r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11187
Expires: Wed, 30 Nov 2022 23:59:35 GMT
Date: Wed, 30 Nov 2022 20:53:08 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 61
Cache-Control: max-age=135552
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:53:08 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 10:32:20 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5730
Expires: Wed, 30 Nov 2022 22:28:38 GMT
Date: Wed, 30 Nov 2022 20:53:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 20:19:43 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2005
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FypGaYHzxVT9zBnHzlkG6RIBQRA6m6w2L398/Ys7rzWp8a242ILwBQPzOZbEhxvZhfbThh4TEUA=
x-amz-request-id: ASN04FJPAMRN1YC6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 20:45:22 GMT
age: 466
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
mkuu.2659b.xk.wy5532.com/
172.93.103.100200 OK 485 B URL HTTP/1.1 mkuu.2659b.xk.wy5532.com/
IP 172.93.103.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (485), with no line terminators
Hash 3f1829e5050273fadc4d4ae553aef259
10634b10d11a35be3f037ff0a68665d3e5de1461
9585c64db7afa5960586ee5c0fa1f642d0333ca0f738421ee195896db53a5a20
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: mkuu.2659b.xk.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 485
content-type: text/html; charset=utf-8
date: Wed, 30 Nov 2022 20:53:08 GMT
server: nginx
set-cookie: sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9; path=/; domain=.wy5532.com; expires=Tue, 19 Dec 2090 00:07:15 GMT; max-age=2147483647; HttpOnly
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:53:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mkuu.2659b.xk.wy5532.com/favicon.ico
172.93.103.100404 Not Found 9 B URL HTTP/1.1 mkuu.2659b.xk.wy5532.com/favicon.ico
IP 172.93.103.100:0
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: mkuu.2659b.xk.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mkuu.2659b.xk.wy5532.com/
Cookie: sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Wed, 30 Nov 2022 20:53:09 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 20:11:14 GMT
cache-control: public,max-age=3600
age: 2515
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 68
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:53:09 GMT
Last-Modified: Wed, 30 Nov 2022 20:52:01 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
mkuu.2659b.xk.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTg0ODc4OCwiaWF0IjoxNjY5ODQxNTg4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc203ZzR2Zm5ub280czhsYmMyb21zbzIiLCJuYmYiOjE2Njk4NDE1ODgsInRzIjoxNjY5ODQxNTg4ODY5NDkyfQ.FTlyGJRJIJDyKTkKvK3FZMINEhxnCsmdPxjm0X7srB0&sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9
172.93.103.100302 Found 11 B URL HTTP/1.1 mkuu.2659b.xk.wy5532.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTg0ODc4OCwiaWF0IjoxNjY5ODQxNTg4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc203ZzR2Zm5ub280czhsYmMyb21zbzIiLCJuYmYiOjE2Njk4NDE1ODgsInRzIjoxNjY5ODQxNTg4ODY5NDkyfQ.FTlyGJRJIJDyKTkKvK3FZMINEhxnCsmdPxjm0X7srB0&sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9
IP 172.93.103.100:0
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTg0ODc4OCwiaWF0IjoxNjY5ODQxNTg4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc203ZzR2Zm5ub280czhsYmMyb21zbzIiLCJuYmYiOjE2Njk4NDE1ODgsInRzIjoxNjY5ODQxNTg4ODY5NDkyfQ.FTlyGJRJIJDyKTkKvK3FZMINEhxnCsmdPxjm0X7srB0&sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9 HTTP/1.1
Host: mkuu.2659b.xk.wy5532.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mkuu.2659b.xk.wy5532.com/
Cookie: sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Wed, 30 Nov 2022 20:53:09 GMT
location: http://dipaka-ead.com/zcvisitor/ff0011d0-70f0-11ed-940f-125eb8bd1d75/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=ff1bd737-70f0-11ed-940f-125eb8bd1d75
server: nginx
set-cookie: sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9; path=/; domain=.wy5532.com; expires=Tue, 19 Dec 2090 00:07:16 GMT; max-age=2147483647; HttpOnly
push.services.mozilla.com/
34.223.160.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.160.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0WHEx2LxXIEitwie6mw1pw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TI4v4XZW65PAxGiCS/cKE0IChYc=
dipaka-ead.com/zcvisitor/ff0011d0-70f0-11ed-940f-125eb8bd1d75/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=ff1bd737-70f0-11ed-940f-125eb8bd1d75
3.212.50.125200 1.1 kB URL HTTP/1.1 dipaka-ead.com/zcvisitor/ff0011d0-70f0-11ed-940f-125eb8bd1d75/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=ff1bd737-70f0-11ed-940f-125eb8bd1d75
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 70ffbb4193caef9ee971b619aefbd194
79729c08cdfa9fd885e5942c625a8002cec5f447
3f1aaa64fede75968463eebe021490d76e226330be76a30f956912dec6c66d0c
GET /zcvisitor/ff0011d0-70f0-11ed-940f-125eb8bd1d75/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=ff1bd737-70f0-11ed-940f-125eb8bd1d75 HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mkuu.2659b.xk.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 30 Nov 2022 20:53:10 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: fzUjaKxO
dipaka-ead.com/zcredirect?visitid=ff0011d0-70f0-11ed-940f-125eb8bd1d75&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
3.212.50.125200 284 B URL HTTP/1.1 dipaka-ead.com/zcredirect?visitid=ff0011d0-70f0-11ed-940f-125eb8bd1d75&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f189501c800d70f89645822f121a2729
e2a7a1d3be39c8f943c2ca246dbbc16e2893d9aa
4fddd2290a6fc691c2c347c90dff8b673192a4332dc4c73580560be9e8ae5d3a
GET /zcredirect?visitid=ff0011d0-70f0-11ed-940f-125eb8bd1d75&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/ff0011d0-70f0-11ed-940f-125eb8bd1d75/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=ff1bd737-70f0-11ed-940f-125eb8bd1d75
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 30 Nov 2022 20:53:10 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: TFaRlFoM
dipaka-ead.com/favicon.ico
3.212.50.125404 653 B URL HTTP/1.1 dipaka-ead.com/favicon.ico
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=ff0011d0-70f0-11ed-940f-125eb8bd1d75&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Wed, 30 Nov 2022 20:53:10 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: MTFfLxIu
click-v4.expmdiadi.com/click?i=H*cHyBbRtc8_0
198.134.116.17302 Found 0 B URL HTTP/1.1 click-v4.expmdiadi.com/click?i=H*cHyBbRtc8_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=H*cHyBbRtc8_0 HTTP/1.1
Host: click-v4.expmdiadi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://1track.pro/click.php?key=2hf2oflkq6fu9slgqjvg&c=A*quGcGT6tE&bid=0.0003&source=410449.385784_12342394185&source_subid=12342394185&campaign=956650&banner=5609563&browser=FIREFOX_105.0&carrier=Blix+Solutions&os=Windows+10&keyword=*&country=no&publisher=46212
Pragma: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8039
Expires: Wed, 30 Nov 2022 23:07:09 GMT
Date: Wed, 30 Nov 2022 20:53:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8039
Expires: Wed, 30 Nov 2022 23:07:09 GMT
Date: Wed, 30 Nov 2022 20:53:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89e1a735e16f55c78fa75ae434294029
6c56f4015305eff04a99cec9758cd40bf4e5f704
26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3711
x-amzn-requestid: 502d7eed-f24a-49e8-b14e-759778b717ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbWQSFNnIAMFpxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63879d9b-5eb88e757ff3eeaa26dd7de2;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 18:14:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hrGJk_aF0hgdEXNUAqj74wYkXby2ptGRqWKFi4sxlvs_QN9WhC6vOw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:25:55 GMT
age: 8835
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59baec8db5ced0210ab766ea5636a5fd
f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
age: 81864
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 04:55:46 GMT
age: 57444
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 777ce44582c70bf01a31da4cab366f36
57e1d34f146d5ccd9943aa97bcc3158f7103bb07
fbdc8f65ae74dc13b7aafec464f08fdc9902af519946200ec52432ac3ca55982
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10958
x-amzn-requestid: abfea5b0-58f5-49e1-b78e-7cf456d03cb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFHF9oIAMF5lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a20-5ab719292d440d083b07a478;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gCt9oHpZ68tLCYHIYpI1XLtADkScxwf12kDFnU0o5WoQIVSzWlqozw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:16:52 GMT
etag: "57e1d34f146d5ccd9943aa97bcc3158f7103bb07"
content-type: image/jpeg
age: 81378
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 82819
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00769bd1391b8f4f5b8ab128a825355
e4ddf955e8ac1986045ed55880c43c69e588a021
81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 82605
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
1track.pro/click.php?key=2hf2oflkq6fu9slgqjvg&c=A*quGcGT6tE&bid=0.0003&source=410449.385784_12342394185&source_subid=12342394185&campaign=956650&banner=5609563&browser=FIREFOX_105.0&carrier=Blix+Solutions&os=Windows+10&keyword=*&country=no&publisher=46212
162.254.190.3302 Found 0 B URL HTTP/1.1 1track.pro/click.php?key=2hf2oflkq6fu9slgqjvg&c=A*quGcGT6tE&bid=0.0003&source=410449.385784_12342394185&source_subid=12342394185&campaign=956650&banner=5609563&browser=FIREFOX_105.0&carrier=Blix+Solutions&os=Windows+10&keyword=*&country=no&publisher=46212
IP 162.254.190.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click.php?key=2hf2oflkq6fu9slgqjvg&c=A*quGcGT6tE&bid=0.0003&source=410449.385784_12342394185&source_subid=12342394185&campaign=956650&banner=5609563&browser=FIREFOX_105.0&carrier=Blix+Solutions&os=Windows+10&keyword=*&country=no&publisher=46212 HTTP/1.1
Host: 1track.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.6.2
Date: Wed, 30 Nov 2022 19:48:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=scktq5yd0; expires=Thu, 01-Dec-2022 19:48:17 GMT; Max-Age=86400; path=/; SameSite=None; Secure;
uclickhash=scktq5yd0-scktq5yd0-usu3dz-ntb7-2tci0-ftb4fe-ftnt3y-c3f72a; expires=Thu, 01-Dec-2022 19:48:17 GMT; Max-Age=86400; path=/; SameSite=None; Secure;
Location: https://wayofnowgainsurvey.top/finance-survey.html?z=5452566&offer_id=2186&var=ActiveRevenue&ymid=ee9b7scktq5yd0753
Strict-Transport-Security: max-age=31536000
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 30634ea24dd08bde315183b7f13aa840
1e320c006b43b51899d17ba35c927e0c031d8989
a218a2616380815bfa9ac74857ed70dd3cab670a1a56e340213fe36dbc2a2ede
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A218A2616380815BFA9AC74857ED70DD3CAB670A1A56E340213FE36DBC2A2EDE"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14526
Expires: Thu, 01 Dec 2022 00:55:18 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 30634ea24dd08bde315183b7f13aa840
1e320c006b43b51899d17ba35c927e0c031d8989
a218a2616380815bfa9ac74857ed70dd3cab670a1a56e340213fe36dbc2a2ede
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A218A2616380815BFA9AC74857ED70DD3CAB670A1A56E340213FE36DBC2A2EDE"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14526
Expires: Thu, 01 Dec 2022 00:55:18 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 25 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 38dd063d263cd4ffe175e8918e9b125b
1bec7bdb556319f9f09f551bdfe3bbe56b292e73
68145e333de7eac988d98f8bb0f487c25625a4bb1782274f7724316e0e5873a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "455BDA3629E55C1730A67D5D82C68E4001F78F8019A755178225624E16076E80"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13033
Expires: Thu, 01 Dec 2022 00:30:25 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive
my.rtmark.net/gid.js
139.45.195.8200 OK 2.1 kB IP 139.45.195.8:0
Hash 94f9226ebf51c36c3beef3d3250d4bc8
fc102539ae1a8d0de475c246edadc5b7b954af09
312e580d5b90e723e050ec580e149eda481ef8e6b32e6e1d7455d970a859c143
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=66269ea99402441999bcbaa6ecb72578; expires=Thu, 30 Nov 2023 20:53:12 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e2bbb16daf0066fd0e4fb1ad6b36aaa7
ee9b7c25b368da7bc78a1628d3b7f94b34871c2f
b1a63ddf2500dcc3151c6c58d29b3d124d6e21daf0864df70cd7ab7d25171f4a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B1A63DDF2500DCC3151C6C58D29B3D124D6E21DAF0864DF70CD7AB7D25171F4A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10484
Expires: Wed, 30 Nov 2022 23:47:56 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive
itcleffaom.com/track?offer_id=2186&z=5452566&request_var=ActiveRevenue&variable2=ee9b7scktq5yd0753
139.45.197.237200 OK 177 B URL HTTP/2 itcleffaom.com/track?offer_id=2186&z=5452566&request_var=ActiveRevenue&variable2=ee9b7scktq5yd0753
IP 139.45.197.237:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ad1434eb7de0fa0cc9670240c9895d1a
a7e892e57d9479116a5152154ea451cd781a801b
d9ca281f76eaf210aa31bdcbfd8dc7b21cfe5602740dcdf1f953f83754aa6065
Analyzer Verdict Alert quad9 Sinkholed
GET /track?offer_id=2186&z=5452566&request_var=ActiveRevenue&variable2=ee9b7scktq5yd0753 HTTP/1.1
Host: itcleffaom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/json
content-length: 177
x-trace-id: fccf468bf1073228e58de581c01319e9
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/js/_global-config-sd.33011211.js
172.67.184.98200 OK 4.1 kB URL HTTP/2 wayofnowgainsurvey.top/js/_global-config-sd.33011211.js
IP 172.67.184.98:0
File type ASCII text, with very long lines (365), with no line terminators
Hash 71a9b47df036fe85c93df7080d8489a7
1786c45a2af3fbb0ba4394d13c72a3b6c119bd60
e6f15c3ac41e3b48dcf0d8da97eccb62e3fb20082f489d6b7c508f3dbf26bb35
Analyzer Verdict Alert fortinet Phishing
GET /js/_global-config-sd.33011211.js HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63875a03-16d"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fVrY4m0auWgch%2Fzpg%2B%2F5MPDQBy5WKx%2ByVQhvepHCutPaNVrly4YxYd%2B5VcBwaysmpp6JY9cAHLdvvrTUqswtRdUqN3Aego2F%2BAq3dkld2Sdqpf%2B4SpD2ruMWYZmn8C09OG4ESECa4Xk7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f399fb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/css/style.94ff2c9d.css
172.67.184.98200 OK 12 kB URL HTTP/2 wayofnowgainsurvey.top/css/style.94ff2c9d.css
IP 172.67.184.98:0
File type ASCII text, with very long lines (39573), with no line terminators
Hash 21114c45921af3a66bc1ee8d6272590c
f334a7403ffb84588578d1d8f6c1aaa8de4cbdd8
a187602d0b1c8f16e8898587185d17fec91c542ab2389c145e5ab390cdf36b95
GET /css/style.94ff2c9d.css HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=39623
etag: W/"63875a03-9ac7"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rfYVaAaER2xmX6V5e3SGvg%2Bj31mETp%2FlI7p9Pwqq7g%2BsN3OMPK3NPN3%2FXRsohDZbEzmHk9%2FsUp5fqaKaZX3LbWyzJxGbGGxkrOJY0AEoVLCKIAytBLi3cba%2FH%2FjDjvgBF4870IAcfekT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49bdb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/js/each-land-config.9797ee02.js
172.67.184.98200 OK 30 kB URL HTTP/2 wayofnowgainsurvey.top/js/each-land-config.9797ee02.js
IP 172.67.184.98:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c67f4e917f5087202119bfb4f64bf45c
d691cda1a85e6223753c60c57e0ac2477f2fadd7
a39a66fee37acf01420a2de7a73e98c4ef87339563133463f134d36bd46e32f3
Analyzer Verdict Alert fortinet Phishing
GET /js/each-land-config.9797ee02.js HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=82280
etag: W/"63875a03-14168"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o9mZ34xmr5wSbGngsqOYUXhv4sTB4sf68tpMuU1sk8yFPrOhu4dKEcvqYrBShA%2BSfpFgzvNyHfYI9VTVFnTz3vQ88R%2BTiYLxe29WH9XtCyvwGPFfWLIACk0aw0JoheeQfuyOJ2qpRUiJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49b8b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/css/survey.cd8123e3.css
172.67.184.98200 OK 10 kB URL HTTP/2 wayofnowgainsurvey.top/css/survey.cd8123e3.css
IP 172.67.184.98:0
File type ASCII text, with very long lines (18985), with no line terminators
Hash 5bb241b791eb9fa509e9d5b047ae82e5
e5daa45844d6a5f7d8359d65acbb45b4b7f474c9
c10245a83a208c07e03d4a2bef57d013df886434978148cb93ecacee05746890
GET /css/survey.cd8123e3.css HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=19034
etag: W/"63875a03-4a5a"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXKkvKaJzPbWiQwZH%2BWQg453TBQaWEIOBNurtdMp3afPrJ8iUcyJzUXhIOQqKD13NIsPJhBkfhqZ11cafE9IUbFl%2BZOq4RmkCc5vQV3LrhK36gb9TBW44eB%2BIBvTyrYiolOqWtfwDMqZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49bab52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/js/v-AxiosHeaders.js.13fc3a8c.js
172.67.184.98200 OK 7.4 kB URL HTTP/2 wayofnowgainsurvey.top/js/v-AxiosHeaders.js.13fc3a8c.js
IP 172.67.184.98:0
File type ASCII text, with very long lines (5371), with no line terminators
Hash b856c44438188c3269a782c733f0d4ac
a633c30b3bfa168fc4f65a7707bf306d6cd9c4ed
023788e0a9b07e09b51b4568e64ab0dd711a77aecb8636640a5495f3306639d0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-AxiosHeaders.js.13fc3a8c.js HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63875a03-14fb"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L4hRDpkuRXtJCwunSwRuW7%2BnMQz45Em77PZ4n8s%2FnJdTxlbxecOvhWEh2%2BBrR0vK0e0eiNbCE%2FHynNYXC%2B4iJa8ykgFqTFtChvfT6jddFTS%2BTZdax1q03NQiNvsP3%2FLWztevYq4uxN3B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49b1b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3254f7c878d1f52f6503bf5b5b01b8fa
9061a49e98763ce6261db1792944ddd73a63ae03
ec1dace4e9720c35cdaecc0b552c805852d307eedbd02c06e9f3642facd4b3d3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10589
Expires: Wed, 30 Nov 2022 23:49:41 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3254f7c878d1f52f6503bf5b5b01b8fa
9061a49e98763ce6261db1792944ddd73a63ae03
ec1dace4e9720c35cdaecc0b552c805852d307eedbd02c06e9f3642facd4b3d3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10589
Expires: Wed, 30 Nov 2022 23:49:41 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 937 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash ff0a57e0578eb2a435bc52b2c44e3552
1ae38cdba014baeabca1a98172bf3f219a1eceaa
17d5f68953814501ad5f2878b54c20ec09edaf1342f0929162f14e9c49b76732
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:53:13 GMT
Content-Type: application/ocsp-response
Content-Length: 937
Connection: keep-alive
Expires: Sun, 04 Dec 2022 18:10:12 GMT
ETag: "1ae38cdba014baeabca1a98172bf3f219a1eceaa"
Last-Modified: Wed, 30 Nov 2022 18:10:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2603
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772678a4ad9db500-OSL
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash 1d79426653c3b55939eaec59a2ce8ef5
c6db0314df7a4e5c08047f6306e0b79a1ad3bab2
2729cfe8b2f5142cf99734cbb4e1a3c6cd35868d279cd796db49ef62742ef993
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73267
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: *
etag: "63875d46-11e33"
expires: Wed, 30 Nov 2022 21:53:13 GMT
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 081f27e87b02fb79b3453a116e731959
03e52819d86a0fa523e77ed24126e76e5369bd21
10283df9fce094267720532246e9d80b3c2061425f657497652e71de4c95de06
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:53:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 01:33:19 GMT
Expires: Tue, 06 Dec 2022 01:33:18 GMT
Etag: "03e52819d86a0fa523e77ed24126e76e5369bd21"
Cache-Control: max-age=448204,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772678a4e855b4f4-OSL
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
139.45.195.253200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP 139.45.195.253:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1057
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 30 Nov 2022 20:53:13 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://wayofnowgainsurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: *
etag: "63875d46-2b"
expires: Wed, 30 Nov 2022 21:53:13 GMT
accept-ranges: bytes
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
77.88.21.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash 88ca917033718c4d8bfad730e8d5720b
c3339ec1e34328dc244c7ada28fadfb9297d9e97
e40901684890f537c106c3fd1b50a4bb2cfbd02f43766300697e3ee52644a94c
GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Wed, 30 Nov 2022 20:53:13 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonUnique&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A983681304%3Arqn%3A3%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(3)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonUnique&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A983681304%3Arqn%3A3%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(3)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonUnique&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A983681304%3Arqn%3A3%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(3)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 43 B URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
set-cookie: yandexuid=535554371669841593; Expires=Thu, 30-Nov-2023 20:53:13 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=535554371669841593; Expires=Thu, 30-Nov-2023 20:53:13 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1652738641669841593; Path=/; SameSite=None; Secure
i=MWPwpcgRr/GB40dRwDo0t6iksYPEhNyx3BOqkD5qNFiql00jSNpfod245iHPvuvxxEVcwApvlS+AXofDH5u90n2gESI=; Expires=Sat, 27-Nov-2032 20:53:10 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701377593.yc.1669841593#1701377593.yrts.1669841593#1701377593.yrtsi.1669841593; Expires=Thu, 30-Nov-2023 20:53:13 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonStepChange&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A834536071%3Arqn%3A4%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(4)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonStepChange&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A834536071%3Arqn%3A4%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(4)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonStepChange&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A834536071%3Arqn%3A4%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(4)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A345394813%3Arqn%3A5%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(5)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A345394813%3Arqn%3A5%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(5)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A345394813%3Arqn%3A5%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(5)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonAdexCall&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A406567818%3Arqn%3A6%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(6)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonAdexCall&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A406567818%3Arqn%3A6%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(6)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonAdexCall&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A406567818%3Arqn%3A6%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(6)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonTrackImpression&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A472597732%3Arqn%3A7%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(7)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonTrackImpression&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A472597732%3Arqn%3A7%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(7)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonTrackImpression&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A472597732%3Arqn%3A7%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(7)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 199
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A839499907%3Arqn%3A10%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(10)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 42 kB URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A839499907%3Arqn%3A10%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(10)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
Hash c545b7652bd968317341b8cd6691fa94
2d0ce0a009353efe6086a18045ebc3ae92a9b087
dbf2971754847f6a1ef13a5d987e01543e7e8260958dc1a6ae48f90e3c2f77ed
POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A839499907%3Arqn%3A10%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(10)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonAdexLoad&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A607452529%3Arqn%3A8%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonAdexLoad&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A607452529%3Arqn%3A8%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonAdexLoad&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A607452529%3Arqn%3A8%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonGetIppRotate&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A962924486%3Arqn%3A9%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(9)aw(1)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonGetIppRotate&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A962924486%3Arqn%3A9%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(9)aw(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonGetIppRotate&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A962924486%3Arqn%3A9%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(9)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 484
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/js/v-xhr.js.1d225573.js
172.67.184.98200 OK 0 B URL HTTP/2 wayofnowgainsurvey.top/js/v-xhr.js.1d225573.js
IP 172.67.184.98:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-xhr.js.1d225573.js HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63875a03-b97"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kztZ6iZdW6mdFZTlFNUXlCFbLTdKBWVXxuwLzqSxu8N3PCreDg4wSWllhjKjEHjJ3Ed1GOX%2BvCUQ8Oq2R8E%2BmDR3I2VGHNwxTJ24DOWAnHCt%2FZ95iVllW%2BZGSWg2ZiIgGzYstmkK%2FmGg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49b6b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/finance-survey.html?z=5452566&offer_id=2186&var=ActiveRevenue&ymid=ee9b7scktq5yd0753
172.67.184.98200 OK 0 B URL HTTP/2 wayofnowgainsurvey.top/finance-survey.html?z=5452566&offer_id=2186&var=ActiveRevenue&ymid=ee9b7scktq5yd0753
IP 172.67.184.98:0
GET /finance-survey.html?z=5452566&offer_id=2186&var=ActiveRevenue&ymid=ee9b7scktq5yd0753 HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: text/html
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1znlm1KTlC9HR2a4dONKDmGHDsGBX1glsXMpbpJqxSufZv%2FVuIEwUW1yLgYT4qqal1ym1Ad84TMALJE8AALpiFa6hgJRtHQwp54A2BlhUE1S0ZT%2B8cWReu3GX7%2BAKoCL93JNBrgU0vYO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789e6835b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/js/v-index.js.2c18e767.js
172.67.184.98200 OK 0 B URL HTTP/2 wayofnowgainsurvey.top/js/v-index.js.2c18e767.js
IP 172.67.184.98:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-index.js.2c18e767.js HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63875a03-923e"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5dqj7s1cpH8ph77XZHVbwlXfzYk60vuR%2Bs0V9wBkjFNVarOI%2FJuMjY6FF%2Fb7XNr0uYOxaC%2BuWn8TlXblRkd2Hy6lZ8q%2B6Rrw8RfukYzYcdVBwZOmckEzHOkrzZTEq6QuKqAh7bkqqMF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f39a5b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
188.114.96.1200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.96.1:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2064
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8FMQSmyQCHDlNFuamRhgXpAHNQ4TKd4OPUviH0be1YFay%2FEtcRDLmCWxcjvgC6TWcBdOE8CZhl2PDWp92CL0j%2BbKI2L1wj9P5Txj96k3JRBRzz1qP4o90mk%2FjIdDkogVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772678a3cb2cb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/js/rtc.08b364bc.js
172.67.184.98200 OK 0 B URL HTTP/2 wayofnowgainsurvey.top/js/rtc.08b364bc.js
IP 172.67.184.98:0
Analyzer Verdict Alert fortinet Phishing
GET /js/rtc.08b364bc.js HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63875a03-29d4"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uya9phsv%2BnpNX5yZ8vx60gpPtK0u0MlxunyPa7CpmKxydn%2Be9FyE683r%2FGE%2F%2FoxFud4ujb9uePNjMc%2BdstWYS00bMwh8KeiejuEMkHd%2BI8E0u3lloryfkp190nSbqWTAqFNhX4GR4hAa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f39a2b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
wayofnowgainsurvey.top/js/v-utils.js.10c42cc1.js
172.67.184.98200 OK 0 B URL HTTP/2 wayofnowgainsurvey.top/js/v-utils.js.10c42cc1.js
IP 172.67.184.98:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-utils.js.10c42cc1.js HTTP/1.1
Host: wayofnowgainsurvey.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:53:12 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=8634
etag: W/"63875a03-21ba"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfoeVn8jvNyHqi%2BXefWrNLO3r2u4vzeyTIUTUIPCVCsXqKCOHM3okbftBgdV20TSnPRZG26ZWAXYeZ56lSA4aspjdnngsyrPWrpcOGAbH2guv2MamN1krE%2FEUUJAoWHl5pzBGloi6mbB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f39a7b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2