r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4377
Expires: Fri, 09 Dec 2022 07:47:56 GMT
Date: Fri, 09 Dec 2022 06:34:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13119
Expires: Fri, 09 Dec 2022 10:13:38 GMT
Date: Fri, 09 Dec 2022 06:34:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 06:08:17 GMT
content-type: application/json
age: 1602
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14666
Expires: Fri, 09 Dec 2022 10:39:25 GMT
Date: Fri, 09 Dec 2022 06:34:59 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: aPvCeeXs9NyP8XH6SjfycA/owOikvyrTUMIFiV5pdUi0veaK+r9VnRNYF3eyIkwyqhbe3+41uns=
x-amz-request-id: M7Q95QVP0DK9G2ZF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 05:50:08 GMT
age: 2691
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
partivers-acting.icu/8521f184-f36b-49b8-a2a0-a80abeaabca0
18.193.209.105302 0 B URL HTTP/1.1 partivers-acting.icu/8521f184-f36b-49b8-a2a0-a80abeaabca0
IP 18.193.209.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /8521f184-f36b-49b8-a2a0-a80abeaabca0 HTTP/1.1
Host: partivers-acting.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Fri, 09 Dec 2022 06:34:59 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://ver-oferta.site/it/1?city=Oslo&state=Oslo&var1=itau&var2=&var3=&var4=PropellerAds%20%28CPA%29&var5=ver-oferta.site&cep=k8UulONKLlHLnxGybvPGOxDrkW0mLTPL0qgbUh_dOkIl8rYkkHnXMX7RYEBPNmgI4BE41EUIc6smvSRRMBmIPDU8E32kg4Uh6K1Rq0kKYeBEi3LGZ0Fpv1NDGEtR5G59olL6GHcpmLh1vQPOhQLcCW2_-iwi8rPzdsI_yeiVNEzOuGJw1OUAAnxo-3A_8yar6j6svSK5Bzs2VReKQ-hWiK8gN5stpWZcStnM2xMR8CAFtyKkaPU3dVngSxssEwQjZyJMJRk7RUPC4fvimOcHOCk0jvg0hWBZ3_64qsx8mmYMEnCvpGlacD1oy3lKxS-EhqpmNcoJxL2EhXOZ8_b1u89bk8n3mIu56_Ev791Sm8U&lptoken=166670bb567394499970
Pragma: no-cache
Set-Cookie: 8521f184-f36b-49b8-a2a0-a80abeaabca0-v4=Xx2XxCSNoD8L4mlM6CfpDwsnY7VzpOh03NTjGvWeLZw; Max-Age=86400; Expires=Sat, 10-Dec-2022 06:34:59 GMT; Domain=partivers-acting.icu; Path=/; HttpOnly
cep-v4=i-QvWh56pGBCIMXbD7UTlBHqIgWeHCWKjZmLHSxYj5sOFVRlTfWusQAuSuXG_SqjTRkMiB0sSCfhIW4p3DeO239ldm_jk1bcCKUg8vo-iVHM-260uLPs7kXe7Jeqh-_WoMCR-3AwcF-SDIwJbW_9-xrMlY9nO0qSEMnRSBpxXFpKJAxJZablC7yfFiVOrIyYOOZ_2eGrvYYjA-ekujMz80qw0vGURKAYWrkTPTloUag86QWpifAQxlRtwiAeDr909ehjXRcZsUsitxmGl2uIAbX-hN2fujIH95PeEm0gQTA3wHKJfqY9g56al8xtdiUAacSgWNTSwkVF69YM4vIphM1V4WzzOkVSvESZxj8jNMA; Max-Age=86400; Expires=Sat, 10-Dec-2022 06:34:59 GMT; Domain=partivers-acting.icu; Path=/; HttpOnly
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 06:34:59 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 06:07:55 GMT
age: 1625
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c3730854aee68aa38bca3cec29400a25
b1c962cdda8f73b388fd5c1879f312d9b6879d04
98f34bad4bc53121fff497904ad74e695a821f444e8afb015108360b31990a58
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98F34BAD4BC53121FFF497904AD74E695A821F444E8AFB015108360B31990A58"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21554
Expires: Fri, 09 Dec 2022 12:34:14 GMT
Date: Fri, 09 Dec 2022 06:35:00 GMT
Connection: keep-alive
ver-oferta.site/it/1?city=Oslo&state=Oslo&var1=itau&var2=&var3=&var4=PropellerAds%20%28CPA%29&var5=ver-oferta.site&cep=k8UulONKLlHLnxGybvPGOxDrkW0mLTPL0qgbUh_dOkIl8rYkkHnXMX7RYEBPNmgI4BE41EUIc6smvSRRMBmIPDU8E32kg4Uh6K1Rq0kKYeBEi3LGZ0Fpv1NDGEtR5G59olL6GHcpmLh1vQPOhQLcCW2_-iwi8rPzdsI_yeiVNEzOuGJw1OUAAnxo-3A_8yar6j6svSK5Bzs2VReKQ-hWiK8gN5stpWZcStnM2xMR8CAFtyKkaPU3dVngSxssEwQjZyJMJRk7RUPC4fvimOcHOCk0jvg0hWBZ3_64qsx8mmYMEnCvpGlacD1oy3lKxS-EhqpmNcoJxL2EhXOZ8_b1u89bk8n3mIu56_Ev791Sm8U&lptoken=166670bb567394499970
198.199.79.204301 Moved Permanently 194 B URL HTTP/1.1 ver-oferta.site/it/1?city=Oslo&state=Oslo&var1=itau&var2=&var3=&var4=PropellerAds%20%28CPA%29&var5=ver-oferta.site&cep=k8UulONKLlHLnxGybvPGOxDrkW0mLTPL0qgbUh_dOkIl8rYkkHnXMX7RYEBPNmgI4BE41EUIc6smvSRRMBmIPDU8E32kg4Uh6K1Rq0kKYeBEi3LGZ0Fpv1NDGEtR5G59olL6GHcpmLh1vQPOhQLcCW2_-iwi8rPzdsI_yeiVNEzOuGJw1OUAAnxo-3A_8yar6j6svSK5Bzs2VReKQ-hWiK8gN5stpWZcStnM2xMR8CAFtyKkaPU3dVngSxssEwQjZyJMJRk7RUPC4fvimOcHOCk0jvg0hWBZ3_64qsx8mmYMEnCvpGlacD1oy3lKxS-EhqpmNcoJxL2EhXOZ8_b1u89bk8n3mIu56_Ev791Sm8U&lptoken=166670bb567394499970
IP 198.199.79.204:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ec0f2d6d8da7997a10f72a2537729e59
d6b8ca36f266d92775f5b757e65b8c10c747c30a
95e1144ae5faba1d6ea1ac58b29b1e8d0399125e4dbc6a17d50d0bf5cf3bdcf8
GET /it/1?city=Oslo&state=Oslo&var1=itau&var2=&var3=&var4=PropellerAds%20%28CPA%29&var5=ver-oferta.site&cep=k8UulONKLlHLnxGybvPGOxDrkW0mLTPL0qgbUh_dOkIl8rYkkHnXMX7RYEBPNmgI4BE41EUIc6smvSRRMBmIPDU8E32kg4Uh6K1Rq0kKYeBEi3LGZ0Fpv1NDGEtR5G59olL6GHcpmLh1vQPOhQLcCW2_-iwi8rPzdsI_yeiVNEzOuGJw1OUAAnxo-3A_8yar6j6svSK5Bzs2VReKQ-hWiK8gN5stpWZcStnM2xMR8CAFtyKkaPU3dVngSxssEwQjZyJMJRk7RUPC4fvimOcHOCk0jvg0hWBZ3_64qsx8mmYMEnCvpGlacD1oy3lKxS-EhqpmNcoJxL2EhXOZ8_b1u89bk8n3mIu56_Ev791Sm8U&lptoken=166670bb567394499970 HTTP/1.1
Host: ver-oferta.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 06:35:00 GMT
Content-Type: text/html
Content-Length: 194
Location: https://ver-oferta.site/it/1/?city=Oslo&state=Oslo&var1=itau&var2=&var3=&var4=PropellerAds%20%28CPA%29&var5=ver-oferta.site&cep=k8UulONKLlHLnxGybvPGOxDrkW0mLTPL0qgbUh_dOkIl8rYkkHnXMX7RYEBPNmgI4BE41EUIc6smvSRRMBmIPDU8E32kg4Uh6K1Rq0kKYeBEi3LGZ0Fpv1NDGEtR5G59olL6GHcpmLh1vQPOhQLcCW2_-iwi8rPzdsI_yeiVNEzOuGJw1OUAAnxo-3A_8yar6j6svSK5Bzs2VReKQ-hWiK8gN5stpWZcStnM2xMR8CAFtyKkaPU3dVngSxssEwQjZyJMJRk7RUPC4fvimOcHOCk0jvg0hWBZ3_64qsx8mmYMEnCvpGlacD1oy3lKxS-EhqpmNcoJxL2EhXOZ8_b1u89bk8n3mIu56_Ev791Sm8U&lptoken=166670bb567394499970
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6111
Cache-Control: max-age=101623
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 06:35:00 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:48:43 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ver-oferta.site/it/1/?city=Oslo&state=Oslo&var1=itau&var2=&var3=&var4=PropellerAds%20%28CPA%29&var5=ver-oferta.site&cep=k8UulONKLlHLnxGybvPGOxDrkW0mLTPL0qgbUh_dOkIl8rYkkHnXMX7RYEBPNmgI4BE41EUIc6smvSRRMBmIPDU8E32kg4Uh6K1Rq0kKYeBEi3LGZ0Fpv1NDGEtR5G59olL6GHcpmLh1vQPOhQLcCW2_-iwi8rPzdsI_yeiVNEzOuGJw1OUAAnxo-3A_8yar6j6svSK5Bzs2VReKQ-hWiK8gN5stpWZcStnM2xMR8CAFtyKkaPU3dVngSxssEwQjZyJMJRk7RUPC4fvimOcHOCk0jvg0hWBZ3_64qsx8mmYMEnCvpGlacD1oy3lKxS-EhqpmNcoJxL2EhXOZ8_b1u89bk8n3mIu56_Ev791Sm8U&lptoken=166670bb567394499970
198.199.79.204302 Found 8.8 kB URL HTTP/1.1 ver-oferta.site/it/1/?city=Oslo&state=Oslo&var1=itau&var2=&var3=&var4=PropellerAds%20%28CPA%29&var5=ver-oferta.site&cep=k8UulONKLlHLnxGybvPGOxDrkW0mLTPL0qgbUh_dOkIl8rYkkHnXMX7RYEBPNmgI4BE41EUIc6smvSRRMBmIPDU8E32kg4Uh6K1Rq0kKYeBEi3LGZ0Fpv1NDGEtR5G59olL6GHcpmLh1vQPOhQLcCW2_-iwi8rPzdsI_yeiVNEzOuGJw1OUAAnxo-3A_8yar6j6svSK5Bzs2VReKQ-hWiK8gN5stpWZcStnM2xMR8CAFtyKkaPU3dVngSxssEwQjZyJMJRk7RUPC4fvimOcHOCk0jvg0hWBZ3_64qsx8mmYMEnCvpGlacD1oy3lKxS-EhqpmNcoJxL2EhXOZ8_b1u89bk8n3mIu56_Ev791Sm8U&lptoken=166670bb567394499970
IP 198.199.79.204:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (512)
Hash bddeda6ffd7458d38aa926226b9d37d8
bf75192e1bfff5b778052c15dbd0c23e8c64d966
c1dd7b53e55aaf39f7ebb8070752a9df792aad1f4c648a64dca48097f7484ea9
GET /it/1/?city=Oslo&state=Oslo&var1=itau&var2=&var3=&var4=PropellerAds%20%28CPA%29&var5=ver-oferta.site&cep=k8UulONKLlHLnxGybvPGOxDrkW0mLTPL0qgbUh_dOkIl8rYkkHnXMX7RYEBPNmgI4BE41EUIc6smvSRRMBmIPDU8E32kg4Uh6K1Rq0kKYeBEi3LGZ0Fpv1NDGEtR5G59olL6GHcpmLh1vQPOhQLcCW2_-iwi8rPzdsI_yeiVNEzOuGJw1OUAAnxo-3A_8yar6j6svSK5Bzs2VReKQ-hWiK8gN5stpWZcStnM2xMR8CAFtyKkaPU3dVngSxssEwQjZyJMJRk7RUPC4fvimOcHOCk0jvg0hWBZ3_64qsx8mmYMEnCvpGlacD1oy3lKxS-EhqpmNcoJxL2EhXOZ8_b1u89bk8n3mIu56_Ev791Sm8U&lptoken=166670bb567394499970 HTTP/1.1
Host: ver-oferta.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 06:35:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://grehtrsan.com/link?z=4456365&var=1&ymid=xxx
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c64915736a49944c493564060e1c444b
d8e1a83b5898f5fd86a161ce90b4746a794bdcdf
a1228c799453264be29dd5251948112db82f85a6732d96e88ef97798b25a5f07
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1228C799453264BE29DD5251948112DB82F85A6732D96E88EF97798B25A5F07"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 12:35:00 GMT
Date: Fri, 09 Dec 2022 06:35:00 GMT
Connection: keep-alive
push.services.mozilla.com/
54.148.69.31101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.69.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iszt3m8RilwhiXy3LnQqDA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Oi+gxsgO7r7e+Spznn5xum90CEU=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash acea7cb44141792f5d84b0c9ab8c57e4
69f1e46739200324bd891063d17c7a7083f313b7
4c0d144b20ab8cf7fec972a66e08ed2b993121e9c4b6c88bbf0f3e7388f2b058
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C0D144B20AB8CF7FEC972A66E08ED2B993121E9C4B6C88BBF0F3E7388F2B058"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5913
Expires: Fri, 09 Dec 2022 08:13:33 GMT
Date: Fri, 09 Dec 2022 06:35:00 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=merge&userId=0b8ff193179942debafb4734041aca95
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=0b8ff193179942debafb4734041aca95
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=0b8ff193179942debafb4734041aca95 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grehtrsan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 06:35:00 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0b8ff193179942debafb4734041aca95; expires=Sat, 09 Dec 2023 06:35:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8db5e5fdd6de1be318e1e2eb919fb0e7
8258c78d87a302be368193b851b55c8e32107c82
143d463b64c5b6772aa9f446e7ea1bb201fe8ce57b25779a6c99dd416a660c7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 06:35:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 16:52:37 GMT
Expires: Thu, 15 Dec 2022 16:52:36 GMT
Etag: "8258c78d87a302be368193b851b55c8e32107c82"
Cache-Control: max-age=554855,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776bb7e23c56b503-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fb93cadc7998bf9842d290b668341114
22581794ace0fb6cce5bc825fad3097f3f2a89ff
922fbf80cf4c21a8c11a07a5870f2861214a71b881959f3137af9344edc05edd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "922FBF80CF4C21A8C11A07A5870F2861214A71B881959F3137AF9344EDC05EDD"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13492
Expires: Fri, 09 Dec 2022 10:19:53 GMT
Date: Fri, 09 Dec 2022 06:35:01 GMT
Connection: keep-alive
thaudray.com/?z=4456366&syncedCookie=true&rhd=false
139.45.197.237302 Found 0 B URL HTTP/2 thaudray.com/?z=4456366&syncedCookie=true&rhd=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?z=4456366&syncedCookie=true&rhd=false HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 503
Origin: https://grehtrsan.com
Connection: keep-alive
Referer: https://grehtrsan.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 09 Dec 2022 06:35:01 GMT
content-length: 0
location: https://retryngs.com/link?z=5580261&var=4456366&ymid=624968836495712301&rdk=rk3
x-trace-id: bb2b517f25068fa3d05e9841cefeb5e4
link: <https://retryngs.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://grehtrsan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=6e725714087d4c7db13070589fb59b04; expires=Sat, 09 Dec 2023 06:35:01 GMT; path=/; secure; SameSite=None
oaidts=1670567701; expires=Sat, 09 Dec 2023 06:35:01 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b0abad899548102947de1b2084e5285d
d7a3e72f59a1af0091231dc4d3e20580664c5626
875f1fae032d3ae3d0d4f74449af6d8b10332865aef92845e6e1d249f5e3996a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "875F1FAE032D3AE3D0D4F74449AF6D8B10332865AEF92845E6E1D249F5E3996A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17275
Expires: Fri, 09 Dec 2022 11:22:56 GMT
Date: Fri, 09 Dec 2022 06:35:01 GMT
Connection: keep-alive
retryngs.com/link?z=5580261&var=4456366&ymid=624968836495712301&rdk=rk3
139.45.197.249302 Found 0 B URL HTTP/2 retryngs.com/link?z=5580261&var=4456366&ymid=624968836495712301&rdk=rk3
IP 139.45.197.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=5580261&var=4456366&ymid=624968836495712301&rdk=rk3 HTTP/1.1
Host: retryngs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 09 Dec 2022 06:35:01 GMT
content-length: 0
location: https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5580261&axcusid1=4456366&clid={ymid}&r=https%3A%2F%2Ffsccafstr.com%2Flink%3Fz%3D3956710%26var%3D5580261%26acb%3Dproxy&axcusid2=Extensions&axadvid=3508075&axcamid=6837
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 8346915224f46b7f243b5d662e7b8dd9
link: <https://cdntechone.com>; rel="dns-prefetch preconnect"
set-cookie: OAID=b1278761edec4b04bb2c67956775ee61; expires=Sat, 09 Dec 2023 06:35:01 GMT
oaidts=1670567701; expires=Sat, 09 Dec 2023 06:35:01 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e4a72671d5c3ae752457fcdc8557f16a
25c065ec082e3d583d3da74f504151a0087aa680
3e24934ded9de5f17ff3306ead3a6c5088ea6f4aec5a8fbb9b1afb9df971fbc3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3E24934DED9DE5F17FF3306EAD3A6C5088EA6F4AEC5A8FBB9B1AFB9DF971FBC3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4389
Expires: Fri, 09 Dec 2022 07:48:10 GMT
Date: Fri, 09 Dec 2022 06:35:01 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e4a72671d5c3ae752457fcdc8557f16a
25c065ec082e3d583d3da74f504151a0087aa680
3e24934ded9de5f17ff3306ead3a6c5088ea6f4aec5a8fbb9b1afb9df971fbc3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3E24934DED9DE5F17FF3306EAD3A6C5088EA6F4AEC5A8FBB9B1AFB9DF971FBC3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4389
Expires: Fri, 09 Dec 2022 07:48:10 GMT
Date: Fri, 09 Dec 2022 06:35:01 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8db5e5fdd6de1be318e1e2eb919fb0e7
8258c78d87a302be368193b851b55c8e32107c82
143d463b64c5b6772aa9f446e7ea1bb201fe8ce57b25779a6c99dd416a660c7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 06:35:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 16:52:37 GMT
Expires: Thu, 15 Dec 2022 16:52:36 GMT
Etag: "8258c78d87a302be368193b851b55c8e32107c82"
Cache-Control: max-age=554854,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776bb7e76968b503-OSL
datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
37.48.68.71200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1123
Origin: https://cdntechone.com
Connection: keep-alive
Referer: https://cdntechone.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 09 Dec 2022 06:35:01 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://cdntechone.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13160
Expires: Fri, 09 Dec 2022 10:14:21 GMT
Date: Fri, 09 Dec 2022 06:35:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13160
Expires: Fri, 09 Dec 2022 10:14:21 GMT
Date: Fri, 09 Dec 2022 06:35:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06799a30d9977b0845f525ae82355d23
6ae9a3c17dcbac5912a46ca0c99977ca3adad4ea
d7a7eeb42d36167243b3dea7147a61119cbb5d1dcc2e2304c6ddd4a62e41efd3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4914
x-amzn-requestid: b709d5ff-617b-480b-8fc3-b1408ee358b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQsoEkSIAMF0ZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7ea-4150ac397b97d1217cece045;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8DqbjuQMX0JOMpduQ1-wy_B1a957NXgsAHrZc1OwUzsmqJRKfkEpoA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:49:06 GMT
age: 31555
etag: "6ae9a3c17dcbac5912a46ca0c99977ca3adad4ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 31417
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F345b9f5c-0162-4ba2-800e-223d402d28bf.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F345b9f5c-0162-4ba2-800e-223d402d28bf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1be0ae00ba0c6009ac14c8df38b8ad0
33edd1469c54a08e3c4cb0003b87b225eba55b3f
ab70390c49c5bb3dd7e97ba008c01213a59b3bc271aa8a350ab35ff422d8b3fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F345b9f5c-0162-4ba2-800e-223d402d28bf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3030
x-amzn-requestid: c5e5e4a1-bc45-42e8-a021-9c8f99e22556
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czUqCFWBoAMFiqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639134a6-5cc9bdf360f2bfb54e16b448;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 00:49:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: x5FUJ8Cbw9B9BWcHlencYw564Xri5cgoVXkQ2MbhEjYq7Y5v2P0IxQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 11:18:08 GMT
age: 69413
etag: "33edd1469c54a08e3c4cb0003b87b225eba55b3f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:15:07 GMT
age: 83994
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 659b6eb1f1c430e2780758c7787b9a23
4792b0893827924e84cc51450012407717da4d2b
f14393b6bcc036fa9ed61114944ebb25192adfec72c09807eb7948a88c790d69
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8345
x-amzn-requestid: b1cf2094-2cf5-4e19-9ed7-4d7e220c93cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czUoREPoIAMF4hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391349b-1b78fe0a155179643ae2aeed;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 00:49:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: YMFI6I2o0A4rGZTluooPsDLGNRRY9kSAfDAFrwzXhIG4HC_W-hFIoQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 11:31:33 GMT
age: 68608
etag: "4792b0893827924e84cc51450012407717da4d2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 46275ec87d8221804dbb99f95b035131
c47af4e5770daad212f4290527b00321285105f8
2118ec68c738683d8f7e11b95239ca92fda2b9b5054aa7b128267eec0d0634c5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8803
x-amzn-requestid: e8516be3-5ce9-4f15-b522-c81c1e57a0e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjtK9GavoAMFjpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af579-538cc8f300938698004f2241;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:06:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MiOdXHxd9Vmeji8Yqd8LG_EqYoMGf0YBy6by9bhfjb12y1OxKVvvqw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:56:08 GMT
age: 9533
etag: "c47af4e5770daad212f4290527b00321285105f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0a999c180217729c21bcc178dda9344
f552c6ba58bef43dd7424cc3b861c3d0ce5eddd4
85a6949c358f0b84246480274561a59a18804bbd52fdd657e77fa994868966e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85A6949C358F0B84246480274561A59A18804BBD52FDD657E77FA994868966E9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5191
Expires: Fri, 09 Dec 2022 08:01:32 GMT
Date: Fri, 09 Dec 2022 06:35:01 GMT
Connection: keep-alive
fsccafstr.com/link?z=3956710&var=5580261&acb=proxy&axcusid2=Extensions&axadvid=3508075&axcamid=6837
139.45.197.238302 Found 0 B URL HTTP/2 fsccafstr.com/link?z=3956710&var=5580261&acb=proxy&axcusid2=Extensions&axadvid=3508075&axcamid=6837
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=3956710&var=5580261&acb=proxy&axcusid2=Extensions&axadvid=3508075&axcamid=6837 HTTP/1.1
Host: fsccafstr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdntechone.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 09 Dec 2022 06:35:01 GMT
content-length: 0
location: https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=3956710&axcusid1=5580261&clid={ymid}&r=https%3A%2F%2Ffinancesurvey180.space%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D74d73be9691d477eb23d6a0e61915e49%26s%3D624968597367959985%26z%3D3956710%26var%3D5580261%26testinapp%26autoexit_86400%3D3953544%26acb%3Dproxy&axcusid2=Tech&axadvid=875028&axcamid=1916
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a1ae2fe435241ef1ff77a2253ef09dcc
link: <https://cdntechone.com>; rel="dns-prefetch preconnect"
set-cookie: OAID=74d73be9691d477eb23d6a0e61915e49; expires=Sat, 09 Dec 2023 06:35:01 GMT
oaidts=1670567701; expires=Sat, 09 Dec 2023 06:35:01 GMT
OXCCLK=4105106.1; expires=Sat, 09 Dec 2023 06:35:01 GMT
allcnt=1; expires=Sat, 09 Dec 2023 06:35:01 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
37.48.68.71200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1283
Origin: https://cdntechone.com
Connection: keep-alive
Referer: https://cdntechone.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 09 Dec 2022 06:35:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://cdntechone.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.pki.goog/s/gts1p5/ALUpf7FL8NQ
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ALUpf7FL8NQ
IP 142.250.74.131:0
Hash 00aece145bb28c2b97257e6f05e32d2c
6255845a17ac14e2bc98a53b9e5eb78478bb9c24
cb313ccd005dd944966a78d6d3b3335affeca9b1ba34d3934cd67ecae17aa777
POST /s/gts1p5/ALUpf7FL8NQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 06:35:02 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/ALUpf7FL8NQ
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ALUpf7FL8NQ
IP 142.250.74.131:0
Hash 00aece145bb28c2b97257e6f05e32d2c
6255845a17ac14e2bc98a53b9e5eb78478bb9c24
cb313ccd005dd944966a78d6d3b3335affeca9b1ba34d3934cd67ecae17aa777
POST /s/gts1p5/ALUpf7FL8NQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 06:35:02 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
financesurvey180.space/assets/7645149297743cd29764.svg
172.67.193.219200 OK 5.4 kB URL HTTP/2 financesurvey180.space/assets/7645149297743cd29764.svg
IP 172.67.193.219:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1080)
Hash 329a284f3e09214eb550f52fc1b1e120
a20e11d3caccd081a601bcd62dfe2eec7d444f5e
043119c9ba613c7e6d87989b0a1c3bef8cad127878a4348e0726360cef4239ff
Analyzer Verdict Alert fortinet Phishing
GET /assets/7645149297743cd29764.svg HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-c19"
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TtPNWVk7aH6ZLB7U9Pahk%2BW1KWIM4E6AWfOpPErg16KCfm0oWLCEXg4RL8djHuJJYmnifVLbGsrTMsTQdQ3fAlY18zDP%2FTsZ4KCGW8CSmeSSror3s%2FQ6djC8Ivhxlx7DahqPyE9o6BiD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4da8b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/survey.12.3b66b903.js
172.67.193.219200 OK 58 kB URL HTTP/2 financesurvey180.space/js/survey.12.3b66b903.js
IP 172.67.193.219:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c6e58cbbd133118018b09593a78ca334
df31b2cb8ceff6030bafdf3049ef7dba3d1309bd
e9ef49e533e2787c7590c60ef94d717f3c0bd789a7e53dcefd34bfb1b5eac064
Analyzer Verdict Alert fortinet Phishing
GET /js/survey.12.3b66b903.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=211926
etag: W/"63920b4f-33bd6"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5w31RA6bBYD1b%2Bwf1FXFPUVBKbS5BvWFfmR3GoCi6JdQFK7lIJbi6GmfFsHuJeDn1obqQaP0Re%2FwrtdMIsGpHnz1wSHvL1G4L9gxOcPQvZ%2BySUy%2Fy96UcXR%2BStqcDILMGC12LiSCHqQW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb5db2b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/binom-pixel.2841d839.js
172.67.193.219200 OK 615 B URL HTTP/2 financesurvey180.space/js/binom-pixel.2841d839.js
IP 172.67.193.219:0
File type ASCII text, with very long lines (1359), with no line terminators
Hash 1eda890d8af9ae22877409898f37673a
b9a23a5893f7283131bf902abf3aefc6d3638013
20c134efb4cd538d971e5d5d8cf1ba77d571b83cbd996c65257cf6471c8013d2
Analyzer Verdict Alert fortinet Phishing
GET /js/binom-pixel.2841d839.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b4f-54f"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3wkFSrk24VdN8%2FifdmO%2Fcfc9Dq0fw2bcDXebf4zA5DaKhUiLk6wSD7%2Bc9X5VkwarzQvzyHvLZuAFHFNBCZE7wquCn4i8crgF8hH%2FvOj6zMWDvhwqPUZbjgCDNPo7OnLDhjDYnWWKb4U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb5db3b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/v-redux-toolkit.esm.js.d71e3cf0.js
172.67.193.219200 OK 4.1 kB URL HTTP/2 financesurvey180.space/js/v-redux-toolkit.esm.js.d71e3cf0.js
IP 172.67.193.219:0
File type ASCII text, with very long lines (10396), with no line terminators
Hash 2aca45f2e65d1ecde1d7a9815589dc80
73c6e0a40264d9fe41888d4a4eb26e105d72f871
98961020995c45b4a939325093419804c80caa941d5812c2dec5a92e87f0f2a4
Analyzer Verdict Alert fortinet Phishing
GET /js/v-redux-toolkit.esm.js.d71e3cf0.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b50-289c"
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8f2Op%2BMglN9p0QeR294xkpPlbYGIrtsOopO5ZC1MJkzvEbe6Wek13dqFEolhjdoDsbGvoViLO%2B7i6R1N6UUZtl3cKUed1qERdofeXUR7ST63XPoQncvJL9eIhmnsNkNcOKbt9P5NU4DG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb5db0b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/css/finance-many.f62e95c1.css
172.67.193.219200 OK 3.1 kB URL HTTP/2 financesurvey180.space/css/finance-many.f62e95c1.css
IP 172.67.193.219:0
File type ASCII text, with very long lines (15282), with no line terminators
Hash 633c3c9107d047e731b35bb76f3f503b
ef7bd0aedefdc4118312a2a5d9bbc19ae6b3490c
a32aeebf27838aa5303d50af679bcc4a645e2ab079c6a16163204e0a025451ab
GET /css/finance-many.f62e95c1.css HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=15338
etag: W/"63920b4f-3bea"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2946
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2BQrCQ4ARWb1pGHJh3VX9ZE4cq88N7hOxT5woUpX8724NuPTbzd0yQbQXe9yKf%2BAw2j8R%2BmHiZsXdx3TzSkf4v8fJEZuM86RED0EiPr3WI3ias3WXsEdQQJW5Uvk6YiCVejeH6yz%2BjNC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4da6b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash a9f65d8a0d192b88ead49d6fb8fea7c8
4386a45efa6f822346d3d1701d8d6c02546c78be
7d2d624afea7f6c0aaa352d0f6029cc3c7d1e5101d8c75301d3e8d495470a659
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 06:35:02 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Tue, 13 Dec 2022 03:02:14 GMT
ETag: "4386a45efa6f822346d3d1701d8d6c02546c78be"
Last-Modified: Fri, 09 Dec 2022 03:02:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 66
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776bb7eebe521c0e-OSL
mc.yandex.ru/metrika/tag.js
87.250.251.119200 OK 94 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.251.119:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash fa66db2236c9b1a75ef2edceb6e37388
3a2898a9591fc0fc41f5f525df75daf4238c5e58
7f49628c80e83adb395f34c4f8517200052cf3998bb263525256b2cf649126f4
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73711
date: Fri, 09 Dec 2022 06:35:02 GMT
access-control-allow-origin: *
etag: "6391b12a-11fef"
expires: Fri, 09 Dec 2022 07:35:02 GMT
last-modified: Thu, 08 Dec 2022 12:40:58 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 06:35:03 GMT
access-control-allow-origin: *
etag: "6391b12a-2b"
expires: Fri, 09 Dec 2022 07:35:03 GMT
accept-ranges: bytes
last-modified: Thu, 08 Dec 2022 12:40:58 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Ffinancesurvey180.space%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D74d73be9691d477eb23d6a0e61915e49%26s%3D624968597367959985%26z%3D3956710%26var%3D5580261%26testinapp%3D%26autoexit_86400%3D3953544%26acb%3Dproxy%26axcusid2%3DTech%26axadvid%3D875028%26axcamid%3D1916%26utm_campaign%3D5580261%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A797517512655%3Ahid%3A597488309%3Az%3A0%3Ai%3A20221209063502%3Aet%3A1670567702%3Ac%3A1%3Arn%3A479492394%3Arqn%3A1%3Au%3A1670567702767517153%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C77%2C0%2C%2C0%2C%2C206%2C1%2C%2C%2C%2C320%3Aco%3A0%3Ans%3A1670567701572%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670567702%3At%3A%24%24%24%20Online%20Test&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
87.250.251.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Ffinancesurvey180.space%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D74d73be9691d477eb23d6a0e61915e49%26s%3D624968597367959985%26z%3D3956710%26var%3D5580261%26testinapp%3D%26autoexit_86400%3D3953544%26acb%3Dproxy%26axcusid2%3DTech%26axadvid%3D875028%26axcamid%3D1916%26utm_campaign%3D5580261%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A797517512655%3Ahid%3A597488309%3Az%3A0%3Ai%3A20221209063502%3Aet%3A1670567702%3Ac%3A1%3Arn%3A479492394%3Arqn%3A1%3Au%3A1670567702767517153%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C77%2C0%2C%2C0%2C%2C206%2C1%2C%2C%2C%2C320%3Aco%3A0%3Ans%3A1670567701572%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670567702%3At%3A%24%24%24%20Online%20Test&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash 9bb2995acb8ebbb6d92805edebb1a215
9471d63f7cf99e88d0990615216c13e3a90b05d2
aabb4702faad0015878b90554398232e9b73cd717e6e2f7f4062a2c916e104b2
GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Ffinancesurvey180.space%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D74d73be9691d477eb23d6a0e61915e49%26s%3D624968597367959985%26z%3D3956710%26var%3D5580261%26testinapp%3D%26autoexit_86400%3D3953544%26acb%3Dproxy%26axcusid2%3DTech%26axadvid%3D875028%26axcamid%3D1916%26utm_campaign%3D5580261%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A797517512655%3Ahid%3A597488309%3Az%3A0%3Ai%3A20221209063502%3Aet%3A1670567702%3Ac%3A1%3Arn%3A479492394%3Arqn%3A1%3Au%3A1670567702767517153%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C77%2C0%2C%2C0%2C%2C206%2C1%2C%2C%2C%2C320%3Aco%3A0%3Ans%3A1670567701572%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670567702%3At%3A%24%24%24%20Online%20Test&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://financesurvey180.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Fri, 09 Dec 2022 06:35:03 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://financesurvey180.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 06:35:03 GMT
last-modified: Fri, 09-Dec-2022 06:35:03 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
grehtrsan.com/link?z=4456365&var=1&ymid=xxx
139.45.197.236200 OK 0 B URL HTTP/2 grehtrsan.com/link?z=4456365&var=1&ymid=xxx
IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=4456365&var=1&ymid=xxx HTTP/1.1
Host: grehtrsan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 06:35:00 GMT
content-type: text/html; charset=utf8
x-trace-id: dd81517347339c2bd6dbc7d68fb5d51f
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0b8ff193179942debafb4734041aca95; expires=Sat, 09 Dec 2023 06:35:00 GMT; path=/; secure; SameSite=None
oaidts=1670567700; expires=Sat, 09 Dec 2023 06:35:00 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
allcnt=1; expires=Sat, 09 Dec 2023 06:35:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5580261&axcusid1=4456366&clid={ymid}&r=https%3A%2F%2Ffsccafstr.com%2Flink%3Fz%3D3956710%26var%3D5580261%26acb%3Dproxy&axcusid2=Extensions&axadvid=3508075&axcamid=6837
172.67.149.153200 OK 0 B URL HTTP/2 cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5580261&axcusid1=4456366&clid={ymid}&r=https%3A%2F%2Ffsccafstr.com%2Flink%3Fz%3D3956710%26var%3D5580261%26acb%3Dproxy&axcusid2=Extensions&axadvid=3508075&axcamid=6837
IP 172.67.149.153:0
GET /r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5580261&axcusid1=4456366&clid={ymid}&r=https%3A%2F%2Ffsccafstr.com%2Flink%3Fz%3D3956710%26var%3D5580261%26acb%3Dproxy&axcusid2=Extensions&axadvid=3508075&axcamid=6837 HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:01 GMT
content-type: text/html
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZTPAwezv6ZNzghKnY5kXZWCw4tnX9l6mHZ6XZtaH4Kcod%2FLR6UwMtMx3%2FxfIf898SI0QimietFqatPsrB6%2BqKiihpwy6g9t26eNyF2ouPfyEkGrjRAngqE9uCtDGWpI6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7e5cbc7b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/v-react-dom.production.min.js.088acd9e.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/v-react-dom.production.min.js.088acd9e.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-react-dom.production.min.js.088acd9e.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b50-1f8c5"
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYAZsMSuMZG70G4IdhGPCUBDE5m4GZYejKUdkBzhuvv7M0ZbEaVcWzMntWfgEkhhfhQThh6cUCs8Fj%2BSpt6rUlIL%2FXMVq7jmQ4iS38ZpA6gYaJKfAV01YsXF0V4o5Pe86euT5grY6G5Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb5daeb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/v-FormData.js.14ea4c03.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/v-FormData.js.14ea4c03.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-FormData.js.14ea4c03.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b4f-bf"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrWtLye1dSk0elZarFunfav4mrriiO%2FjQ7Lngxhtlyb7upni812ce7CURpWpcPgkOsuRyP99g4dQOp%2B2B7yluzvgDtFeRs7YH5j3%2F3ZCqWrij9RoRUfevlVcExMnL%2B%2BC%2FnNoo6ohTIHK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4d9db4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/v-index.js.209a329e.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/v-index.js.209a329e.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-index.js.209a329e.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b4f-92d3"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XJyquK8mvN2RKBvRQTrqHILq47a9J5GD4gN1a4%2BxZhCz9TJpmkp5pvrIU99mMyFCokHWP7ZX7GHMRf6Zg%2BCfO3Wl%2FSXiSxbK5Z1%2F0R%2BjSpYTBcikd6rW%2BPVwDUBMV71Iy3CAQA8SOht"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4d9ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/css/survey.cd8123e3.css
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/css/survey.cd8123e3.css
IP 172.67.193.219:0
GET /css/survey.cd8123e3.css HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=19034
etag: W/"63920b4f-4a5a"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2946
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MlrUlWyhAaOq3WuhBqxUpR36XEQefQ7sSotM2rmn9%2BnnFO5e9Z%2FRu0BK4woCT7%2BotkBEajZPeAGviTGtTwCoZgeNLDwbng9xmQ0FEjPFcSySPV0MfnJmxWvSWZN029mPQNO3ep0iot5h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4da1b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/survey.html?offer_id=1916&geo=NO&oaid=74d73be9691d477eb23d6a0e61915e49&s=624968597367959985&z=3956710&var=5580261&testinapp&autoexit_86400=3953544&acb=proxy&axcusid2=Tech&axadvid=875028&axcamid=1916
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/survey.html?offer_id=1916&geo=NO&oaid=74d73be9691d477eb23d6a0e61915e49&s=624968597367959985&z=3956710&var=5580261&testinapp&autoexit_86400=3953544&acb=proxy&axcusid2=Tech&axadvid=875028&axcamid=1916
IP 172.67.193.219:0
GET /survey.html?offer_id=1916&geo=NO&oaid=74d73be9691d477eb23d6a0e61915e49&s=624968597367959985&z=3956710&var=5580261&testinapp&autoexit_86400=3953544&acb=proxy&axcusid2=Tech&axadvid=875028&axcamid=1916 HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdntechone.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: text/html
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TKPvoybegt3sGUmoKRQHAiu1sTkW3g0Zr1DwnZUHLC3nrCAdnmbMZ1JYkD0%2Bq%2FeYmuUAeDRZaCrA7ZLCjtdnvGsMciMrsm1fehXkdCnmIdsw%2Bije4VKl8aHc%2FiSnS7M6qyTTZA1aLqVH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7ea8d23b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/rtc.e1fb7744.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/rtc.e1fb7744.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/rtc.e1fb7744.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b4f-29d4"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2946
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dys%2FgUbgMs%2FoXgz3oYezWG1JjGrLNuur%2Fqjinq9w6mD7ZfCsSBHCGfkD9IWXge0TdSU4DL6oA3U5iQ2%2F5Pia5gT%2BKFLJzK%2BTxVeoQ5qUsmi1HdlvtnlUHZNp6Vo%2FdCCurxj9BVT%2FCkxr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4d97b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/v-URLSearchParams.js.f8f87c95.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/v-URLSearchParams.js.f8f87c95.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-URLSearchParams.js.f8f87c95.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b4f-dc"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p7mK1vdBAquHt0zK3ArnU%2BYy9%2BmrsVCo%2FYyhPSPlBBq2BeWsYgSqroDP%2BZmTuXjR%2FYr9hkPBEwCyRBtjTewnU27DSkUWxujMGyJTB4idQYj5bRK2q9Yxr3Ih7FXIgY3SiOsz6XMsdBly"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4d9eb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/survey-site.8b0e9199.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/survey-site.8b0e9199.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/survey-site.8b0e9199.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b50-10a1"
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rh6tSg9Z%2Fz1RW1ANgz%2Bt%2FklHHBLUdNpdGREMeU8keMoKUm7HB4101PYE%2BxA4K27TtjzgBIJn4OY13V2gFwfh7I%2F5xFrXEEDZJ5r1NPniV%2B8LNaPEl3YBrhAjrK7sLv4jjkP%2Fzwz9DiKh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4daab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/each-land-config.97d1826a.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/each-land-config.97d1826a.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/each-land-config.97d1826a.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=66362
etag: W/"63920b4f-1033a"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vsk81kaoIBXPVVjhUzkgkTWytCkCU1AFg2w7tnOKQdYJyNh%2BU3G%2BDDXOqH2yNJJdz9px4GRYeojl8s7gWPaLq8Ws7MEOD5czDuPeQSwX%2FfEOCNExfmzDG8yIzbJ6r9czonbbm4TW2Oqs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4d9fb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/_global-config-sd.975f2fa5.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/_global-config-sd.975f2fa5.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/_global-config-sd.975f2fa5.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b50-1db"
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2946
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XmDJelMBDoe%2Byy5smmxP0CqSkT9rzWmJJBKq6bTYVxyOSE7wjPxUJaDhCiQt%2BoF9zATRgwwPoAXuMVHwrBfXKKdTrqwmbXVJ2KrnFvYXYLyhaaUP1vFMPmwkIz9isq5sz8%2F%2FJR59wTtf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4d95b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/v-utils.js.d156afc7.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/v-utils.js.d156afc7.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-utils.js.d156afc7.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=8634
etag: W/"63920b4f-21ba"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PAdqeDl3O6nAbGOer%2FBOYt2vOjt9hPJP4Cmnux%2By3reTe9W0QxTQ4wwI4qqycjvyMXfPhxS%2BA29tR6t6JvPZOMX8BjGPDgtHwX7YORCG2h1aSX2VhnDXKdPvfNT42pIi%2Fbgsa%2Fk6%2BDMU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4d9bb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Ffinancesurvey180.space%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D74d73be9691d477eb23d6a0e61915e49%26s%3D624968597367959985%26z%3D3956710%26var%3D5580261%26testinapp%3D%26autoexit_86400%3D3953544%26acb%3Dproxy%26axcusid2%3DTech%26axadvid%3D875028%26axcamid%3D1916%26utm_campaign%3D5580261%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A797517512655%3Ahid%3A597488309%3Az%3A0%3Ai%3A20221209063502%3Aet%3A1670567702%3Ac%3A1%3Arn%3A479492394%3Arqn%3A1%3Au%3A1670567702767517153%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C77%2C0%2C%2C0%2C%2C206%2C1%2C%2C%2C%2C320%3Aco%3A0%3Ans%3A1670567701572%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670567702%3At%3A%24%24%24%20Online%20Test&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.251.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Ffinancesurvey180.space%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D74d73be9691d477eb23d6a0e61915e49%26s%3D624968597367959985%26z%3D3956710%26var%3D5580261%26testinapp%3D%26autoexit_86400%3D3953544%26acb%3Dproxy%26axcusid2%3DTech%26axadvid%3D875028%26axcamid%3D1916%26utm_campaign%3D5580261%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A797517512655%3Ahid%3A597488309%3Az%3A0%3Ai%3A20221209063502%3Aet%3A1670567702%3Ac%3A1%3Arn%3A479492394%3Arqn%3A1%3Au%3A1670567702767517153%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C77%2C0%2C%2C0%2C%2C206%2C1%2C%2C%2C%2C320%3Aco%3A0%3Ans%3A1670567701572%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670567702%3At%3A%24%24%24%20Online%20Test&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Ffinancesurvey180.space%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D74d73be9691d477eb23d6a0e61915e49%26s%3D624968597367959985%26z%3D3956710%26var%3D5580261%26testinapp%3D%26autoexit_86400%3D3953544%26acb%3Dproxy%26axcusid2%3DTech%26axadvid%3D875028%26axcamid%3D1916%26utm_campaign%3D5580261%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A797517512655%3Ahid%3A597488309%3Az%3A0%3Ai%3A20221209063502%3Aet%3A1670567702%3Ac%3A1%3Arn%3A479492394%3Arqn%3A1%3Au%3A1670567702767517153%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C77%2C0%2C%2C0%2C%2C206%2C1%2C%2C%2C%2C320%3Aco%3A0%3Ans%3A1670567701572%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670567702%3At%3A%24%24%24%20Online%20Test&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://financesurvey180.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Ffinancesurvey180.space%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D74d73be9691d477eb23d6a0e61915e49%26s%3D624968597367959985%26z%3D3956710%26var%3D5580261%26testinapp%3D%26autoexit_86400%3D3953544%26acb%3Dproxy%26axcusid2%3DTech%26axadvid%3D875028%26axcamid%3D1916%26utm_campaign%3D5580261%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A797517512655%3Ahid%3A597488309%3Az%3A0%3Ai%3A20221209063502%3Aet%3A1670567702%3Ac%3A1%3Arn%3A479492394%3Arqn%3A1%3Au%3A1670567702767517153%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C77%2C0%2C%2C0%2C%2C206%2C1%2C%2C%2C%2C320%3Aco%3A0%3Ans%3A1670567701572%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670567702%3At%3A%24%24%24%20Online%20Test&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Fri, 09 Dec 2022 06:35:03 GMT
access-control-allow-origin: https://financesurvey180.space
set-cookie: yabs-sid=391044831670567703; Path=/; SameSite=None; Secure
i=DL2r6RYjJjJIUHYriPLD4kcE54xSs9s0dbrA8jOq4YNnrgj8tEwmfBUPJHQbfK9BXpu9/IpaA9NhhFGrEXBXNyP0/1Y=; Expires=Mon, 06-Dec-2032 06:34:56 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=3423364381670567703; Expires=Sat, 09-Dec-2023 06:35:03 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3423364381670567703; Expires=Sat, 09-Dec-2023 06:35:03 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1702103703.yc.1670567703#1702103703.yrts.1670567703#1702103703.yrtsi.1670567703; Expires=Sat, 09-Dec-2023 06:35:03 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 06:35:03 GMT
last-modified: Fri, 09-Dec-2022 06:35:03 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
financesurvey180.space/js/v-_equalByTag.js.34ccca25.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/v-_equalByTag.js.34ccca25.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-_equalByTag.js.34ccca25.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b4f-3a7"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2uhEchb2tIh3VbWnYQSPPCJW7jK%2FCPx7Ivrmx3aWg9YsXuhxZNcGnB1njBXTfxupkxOvNu6gPc1W8Pj4XbCfq040yjsKPvR8ilmJcqr0FU6%2BFcAw4IipNRwTSgNJjC2BHXmVutP0Kn5n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4dabb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/css/style.94ff2c9d.css
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/css/style.94ff2c9d.css
IP 172.67.193.219:0
GET /css/style.94ff2c9d.css HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=39623
etag: W/"63920b4f-9ac7"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2946
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYNetfKEI31mQsbijSXXJEjCW0yTJ7%2BK9FozPK9EdGRV0DtV3NJ8FVep6lg6YMYrZPJzj5de6q%2F9c%2BkujGywph2rkSntWUOl3tLKkGO9iog9D70ZiqIEdzssitNoqxiNPOTZNlTAjdfk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb4da3b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
financesurvey180.space/js/v-_baseIsEqualDeep.js.eabb141c.js
172.67.193.219200 OK 0 B URL HTTP/2 financesurvey180.space/js/v-_baseIsEqualDeep.js.eabb141c.js
IP 172.67.193.219:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-_baseIsEqualDeep.js.eabb141c.js HTTP/1.1
Host: financesurvey180.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 06:35:02 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63920b4f-2d0"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BctFo51BfXQjxdwN8iPMSZqLfDoTIxDxeEMqNS4kze5yeOe%2Fyx9CSGEPZb4dJ9f2f4Hz1IwZ4Bggn5URTlCzdoreUhYyol8%2BX8tgD%2F%2BEY4fgkLEzmWUnfb7P%2BJTRNpftFV6SKkBo5kRu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776bb7eb5dadb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2