Overview

URLmkuu.2659b.xk.wy5532.com/
IP 199.115.115.118 (United States)
ASN#30633 LEASEWEB-USA-WDC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-30 20:53:19 UTC
StatusLoading report..
IDS alerts0
Blocklist alert10
urlquery alerts No alerts detected
Tags None

Domain Summary (20)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
mkuu.2659b.xk.wy5532.com (3) 0 No data No data 172.93.103.100 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-30 04:06:04 UTC 34.117.237.239
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.223.160.237
1track.pro (1) 0 2019-01-27 15:40:33 UTC 2022-11-29 20:57:11 UTC 162.254.190.3 Unknown ranking
itcleffaom.com (1) 72236 2021-07-29 11:48:44 UTC 2022-11-29 22:03:07 UTC 139.45.197.237
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
e1.o.lencr.org (4) 6159 No data No data 23.36.76.226
wayofnowgainsurvey.top (10) 0 2022-09-26 07:07:49 UTC 2022-11-30 08:03:04 UTC 172.67.184.98 Unknown ranking
ocsp.globalsign.com (1) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 104.18.21.226
mc.yandex.ru (12) 2672 2012-05-21 09:38:30 UTC 2022-11-30 04:08:52 UTC 77.88.21.119
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
datatechonert.com (1) 46154 2021-12-24 16:44:17 UTC 2022-11-30 04:19:12 UTC 139.45.195.253
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-30 04:06:17 UTC 34.102.187.140
dipaka-ead.com (3) 0 2022-10-31 13:23:43 UTC 2022-11-30 04:18:00 UTC 3.212.50.125 Unknown ranking
click-v4.expmdiadi.com (1) 0 No data No data 198.134.116.17 Unknown ranking
my.rtmark.net (1) 9054 2017-08-22 14:11:49 UTC 2022-11-30 04:08:46 UTC 139.45.195.8
cdntechone.com (1) 64371 2021-12-24 17:09:58 UTC 2022-11-30 05:47:36 UTC 188.114.96.1

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-30 2 mkuu.2659b.xk.wy5532.com/ Malware
2022-11-30 2 wayofnowgainsurvey.top/js/_global-config-sd.33011211.js Phishing
2022-11-30 2 wayofnowgainsurvey.top/js/each-land-config.9797ee02.js Phishing
2022-11-30 2 wayofnowgainsurvey.top/js/v-AxiosHeaders.js.13fc3a8c.js Phishing
2022-11-30 2 wayofnowgainsurvey.top/js/v-xhr.js.1d225573.js Phishing
2022-11-30 2 wayofnowgainsurvey.top/js/v-index.js.2c18e767.js Phishing
2022-11-30 2 wayofnowgainsurvey.top/js/rtc.08b364bc.js Phishing
2022-11-30 2 wayofnowgainsurvey.top/js/v-utils.js.10c42cc1.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-30 2 itcleffaom.com Sinkholed
2022-11-30 2 datatechonert.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.115.115.118
Date UQ / IDS / BL URL IP
2023-01-28 07:15:40 +0000 0 - 2 - 1 halifax.online-live.cc/Login.php 199.115.115.118
2023-01-25 02:30:01 +0000 0 - 0 - 1 that.pointbuysys.com/ 199.115.115.118
2023-01-22 05:39:54 +0000 0 - 0 - 3 tor-browser.org/downloads/torbrowser-install- (...) 199.115.115.118
2023-01-20 23:51:01 +0000 0 - 0 - 1 qnimnt.wy5532.com/ 199.115.115.118
2023-01-20 06:47:21 +0000 0 - 0 - 1 weretrtrt21089.uf.wy5532.com/ 199.115.115.118


Last 5 reports on ASN: LEASEWEB-USA-WDC
Date UQ / IDS / BL URL IP
2023-01-30 05:16:47 +0000 0 - 0 - 1 andicomedicalsuppliers.com/chromestre/151on89 (...) 207.244.76.130
2023-01-30 04:39:37 +0000 0 - 0 - 5 offer-dekho.live/ 199.115.116.43
2023-01-30 04:00:05 +0000 0 - 0 - 2 pegxtvamlqv0p.bar/ 199.115.116.43
2023-01-30 03:55:39 +0000 0 - 1 - 12 c1.getapplicationmy.info/?step_id=1&installer (...) 162.210.196.171
2023-01-30 02:20:21 +0000 0 - 4 - 5 viptips4youlife.world/us/uayw/viaketogummies- (...) 108.62.118.31


Last 5 reports on domain: wy5532.com
Date UQ / IDS / BL URL IP
2023-01-30 05:28:16 +0000 0 - 2 - 6 wqwqw.5d58c.rd.wy5532.com/ 37.48.65.155
2023-01-30 04:22:33 +0000 0 - 2 - 6 59b90.faedcc.wy5532.com/ 37.48.65.149
2023-01-30 02:18:51 +0000 0 - 0 - 4 xonuion.wy5532.com/ 207.244.67.215
2023-01-29 23:51:28 +0000 0 - 0 - 3 www.71e8a.xv.wy5532.com/ 199.115.115.119
2023-01-29 23:47:16 +0000 0 - 0 - 3 tgrrre.8ce67.jn.wy5532.com/ 172.93.103.101


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-30 05:39:15 +0000 0 - 2 - 2 topsurvey360.top/finance-survey.html 104.21.31.211
2023-01-30 04:58:17 +0000 0 - 1 - 3 www.aversus.site/go/cada65f6-924c-409d-b676-2 (...) 3.70.16.242
2023-01-30 04:17:26 +0000 0 - 0 - 3 makevolume.club/azzzT/27yjgdhfsd/ccc.php 45.90.56.13
2023-01-30 04:09:36 +0000 0 - 2 - 0 financessurvey180.top/survey.html 188.114.96.1
2023-01-30 03:03:45 +0000 0 - 2 - 3 gainrulesurvey.top/finance-survey.html?z=5072 (...) 172.67.154.121

JavaScript

Executed Scripts (24)

Executed Evals (1)
#1 JavaScript::Eval (size: 80) - SHA256: 541731ed911deec7a5998a88f26f13d20af42e8b7109c68a7d5c09a029853309
(() => {
    const a = async
    function name() {};
    window['2vwkg8qmugi'] = true;
})()

Executed Writes (1)
#1 JavaScript::Write (size: 4) - SHA256: b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0
2022


HTTP Transactions (59)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11187
Expires: Wed, 30 Nov 2022 23:59:35 GMT
Date: Wed, 30 Nov 2022 20:53:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 61
Cache-Control: max-age=135552
Date: Wed, 30 Nov 2022 20:53:08 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 10:32:20 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5730
Expires: Wed, 30 Nov 2022 22:28:38 GMT
Date: Wed, 30 Nov 2022 20:53:08 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 20:19:43 GMT
cache-control: public,max-age=3600
age: 2005
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: FypGaYHzxVT9zBnHzlkG6RIBQRA6m6w2L398/Ys7rzWp8a242ILwBQPzOZbEhxvZhfbThh4TEUA=
x-amz-request-id: ASN04FJPAMRN1YC6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 20:45:22 GMT
age: 466
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET / HTTP/1.1 
Host: mkuu.2659b.xk.wy5532.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         172.93.103.100
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 485
date: Wed, 30 Nov 2022 20:53:08 GMT
server: nginx
set-cookie: sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9; path=/; domain=.wy5532.com; expires=Tue, 19 Dec 2090 00:07:15 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (485), with no line terminators
Size:   485
Md5:    3f1829e5050273fadc4d4ae553aef259
Sha1:   10634b10d11a35be3f037ff0a68665d3e5de1461
Sha256: 9585c64db7afa5960586ee5c0fa1f642d0333ca0f738421ee195896db53a5a20

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 30 Nov 2022 20:53:08 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: mkuu.2659b.xk.wy5532.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mkuu.2659b.xk.wy5532.com/
Cookie: sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9

search
                                         172.93.103.100
HTTP/1.1 404 Not Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Wed, 30 Nov 2022 20:53:09 GMT
server: nginx


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   9
Md5:    d8f4a1993546cc4b850cde3599e27aec
Sha1:   094b763b4cfcc0b05e5d040581cd513c3ca08067
Sha256: 907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 20:11:14 GMT
cache-control: public,max-age=3600
age: 2515
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 68
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 20:53:09 GMT
Last-Modified: Wed, 30 Nov 2022 20:52:01 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2OTg0ODc4OCwiaWF0IjoxNjY5ODQxNTg4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc203ZzR2Zm5ub280czhsYmMyb21zbzIiLCJuYmYiOjE2Njk4NDE1ODgsInRzIjoxNjY5ODQxNTg4ODY5NDkyfQ.FTlyGJRJIJDyKTkKvK3FZMINEhxnCsmdPxjm0X7srB0&sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9 HTTP/1.1 
Host: mkuu.2659b.xk.wy5532.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mkuu.2659b.xk.wy5532.com/
Cookie: sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9
Upgrade-Insecure-Requests: 1

search
                                         172.93.103.100
HTTP/1.1 302 Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Wed, 30 Nov 2022 20:53:09 GMT
location: http://dipaka-ead.com/zcvisitor/ff0011d0-70f0-11ed-940f-125eb8bd1d75/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=ff1bd737-70f0-11ed-940f-125eb8bd1d75
server: nginx
set-cookie: sid=fedc4e62-70f0-11ed-913a-d2a9a6752ce9; path=/; domain=.wy5532.com; expires=Tue, 19 Dec 2090 00:07:16 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   11
Md5:    32682312d17c7cbf18e73594f5570319
Sha1:   60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0WHEx2LxXIEitwie6mw1pw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.223.160.237
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TI4v4XZW65PAxGiCS/cKE0IChYc=

                                        
                                            GET /zcvisitor/ff0011d0-70f0-11ed-940f-125eb8bd1d75/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=ff1bd737-70f0-11ed-940f-125eb8bd1d75 HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mkuu.2659b.xk.wy5532.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         3.212.50.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Wed, 30 Nov 2022 20:53:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: fzUjaKxO


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1100
Md5:    70ffbb4193caef9ee971b619aefbd194
Sha1:   79729c08cdfa9fd885e5942c625a8002cec5f447
Sha256: 3f1aaa64fede75968463eebe021490d76e226330be76a30f956912dec6c66d0c
                                        
                                            GET /zcredirect?visitid=ff0011d0-70f0-11ed-940f-125eb8bd1d75&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/ff0011d0-70f0-11ed-940f-125eb8bd1d75/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=ff1bd737-70f0-11ed-940f-125eb8bd1d75
Upgrade-Insecure-Requests: 1

search
                                         3.212.50.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Wed, 30 Nov 2022 20:53:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: TFaRlFoM


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   284
Md5:    f189501c800d70f89645822f121a2729
Sha1:   e2a7a1d3be39c8f943c2ca246dbbc16e2893d9aa
Sha256: 4fddd2290a6fc691c2c347c90dff8b673192a4332dc4c73580560be9e8ae5d3a
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=ff0011d0-70f0-11ed-940f-125eb8bd1d75&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

search
                                         3.212.50.125
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Wed, 30 Nov 2022 20:53:10 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: MTFfLxIu


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            GET /click?i=H*cHyBbRtc8_0 HTTP/1.1 
Host: click-v4.expmdiadi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1

search
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://1track.pro/click.php?key=2hf2oflkq6fu9slgqjvg&c=A*quGcGT6tE&bid=0.0003&source=410449.385784_12342394185&source_subid=12342394185&campaign=956650&banner=5609563&browser=FIREFOX_105.0&carrier=Blix+Solutions&os=Windows+10&keyword=*&country=no&publisher=46212
Pragma: no-cache

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8039
Expires: Wed, 30 Nov 2022 23:07:09 GMT
Date: Wed, 30 Nov 2022 20:53:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8039
Expires: Wed, 30 Nov 2022 23:07:09 GMT
Date: Wed, 30 Nov 2022 20:53:10 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3711
x-amzn-requestid: 502d7eed-f24a-49e8-b14e-759778b717ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbWQSFNnIAMFpxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63879d9b-5eb88e757ff3eeaa26dd7de2;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 18:14:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hrGJk_aF0hgdEXNUAqj74wYkXby2ptGRqWKFi4sxlvs_QN9WhC6vOw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:25:55 GMT
age: 8835
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3711
Md5:    89e1a735e16f55c78fa75ae434294029
Sha1:   6c56f4015305eff04a99cec9758cd40bf4e5f704
Sha256: 26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
age: 81864
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5785
Md5:    59baec8db5ced0210ab766ea5636a5fd
Sha1:   f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
Sha256: 33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 04:55:46 GMT
age: 57444
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10176
Md5:    03014221d7f49b50ffc2d1b0a0e75457
Sha1:   772d86ad983042a728ee3490630a9cf1134ad0dd
Sha256: 81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10958
x-amzn-requestid: abfea5b0-58f5-49e1-b78e-7cf456d03cb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFHF9oIAMF5lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a20-5ab719292d440d083b07a478;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gCt9oHpZ68tLCYHIYpI1XLtADkScxwf12kDFnU0o5WoQIVSzWlqozw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:16:52 GMT
etag: "57e1d34f146d5ccd9943aa97bcc3158f7103bb07"
age: 81378
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10958
Md5:    777ce44582c70bf01a31da4cab366f36
Sha1:   57e1d34f146d5ccd9943aa97bcc3158f7103bb07
Sha256: fbdc8f65ae74dc13b7aafec464f08fdc9902af519946200ec52432ac3ca55982
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 82819
etag: "53650399f9a986ba54addd668b4557109d12003b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9674
Md5:    5508d05a290b663fd89ead9b58f2efd8
Sha1:   53650399f9a986ba54addd668b4557109d12003b
Sha256: 65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 82605
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7298
Md5:    e00769bd1391b8f4f5b8ab128a825355
Sha1:   e4ddf955e8ac1986045ed55880c43c69e588a021
Sha256: 81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
                                        
                                            GET /click.php?key=2hf2oflkq6fu9slgqjvg&c=A*quGcGT6tE&bid=0.0003&source=410449.385784_12342394185&source_subid=12342394185&campaign=956650&banner=5609563&browser=FIREFOX_105.0&carrier=Blix+Solutions&os=Windows+10&keyword=*&country=no&publisher=46212 HTTP/1.1 
Host: 1track.pro
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         162.254.190.3
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.6.2
Date: Wed, 30 Nov 2022 19:48:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=scktq5yd0; expires=Thu, 01-Dec-2022 19:48:17 GMT; Max-Age=86400; path=/; SameSite=None; Secure; uclickhash=scktq5yd0-scktq5yd0-usu3dz-ntb7-2tci0-ftb4fe-ftnt3y-c3f72a; expires=Thu, 01-Dec-2022 19:48:17 GMT; Max-Age=86400; path=/; SameSite=None; Secure;
Location: https://wayofnowgainsurvey.top/finance-survey.html?z=5452566&offer_id=2186&var=ActiveRevenue&ymid=ee9b7scktq5yd0753
Strict-Transport-Security: max-age=31536000

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "A218A2616380815BFA9AC74857ED70DD3CAB670A1A56E340213FE36DBC2A2EDE"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14526
Expires: Thu, 01 Dec 2022 00:55:18 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "A218A2616380815BFA9AC74857ED70DD3CAB670A1A56E340213FE36DBC2A2EDE"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14526
Expires: Thu, 01 Dec 2022 00:55:18 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "455BDA3629E55C1730A67D5D82C68E4001F78F8019A755178225624E16076E80"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13033
Expires: Thu, 01 Dec 2022 00:30:25 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   24792
Md5:    38dd063d263cd4ffe175e8918e9b125b
Sha1:   1bec7bdb556319f9f09f551bdfe3bbe56b292e73
Sha256: 68145e333de7eac988d98f8bb0f487c25625a4bb1782274f7724316e0e5873a5
                                        
                                            GET /gid.js HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Wed, 30 Nov 2022 20:53:12 GMT
content-length: 65
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=66269ea99402441999bcbaa6ecb72578; expires=Thu, 30 Nov 2023 20:53:12 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2120
Md5:    94f9226ebf51c36c3beef3d3250d4bc8
Sha1:   fc102539ae1a8d0de475c246edadc5b7b954af09
Sha256: 312e580d5b90e723e050ec580e149eda481ef8e6b32e6e1d7455d970a859c143
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B1A63DDF2500DCC3151C6C58D29B3D124D6E21DAF0864DF70CD7AB7D25171F4A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10484
Expires: Wed, 30 Nov 2022 23:47:56 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive

                                        
                                            GET /track?offer_id=2186&z=5452566&request_var=ActiveRevenue&variable2=ee9b7scktq5yd0753 HTTP/1.1 
Host: itcleffaom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 30 Nov 2022 20:53:12 GMT
content-length: 177
x-trace-id: fccf468bf1073228e58de581c01319e9
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   177
Md5:    ad1434eb7de0fa0cc9670240c9895d1a
Sha1:   a7e892e57d9479116a5152154ea451cd781a801b
Sha256: d9ca281f76eaf210aa31bdcbfd8dc7b21cfe5602740dcdf1f953f83754aa6065

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /js/_global-config-sd.33011211.js HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
etag: W/"63875a03-16d"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fVrY4m0auWgch%2Fzpg%2B%2F5MPDQBy5WKx%2ByVQhvepHCutPaNVrly4YxYd%2B5VcBwaysmpp6JY9cAHLdvvrTUqswtRdUqN3Aego2F%2BAq3dkld2Sdqpf%2B4SpD2ruMWYZmn8C09OG4ESECa4Xk7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f399fb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (365), with no line terminators
Size:   4085
Md5:    71a9b47df036fe85c93df7080d8489a7
Sha1:   1786c45a2af3fbb0ba4394d13c72a3b6c119bd60
Sha256: e6f15c3ac41e3b48dcf0d8da97eccb62e3fb20082f489d6b7c508f3dbf26bb35

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /css/style.94ff2c9d.css HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
cf-polished: origSize=39623
etag: W/"63875a03-9ac7"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rfYVaAaER2xmX6V5e3SGvg%2Bj31mETp%2FlI7p9Pwqq7g%2BsN3OMPK3NPN3%2FXRsohDZbEzmHk9%2FsUp5fqaKaZX3LbWyzJxGbGGxkrOJY0AEoVLCKIAytBLi3cba%2FH%2FjDjvgBF4870IAcfekT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49bdb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (39573), with no line terminators
Size:   12445
Md5:    21114c45921af3a66bc1ee8d6272590c
Sha1:   f334a7403ffb84588578d1d8f6c1aaa8de4cbdd8
Sha256: a187602d0b1c8f16e8898587185d17fec91c542ab2389c145e5ab390cdf36b95
                                        
                                            GET /js/each-land-config.9797ee02.js HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
cf-polished: origSize=82280
etag: W/"63875a03-14168"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o9mZ34xmr5wSbGngsqOYUXhv4sTB4sf68tpMuU1sk8yFPrOhu4dKEcvqYrBShA%2BSfpFgzvNyHfYI9VTVFnTz3vQ88R%2BTiYLxe29WH9XtCyvwGPFfWLIACk0aw0JoheeQfuyOJ2qpRUiJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49b8b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   29930
Md5:    c67f4e917f5087202119bfb4f64bf45c
Sha1:   d691cda1a85e6223753c60c57e0ac2477f2fadd7
Sha256: a39a66fee37acf01420a2de7a73e98c4ef87339563133463f134d36bd46e32f3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /css/survey.cd8123e3.css HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
cf-polished: origSize=19034
etag: W/"63875a03-4a5a"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXKkvKaJzPbWiQwZH%2BWQg453TBQaWEIOBNurtdMp3afPrJ8iUcyJzUXhIOQqKD13NIsPJhBkfhqZ11cafE9IUbFl%2BZOq4RmkCc5vQV3LrhK36gb9TBW44eB%2BIBvTyrYiolOqWtfwDMqZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49bab52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (18985), with no line terminators
Size:   9990
Md5:    5bb241b791eb9fa509e9d5b047ae82e5
Sha1:   e5daa45844d6a5f7d8359d65acbb45b4b7f474c9
Sha256: c10245a83a208c07e03d4a2bef57d013df886434978148cb93ecacee05746890
                                        
                                            GET /js/v-AxiosHeaders.js.13fc3a8c.js HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
etag: W/"63875a03-14fb"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L4hRDpkuRXtJCwunSwRuW7%2BnMQz45Em77PZ4n8s%2FnJdTxlbxecOvhWEh2%2BBrR0vK0e0eiNbCE%2FHynNYXC%2B4iJa8ykgFqTFtChvfT6jddFTS%2BTZdax1q03NQiNvsP3%2FLWztevYq4uxN3B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49b1b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5371), with no line terminators
Size:   7386
Md5:    b856c44438188c3269a782c733f0d4ac
Sha1:   a633c30b3bfa168fc4f65a7707bf306d6cd9c4ed
Sha256: 023788e0a9b07e09b51b4568e64ab0dd711a77aecb8636640a5495f3306639d0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10589
Expires: Wed, 30 Nov 2022 23:49:41 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "EC1DACE4E9720C35CDAECC0B552C805852D307EEDBD02C06E9F3642FACD4B3D3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10589
Expires: Wed, 30 Nov 2022 23:49:41 GMT
Date: Wed, 30 Nov 2022 20:53:12 GMT
Connection: keep-alive

                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 20:53:13 GMT
Content-Length: 937
Connection: keep-alive
Expires: Sun, 04 Dec 2022 18:10:12 GMT
ETag: "1ae38cdba014baeabca1a98172bf3f219a1eceaa"
Last-Modified: Wed, 30 Nov 2022 18:10:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2603
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772678a4ad9db500-OSL

                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 73267
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: *
etag: "63875d46-11e33"
expires: Wed, 30 Nov 2022 21:53:13 GMT
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Size:   73267
Md5:    1d79426653c3b55939eaec59a2ce8ef5
Sha1:   c6db0314df7a4e5c08047f6306e0b79a1ad3bab2
Sha256: 2729cfe8b2f5142cf99734cbb4e1a3c6cd35868d279cd796db49ef62742ef993
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 20:53:13 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 01:33:19 GMT
Expires: Tue, 06 Dec 2022 01:33:18 GMT
Etag: "03e52819d86a0fa523e77ed24126e76e5369bd21"
Cache-Control: max-age=448204,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772678a4e855b4f4-OSL

                                        
                                            POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1 
Host: datatechonert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1057
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Wed, 30 Nov 2022 20:53:13 GMT
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://wayofnowgainsurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    adb4650bfc9d2a73d4dd69583b0ceb14
Sha1:   1ce399d6e936232aaf2192cd7903a279c5015f22
Sha256: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: *
etag: "63875d46-2b"
expires: Wed, 30 Nov 2022 21:53:13 GMT
accept-ranges: bytes
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 400
date: Wed, 30 Nov 2022 20:53:13 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Size:   400
Md5:    88ca917033718c4d8bfad730e8d5720b
Sha1:   c3339ec1e34328dc244c7ada28fadfb9297d9e97
Sha256: e40901684890f537c106c3fd1b50a4bb2cfbd02f43766300697e3ee52644a94c
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonUnique&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A983681304%3Arqn%3A3%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(3)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 302 Found
                                        
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A170%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A803017963%3Arqn%3A1%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C50%2C1%2C%2C0%2C%2C103%2C2%2C%2C%2C%2C217%3Ans%3A1669841591067%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
set-cookie: yandexuid=535554371669841593; Expires=Thu, 30-Nov-2023 20:53:13 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yuidss=535554371669841593; Expires=Thu, 30-Nov-2023 20:53:13 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yabs-sid=1652738641669841593; Path=/; SameSite=None; Secure i=MWPwpcgRr/GB40dRwDo0t6iksYPEhNyx3BOqkD5qNFiql00jSNpfod245iHPvuvxxEVcwApvlS+AXofDH5u90n2gESI=; Expires=Sat, 27-Nov-2032 20:53:10 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None ymex=1701377593.yc.1669841593#1701377593.yrts.1669841593#1701377593.yrtsi.1669841593; Expires=Thu, 30-Nov-2023 20:53:13 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonStepChange&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A834536071%3Arqn%3A4%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(4)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A345394813%3Arqn%3A5%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(5)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonAdexCall&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A406567818%3Arqn%3A6%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(6)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonTrackImpression&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A472597732%3Arqn%3A7%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(7)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 199
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A839499907%3Arqn%3A10%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(10)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   42131
Md5:    c545b7652bd968317341b8cd6691fa94
Sha1:   2d0ce0a009353efe6086a18045ebc3ae92a9b087
Sha256: dbf2971754847f6a1ef13a5d987e01543e7e8260958dc1a6ae48f90e3c2f77ed
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonAdexLoad&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A607452529%3Arqn%3A8%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(8)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fwayofnowgainsurvey.top%2FonGetIppRotate&page-ref=https%3A%2F%2Fwayofnowgainsurvey.top%2Ffinance-survey.html%3Fz%3D5452566%26offer_id%3D2186%26var%3DActiveRevenue%26ymid%3Dee9b7scktq5yd0753%26utm_campaign%3DActiveRevenue%26utm_medium%3D5452566%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669841593_02eb05ce83a72e4c0cd6564e05e8e6df71cfad53e767a6deb09c425fde533706&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1155400453803%3Ahid%3A436819306%3Az%3A0%3Ai%3A20221130205312%3Aet%3A1669841592%3Ac%3A1%3Arn%3A962924486%3Arqn%3A9%3Au%3A1669841592559381518%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1669841591067%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669841592%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)rqnt(9)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 484
Origin: https://wayofnowgainsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 30 Nov 2022 20:53:13 GMT
access-control-allow-origin: https://wayofnowgainsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 30-Nov-2022 20:53:13 GMT
last-modified: Wed, 30-Nov-2022 20:53:13 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /js/v-xhr.js.1d225573.js HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
etag: W/"63875a03-b97"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kztZ6iZdW6mdFZTlFNUXlCFbLTdKBWVXxuwLzqSxu8N3PCreDg4wSWllhjKjEHjJ3Ed1GOX%2BvCUQ8Oq2R8E%2BmDR3I2VGHNwxTJ24DOWAnHCt%2FZ95iVllW%2BZGSWg2ZiIgGzYstmkK%2FmGg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f49b6b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /finance-survey.html?z=5452566&offer_id=2186&var=ActiveRevenue&ymid=ee9b7scktq5yd0753 HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1znlm1KTlC9HR2a4dONKDmGHDsGBX1glsXMpbpJqxSufZv%2FVuIEwUW1yLgYT4qqal1ym1Ad84TMALJE8AALpiFa6hgJRtHQwp54A2BlhUE1S0ZT%2B8cWReu3GX7%2BAKoCL93JNBrgU0vYO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789e6835b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/v-index.js.2c18e767.js HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
etag: W/"63875a03-923e"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5dqj7s1cpH8ph77XZHVbwlXfzYk60vuR%2Bs0V9wBkjFNVarOI%2FJuMjY6FF%2Fb7XNr0uYOxaC%2BuWn8TlXblRkd2Hy6lZ8q%2B6Rrw8RfukYzYcdVBwZOmckEzHOkrzZTEq6QuKqAh7bkqqMF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f39a5b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /stattag.js HTTP/1.1 
Host: cdntechone.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         188.114.96.1
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2064
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8FMQSmyQCHDlNFuamRhgXpAHNQ4TKd4OPUviH0be1YFay%2FEtcRDLmCWxcjvgC6TWcBdOE8CZhl2PDWp92CL0j%2BbKI2L1wj9P5Txj96k3JRBRzz1qP4o90mk%2FjIdDkogVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772678a3cb2cb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/rtc.08b364bc.js HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
etag: W/"63875a03-29d4"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uya9phsv%2BnpNX5yZ8vx60gpPtK0u0MlxunyPa7CpmKxydn%2Be9FyE683r%2FGE%2F%2FoxFud4ujb9uePNjMc%2BdstWYS00bMwh8KeiejuEMkHd%2BI8E0u3lloryfkp190nSbqWTAqFNhX4GR4hAa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f39a2b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/v-utils.js.10c42cc1.js HTTP/1.1 
Host: wayofnowgainsurvey.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.67.184.98
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 20:53:12 GMT
cf-bgj: minify
cf-polished: origSize=8634
etag: W/"63875a03-21ba"
last-modified: Wed, 30 Nov 2022 13:26:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfoeVn8jvNyHqi%2BXefWrNLO3r2u4vzeyTIUTUIPCVCsXqKCOHM3okbftBgdV20TSnPRZG26ZWAXYeZ56lSA4aspjdnngsyrPWrpcOGAbH2guv2MamN1krE%2FEUUJAoWHl5pzBGloi6mbB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7726789f39a7b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing