oaTzafZDlWe; XSRF-TOKEN=eyJpdiI6Iithb2JFN2tkSGEwZ1hVMEg0SWJmNkE9PSIsInZhbHVlIjoiSW9tdFp5elB6NUFtMWw1SFJvYlI1cGpjVGd0M0lSWGFNODY0dHozbFN3K3ZCV09hd0Z0MVlQZTNUWEl3UmE5ejVGN2xVL0dpcFozME4rUkVTaXJieWNObUdra0N2ay9xN2dmVy9TTkovTDhiNzl4bFNlY2paT0ZvSng0eklOSEUiLCJtYWMiOiI3ZmRkYzMyYzI2ZDg5NWQ2ZGFhNWY5Mjc0YWY3YWE5ZWZmYTlhN2JmZWZiNTdhMTlkYmFjNTgyYTI2NmNjMmZiIiwidGFnIjoiIn0%3D



Иногда такие запросы (нихера не понятно как выибрается домен). В коде ссылается на apisim
GET https://data.similarweb.com/api/v1/data?domain=insulux.com.br HTTP/1.1
Host: data.similarweb.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9


Короч. Делается запрос. Ебала откровенно называется Jobs. Есть подозрение что это и есть источник накрутки:
1.GET https://vstat.info/api.php?v=13&ext=edge&page=get_urls&method=similartech&extv=3.111 HTTP/1.1
2. В ответ приходит {"domain":"geekmode.tech","method":"similartech","timeouts":{"similartech":{"......
3. В ответ на такой запрос создается запрос GET https://addon.similartech.com/addons/a/0.11.4/chrome/75.0.3770.143/discover?url=geekmode.tech HTTP/1.1
4. После чего тригирится GET https://addon.similartech.com/api/technologies/list?includeEmpty=true&dataDate=undefined HTTP/1.1 похоже на выходе какаято реклама
5. И после GET https://addon.similartech.com/api/technologies/categories HTTP/1.1 с какими-то A/б тестами????

==============================
Как-то связано с similarweb.com но данные зашифрованы, но от куда это идет не ясно, похоже с HTST. видел лишь раз
POST https://x.clarity.ms/collect HTTP/1.1
Host: x.clarity.ms
Connection: keep-alive
Content-Length: 204
sec-ch-ua: "Chromium";v="124", "YaBrowser";v="24.6", "Not-A.Brand";v="99", "Yowser";v="2.5"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://www.similarweb.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://www.similarweb.com/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru,en;q=0.9

{"e":["0.7.32",12,308571,60005,"apn4o5d9em","yg8mo9","gr96kl",2,1,1],"a":[[368573,25,343917],[368574,24,"clarity","suspend"],[308571,4,0,1047,6659,1047,716,0,0,17,0,30368,1261],[368576,0,2,142,4,2,25,4]]}