960.novitrk1.com/smartlink?mongo_id=6354da16b8c9fb7e2f154296&mongo_grouped_id=6354da159bf193136c4d981d&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
188.240.52.20302 Found 718 B URL HTTP/1.1 960.novitrk1.com/smartlink?mongo_id=6354da16b8c9fb7e2f154296&mongo_grouped_id=6354da159bf193136c4d981d&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
IP 188.240.52.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9d632283f714da80c96c4abf16921819
ea0432725bf98f7da34985995748e4976b9150ee
8367626a69844df5571f2de1c4b3a1e004c79ba18ba62a35d4a136e8ef52c8d7
GET /smartlink?mongo_id=6354da16b8c9fb7e2f154296&mongo_grouped_id=6354da159bf193136c4d981d&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript HTTP/1.1
Host: 960.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Sun, 23 Oct 2022 06:07:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
Location: https://960.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImFzb3Bvak9ialdQenY2aE56aGhkZEE9PSIsInZhbHVlIjoibFdIUnlUUnN1YUpuMS9iYjhhQVYvdFNLNVBneElRU09MeWNOSUE3RTNSZkpMQ1dMQUdhSGNITmJ6emI3M3JQOXViMTBzTk12RDFmUXQ3SVlzV1RYOFNqWm1vYnZ1ZkkzblBJVEhETjVqbWtXc0ozcU5sQ0FBR05JbURvQ1BaQWgiLCJtYWMiOiI4NGFjNTZjNWE4NGI3YWRmODk0OGQyODhjYjMwNDljYTI5NjZlMWVmNzQ0ZDRjZTJjNDVlMTQ4Y2IxZmFmNTE3IiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 08:07:28 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImU4ZlZxRjNtOWNid1pQRmV3NjZOTmc9PSIsInZhbHVlIjoia3FObGQrUDJlYWttUjB0VU5aKzlub1FiTVVjZEdxMEpva0N5VEFjU2JyanAwdWQ2dVF6L3JLZmxldHVpdFFSZk1DZUtVeXdtV0lwMlF2QXRmWW5wcGpKYS9ldVBzbUdCbFIzOFFHNVl3am54ZE5pdFR4c3kxMEpma0dpTjVTc0kiLCJtYWMiOiI4MjlmZTNmNmQxODEyYzU5NThhNDFkNDI4N2NhYjFkMWJiZjc5ZDMwNjg4NTk1MjA1NTI0ZTYzMzljYTkzZDBiIiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 08:07:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 23 Oct 2022 05:52:50 GMT
Expires: Sun, 23 Oct 2022 06:06:35 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: brDA2wDcJeI4wAtF0jfl4QQ4JdkwAIWeJEr1GVhhM3SP5mxfLXQtcg==
Age: 878
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5126
Expires: Sun, 23 Oct 2022 07:32:54 GMT
Date: Sun, 23 Oct 2022 06:07:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cecd3b2e0cd07173ee1fb63b0a744119
774e0935fffd5bb39799c040098e32c3dc88702f
78c2c60f2d752f572f1711e23aa3f82d5e5bce1940064405f6f989886f6315df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78C2C60F2D752F572F1711E23AA3F82D5E5BCE1940064405F6F989886F6315DF"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6208
Expires: Sun, 23 Oct 2022 07:50:56 GMT
Date: Sun, 23 Oct 2022 06:07:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sorsOpfAv5fx3v4itVEeh7fAzznWuLOy78TMuHSMRU0BC6fQWsxqHx4R26FguV6UI+qF8zZFPeY=
x-amz-request-id: G5QP4Y973WCGGJVC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 23 Oct 2022 05:07:58 GMT
age: 3570
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 06:07:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 23 Oct 2022 05:43:40 GMT
Expires: Sun, 23 Oct 2022 06:21:36 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6rAJ7nkzt0sAA9gfoDqluSVNifBjAQ78i14txYt14POx-1V8-p7Slg==
Age: 1429
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6367
Cache-Control: max-age=99923
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:07:29 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 09:52:52 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.136.7101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.136.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VgRrqZAlu0m/OwA/7Zu0GQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 03wvKvDFXpT85pfPPNEdkjIwZQ8=
m.news-page.net/favicon.ico
99.198.108.195200 OK 1.2 kB URL HTTP/2 m.news-page.net/favicon.ico
IP 99.198.108.195:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_term=7157585543084113984&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=915b44961dd09b72f8da6d5a9b280989
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 06:07:30 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Mon, 24 Oct 2022 06:07:30 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5582
Expires: Sun, 23 Oct 2022 07:40:32 GMT
Date: Sun, 23 Oct 2022 06:07:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5582
Expires: Sun, 23 Oct 2022 07:40:32 GMT
Date: Sun, 23 Oct 2022 06:07:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5582
Expires: Sun, 23 Oct 2022 07:40:32 GMT
Date: Sun, 23 Oct 2022 06:07:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bed49abb7a64c9f0717ac283b30bff8b
0f9e4ab8e7ceff21752ea83a243431fc4c78a4e3
ddb5ed6e7b818593ac9819be0a8d376e26ef3b45b417f00ce1d7dbee47465bec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4746
x-amzn-requestid: fa85cf46-7cea-439e-92d5-db3875ff4479
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aIQpNFk5IAMF16Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634cc7d4-245cdd691d0c415d508421ce;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 03:11:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _-h7oz6Zv1P40jltqN71dpyrUJG_HzVJS8gKby0vgdkaNJ4ljXUwCg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 15:25:14 GMT
age: 52937
etag: "0f9e4ab8e7ceff21752ea83a243431fc4c78a4e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080f3444-90ed-495b-96d4-2db78eb397df.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080f3444-90ed-495b-96d4-2db78eb397df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c0675dc4be3e7a62f7083f4b34e5959
f6c43d035774306f3622029fb6a2c9d44086a3f8
56153c1a09bbf2a2d0079fe15ee54733460bbce7572d6b1b66972a0e00123b1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080f3444-90ed-495b-96d4-2db78eb397df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7588
x-amzn-requestid: b6a2786a-7863-49b7-b96f-09b94c44dcdc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abRm0GRfIAMFVcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635462f8-58ef725d7c9a71fc0c90a86d;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:39:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jtZFCDkxgLwr6JRka5OuVuFcxmZH4sNWrhT_kx1DkFTSN3NQ9NUu0Q==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:43:36 GMT
etag: "f6c43d035774306f3622029fb6a2c9d44086a3f8"
content-type: image/jpeg
age: 30235
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59238334-9f45-421d-9067-ed59fbf8b0b6.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59238334-9f45-421d-9067-ed59fbf8b0b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a47128c87b628846400333388bd8326
b0d44fc160f020dba7782d1ffd3995b93bceb909
77123eae8c61d6ad061d2a0720b608d34ca9ed59e274ecb6824e5fc30a997505
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59238334-9f45-421d-9067-ed59fbf8b0b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10292
x-amzn-requestid: fca5e428-9855-4891-bc80-5ff5a7c29ca0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aDVCRHlRIAMFgdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634acedb-140b0cdc0d2d814e4ee53ef7;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 15:16:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uuzjffiuDYZObYZ1pP6_ndGpUxpxM3AVamvctTfVkDIv9fxF-0RZUg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 03:09:44 GMT
age: 10667
etag: "b0d44fc160f020dba7782d1ffd3995b93bceb909"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50afa8fe-bd4e-4951-bc9f-b9a25aa28c7b.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50afa8fe-bd4e-4951-bc9f-b9a25aa28c7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 319c9a70bded148097c378aee2e5e7e3
9815cabee697f91758b3d6049b33b6e6372fc69e
511dfb789ee7031302e0b18761854b93b47a7113d7a6a1a8ee16b3f1e425786b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50afa8fe-bd4e-4951-bc9f-b9a25aa28c7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8344
x-amzn-requestid: 563c255f-62bf-4038-92e0-ffb869de9acd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abRkFHUUIAMFY3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635462e6-34b76ac446e96214580e6fe6;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:38:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ODC-cdFkM2mIQFcZjYm_ECZjhrFEewsJxzlZXisEt8l8GYnD4KuKEg==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:43:36 GMT
age: 30235
etag: "9815cabee697f91758b3d6049b33b6e6372fc69e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bcadefe69587d4ab5bf5ff9e71eb5cab
066fb94a6ae38e57d67001cc319eea17f837d511
45b175a2cecee90b2d0efc16c4139686ffcf34bfac9084fe9e5e1c926dc1330c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10036
x-amzn-requestid: b1f0e0b9-6fc6-4b7c-a9b0-55845cdfd2d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abR9aEvjIAMF22Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63546388-72742b3a1279d76e2e842930;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:41:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e-Q7z6QYQB1CGZ57JUJIf6l7Ofu9nGkF-ONfTrXJb6MMegchNYMqWQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:50:36 GMT
etag: "066fb94a6ae38e57d67001cc319eea17f837d511"
content-type: image/jpeg
age: 29815
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeb090f5-d3fb-4dcf-bfb4-7490dee6c833.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeb090f5-d3fb-4dcf-bfb4-7490dee6c833.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebab98ee9ab567348e2c31cccdbc62c2
6c453568c39d65380ebcf7151b5383994b864abe
e9bf601eb67aa9778b326e7568f990352d9bfa574da283e879e62e9a2dddb2fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeb090f5-d3fb-4dcf-bfb4-7490dee6c833.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6821
x-amzn-requestid: 05d1de38-a072-4392-b1c6-a07f7d67fbf0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMGWZGH-IAMFVzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e50f5-3868ae460a52caa178d8ff2f;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:08:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Q0jfZigs37oi_sofHLQimt37uujfVdoqz2kLm26FgF5i1ziagz3noQ==
via: 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:09:09 GMT
age: 32302
etag: "6c453568c39d65380ebcf7151b5383994b864abe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
51.68.85.158200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
IP 51.68.85.158:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3760)
Hash eb849d587cc39e119d18ff3de4f4f037
39676f0b54f7fae64a5ad9b7dac65322c243bbef
495ec6b516ef65414e5612396894e9984bfa3a453dcefa1c06432c2cf69797de
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 06:07:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=31e6b68ea830abfa922fbd263f68095c&eyer=0.49178252075269513&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=31e6b68ea830abfa922fbd263f68095c&eyer=0.49178252075269513&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=31e6b68ea830abfa922fbd263f68095c&eyer=0.49178252075269513&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Sun, 23 Oct 2022 06:07:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.49178252075269513&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.49178252075269513&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.49178252075269513&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.49178252075269513&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Sun, 23 Oct 2022 06:07:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=23000c1b60bf5788039ad6d89df4868da366e1023-202210-flb*5467509-4538f*M7157585543084113984*sl_5467509-4538f*f5424250eec64509d58099632e8e82864bb792c7*4472-bfdf314f-6f01772b*4472
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 3d3f3a662afd3821be45bd398d574c17
d75d094bf1cd9d98f87b5bcb551b44811b703381
2514fedb43587bc8610923fde64b2da4090bfc08e7ac103aad15d7fd4a7f385c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 859
Cache-Control: max-age=147368
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:07:34 GMT
Etag: "63547373-13a"
Expires: Mon, 24 Oct 2022 23:03:42 GMT
Last-Modified: Sat, 22 Oct 2022 22:49:23 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 314
www.wewillserv.com/favicon.ico
51.68.85.158204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Sun, 23 Oct 2022 06:07:34 GMT
Connection: keep-alive
harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=23000c1b60bf5788039ad6d89df4868da366e1023-202210-flb*5467509-4538f*M7157585543084113984*sl_5467509-4538f*f5424250eec64509d58099632e8e82864bb792c7*4472-bfdf314f-6f01772b*4472
34.91.142.64302 Found 0 B URL HTTP/2 harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=23000c1b60bf5788039ad6d89df4868da366e1023-202210-flb*5467509-4538f*M7157585543084113984*sl_5467509-4538f*f5424250eec64509d58099632e8e82864bb792c7*4472-bfdf314f-6f01772b*4472
IP 34.91.142.64:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=23000c1b60bf5788039ad6d89df4868da366e1023-202210-flb*5467509-4538f*M7157585543084113984*sl_5467509-4538f*f5424250eec64509d58099632e8e82864bb792c7*4472-bfdf314f-6f01772b*4472 HTTP/1.1
Host: harrenmedia.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 23 Oct 2022 06:07:34 GMT
content-length: 0
location: https://mob.fangthatsack.com/rc/5e0a7d35fc?affclick=6354da26028bcf0001a6d9f5&pubid=228
referer:
referrer-policy: no-referrer
set-cookie: afclick=6354da26028bcf0001a6d9f5; expires=Mon, 23 Oct 2023 06:07:34 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a559196969d33afed6096d8c8b2b0af8
8fdb4c777737611f18eb3a23ad0bb10d8053120c
5e2b5b9feca682baad0c10651c48ba1f01a6feb06505e67b42279272deed2291
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=118023
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:07:34 GMT
Etag: "6354042d-118"
Expires: Mon, 24 Oct 2022 14:54:37 GMT
Last-Modified: Sat, 22 Oct 2022 14:54:37 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a559196969d33afed6096d8c8b2b0af8
8fdb4c777737611f18eb3a23ad0bb10d8053120c
5e2b5b9feca682baad0c10651c48ba1f01a6feb06505e67b42279272deed2291
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=118023
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:07:34 GMT
Etag: "6354042d-118"
Expires: Mon, 24 Oct 2022 14:54:37 GMT
Last-Modified: Sat, 22 Oct 2022 14:54:37 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 747dd5a1b5c3b117964357919a7db438
777e2a8a60b25a9e2c77b72f5f377094861a698e
c38ff57a1b6300bae07c087fb9007266c3cb7a63f0353d45956b08bb0af1251e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5073
Cache-Control: max-age=87121
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:07:34 GMT
Etag: "635377a6-116"
Expires: Mon, 24 Oct 2022 06:19:35 GMT
Last-Modified: Sat, 22 Oct 2022 04:55:02 GMT
Server: ECS (amb/6BB4)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 747dd5a1b5c3b117964357919a7db438
777e2a8a60b25a9e2c77b72f5f377094861a698e
c38ff57a1b6300bae07c087fb9007266c3cb7a63f0353d45956b08bb0af1251e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5073
Cache-Control: max-age=87121
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:07:34 GMT
Etag: "635377a6-116"
Expires: Mon, 24 Oct 2022 06:19:35 GMT
Last-Modified: Sat, 22 Oct 2022 04:55:02 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
pantruna.com/?s=1&clientId=169&productId=2194&tracking=pub65946fe4d71f4e91b11095480e903047&pubid=4ad15222_228
185.32.28.133302 Moved Temporarily 0 B URL HTTP/1.1 pantruna.com/?s=1&clientId=169&productId=2194&tracking=pub65946fe4d71f4e91b11095480e903047&pubid=4ad15222_228
IP 185.32.28.133:0
ASN #15699 OGIC Informatica S.L.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?s=1&clientId=169&productId=2194&tracking=pub65946fe4d71f4e91b11095480e903047&pubid=4ad15222_228 HTTP/1.1
Host: pantruna.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mob.fangthatsack.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 23 Oct 2022 06:07:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: redirect_user_data=%7B%22country%22%3A%22NO%22%2C%22isp%22%3A%22blix+solutions%22%2C%22netspeed%22%3A%22%22%7D; expires=Sun, 23-Oct-2022 06:17:35 GMT; Max-Age=600
_tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002104604086775%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22NO%22%3Bs%3A4%3A%22_isp%22%3Bs%3A14%3A%22blix+solutions%22%3Bs%3A5%3A%22_time%22%3Bi%3A1666505255%3B%7D; expires=Sun, 23-Oct-2022 06:09:35 GMT; Max-Age=120
Location: https://trenhsasolc.com/link?z=5392611&var=169&ymid=5002104604086775
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c46d0b02e51aebbc3629cbfa44e0d65
7d98fa172c6be28a9b265f0c80a32bfed56a39b3
8ee4919d4f6ee93d56ef6b76ad82924e585a76ea8cd851bfa89bbd2e109e5c3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EE4919D4F6EE93D56EF6B76AD82924E585A76EA8CD851BFA89BBD2E109E5C3E"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11034
Expires: Sun, 23 Oct 2022 09:11:29 GMT
Date: Sun, 23 Oct 2022 06:07:35 GMT
Connection: keep-alive
trenhsasolc.com/link?z=5392611&var=169&ymid=5002104604086775
139.45.197.238302 Found 0 B URL HTTP/2 trenhsasolc.com/link?z=5392611&var=169&ymid=5002104604086775
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=5392611&var=169&ymid=5002104604086775 HTTP/1.1
Host: trenhsasolc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mob.fangthatsack.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 23 Oct 2022 06:07:35 GMT
content-length: 0
location: https://tberjonk.com/link?z=3956710&var=5392611
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 39a1d5ec08c7ea1e937004507b18ef3e
link: <https://tberjonk.com>; rel="dns-prefetch preconnect"
referrer-policy: no-referrer
set-cookie: OAID=0787b8307aa248639d9d26546f864fcf; expires=Mon, 23 Oct 2023 06:07:35 GMT
oaidts=1666505255; expires=Mon, 23 Oct 2023 06:07:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d7ec6f4f52ff77567490809e88a87fb8
4bfeebc001209e5da24c4a02d484f41c85e00c19
7dc7f10d1f393ee5303d2c4abe2e8707ac9b5a7e56b1c17246a44e3666914103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7DC7F10D1F393EE5303D2C4ABE2E8707AC9B5A7E56B1C17246A44E3666914103"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17423
Expires: Sun, 23 Oct 2022 10:57:58 GMT
Date: Sun, 23 Oct 2022 06:07:35 GMT
Connection: keep-alive
tberjonk.com/link?z=3956710&var=5392611
139.45.197.238302 Found 0 B URL HTTP/2 tberjonk.com/link?z=3956710&var=5392611
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /link?z=3956710&var=5392611 HTTP/1.1
Host: tberjonk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 23 Oct 2022 06:07:35 GMT
content-length: 0
location: https://moneytopsurvey180.top/survey.html?offer_id=1916&geo=NO&oaid=588fc4b2fbdb427dbf60e5ef907f3850&s=607929383359090886&z=3956710&var=5392611&testinapp&autoexit_86400=3953544&abtest=10101
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 26b5ff3478edaff19865ef0bc31e6365
link: <https://moneytopsurvey180.top>; rel="dns-prefetch preconnect"
referrer-policy: no-referrer
set-cookie: OAID=588fc4b2fbdb427dbf60e5ef907f3850; expires=Mon, 23 Oct 2023 06:07:35 GMT
oaidts=1666505255; expires=Mon, 23 Oct 2023 06:07:35 GMT
OXCCLK=4105106.1; expires=Mon, 23 Oct 2023 06:07:35 GMT
allcnt=1; expires=Mon, 23 Oct 2023 06:07:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3d9147f26b5e28186efc06576ae0c3c
35e289469f28545e264e6404cf325c45387c5622
0a797891ef73002f3c03972b6f6b90c5d06a3247625f5568c70fbe8871ee8da5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0A797891EF73002F3C03972B6F6B90C5D06A3247625F5568C70FBE8871EE8DA5"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17434
Expires: Sun, 23 Oct 2022 10:58:09 GMT
Date: Sun, 23 Oct 2022 06:07:35 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3d9147f26b5e28186efc06576ae0c3c
35e289469f28545e264e6404cf325c45387c5622
0a797891ef73002f3c03972b6f6b90c5d06a3247625f5568c70fbe8871ee8da5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "0A797891EF73002F3C03972B6F6B90C5D06A3247625F5568C70FBE8871EE8DA5"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17434
Expires: Sun, 23 Oct 2022 10:58:09 GMT
Date: Sun, 23 Oct 2022 06:07:35 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b4784fbdcd2f6de2edb96970e49fb13f
f3dd0ebabe8b0fbfe2eb2fb16ae69c82d302326a
c67cf0e0594703485a02a97cb3e8dbf3574f1bbe53ffff09090bc1c4b5f0b50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5227
Cache-Control: max-age=152764
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:07:36 GMT
Etag: "63547779-116"
Expires: Tue, 25 Oct 2022 00:33:40 GMT
Last-Modified: Sat, 22 Oct 2022 23:06:33 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash a0599e5067cd89e17ce846b26bbd7009
9a505569f65e64258f707f6b991c97bfeece6d05
c922ca1b17506c5995aa0461360d8c08a0189e2bf0c8c48dbb2da23dc22bd2a1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 06:07:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 18:25:22 GMT
Expires: Thu, 27 Oct 2022 18:25:21 GMT
Etag: "9a505569f65e64258f707f6b991c97bfeece6d05"
Cache-Control: max-age=389264,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e84b1b5855b4ed-OSL
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b4784fbdcd2f6de2edb96970e49fb13f
f3dd0ebabe8b0fbfe2eb2fb16ae69c82d302326a
c67cf0e0594703485a02a97cb3e8dbf3574f1bbe53ffff09090bc1c4b5f0b50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5227
Cache-Control: max-age=152764
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:07:36 GMT
Etag: "63547779-116"
Expires: Tue, 25 Oct 2022 00:33:40 GMT
Last-Modified: Sat, 22 Oct 2022 23:06:33 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 278
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash e5f4a112ac9b7f31b4b6919a20d08530
b9506c8e4da71ac4a7984a4f4126de06c3ded19c
9e81e80658b176293519ff94c5f3b20514c7303271b12d0855217df13ebba614
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 06:07:36 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://moneytopsurvey180.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=913820c4febf438dbbd43119494e5e93; expires=Mon, 23 Oct 2023 06:07:36 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
172.67.149.153200 OK 6.6 kB URL HTTP/2 cdntechone.com/stattag.js
IP 172.67.149.153:0
File type ASCII text, with very long lines (12983), with no line terminators
Hash 0575febb916476ee90a3fa29701e9071
227d4d11471218c56e253850732773bb9ee2ffd3
b8cdc3c08b22db0ac1cbfceb2b235d382ccafff29e80c4026e2aaa3383ba39dc
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:36 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 14:05:52 GMT
etag: W/"634eb2c0-32b7"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4821
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bodz5nOiyXfrNGmc5CFKSyMxUBN%2FtWrVL%2FWe7f2yJ4sAzrOw6cOCWP%2Fy1LqtD8fEXY7r%2Ba3ahdiQVjiVjlrkPFd%2BIQlLVGsuJxvjG27GA9s0niWcw0nGRYHMmnAHCTcTFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e84b1ba881b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
moneytopsurvey180.top/js/survey.js?v=14
172.67.178.6200 OK 100 kB URL HTTP/2 moneytopsurvey180.top/js/survey.js?v=14
IP 172.67.178.6:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 100 kB (100187 bytes)
Hash 9b2185263e330ffd0bf136af40eb468f
df820bd6d483ad427a8f440b6bc7cca9afc38a6e
59947d08faf7e69cbc46229dd7c161560f6e48ae732d80f5e0023745e213f0a4
Analyzer Verdict Alert fortinet Phishing
GET /js/survey.js?v=14 HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"634ff08d-4a5a2"
last-modified: Wed, 19 Oct 2022 12:41:49 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QFkYrb%2FDSTDfitEVi7YZTHja87EFVmT2NNp5376QvqlZgLKI5MzoVkB8SnnjkTIHRf4LS7dt4YWfm9flsDMUH3sH3hYAzT%2FRLLL1zp%2BboGMwjRA3wi4DsVSWS%2FE88%2FqEPPqkr93hW5I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e84b18ebe60b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash cc7be1ac20be2e9e676765f465367f09
c10232ed8e644af28b67d1cbc17714ed40391e28
c73441e141c4feb0a7b1082304aafb43126c9a003a6eed8f5caefada861a8d0f
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 06:07:36 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Thu, 27 Oct 2022 03:17:19 GMT
ETag: "c10232ed8e644af28b67d1cbc17714ed40391e28"
Last-Modified: Sun, 23 Oct 2022 03:17:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2474
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75e84b1c89e60b55-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0c041832970c63da32155c9d3092d14a
c3b88b6d9568ef5b227eef19636b225e2dfad5d1
b0acbf23ee8ca27a0c01d270706f89c8467fca1eac3b8a90df29a2befdb22b33
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 06:07:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 13:33:19 GMT
Expires: Fri, 28 Oct 2022 13:33:18 GMT
Etag: "c3b88b6d9568ef5b227eef19636b225e2dfad5d1"
Cache-Control: max-age=458141,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e84b1cb969b4ed-OSL
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
139.45.195.253200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP 139.45.195.253:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1108
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 23 Oct 2022 06:07:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://moneytopsurvey180.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (731)
Hash 64adf2282f72dc350e916cb82af41ab7
d5c10f65a7ac0cce6eb0c78df805965a9a3ad017
4942011d5f3623476ceff936e757245d89ce2af664558a7031497d370a3d3771
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73219
date: Sun, 23 Oct 2022 06:07:36 GMT
access-control-allow-origin: *
etag: "6351126c-11e03"
expires: Sun, 23 Oct 2022 07:07:36 GMT
last-modified: Thu, 20 Oct 2022 12:18:36 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0cf8e0e9358d3acdc827c674c639d453
d7e52552801b62c706ad7acd3e45f11c49ef7bc8
7f7b59df0af7ca450a3863fd3e45b988583dcf768cfcba904a3f56c8500f9031
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7F7B59DF0AF7CA450A3863FD3E45B988583DCF768CFCBA904A3F56C8500F9031"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10869
Expires: Sun, 23 Oct 2022 09:08:45 GMT
Date: Sun, 23 Oct 2022 06:07:36 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 23 Oct 2022 06:07:36 GMT
access-control-allow-origin: *
etag: "6351126c-2b"
expires: Sun, 23 Oct 2022 07:07:36 GMT
accept-ranges: bytes
last-modified: Thu, 20 Oct 2022 12:18:36 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A189%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505272%3Ac%3A1%3Arn%3A349942132%3Arqn%3A1%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C42%2C0%2C1%2C0%2C%2C122%2C3%2C%2C%2C%2C241%3Ans%3A1666505271629%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505272%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 400 B URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A189%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505272%3Ac%3A1%3Arn%3A349942132%3Arqn%3A1%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C42%2C0%2C1%2C0%2C%2C122%2C3%2C%2C%2C%2C241%3Ans%3A1666505271629%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505272%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash f10d7a8f1dbebc053443b5eef93b09d4
a83ebb79e3749ddf72abac8a662268cc36b82d06
3da450308ec81c8fc53493a4f16d8370f5d0773eee3026a0cdca439649252c3e
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A189%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505272%3Ac%3A1%3Arn%3A349942132%3Arqn%3A1%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C42%2C0%2C1%2C0%2C%2C122%2C3%2C%2C%2C%2C241%3Ans%3A1666505271629%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505272%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A189%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505272%3Ac%3A1%3Arn%3A349942132%3Arqn%3A1%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C42%2C0%2C1%2C0%2C%2C122%2C3%2C%2C%2C%2C241%3Ans%3A1666505271629%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505272%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sun, 23 Oct 2022 06:07:36 GMT
access-control-allow-origin: https://moneytopsurvey180.top
set-cookie: yandexuid=6915771731666505256; Expires=Mon, 23-Oct-2023 06:07:36 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6915771731666505256; Expires=Mon, 23-Oct-2023 06:07:36 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1158035791666505256; Path=/; SameSite=None; Secure
i=K0eS+hbdfjZi/MrMlmV+ITt5fe81U9nQogVR3ZYyY+9meWr9i8tvEnG9oQ/wKIFo18zNomlB/u8yFsHbuMvAmo+hEQU=; Expires=Wed, 20-Oct-2032 06:07:35 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1698041256.yrts.1666505256#1698041256.yrtsi.1666505256; Expires=Mon, 23-Oct-2023 06:07:36 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 23-Oct-2022 06:07:36 GMT
last-modified: Sun, 23-Oct-2022 06:07:36 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonSurveyStart&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A133819081%3Arqn%3A2%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C862%2C862%2C0%2C%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonSurveyStart&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A133819081%3Arqn%3A2%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C862%2C862%2C0%2C%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonSurveyStart&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A133819081%3Arqn%3A2%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C862%2C862%2C0%2C%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 77
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 23 Oct 2022 06:07:36 GMT
access-control-allow-origin: https://moneytopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 23-Oct-2022 06:07:36 GMT
last-modified: Sun, 23-Oct-2022 06:07:36 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonAdexCall&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A761350613%3Arqn%3A3%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonAdexCall&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A761350613%3Arqn%3A3%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonAdexCall&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A761350613%3Arqn%3A3%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 23 Oct 2022 06:07:36 GMT
access-control-allow-origin: https://moneytopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 23-Oct-2022 06:07:36 GMT
last-modified: Sun, 23-Oct-2022 06:07:36 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonUnique&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A132654664%3Arqn%3A4%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonUnique&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A132654664%3Arqn%3A4%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonUnique&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A132654664%3Arqn%3A4%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 23 Oct 2022 06:07:36 GMT
access-control-allow-origin: https://moneytopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 23-Oct-2022 06:07:36 GMT
last-modified: Sun, 23-Oct-2022 06:07:36 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonStepChange&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A473760442%3Arqn%3A5%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(5)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 1.6 kB URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonStepChange&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A473760442%3Arqn%3A5%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(5)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
Hash b9f9b94dcf0ca37a637b1ca7d6e48dfa
fc1c56fb937417b214f5132307c85125d126f13c
e7646ce81b32953bda9e847ee0d0602337e21ec2b52db37bb9ef4cdc301e65fb
POST /watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonStepChange&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A473760442%3Arqn%3A5%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(5)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 23 Oct 2022 06:07:36 GMT
access-control-allow-origin: https://moneytopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 23-Oct-2022 06:07:36 GMT
last-modified: Sun, 23-Oct-2022 06:07:36 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
moneytopsurvey180.top/js/data/rtc.js?v=1
172.67.178.6200 OK 4.5 kB URL HTTP/2 moneytopsurvey180.top/js/data/rtc.js?v=1
IP 172.67.178.6:0
File type ASCII text, with very long lines (10798), with no line terminators
Hash a5bf7ab99d24c4e6ea1fbdb5a65e9953
59d2dc772210da87201371fd4165c38076d982b5
5884e0dcb95cf61f6f7df32b05296d73e730bd67a6989fcb1710f1736c8ec907
Analyzer Verdict Alert fortinet Phishing
GET /js/data/rtc.js?v=1 HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=14949
etag: W/"634ff08d-3a65"
last-modified: Wed, 19 Oct 2022 12:41:49 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5554
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zpG2vLt0qzpwTjaJQMj3h7GURs1afo%2Fboi%2BblWzuwKbyt%2BPAKGrGR4YGyLHXe5sxzT096MJHwYGHqjaZcstHv14ZJdCu6DRjfZPWy4vkyD%2BD9099RyeZ%2BgYsMjkMMfCSMkpOoaCDxoY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e84b18dbdc0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A461912491%3Arqn%3A7%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A461912491%3Arqn%3A7%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A461912491%3Arqn%3A7%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 23 Oct 2022 06:07:37 GMT
access-control-allow-origin: https://moneytopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 23-Oct-2022 06:07:37 GMT
last-modified: Sun, 23-Oct-2022 06:07:37 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A638606309%3Arqn%3A8%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A638606309%3Arqn%3A8%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fmoneytopsurvey180.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fmoneytopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D588fc4b2fbdb427dbf60e5ef907f3850%26s%3D607929383359090886%26z%3D3956710%26var%3D5392611%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5392611%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1666505256_7fed4caad4a3833727fe824f17fe84e5ba57f04be1a9d3deb4f1817edbc87925&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1593871048245%3Ahid%3A634108178%3Az%3A0%3Ai%3A20221023060752%3Aet%3A1666505273%3Ac%3A1%3Arn%3A638606309%3Arqn%3A8%3Au%3A1666505272940711655%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1666505271629%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666505273%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 23 Oct 2022 06:07:37 GMT
access-control-allow-origin: https://moneytopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 23-Oct-2022 06:07:37 GMT
last-modified: Sun, 23-Oct-2022 06:07:37 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
moneytopsurvey180.top/img/icon-survey.svg
172.67.178.6200 OK 834 B URL HTTP/2 moneytopsurvey180.top/img/icon-survey.svg
IP 172.67.178.6:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1080), with CRLF line terminators
Hash 3977363b74316bc3e062ee9192b7335d
4c61d51ee7467ef9270197b76c625b6acf19abe4
40f46b7e378af52ebeaf4172862824efe03f2baaee5629374cb0a7d2339e063a
Analyzer Verdict Alert fortinet Phishing
GET /img/icon-survey.svg HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Oct 2022 12:41:50 GMT
etag: W/"634ff08e-c26"
cache-control: max-age=1800
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCAedBOvq87APPTZFG6jA%2BbLmJcOrsWUYNR%2FHZhFzRglI1U6kpdGqtBXtRw7mmzcsoYqZY6ua3WW2slJ%2FL0LIUqSgR4aCMdpnhR91qixJ5AfspkVmdaLOkMZZGawSaGkOsrZLgy%2Fmvw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e84b18dbe20b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
moneytopsurvey180.top/css/survey.css?v=1
172.67.178.6200 OK 4.8 kB URL HTTP/2 moneytopsurvey180.top/css/survey.css?v=1
IP 172.67.178.6:0
File type ASCII text, with very long lines (19833), with no line terminators
Hash dc3340890921512d8f882cdd09239007
d4eb73c885fa0dcaa5b41f8fba63d859b68503d8
33f5b3c7717d26dee57735da598dd6be9c9076450b65b5d3424527a5b814df3a
Analyzer Verdict Alert fortinet Phishing
GET /css/survey.css?v=1 HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=19835
etag: W/"634ff08e-4d7b"
last-modified: Wed, 19 Oct 2022 12:41:50 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5554
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVHlYd9SzT9fv5T0%2FrLE8TcbrDjLG3ouvReQS1EJKAGxUaiGeiSleW63V8qZFFUsHV5i8vJrwMRmfOguOhbqkP8KoBBl8CsJpr83yK42moaNUpII2EAeK%2B0TVCG3wNhAgiZ0dfjm3DQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e84b18dbde0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
moneytopsurvey180.top/js/data/_global-config-sd.js?v=3
172.67.178.6200 OK 0 B URL HTTP/2 moneytopsurvey180.top/js/data/_global-config-sd.js?v=3
IP 172.67.178.6:0
GET /js/data/_global-config-sd.js?v=3 HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=651
etag: W/"634ff08d-28b"
last-modified: Wed, 19 Oct 2022 12:41:49 GMT
cache-control: max-age=1800
cf-cache-status: HIT
age: 5554
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NhURxInqsfYsB2j7cwiGZL%2BN%2FGb0LVYVEkUqjS6%2BlAvpA4MO02zKAz5yzjimf3FWf1R9ZV%2FaZ4k4xH4YtvuFnk5mgV%2BiUJhbfaa6JvhwUHMQf%2Bu%2FMv0X3yAFkyr4m%2BL%2Bzj1kOKv98VQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e84b18dbda0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
moneytopsurvey180.top/css/style.css?v=1
172.67.178.6200 OK 0 B URL HTTP/2 moneytopsurvey180.top/css/style.css?v=1
IP 172.67.178.6:0
GET /css/style.css?v=1 HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=40801
etag: W/"634ff08e-9f61"
last-modified: Wed, 19 Oct 2022 12:41:50 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 1347
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COvLbh0NyooiYaTrjSss%2BVYPeE7J91JmYA0mDhz4lGhPodi6DqjKsdK1QUIIIrvH5DtpWwZGAS35VIritW9%2BMvJFkonyVrqgBE2OFZnLzJtQdh9tFPCzFqhY6g67WDn7CEnEwxKuB2E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e84b18dbe00b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
itcleffaom.com/rotate?zz=4292526;4326653;5128285;4949467;5381242;5381316;5381339;5381332;5381307;5381330&var=3956710&ymid=5392611&ab2r=10101&uid=913820c4febf438dbbd43119494e5e93
139.45.197.237200 OK 0 B URL HTTP/2 itcleffaom.com/rotate?zz=4292526;4326653;5128285;4949467;5381242;5381316;5381339;5381332;5381307;5381330&var=3956710&ymid=5392611&ab2r=10101&uid=913820c4febf438dbbd43119494e5e93
IP 139.45.197.237:0
GET /rotate?zz=4292526;4326653;5128285;4949467;5381242;5381316;5381339;5381332;5381307;5381330&var=3956710&ymid=5392611&ab2r=10101&uid=913820c4febf438dbbd43119494e5e93 HTTP/1.1
Host: itcleffaom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://moneytopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 06:07:36 GMT
content-type: application/javascript
x-trace-id: ee3ad837b0f055644254eb34fcd08495
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://moneytopsurvey180.top
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=913820c4febf438dbbd43119494e5e93; expires=Mon, 23 Oct 2023 06:07:36 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
960.novitrk1.com/smartlink?mongo_id=6354da2013fb5b5fb165d4b2&mongo_grouped_id=6354da2013fb5b5fb165d4b3&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D916468797%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjoyOX0=&js=1
188.240.52.20302 Found 0 B URL HTTP/2 960.novitrk1.com/smartlink?mongo_id=6354da2013fb5b5fb165d4b2&mongo_grouped_id=6354da2013fb5b5fb165d4b3&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D916468797%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjoyOX0=&js=1
IP 188.240.52.20:0
GET /smartlink?mongo_id=6354da2013fb5b5fb165d4b2&mongo_grouped_id=6354da2013fb5b5fb165d4b3&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D916468797%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjoyOX0=&js=1 HTTP/1.1
Host: 960.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://960.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
Cookie: XSRF-TOKEN=eyJpdiI6ImdYVWluTUgxQWViWE5US0dRSWdWWEE9PSIsInZhbHVlIjoiZ09Cd09NVGhDa2ZuNzlYVldVWisrcVFzQ2dJbU5UdGQzd01TMUxhRUF5SFNvbEd5SkRYdWpPUWRPOHJaNDI4TllhaGJHaC80QXRvaFdCa3RvQXZmSFJ6ZXZvR2lIMlRocnVOVnlwUFA0NmhwL0JlSzlGZGZxYUErc0lqb3UrWmoiLCJtYWMiOiIwZWVhZDIzOGZmYTcyMzQ5YzhiYmY4NGY4Y2JhMzFmYzAyZDM1ZDBhZjY5MDEwYzMwOGRmNzZhYjNiNGU2OWZlIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IjUyRHZrZUs3WXY2aFBJeXVIcyt5UWc9PSIsInZhbHVlIjoidVc4VzZRbFA1WWxNdEREdjczWFRINm94ZGlNNmxpbFo1SGpOZ2RMV0NYOGZPcVhwcGl6TldGRnM0anFib0xGdUVmeTFCdXhabVRGQ2JkYlNNSHQwTllhd0FlSjJQbmZybzFsTy8rS3RVeHJUelB0U2liSnd0ZnhobFBjNDhVcHgiLCJtYWMiOiI5NTBhYjA2NzI3Y2QzNDM0YTgxNzMyNDFjZjgyZDhmMzJkZDQ0ZTRkNDRiNGU4N2M0NmQ0NzE5M2QxZjJhYWVhIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.10
date: Sun, 23 Oct 2022 06:07:29 GMT
content-type: text/html; charset=UTF-8
location: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=916468797&np=1
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IkxQK3ZNeDBBb3RoR0puTmhpYU5ESEE9PSIsInZhbHVlIjoiNytFcDhaczJyWjJNL0laSUQrKzF4c0ZjY1dVWGw4WXFBNU13YWVvWnU2bjB1TytyYTh5VE5DT1NiRHRoRlNiR01SRGJSWWNKWnhRby82RDNQVnJJZEYwMU1qaGRyTkVpVk5ybVdBWWE1b3pyOUg4UDFnRGY3TnVkZFpFcFFxa3MiLCJtYWMiOiJhODA3MWI4MDU1MTQxNzMyZGY1ZmU0MjE5Y2YwYWVjMDc4OWIwMDNlMTE0NmFjYTNkNzViNWQ1MGMxMzc3Yjc5IiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 08:07:29 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImVNc3B1N2Q1K2cwc2lGUEY3UFQxWlE9PSIsInZhbHVlIjoicDBvVmova2liZmJkeTVlc0JBTUtzSWgycVVDQUxweWZmWmo0TGpDYXBvbzJ5TGF1dDZHOC9ib2o3TUlEVlFOcFdJS0QyV3g1S2lZL1VYZW43d3VReHdxYkxpblhiQ3FPcE0zcVRtbFM2dXBBTS9aaUtBWU9UQWF4ZXFoQzU4ZmoiLCJtYWMiOiI0ZTU5ZjMyYTgyYzU1MWI2ZDJiNjhlYjJkMDFmMzMxNjI2NjA4MDY4ZWFmNTZhZTY4NTViYjNlODM1MmZmMTBlIiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 08:07:29 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
moneytopsurvey180.top/survey.html?offer_id=1916&geo=NO&oaid=588fc4b2fbdb427dbf60e5ef907f3850&s=607929383359090886&z=3956710&var=5392611&testinapp&autoexit_86400=3953544&abtest=10101
172.67.178.6200 OK 0 B URL HTTP/2 moneytopsurvey180.top/survey.html?offer_id=1916&geo=NO&oaid=588fc4b2fbdb427dbf60e5ef907f3850&s=607929383359090886&z=3956710&var=5392611&testinapp&autoexit_86400=3953544&abtest=10101
IP 172.67.178.6:0
GET /survey.html?offer_id=1916&geo=NO&oaid=588fc4b2fbdb427dbf60e5ef907f3850&s=607929383359090886&z=3956710&var=5392611&testinapp&autoexit_86400=3953544&abtest=10101 HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: text/html
last-modified: Wed, 19 Oct 2022 12:41:49 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n01JfBVCHCBIh2p5H08qJYp9is3LL4LpR3ORxhTHrvbR816yYxLOk5ApHD6uH70xeYQPpg0twOdMVCGOYhzC%2FS0rJcbCSbR28wMPqHX3tSRE0%2BduA87nDPVhrfmSZYej%2BCGqxOScK2Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e84b185ba40b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
moneytopsurvey180.top/js/binom-pixel.js
172.67.178.6200 OK 0 B URL HTTP/2 moneytopsurvey180.top/js/binom-pixel.js
IP 172.67.178.6:0
Analyzer Verdict Alert fortinet Phishing
GET /js/binom-pixel.js HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"634ff08e-4a3"
last-modified: Wed, 19 Oct 2022 12:41:50 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rD%2BZA0emrfz0tscLcbQSoCObR5QJz%2FP7gSTu%2BhDPTGu8bIWpRl4EGvtcJ3JZg58OYJcXIf5ZE8XOorlTYY3x%2Bi0ZuoWe4OMZXEfuyaokN4oIoTTZFtfZOqam%2Bectn3N3L6LchWX8L74%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e84b18ebe80b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
960.novitrk1.com/smartlink-css/6354da2013fb5b5fb165d4b2
188.240.52.20200 OK 0 B URL HTTP/2 960.novitrk1.com/smartlink-css/6354da2013fb5b5fb165d4b2
IP 188.240.52.20:0
GET /smartlink-css/6354da2013fb5b5fb165d4b2 HTTP/1.1
Host: 960.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://960.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
Cookie: XSRF-TOKEN=eyJpdiI6IlQrcXVJMUJoREJ4ald6amZRQWh4NHc9PSIsInZhbHVlIjoiRm10MFlqQWdZR3VLQVc5RVl2ZXByNVRCTHp1VThGb3NzMCtvNytNaVJ0L0l0NkptRi9JNnQ5Ri9XMGo0b0ZNZUg5V0xubHRzbHVzR01YcVNPSmJOTFQwVEltMVhMZXljTTIwV0k5T3lhTVJSNlgycUlPck1iOVRLNUEza2VRNjEiLCJtYWMiOiIxZjZjZTA5ZDcwMzY4NjA3ZTA4ZDY0ZDkxYjhmOTcwMmYwNTAxMjNiOTA5NTNiNGUwNDIwMGNhMzc5NjBjZDk1IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6ImYzRU1rVURsNTBUWTNaRzdKOHJlcnc9PSIsInZhbHVlIjoiZDE5Yk5zcEsvRmJlMHlzUnlNQUxyVk9tbGhScXlTMGI3T0FURSthdnpNbWhQeWMwVyttTGJsV3RpS1BiMjJlNnJacVhwS2twV2thZWpjZkxpNDZWYU1JSmpMZEtvelgwYWwrdk5nL2ZFN01LNkN2NW55Ty9ZZnIweVdicTZGNUkiLCJtYWMiOiI4MTFlODFhNDAwZGI0ZGQwZGFkYzI2MDliODJlN2M0NjQxNjc1YmNmNmUwOTAxNjUxOGJiOGVkZWJkYzljZTQ2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 23 Oct 2022 06:07:29 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImdYVWluTUgxQWViWE5US0dRSWdWWEE9PSIsInZhbHVlIjoiZ09Cd09NVGhDa2ZuNzlYVldVWisrcVFzQ2dJbU5UdGQzd01TMUxhRUF5SFNvbEd5SkRYdWpPUWRPOHJaNDI4TllhaGJHaC80QXRvaFdCa3RvQXZmSFJ6ZXZvR2lIMlRocnVOVnlwUFA0NmhwL0JlSzlGZGZxYUErc0lqb3UrWmoiLCJtYWMiOiIwZWVhZDIzOGZmYTcyMzQ5YzhiYmY4NGY4Y2JhMzFmYzAyZDM1ZDBhZjY5MDEwYzMwOGRmNzZhYjNiNGU2OWZlIiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 08:07:29 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjUyRHZrZUs3WXY2aFBJeXVIcyt5UWc9PSIsInZhbHVlIjoidVc4VzZRbFA1WWxNdEREdjczWFRINm94ZGlNNmxpbFo1SGpOZ2RMV0NYOGZPcVhwcGl6TldGRnM0anFib0xGdUVmeTFCdXhabVRGQ2JkYlNNSHQwTllhd0FlSjJQbmZybzFsTy8rS3RVeHJUelB0U2liSnd0ZnhobFBjNDhVcHgiLCJtYWMiOiI5NTBhYjA2NzI3Y2QzNDM0YTgxNzMyNDFjZjgyZDhmMzJkZDQ0ZTRkNDRiNGU4N2M0NmQ0NzE5M2QxZjJhYWVhIiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 08:07:29 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mob.fangthatsack.com/rc/5e0a7d35fc?affclick=6354da26028bcf0001a6d9f5&pubid=228
104.21.57.236200 OK 0 B URL HTTP/2 mob.fangthatsack.com/rc/5e0a7d35fc?affclick=6354da26028bcf0001a6d9f5&pubid=228
IP 104.21.57.236:0
GET /rc/5e0a7d35fc?affclick=6354da26028bcf0001a6d9f5&pubid=228 HTTP/1.1
Host: mob.fangthatsack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:34 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=lMyhr/GqjkooBKxpJKAc0hCyrW38XnTDOIYaH7Yu0i1LvqruYtjTxB0pP5BMjrPsv2nTFiaoaE67nMpC+E1AeDSjc+qO/sGJRPtU1N180GkF7Ob8XMvG9xuW3irS; Expires=Sun, 30 Oct 2022 06:07:34 GMT; Path=/
AWSALBCORS=lMyhr/GqjkooBKxpJKAc0hCyrW38XnTDOIYaH7Yu0i1LvqruYtjTxB0pP5BMjrPsv2nTFiaoaE67nMpC+E1AeDSjc+qO/sGJRPtU1N180GkF7Ob8XMvG9xuW3irS; Expires=Sun, 30 Oct 2022 06:07:34 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERioCvZkZOWprwLbmO4l0KLQCDkGv9WyLqx%2Fijsw2O8OOwWc7wlyXadRkb%2BsgeOFX9FVirbIRcQA%2Fwo6pckLwJEj6VYkdRKUHAjX4%2B8QMa35XPCucrhf%2B4qC9Ha7L71Z%2BhwRb7qA4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e84b121a6eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
172.67.191.221200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 172.67.191.221:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mob.fangthatsack.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:34 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 4605
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pfzyzrhfCGvz5gLlOAULYgWou645o99THfd3Fr5vqxD7l66nnm4DVgf0D%2BuZPF3NzqUx%2BcqdB%2FP0qPvgtFZcbFwDNU1htDYbz56x29bDYxh6FEwf5jkzgth4OoO%2FJl3LXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e84b138baab517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
moneytopsurvey180.top/js/config.js?v=8
172.67.178.6200 OK 0 B URL HTTP/2 moneytopsurvey180.top/js/config.js?v=8
IP 172.67.178.6:0
Analyzer Verdict Alert fortinet Phishing
GET /js/config.js?v=8 HTTP/1.1
Host: moneytopsurvey180.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 06:07:35 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"634ff08d-1085d"
last-modified: Wed, 19 Oct 2022 12:41:49 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGB946apqNliZ0vL%2FEEF%2FlBWMoKQmvO%2BW%2F5gqKodfn6lRMcaaN27iybihz6Q5L1TolaTfAhoSDsEK3XrH6VL9UiTjl0LKWgnqLkVLeJ8CavIxKen67rkvlJWMowlit%2FmBdUW%2FnoXCsM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e84b18dbdd0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
960.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
188.240.52.20200 OK 0 B URL HTTP/2 960.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
IP 188.240.52.20:0
GET /smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source= HTTP/1.1
Host: 960.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 23 Oct 2022 06:07:28 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlQrcXVJMUJoREJ4ald6amZRQWh4NHc9PSIsInZhbHVlIjoiRm10MFlqQWdZR3VLQVc5RVl2ZXByNVRCTHp1VThGb3NzMCtvNytNaVJ0L0l0NkptRi9JNnQ5Ri9XMGo0b0ZNZUg5V0xubHRzbHVzR01YcVNPSmJOTFQwVEltMVhMZXljTTIwV0k5T3lhTVJSNlgycUlPck1iOVRLNUEza2VRNjEiLCJtYWMiOiIxZjZjZTA5ZDcwMzY4NjA3ZTA4ZDY0ZDkxYjhmOTcwMmYwNTAxMjNiOTA5NTNiNGUwNDIwMGNhMzc5NjBjZDk1IiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 08:07:28 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImYzRU1rVURsNTBUWTNaRzdKOHJlcnc9PSIsInZhbHVlIjoiZDE5Yk5zcEsvRmJlMHlzUnlNQUxyVk9tbGhScXlTMGI3T0FURSthdnpNbWhQeWMwVyttTGJsV3RpS1BiMjJlNnJacVhwS2twV2thZWpjZkxpNDZWYU1JSmpMZEtvelgwYWwrdk5nL2ZFN01LNkN2NW55Ty9ZZnIweVdicTZGNUkiLCJtYWMiOiI4MTFlODFhNDAwZGI0ZGQwZGFkYzI2MDliODJlN2M0NjQxNjc1YmNmNmUwOTAxNjUxOGJiOGVkZWJkYzljZTQ2IiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 08:07:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
m.news-page.net/proc.php?01a21464727c2308964535710ee597c6bfdc807d
99.198.108.195200 OK 0 B URL HTTP/2 m.news-page.net/proc.php?01a21464727c2308964535710ee597c6bfdc807d
IP 99.198.108.195:0
GET /proc.php?01a21464727c2308964535710ee597c6bfdc807d HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_term=7157585543084113984&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=915b44961dd09b72f8da6d5a9b280989
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 06:07:34 GMT
content-type: text/html; charset=UTF-8
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7157585543084113984&website=4472-bfdf314f-6f01772b&placement=4472
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
m.news-page.net/?utm_term=7157585543084113984&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
99.198.108.195200 OK 0 B URL HTTP/2 m.news-page.net/?utm_term=7157585543084113984&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
IP 99.198.108.195:0
GET /?utm_term=7157585543084113984&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=916468797&np=1
Cookie: u=915b44961dd09b72f8da6d5a9b280989
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 06:07:29 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2