MikroTik rb2011uias: проблема с доступностью сайтов

[DimmKo]

Добрый день.
У меня 2 роутера MikroTik: rb2011uias + hap lite.

rb2011uias - основной, в него приходит интернет и за ним компьютеры подключенные по LAN.
hap Lite - только для Wi-Fi.

И вот проблема в том, что некоторые сайты не доступны. Если перейти на сайт, то получают вот такую ошибку - ERR_CONNECTION_RESET.
С телефона через моб Инет всё работает.

 Конфигурация устройства:

# apr/28/2020 17:31:04 by RouterOS 6.46.5
# software id = UJ3G-BKB9
#
# model = 2011UiAS
# serial number = *****************
/interface bridge
add admin-mac=00:0C:42:95:D4:6E auto-mac=no fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
FLEX-Internet mac-address=00:0C:42:95:D4:73 name=WAN
set [ find default-name=ether1 ] comment=MY-LAN disabled=yes mac-address=\
00:0C:42:95:D4:6E name=ether1-MASTER speed=100Mbps
set [ find default-name=ether2 ] disabled=yes mac-address=00:0C:42:95:D4:6F \
speed=100Mbps
set [ find default-name=ether3 ] mac-address=00:0C:42:95:D4:70 speed=100Mbps
set [ find default-name=ether4 ] disabled=yes mac-address=00:0C:42:95:D4:71 \
speed=100Mbps
set [ find default-name=ether5 ] disabled=yes mac-address=00:0C:42:95:D4:72 \
speed=100Mbps
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=ASUS \
disabled=yes mac-address=00:0C:42:95:D4:74
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
Proxmox mac-address=00:0C:42:95:D4:75
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=Wi-Fi \
mac-address=00:0C:42:95:D4:76
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
mac-address=00:0C:42:95:D4:77
set [ find default-name=sfp1 ] disabled=yes mac-address=00:0C:42:95:D4:6D
/interface l2tp-client
add add-default-route=yes connect-to=***.255.255.*** disabled=no mrru=1600 \
name=l2tp-out1 password=***** user=*****
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec peer
add local-address=192.168.3.1 name=peer1 passive=yes
/ip ipsec policy group
add name=group1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-256-ctr,3des
/ip pool
add name=DHCP-users ranges=192.168.1.2-192.168.1.200
add name=vpn_l2tp ranges=192.168.3.2-192.168.3.10
/ip dhcp-server
add address-pool=DHCP-users authoritative=after-2sec-delay disabled=no \
interface=bridge1 lease-time=1d name=DHCP-server1
/ppp profile
add local-address=192.168.3.1 name=VPN-HOME remote-address=vpn_l2tp
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge1 hw=no interface=ether7
add bridge=bridge1 interface=ether1-MASTER
add bridge=bridge1 hw=no interface=ether8
add bridge=bridge1 hw=no interface=ether9
add bridge=bridge1 interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=none
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=mschap2 default-profile=default enabled=yes ipsec-secret=\
CbIIpSecPasswd one-session-per-host=yes use-ipsec=yes
/ip address
add address=***.***.***.***/24 interface=WAN network=***.***.***.***
add address=192.168.1.1/24 interface=ether1-MASTER network=192.168.1.0
/ip dhcp-server lease
add address=192.168.1.10 client-id=1:6c:3b:6b:cf:b4:49 mac-address=\
6C:3B:6B:CF:B4:49 server=DHCP-server1
add address=192.168.1.8 mac-address=EA:2B:85:F4:EF:AA server=DHCP-server1
add address=192.168.1.7 client-id=\
ff:ca:53:9:5a:0:2:0:011:80:71:4e:85:68:b9:9a:9b mac-address=\
9A:27:02:2C:07:75 server=DHCP-server1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1,80.252.130.254 gateway=\
192.168.1.1 netmask=24
add address=192.168.3.0/24 gateway=192.168.3.1
/ip dns
set allow-remote-requests=yes cache-size=8096KiB servers=\
77.88.8.8,77.88.8.1
/ip firewall address-list
add address=0.0.0.0/8 list=BOGON
add address=10.0.0.0/8 list=BOGON
add address=100.64.0.0/10 list=BOGON
add address=127.0.0.0/8 list=BOGON
add address=169.254.0.0/16 list=BOGON
add address=172.16.0.0/12 list=BOGON
add address=192.0.0.0/24 list=BOGON
add address=192.0.2.0/24 list=BOGON
add address=192.168.0.0/16 list=BOGON
add address=198.18.0.0/15 list=BOGON
add address=198.51.100.0/24 list=BOGON
add address=203.0.113.0/24 list=BOGON
add address=224.0.0.0/4 list=BOGON
add address=77.88.8.1 list=dns_providers
add address=77.88.8.8 list=dns_providers
/ip firewall filter
add action=drop chain=input comment="dropping input port scanners" disabled=\
yes in-interface=l2tp-out1 log=yes log-prefix=drop-input_ \
src-address-list=black_addr
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
in-interface=l2tp-out1 protocol=tcp psd=21,3s,3,1
add action=accept chain=forward comment=\
"Accept forward established connections" connection-state=established \
out-interface=l2tp-out1
add action=accept chain=forward comment="Accept forward related connections" \
connection-state=related out-interface=l2tp-out1
add action=add-src-to-address-list address-list=black_addr \
address-list-timeout=2w1d chain=input comment="Add port scanners to list" \
dst-address-list=!dns_providers in-interface=l2tp-out1 protocol=tcp psd=\
21,3s,3,1
add action=tarpit chain=input comment="Suppress DoS attack" connection-limit=\
3,32 in-interface=l2tp-out1 protocol=tcp src-address-list=black_addr
add action=add-src-to-address-list address-list=black_addr \
address-list-timeout=1d chain=input comment="Detect DoS attack" \
connection-limit=10,32 in-interface=l2tp-out1 protocol=tcp
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=accept chain=input comment=IP-TV disabled=yes log-prefix=IPTV-IN \
protocol=igmp
add action=accept chain=input disabled=yes dst-port=1234 log-prefix=IPTV-1234 \
protocol=udp
add action=accept chain=input comment="rule for L2TP_VPN" disabled=yes log=\
yes log-prefix=VPN1_ port=1701,500,4500 protocol=udp
add action=accept chain=input comment="rule for IPSEC for L2TP_VPN" disabled=\
yes protocol=ipsec-esp
add action=accept chain=forward comment=L2TP-LOCAL in-interface=!l2tp-out1 \
out-interface=bridge1 src-address=192.168.3.0/24
add action=drop chain=forward comment="Drop forward invalid connections" \
connection-state=invalid out-interface=l2tp-out1
add action=drop chain=input comment=\
"\C7\E0\EF\F0\E5\F2 \E4\EE\F1\F2\F3\EF\E0 \EA Mikrotik" dst-address=\
***.***.***.*** dst-port=8291 in-interface=l2tp-out1 log=yes log-prefix=\
TIK!_ protocol=tcp src-address-list=black_addr
add action=drop chain=input disabled=yes dst-port=80 protocol=tcp \
src-address=192.168.1.0/24
add action=drop chain=input comment="Drop other input FLEX" disabled=yes \
dst-address-list=!dns_providers in-interface=l2tp-out1 protocol=!udp
add action=drop chain=forward comment="DROP ALL !srcnat, dstnat" \
connection-nat-state=!srcnat,dstnat in-interface=l2tp-out1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" in-interface=\
l2tp-out1 protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" \
in-interface=l2tp-out1 protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" in-interface=\
l2tp-out1 protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" \
src-address-list="port scanners"
add action=add-src-to-address-list address-list=DNS_FLOOD \
address-list-timeout=none-dynamic chain=input comment="DNS FLOOD" \
disabled=yes dst-port=53 in-interface=l2tp-out1 protocol=udp
add action=drop chain=input comment="DNS FLOOD - DROP" disabled=yes dst-port=\
53 in-interface=l2tp-out1 protocol=udp
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
/ip firewall nat
add action=masquerade chain=srcnat out-interface=l2tp-out1
add action=masquerade chain=srcnat disabled=yes src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="rule for Internet from L2TP_VPN" \
disabled=yes out-interface=*F00036 src-address=192.168.3.0/24
add action=dst-nat chain=dstnat comment="WEB - 250" disabled=yes dst-port=80 \
in-interface=l2tp-out1 protocol=tcp to-addresses=192.168.1.250 to-ports=\
80
add action=dst-nat chain=dstnat comment="WEB - 8" dst-port=80 in-interface=\
l2tp-out1 protocol=tcp to-addresses=192.168.1.8 to-ports=80
add action=dst-nat chain=dstnat comment=N****** dst-port=443 in-interface=\
l2tp-out1 log-prefix=NEXT_ protocol=tcp to-addresses=192.168.1.8 \
to-ports=443
add action=dst-nat chain=dstnat dst-port=465 in-interface=l2tp-out1 protocol=\
tcp to-addresses=192.168.1.7 to-ports=465
add action=dst-nat chain=dstnat dst-port=993 in-interface=l2tp-out1 protocol=\
tcp to-addresses=192.168.1.7 to-ports=993
add action=dst-nat chain=dstnat dst-port=25 in-interface=l2tp-out1 protocol=\
tcp to-addresses=192.168.1.7 to-ports=25
add action=dst-nat chain=dstnat comment=110 disabled=yes dst-port=110 \
in-interface=l2tp-out1 protocol=tcp to-addresses=192.168.1.7 to-ports=110
add action=dst-nat chain=dstnat dst-port=587 in-interface=l2tp-out1 protocol=\
tcp to-addresses=192.168.1.7 to-ports=587
add action=dst-nat chain=dstnat comment=ELASTIX disabled=yes dst-port=5001 \
in-interface=l2tp-out1 protocol=tcp to-addresses=192.168.2.35 to-ports=\
5001
add action=dst-nat chain=dstnat comment=OPEN-VPN disabled=yes dst-port=1194 \
in-interface=l2tp-out1 log-prefix=OVPN_ protocol=tcp to-addresses=\
192.168.1.84 to-ports=1194
add action=dst-nat chain=dstnat comment=TORRENT-WebUI dst-port=9091 \
in-interface=l2tp-out1 protocol=tcp to-addresses=192.168.1.8 to-ports=\
9091
add action=dst-nat chain=dstnat comment=Proxy dst-port=4128 in-interface=\
l2tp-out1 protocol=tcp to-addresses=192.168.1.53 to-ports=3128
add action=dst-nat chain=dstnat comment="\C4\EE\F1\F2\F3\EF \EA LAN 80" \
dst-address=***.***.***.*** dst-port=80 protocol=tcp src-address=\
192.168.1.0/24 to-addresses=192.168.1.8
add action=dst-nat chain=dstnat comment="\C4\EE\F1\F2\F3\EF \EA LAN 80 88/24" \
dst-address=***.***.***.*** dst-port=80 protocol=tcp src-address=\
192.168.88.0/24 to-addresses=192.168.1.8
add action=dst-nat chain=dstnat comment="\C4\EE\F1\F2\F3\EF \EA LAN 993" \
dst-address=***.***.***.*** dst-port=993 protocol=tcp src-address=\
192.168.1.0/24 to-addresses=192.168.1.7
add action=dst-nat chain=dstnat comment="\C4\EE\F1\F2\F3\EF \EA LAN-88 993" \
dst-address=***.***.***.*** dst-port=993 protocol=tcp src-address=\
192.168.88.0/24 to-addresses=192.168.1.7
add action=dst-nat chain=dstnat comment="\C4\EE\F1\F2\F3\EF \EA LAN 587" \
dst-address=***.***.***.*** dst-port=587 protocol=tcp src-address=\
192.168.1.0/24 to-addresses=192.168.1.7
add action=dst-nat chain=dstnat comment=\
"\C4\EE\F1\F2\F3\EF \EA LAN 587 - 88/24" dst-address=***.***.***.*** \
dst-port=587 protocol=tcp src-address=192.168.88.0/24 to-addresses=\
192.168.1.7
add action=dst-nat chain=dstnat comment="\C4\EE\F1\F2\F3\EF \EA LAN 443" \
dst-address=***.***.***.*** dst-port=443 protocol=tcp src-address=\
192.168.1.0/24 to-addresses=192.168.1.8 to-ports=443
add action=dst-nat chain=dstnat comment="\C4\EE\F1\F2\F3\EF \EA LAN 443-88" \
dst-address=***.***.***.*** dst-port=443 protocol=tcp src-address=\
192.168.88.0/24 to-addresses=192.168.1.8 to-ports=443
add action=masquerade chain=srcnat dst-address=192.168.1.8 dst-port=80 \
protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment=88 dst-address=192.168.1.8 \
dst-port=80 protocol=tcp src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="88 5001" dst-address=192.168.1.8 \
dst-port=5001 protocol=tcp src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="88 2869" dst-address=192.168.1.8 \
dst-port=2869 protocol=tcp src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="88 1900 " dst-address=192.168.1.8 \
dst-port=1900 protocol=udp src-address=192.168.88.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.8 dst-port=443 \
protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment=88 dst-address=192.168.1.8 \
dst-port=443 protocol=tcp src-address=192.168.88.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.7 dst-port=993 \
protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.7 dst-port=587 \
protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment=88/24 dst-address=192.168.1.7 \
dst-port=587 protocol=tcp src-address=192.168.88.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.7 dst-port=465 \
protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment=DMZ disabled=yes in-interface=\
l2tp-out1 to-addresses=192.168.1.253
add action=dst-nat chain=dstnat comment="SIP -5060" dst-port=6060 \
in-interface=l2tp-out1 log-prefix=5060_ protocol=udp to-addresses=\
192.168.1.253 to-ports=5060
add action=dst-nat chain=dstnat comment="SIP -5061" dst-port=6061 \
in-interface=l2tp-out1 log-prefix=5061_ protocol=udp to-addresses=\
192.168.1.253 to-ports=5061
add action=dst-nat chain=dstnat comment="SIP -5160" dst-port=6160 \
in-interface=l2tp-out1 log-prefix=5160_ protocol=udp to-addresses=\
192.168.1.253 to-ports=5160
add action=dst-nat chain=dstnat comment="SIP -5160 - TEST" dst-port=5160 \
in-interface=l2tp-out1 log-prefix=5160_ protocol=udp to-addresses=\
192.168.1.253 to-ports=5160
add action=dst-nat chain=dstnat comment="SIP -5160 - LAN" dst-address=\
***.***.***.*** dst-port=5160 log-prefix=5160_ protocol=udp src-address=\
192.168.1.0/24 to-addresses=192.168.1.253 to-ports=5160
add action=dst-nat chain=dstnat comment="SIP -5160 - LAN-WIFI" dst-address=\
***.***.***.*** dst-port=5160 log-prefix=5160_ protocol=udp src-address=\
192.168.88.0/24 to-addresses=192.168.1.253 to-ports=5160
add action=dst-nat chain=dstnat comment="SIP -5161" dst-port=6161 \
in-interface=l2tp-out1 log-prefix=5161_ protocol=udp to-addresses=\
192.168.1.253 to-ports=5161
add action=dst-nat chain=dstnat comment="SIP -9000-10000" dst-port=\
10000-20000 in-interface=l2tp-out1 log-prefix=EEEE_ protocol=udp \
to-addresses=192.168.1.253 to-ports=10000-20000
add action=dst-nat chain=dstnat comment="RDP - .59" disabled=yes dst-port=\
17585 in-interface=l2tp-out1 protocol=tcp to-addresses=192.168.1.59 \
to-ports=3389
add action=dst-nat chain=dstnat comment=******* disabled=yes dst-port=****** \
in-interface=l2tp-out1 protocol=tcp to-addresses=192.168.1.150 to-ports=\
*****
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes ports=6060,6061
set pptp disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec identity
add peer=peer1 remote-id=ignore secret=******
/ip route
add check-gateway=ping distance=2 gateway=***.***.***.***
add distance=1 dst-address=192.168.88.0/24 gateway=192.168.1.10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.1.0/24,192.168.3.0/24,192.168.88.0/24
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=external
add interface=ether9 type=internal
/ppp secret
add name=vpn_ password=*************** profile=VPN-HOME service=l2tp
add name=honor_ password=*************** profile=VPN-HOME service=l2tp
add comment=******** local-address=192.168.3.13 name=********* \
password=***************** profile=VPN-HOME
/system clock
set time-zone-name=Europe/Moscow
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

Пробовал отключить все запрещающие правила, но эффекта никакого.
Сбрасывал кеш DNS - тоже никакого эффекта.

Еще смущает вот такая фигня в DNS после сброса кеша:

 картинка

http://deltamoby.ru/images/2020/04/29/OzF0f.png

Подскажите, пожалуйста, в чем моя ошибка?

Спасибо.

[Erik_U]

На компьютере, на котором не работает сайт сделайте
1. пинг на этот сайт по имени. Увидите, резолвится ли имя в адрес, и если резолвится - есть ли пинг.
2. Если резолвится, но пинга нет - сделайте трейс до этого адреса, увидите на каком хосте теряется соединение. Если это ваш хост - тогда есть смысл думать, если чужой - то смысла нет.

[DimmKo]

На компьютере, на котором не работает сайт сделайте
1. пинг на этот сайт по имени. Увидите, резолвится ли имя в адрес, и если резолвится - есть ли пинг.
2. Если резолвится, но пинга нет - сделайте трейс до этого адреса, увидите на каком хосте теряется соединение. Если это ваш хост - тогда есть смысл думать, если чужой - то смысла нет.

Спасибо за ваш ответ.

1. Всё норм.
2. Трассировка тоже проходит.

Наверное, попробую сбросить все настройки и заново перенастроить.

Так же попробовал разные бэкапы что делал (2017 и 2018 год). Но так же толку нет.

Не может быть проблемы с железом?

[Erik_U]

могут быть проблемы с плагинами у браузера. Установили что нибудь для обхода блокировок, а оно бывает, что определяется сайтами с различными последствиями.

[DimmKo]

могут быть проблемы с плагинами у браузера. Установили что нибудь для обхода блокировок, а оно бывает, что определяется сайтами с различными последствиями.

Я об этом думал, потому из консольного браузера (lynks2) тоже самое.
Ну и чистый браузер пробовал (Portable) такая же ерунда.

[DimmKo]

 tcpdump

11:28:48.006782 IP 192.168.1.150.53726 > 104.28.23.96.443: Flags [S], seq 646208399, win 64240, options [mss 1460,sackOK,TS val 826101797 ecr 0,nop,wscale 7], length 0
E..<. @.@.......h..`....&.[.........A..........
1=P%........
11:28:48.009348 IP 104.28.23.96.443 > 192.168.1.150.53726: Flags [S.], seq 1155688613, ack 646208400, win 65535, options [mss 1400,nop,nop,sackOK,nop,wscale 10], length 0
E..4..@.;.. h..`........D.h.&.[.....*J.....x.......

11:28:48.009394 IP 192.168.1.150.53726 > 104.28.23.96.443: Flags [.], ack 1, win 502, length 0
E..(.!@.@.......h..`....&.[.D.h.P...A...
11:28:48.009776 IP 192.168.1.150.53726 > 104.28.23.96.443: Flags [P.], seq 1:518, ack 1, win 502, length 517
E..-."@.@.......h..`....&.[.D.h.P...C................"..
..=....xi....2L_7.V.4{0..O .2`%{..L.....*../...w........+F..>.......,.0.........+./...$.(.k.#.'.g.
...9. ...3.....=.<.5./.....u.........chevereto.com.........
...
...........#.............*.(........... .
...........................+. ..........-.....3.&.$... .@...OIL...<.z.h._.........E...&................................................................................................................................................................................................................
11:28:48.012737 IP 104.28.23.96.443 > 192.168.1.150.53726: Flags [.], ack 518, win 66, length 0
E..(S.@.;..Fh..`........D.h.&.].P..Bh.........
11:28:48.015801 IP 104.28.23.96.443 > 192.168.1.150.53726: Flags [.], seq 1:1411, ack 518, win 66, length 1410
E...S.@.;...h..`........D.h.&.].P..B........z...v...3..v...;p.G.......!.v.....DH... .2`%{..L.....*../...w........+F.......3.$... 4+N2?X...DR..._..)..n..Y.,.RQ..4.+............. E.5..<.......F.....2Os.s:T.\..Ur...4.S
.T..*..kE...rn;)\5T.. hU........"[n.........H.....<+*....0.....8B.{.1,.6P/.)..vJ.......b....~..............0g.CR....k....bV.mX..@...=..Z$..*....K.......Y|...ta..*H..Q:^.c.K>F.+...P..f+...;*..F._.L.L2.;...7.t......Z....3.sS..`. .Xt?..G*.K....Q.H:..Y{<D.<....x.
.F..I.q......
.w.F...WY2...^.U":....=Pe..^..6..BR..>g.....D.Q,:...z.gBgW.R........c5.....!C
?..A...8..*.3.*.@nO....]<R..x.SH...8\`K"...".54/.e.4o.5dx.s..M....Q2%.##...TY.L..m%Z.
.......&....1...'....^..o.E;..~m.X;LM.5...t..Y1}..1.F)+?g..(....} %...(.....7?..Fu.G.....sU3O......g~LM.H..d..........1..}....G,....I..kp.....D$...S.6.j......h.%.j}..o~........^V .$.:wH)../.tK$EP./.._4./v.l.u...n.{../h.N^5%...(.&.......c....d.IT......0.....W........f.J....+.._...6..$cG........U.GX.G...h...b..e1....WR.@0w.. ....':.AO...=.24d.!..O..:..:4G.$.%..........3E......P
..t..6...x\..!.q.@ ...W.......=.h......w.0T.U......Ow.zD..SqeS..02.........c.<...<...^k.FI../....?..e.\u .+[.U....'...pb..L{..>/\w.BNx.x,jJ9.1.r
...s.....?.@&....(*c.a
..Q.*..{...w..q....6........m[..$:.....N...".Yo.Q.v<..a.".V....%.......O1......9=qb7.?.X.........4.:.)....i..'E.....'.G%.=..yv.9N.!*..F.[/;.\.`.(.1s.t]-.......@^3..,H.i......#.8..l.........6......4.O.I..y.V...:/.bpA.../.4Thjn3.V.*..Q0....z] ,."..].
11:28:48.015828 IP 192.168.1.150.53726 > 104.28.23.96.443: Flags [.], ack 1411, win 501, length 0
E..(.#@.@.......h..`....&.].D.n(P...A...
11:28:48.015854 IP 104.28.23.96.443 > 192.168.1.150.53726: Flags [P.], seq 1411:2512, ack 518, win 66, length 1101
E..uS.@.;...h..`........D.n(&.].P..BR}...._...J..N.X1..M.>.sZ..cn".w..hm3..w.g.... ...Q
.E0.w.O..Z.:-.....%.RF.P8Fp.jZ....."......ft.....).B.i......3~....LQ....8.zE..^..~..I.OMo<.....Sa/=1......m.Ml..~". ./..M;m..J.1..........;x..~.-..g....m..7..U2+N...0..D..........Z..'.i..O%..o.
..jHP6....&.....Jg.4..2.......[.....$..]@..rhA.#cn.E.M. ."..\%....z..Tt.U.S^....i..r(.....<..<xi.v*_..^t....x.J..../. .1.....,Xa;...A.q.j.J,.....5`..O..s.'....t.=q......*H../....e....$:v...gZ..........}E.c..$....g...B`;.=............Ti.......)oKW._Fz.....mE.....k^.Y S.....).....~@..*P]......tZ..q}.C$.2..n......5....T.Q...q..zb.<.0 ..e....#-:..v..h....?T.$.5......q....{.....Cz....
.0b....?.`D......*eE.c..~.........C...O...1PC...l.o=.....'.. u..7@g..-L....S'{...h..=..v.B=..5.K!..o...e....}....y.8p..P....UIr#........E..p\...A..;...@..P.....>.G.....r(.......^.........0._2=..!.....xL..b.O-..!z....
..<n.].#F,c....bOf)...2'......}f`.d....W)..O..5...-..0.............Y.l?.~.O............Cm..9..g.YK.).....}.Hg.2oT...M.v.i...=.d..c.,.!.....9Gv.h...E..93.....}.X.vD.AM>`...+.bg%..D.[.......Ee4..Xe..OD.Q....c.*Ale.).@..,.}C..
.?..-......<?.....G.|y....n........
11:28:48.015865 IP 192.168.1.150.53726 > 104.28.23.96.443: Flags [.], ack 2512, win 496, length 0
E..(.$@.@.......h..`....&.].D.ruP...A...
11:28:48.017516 IP 192.168.1.150.53726 > 104.28.23.96.443: Flags [P.], seq 518:598, ack 2512, win 501, length 80
E..x.%@.@.......h..`....&.].D.ruP...B%............E.Q...+...
g..Z.GX.....%...."..@F(....4;..Rb....(..`.
?..g4....S.GB@..
11:28:48.021441 IP 104.28.23.96.443 > 192.168.1.150.53726: Flags [.], ack 598, win 66, length 0
E..(S.@.;..Ch..`........D.ru&.].P..B^}........
11:28:48.021464 IP 192.168.1.150.53726 > 104.28.23.96.443: Flags [P.], seq 598:1216, ack 2512, win 501, length 618
E....&@.@.......h..`....&.].D.ruP...D?......e..........g[.i.............+.*{..aN..y@...........H.B.......}.M....R.B|.....b..e..R........t...-.$.....Jy.O....d{..I-...4*.......I{.N.i...c.Q.... ...."#..=.!9X@.-%......}.e+.N....?..nV.....7B..-_2l.Yc.......k.8..e.-.cP.B<.+@c.8..1....2..c(F.'.d..;R?j.x..u....^.....4A.IyP.&..v...m"...........kh^gK...H.(..:.H....Q...).|...FE.._..( y..1-W..{....dz+......ij.~.|.t... .....?......`....sm.ZI.q.P..n.~C...r...:(.....W*......[}..v..U..Y......<T.&....M.0.d..B..j...z/...&.0...p.y.._..Ptf.r.C...l. .cT.".*.....c...V..8.rT.[..;0.n.A.b.~..9. ..N..8{U.]...l.7?...$D.P@..1.....N#.,U.xi...<w.L.J..K.....07X..K..,.q...c'.W.`nX
11:28:48.024184 IP 104.28.23.96.443 > 192.168.1.150.53726: Flags [.], ack 1216, win 67, length 0
E..(S.@.;..Bh..`........D.ru&.`OP..C\.........
11:28:48.227731 IP 104.28.23.96.443 > 192.168.1.150.53726: Flags [R.], seq 2512:2534, ack 1216, win 67, length 22
E..>..@.;...h..`........D.ru&.`OP..C[.........................
11:28:48.227999 IP 192.168.1.150.53728 > 104.28.23.96.443: Flags [S], seq 2469460618, win 64240, options [mss 1460,sackOK,TS val 826102018 ecr 0,nop,wscale 7], length 0
E..<..@.@..\....h..`.....0..........A..........
1=Q.........
11:28:48.231329 IP 104.28.23.96.443 > 192.168.1.150.53728: Flags [S.], seq 3419031972, ack 2469460619, win 65535, options [mss 1400,nop,nop,sackOK,nop,wscale 10], length 0
E..4..@.;.. h..`..........I..0.............x.......

11:28:48.231369 IP 192.168.1.150.53728 > 104.28.23.96.443: Flags [.], ack 1, win 502, length 0
E..(..@.@..o....h..`.....0....I.P...A...
11:28:48.231714 IP 192.168.1.150.53728 > 104.28.23.96.443: Flags [P.], seq 1:518, ack 1, win 502, length 517
E..-..@.@..i....h..`.....0....I.P...C.....................EMS..{.j.....5B.....u...P ..4.....nE#.f........X.5.pB\>.5b.>.......,.0.........+./...$.(.k.#.'.g.
...9. ...3.....=.<.5./.....u.........chevereto.com.........
...
...........#.............*.(........... .
...........................+. ..........-.....3.&.$... 2.....1~..*...Q....Z..y.({..'.F.................................................................................................................................................................................................................
11:28:48.234947 IP 104.28.23.96.443 > 192.168.1.150.53728: Flags [.], ack 518, win 66, length 0
E..(..@.;..ah..`..........I..0..P..B.
........
11:28:48.240592 IP 104.28.23.96.443 > 192.168.1.150.53728: Flags [.], seq 1:1411, ack 518, win 66, length 1410
E.....@.;...h..`..........I..0..P..B7J......z...v..s.?j4.p...k ..y.c....O.. g2...r. ..4.....nE#.f........X.5.pB\>.5b......3.$... .....k.F%.]s$.JX.....!.t......<t.+............. E....l.Qg.{k..=.^...H.4....*.P\.{..n.l....?...,._..y[V...f...>oe..f0b...J.....+z...CW..n...i..u...0>...A.rA........*M.bv...y............M....5...=.M.9....N6.nX.\Y.|.... .......E.....o.%.|...&.23..K.v...
.B...M......9..f\.. ...|..."Y5...8#6.....6......3.. ...<.f..W..f..I_.j..6..z..J.6.
9yz7..........e.8<.........I.H.....:..X.`.#.T... .k.'7n....RD...o*....$.\.#...n..I7....G...........f ...]W..I.j.X:...5.B._>mWJs.sJ1J...H.....<PL...n.....[{0.._..P....g........&..z...v....)APN...A..V0...o.M...X..0....yT..'Tk''.x..% .26S...{..H2....q
7..Z.....A....;.........vsy...F...[V(.W........H:?..g....:,..g.oP.'....w....E4A.....x&.......e.*[...!.-...,`|>.X-$)..`~..wd...Al..9...b.%...$Z....k|..a.:a;.(.{..4Z.K.S..e.=Ai.bz...fp{w.*19yR<....0....T!:.s1.!?yE.D+..[f.M.d.t....`ou..S.=.q.U./=c"..2.........._... .Nf:...M..Z..O.....4L...y....@
.(.&...$>..c...|......^.%.s/..Y..i..-+KEa..A.*..
....@n.QE.+.E.G.....2..z.x5.S...0......U.4.....D.I..e.b...O.Jc.... k.Y..&....Fd...x..4...u
..^..%........xJ..h.DT#N....!.V.1.<..-..atnk......8D........w....[........M.c.p.x..I....opDAztzGn~..&..
......X.5....:.7...r.Z.BHWi.k&d*.U...Hzd.>=3.96..f...4.}z.*.. .#.g..t2.ry)..,.H..!\../...<...#_XoI..........TBb.7....W.r..O@}3
...9x<........a.U:.........=b.U.#.....L..d.-nM.Dw..8...@...+.....(.$.z..
11:28:48.240610 IP 192.168.1.150.53728 > 104.28.23.96.443: Flags [.], ack 1411, win 501, length 0
E..(..@.@..m....h..`.....0....O'P...A...
11:28:48.240635 IP 104.28.23.96.443 > 192.168.1.150.53728: Flags [P.], seq 1411:2512, ack 518, win 66, length 1101
E..u..@.;...h..`..........O'.0..P..B.a..+I2......O%=....(x....] ..eHj*S..N].O4.....&.g..j7m..8O|j>..}K....A.N...F:..+.. o..v...M<...*..W....DN..|./N..v?Mc:9..e>.t.....lgZ..^.AK?.y.......*......?w.y....W..]ZRY H.m.#........GL.(..O..;j|I%...-...%^m.x..a.r.XE?..q.S_..'J...j.....F....}$g.P.....Gpxj....=
)6.G..sX5^.7o.v..nk8..h...5....C....y....(:..O...?..i....$S.W.A.l.{.=...`%.Lp..Y.........`.....[.6k..L {.......&...S..`...Lz.......j..$=.R.W..n.;h...01vH`.1+.p./Z].U..J....z6...mh...U.P.BF6........i.F..H............V>.....^.p.z...`&.........8.`.pM...v.Y...=.]!.7...@.. z..Y.......~EF..|........./.....Q.$....8.~...Y.,s/r......v.A...>..........e._8Z.......&.5..8g.j......r.t".v.
.s..k].kt......S.b........{.~dvU.D.K........ilg....6..........~i.<Z./#_...48!.?5..../.by
.y...;Uqaw........R..k\....^.o..'..F....V.....s=.TP..&..............jb...:.........|......o..........V..%.`....."R..;$.....+ X.......-...q.....)uG.4....\8..2Ap..wU......Wh?V..$x]8J....Q..Wx....0....=..._\q........"}......f."..*. ....iT.'...G..9TZ.G.|A0._C.KM.V.rS..@......M....43...<.....M..I..._u...]..h_......Jd.|.../..d?.`....C./...S.].L.Q~. G.2.2..e...J.e.?..cpi...a.%.
11:28:48.240646 IP 192.168.1.150.53728 > 104.28.23.96.443: Flags [.], ack 2512, win 496, length 0
E..(..@.@..l....h..`.....0....StP...A...
11:28:48.242328 IP 192.168.1.150.53728 > 104.28.23.96.443: Flags [P.], seq 518:598, ack 2512, win 501, length 80
E..x..@.@.......h..`.....0....StP...B%............E+p..'...l[..f.1.5.F-tv.tG..]F.....Y'...Kv.....+.....CM..7..7..=XX.tE[
11:28:48.245450 IP 104.28.23.96.443 > 192.168.1.150.53728: Flags [.], ack 598, win 66, length 0
E..(..@.;..^h..`..........St.0..P..B..........
11:28:48.245483 IP 192.168.1.150.53728 > 104.28.23.96.443: Flags [P.], seq 598:1216, ack 2512, win 501, length 618
E.....@.@.......h..`.....0....StP...D?......e....'=I...K.f9&..AK..5.......q.o.zv;|...N.z-..[.c.... ..e.....q.j.o6...+^/JO..tg9..3.\%s...[.....x?.[.#...p.#.....&qf.2..;......e...H.....>.IZ>j..zMs./...<p.E.I.V....s...gp..c......].o.#....1A.]{...#u...P...l.&.!GhW...f.....wE.Q\.1........Y..k.m.U..Vl.'.k...P.p..$a..c..W.X...^.....U*$.EC.b.*/..oZ.......f...Y.@''.....~.V.>\.&h.@.......Kw.(..&.-......aEP3V...j....>o.iPd..H...zJ}.;..........'Z.;.@...o...A...33....A+wmC&..p.F..k..t......F.j..:..W.xl.......ev.......e6..b3..+.&..S..|..5w.Z=9.\....zO...X.^.z4|.<....{..M9..R...\......s..j....5?.....%i....$*^..G.D..7C.a.m'T.y...7..{7d.j...6....Ko.....6..$.Tv)..P...
11:28:48.248253 IP 104.28.23.96.443 > 192.168.1.150.53728: Flags [.], ack 1216, win 67, length 0
E..(..@.;..]h..`..........St.0.JP..C..........
11:28:48.445977 IP 104.28.23.96.443 > 192.168.1.150.53728: Flags [R.], seq 2512:2534, ack 1216, win 67, length 22
E..>..@.;...h..`..........St.0.JP..C.f........................
11:28:48.446264 IP 192.168.1.150.53730 > 104.28.23.96.443: Flags [S], seq 3594609920, win 64240, options [mss 1460,sackOK,TS val 826102236 ecr 0,nop,wscale 7], length 0
E..<_n@.@.......h..`.....Ae.........A..........
1=Q.........
11:28:48.449088 IP 104.28.23.96.443 > 192.168.1.150.53730: Flags [S.], seq 720905689, ack 3594609921, win 65535, options [mss 1400,nop,nop,sackOK,nop,wscale 10], length 0
E..4..@.;.. h..`........*.%..Ae............x.......

11:28:48.449129 IP 192.168.1.150.53730 > 104.28.23.96.443: Flags [.], ack 1, win 502, length 0
E..(_o@.@.......h..`.....Ae.*.%.P...A...
11:28:48.449448 IP 192.168.1.150.53730 > 104.28.23.96.443: Flags [P.], seq 1:518, ack 1, win 502, length 517
E..-_p@.@.......h..`.....Ae.*.%.P...C...............U....(v.9..8.....o.?ui....,..T1 ......=..T......q.N07...F(.}(u...>.......,.0.........+./...$.(.k.#.'.g.
...9. ...3.....=.<.5./.....u.........chevereto.com.........
...
...........#.............*.(........... .
...........................+. ..........-.....3.&.$... .._.>...-....P...N_.Y.*;..@;..2f................................................................................................................................................................................................................
11:28:48.452738 IP 104.28.23.96.443 > 192.168.1.150.53730: Flags [.], ack 518, win 66, length 0
E..(6.@.;..*h..`........*.%..Ag.P..B. ........
11:28:48.465341 IP 104.28.23.96.443 > 192.168.1.150.53730: Flags [.], seq 1:1411, ack 518, win 66, length 1410
E...6.@.;...h..`........*.%..Ag.P..B........z...v.._{l..g......4...Y#..,..z.I..6Y.. ......=..T......q.N07...F(.}(u........3.$... .H....R.:.o.!....I...ih.V...Y..).+............. E....k>`..=.g.d{..0...~H'.w...........X$..T......V.../.>...C....]9S..`X'0.K....Ss|2i...%.X4.|,.>[\.N..ea.}B....-..Q...7..?..1n.Q.Hx6oG....Y#m@Z.....`....:.z..(....M..^.m...._. s|.J...2.......4...e.G..I....S1...d..)........N.'..%4p..$_Ka&}..C.AS(.....w.....d.).Bz..l.!*+....(.i..K.]].<H.l..IJ..zU....'.....2....BQ...<.*..d9..:*.z.".+..=.../.?......P._SI#.../,..`.......Q.a..S.n..h..E.....A.A.p|{.imO.l4a7A.I..A.8e!qI.V2'|..iv.........n...XQ..4.P..f........B....sK...}....#.7u... ....[..a.`]...u.Y..P.%,....Z.No.H......oFZIm.5..3.9X#....#. H.Z........0....P[.d..<X.l]. ..
uU^.. Zp"([...5..\"........Ib...H)..[.M2..(]...*.. p....z.).i,d$..o....... #.... .-R..j..JXQv#......X...k h.>.S ?.<~.....[.hOD..>.+<.R>..5..T..n.b..`.f....x-.EF.... o^k.....iK............0..3.....DVH.R..8j... ]...H[o.1.I[2..>d..~...;..=K...3.+FK.P[....fF.*..D...g..1^.|d...z....H nw?..]."...'N.t.t.d..MT*...;..T.....f3......Z..... ].4..L.$PC1..M...d....]...abonOu2.=/.]...~..p.....Fm.....p..^%....r~>=5......5...3._3.I|._...K.........PxJ.9-..w..q..Dla?.l..5...+..T..{...J$N..1.......m..I.E........U...u]2U..,.......J..<...m*.sF'.|u.........>..Q-..LdB<.._......DveJ..[..........%.>?.F.;M.~.70.j
...........dPJFu.i.-...:..c.x.......}.
.^...|.c..7qC...Ws[....#[k........u:.Xz.....dy a.aA_......]:qR2.......
11:28:48.465365 IP 192.168.1.150.53730 > 104.28.23.96.443: Flags [.], ack 1411, win 501, length 0
E..(_q@.@.......h..`.....Ag.*.+\P...A...
11:28:48.465400 IP 104.28.23.96.443 > 192.168.1.150.53730: Flags [P.], seq 1411:2512, ack 518, win 66, length 1101
E..u6.@.;...h..`........*.+\.Ag.P..B....t&.."m........! p.((\..l.K.
M....-R....:...5.....SS.k..C....!Y &-.....k6P8k..'K2.(....Y...a$.... .....
K...... .... -.X.:..m"..-.....U..e.'.....=...k).....+.....?....b..?1/+h<t4..G?..m.. ....X:.......0.=.....F..n. I.........$&......
.s....P..p..|..y.,.-....%u..z........(z...-.}g.....M..VX.b..?Z............Q...7.iD......g..1
.P.....E|4.T.......
...D.../..C...1...AX3.....,.b..wm..'....40........&j.. .%g.)c...K......#'z.V..R..sI.."...m 21L....f....Ge..n...C.Az..8..Q...c.....vS..A....m2o.....Tr....R.h6 ........(..qv...,YD.5...Oa./3A...U.8U9.X^.....A$..'z.....:..7.=r..z..8.....m..B.S....1i^.7&.....1. 0..le,.l".\.}I!..Upa.:-./.]f ;.|17.........?U...o)h.17..Q.>.....R.....~.?.j.rm$..VfE.....R...G......o....'.....QbP.r{.3RI.xw<`.."..%.~..(@.=.f.).l..u...O.H.`.y........P....I....?...7>....
....0..D.. K.H@..'u..G..H...w.Q.d..P.....cQ....t>..\G.k....S.w.].........A..K.0..!W. ..{E}.x...V...4.6T.9..q.......c...)M.
...8T...)P..Q.........B..<.b' h...Ng. 1...@..Y..S.......9nAFT@...\...y. ]..T...&MX[w.&.8...n.D....w&.."..( .....M.6.l..1..!....o/..}Y..m5...a.9....n|.S l.........lvG.0f..."......M8..dL.9.
11:28:48.465412 IP 192.168.1.150.53730 > 104.28.23.96.443: Flags [.], ack 2512, win 496, length 0
E..(_r@.@.......h..`.....Ag.*./.P...A...
11:28:48.467105 IP 192.168.1.150.53730 > 104.28.23.96.443: Flags [P.], seq 518:598, ack 2512, win 501, length 80
E..x_s@.@..R....h..`.....Ag.*./.P...B%............E.f..>..........t. . ..5.\]:..u.......!K^...B.z..^.\!x2
..h..|og......
11:28:48.469792 IP 104.28.23.96.443 > 192.168.1.150.53730: Flags [.], ack 598, win 66, length 0
E..(6.@.;..'h..`........*./..AgVP..B..........
11:28:48.469818 IP 192.168.1.150.53730 > 104.28.23.96.443: Flags [P.], seq 598:1216, ack 2512, win 501, length 618
E..._t@.@..7....h..`.....AgV*./.P...D?......e<.7_.!.U..Y....r......+.3..c...[.- .i.i...(.r.{..:.ZgVI..Hq....e9.*...0...R..'...B...d....1..j.!...`...D.m..,....tC.C.f...O.cQ..Z..ON.....o3.(..X.~\.... ...2.7...X..7..Z..%....j.ZR.-..3...+g............D..3.........,T..{................^s.Yv.....*.........".......2....#D"..$~...FT..\Zj..%...y..>L.W..1.q.....<........#......5..+4..;._.GJ..Q)...2^i%....:....ukstB.9BJ....0L...G.....P.=.|"....\._.;..Xe.s...
...M..a....L. ....2~:.N|.&..[=.Ds...Q.#um..c..QXt.MVB(.......1.OU.......'...........D..W.....l7...'..{.B)o. ..U..S.Ad.N..d..r.N.5..u..6?^...D...."...b..KM...V .vg.@@.
.Y-d.........Bz g.......f...$(F".y.n...
11:28:48.473196 IP 104.28.23.96.443 > 192.168.1.150.53730: Flags [.], ack 1216, win 67, length 0
E..(6.@.;..&h..`........*./..Ai.P..C..........
11:28:48.659427 IP 104.28.23.96.443 > 192.168.1.150.53730: Flags [R.], seq 2512:2534, ack 1216, win 67, length 22
E..>..@.;...h..`........*./..Ai.P..C.{........................

Может кто-то тут найдет причину. Я не оч хорошо разбираюсь.

Вот что wget пишет

 

Setting --spider (spider) to 1
Setting --spider (spider) to 1
DEBUG output created by Wget 1.19.4 on linux-gnu.

Reading HSTS entries from /home/delta/.wget-hsts
URI encoding = ‘UTF-8’
Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)
Spider mode enabled. Check if remote file exists.
--2020-04-29 12:10:37-- https://chevereto.com/
Resolving chevereto.com (chevereto.com)... 104.28.23.96, 104.28.22.96, 2606:4700:3030::681c:1760, ...
Caching chevereto.com => 104.28.23.96 104.28.22.96 2606:4700:3030::681c:1760 2606:4700:3031::681c:1660
Connecting to chevereto.com (chevereto.com)|104.28.23.96|:443... connected.
Created socket 5.
Releasing 0x0000562bb8b45ef0 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 5 to SSL handle 0x0000562bb8b46940
certificate:
subject: CN=sni.cloudflaressl.com,O=Cloudflare\\, Inc.,L=San Francisco,ST=CA,C=US
issuer: CN=CloudFlare Inc ECC CA-2,O=CloudFlare\\, Inc.,L=San Francisco,ST=CA,C=US
X509 certificate successfully verified and matches host chevereto.com

---request begin---
HEAD / HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: chevereto.com
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Closed 5/SSL 0x0000562bb8b46940
Retrying.

Попробовал один из бесплатных прокси - всё работает.
Может у провайдера спросить - вдруг у него что поменялось.

Просто даже не могу понять, с какого времени началась проблема с недоступностью.

[DimmKo]

Блин, кажется нашел в чем косяк был:
у меня IP-адрес для роутера стоял на выключенном порту (LAN1), я его поменял на Bridge в IP - Addresses.

По крайней мере могу теперь заходить на те сайты, что до этого не работали.

Спасибо.

Рано порадовался.
После перезагрузки роутера - всё вернулось обратно.

Попробовал через wireshark посмотреть: