rouonixon.com/4/5232927/
139.45.197.238200 OK 9.2 kB IP 139.45.197.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12966)
Hash 6f27bdecda7e6988ae2d2c11a3e3f99b
69a625f770fff9ecd950c0a0c4405bae57059d1d
ae1beb0f145d7cc2683c264779be6ba00698722043b2e6e28d128849f88d3af8
Analyzer Verdict Alert fortinet Phishing
GET /4/5232927/ HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 21:05:03 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ee0b17f7d51f7e38765b71cbb26f7802
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=1465bef1a595476fb8bb1d4c7130e1a5; expires=Thu, 08 Feb 2024 21:05:03 GMT; path=/
oaidts=1675890303; expires=Thu, 08 Feb 2024 21:05:03 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2294
Expires: Wed, 08 Feb 2023 21:43:17 GMT
Date: Wed, 08 Feb 2023 21:05:03 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4167
Expires: Wed, 08 Feb 2023 22:14:30 GMT
Date: Wed, 08 Feb 2023 21:05:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 20:36:43 GMT
content-type: application/json
age: 1700
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17407
Expires: Thu, 09 Feb 2023 01:55:10 GMT
Date: Wed, 08 Feb 2023 21:05:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: F4HR18WHqwAwvBoCBF1IjBfS6jFIMXt0VwQRImAowIr5VqLjNUGD7hUL/GTCB8LeGaoKR09zc+8=
x-amz-request-id: 5WRYAPPM7NWFQHWH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 20:46:06 GMT
age: 1137
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:05:03 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9c14e228f19415f2af825294ff401241
dabb4fa3c22980b27aa873fd8aa429366655c95e
df9ed274a8026ea08f348145695717b6f8a11fa8f3c14e60b30b4cd60f7e2fde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF9ED274A8026EA08F348145695717B6F8A11FA8F3C14E60B30B4CD60F7E2FDE"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9287
Expires: Wed, 08 Feb 2023 23:39:50 GMT
Date: Wed, 08 Feb 2023 21:05:03 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=merge&userId=1465bef1a595476fb8bb1d4c7130e1a5
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=1465bef1a595476fb8bb1d4c7130e1a5
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=1465bef1a595476fb8bb1d4c7130e1a5 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rouonixon.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:05:03 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1465bef1a595476fb8bb1d4c7130e1a5; expires=Thu, 08 Feb 2024 21:05:03 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
rouonixon.com/?z=5232927&syncedCookie=true&rhd=false
139.45.197.238302 Found 0 B URL HTTP/1.1 rouonixon.com/?z=5232927&syncedCookie=true&rhd=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET ADWARE_PUP Win32/Adware.Agent.NSU CnC Activity M2
POST /?z=5232927&syncedCookie=true&rhd=false HTTP/1.1
Host: rouonixon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 441
Origin: http://rouonixon.com
Connection: keep-alive
Referer: http://rouonixon.com/afu.php?zoneid=5232927&var=5232927&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false
Cookie: OAID=1465bef1a595476fb8bb1d4c7130e1a5; oaidts=1675890303
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 08 Feb 2023 21:05:03 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 727559de109df27ae7128c1ebac14cd9
Link: <https://shunumsasurvey.space>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://shunumsasurvey.space/betting-survey.html?offer_id=2058&s=647293449565118958&z=5232927&var=&geo=NO&ipp=1&rdk=rk3
Access-Control-Allow-Origin: http://rouonixon.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=1465bef1a595476fb8bb1d4c7130e1a5; expires=Thu, 08 Feb 2024 21:05:03 GMT; path=/
oaidts=1675890303; expires=Thu, 08 Feb 2024 21:05:03 GMT; path=/
syncedCookie=true; expires=Wed, 15 Feb 2023 21:05:03 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b1b7fddaac6ae3be8490606a0b940281
c067b3dedcb3b4efde29e702d3f3178294d3eb97
00a82f093040742bfd6d73d00c2a4e98a5fa28b914533691e0a586fb2e26bec8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:05:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 06 Feb 2023 02:07:09 GMT
Expires: Mon, 13 Feb 2023 02:07:08 GMT
Etag: "c067b3dedcb3b4efde29e702d3f3178294d3eb97"
Cache-Control: max-age=363124,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967523df8bcfabc-OSL
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ff56fb8c111d6381373fea48a15c726
36d4584f4d3c130645744573b50d2cb9e648d5b8
bece9c75e20cd45c01f873d030637b499b03e7201e15ff8d354db3bea10eba3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "BECE9C75E20CD45C01F873D030637B499B03E7201E15FF8D354DB3BEA10EBA3F"
Last-Modified: Mon, 06 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Wed, 08 Feb 2023 21:51:32 GMT
Date: Wed, 08 Feb 2023 21:05:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 20:51:20 GMT
age: 824
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ff56fb8c111d6381373fea48a15c726
36d4584f4d3c130645744573b50d2cb9e648d5b8
bece9c75e20cd45c01f873d030637b499b03e7201e15ff8d354db3bea10eba3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "BECE9C75E20CD45C01F873D030637B499B03E7201E15FF8D354DB3BEA10EBA3F"
Last-Modified: Mon, 06 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2788
Expires: Wed, 08 Feb 2023 21:51:32 GMT
Date: Wed, 08 Feb 2023 21:05:04 GMT
Connection: keep-alive
shunumsasurvey.space/js/betting-survey.31d6cfe0.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/betting-survey.31d6cfe0.js
IP 172.67.178.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/betting-survey.31d6cfe0.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
content-length: 0
cf-bgj: minify
etag: "63e3940b-0"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQ6ooQgTik9TIwrvSvKtnPZV6NX3WJI2BjnYX1mrx4mDHREO1Ff0pVkQUrRqSF6TRAWjDWP1KPi7TfIytKiSRvNXI7VsyhVtrhiyWWMwD0gw%2FfGzQh7caWHA%2FXnndASJTsirshnxtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752412e81b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6496
Expires: Wed, 08 Feb 2023 22:53:20 GMT
Date: Wed, 08 Feb 2023 21:05:04 GMT
Connection: keep-alive
shunumsasurvey.space/js/_is-browser-supported.e7018771.js
172.67.178.79200 OK 2.7 kB URL HTTP/2 shunumsasurvey.space/js/_is-browser-supported.e7018771.js
IP 172.67.178.79:0
File type ASCII text, with very long lines (1001), with no line terminators
Hash 7e4513ee60431253e844be1c2102e8c6
07630a09bfc231e70a94852a509ce8715990adbc
95c9d7d8f2804be69f34cc62e53d0d472117fbb0edb9ebe6a92d973a6125fa71
GET /js/_is-browser-supported.e7018771.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-3e9"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqAvmE8%2BHzMmm%2BTx01HatjB1RUhN%2B9ThPCmmVf7biBoaVobgir0VE737SiatRcoGePmMJQAIy%2Fz5X2%2F5RpVdUuzZ4tnQLIeSdr09cWmSZ4W%2B9gl4S74mRy48lc5d6NQbUi9ZJKQgYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752410e3cb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/js/_core-survey.b3941fbc.js
172.67.178.79200 OK 51 kB URL HTTP/2 shunumsasurvey.space/js/_core-survey.b3941fbc.js
IP 172.67.178.79:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 3147492d2dae859b4db5b2ed7a255265
9fff39bc16f0590ec68edf36458fe5e4f401408e
31d324a5b59109734b7304796ebd125f12151deba438af3215fc20676d0f1086
GET /js/_core-survey.b3941fbc.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-2ec33"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=90dCdLCXW7VzfWv1zF%2BUkWrRfDhU68c4IJhoGvub1gKqMUV4h01vxm52XkENBCwf3SlrbXlzbixi22iRbODSEMZT3FMFt%2FSSNEOLH7qManCDUTMiiqqVNZbv51JK%2BoKLq2oJjCHwfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752412e7fb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 86a358a5492e662795366b49b33121fb
f4258556564a601559e2ff5fc7f292e0dbcce712
ef9996a21593ba39452c94210f17a52499d59e263b019c9677ca46d9fd1e9b50
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=85519e76ef5e42e9bf0eb9cdbe5c5c66; expires=Thu, 08 Feb 2024 21:05:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 86a358a5492e662795366b49b33121fb
f4258556564a601559e2ff5fc7f292e0dbcce712
ef9996a21593ba39452c94210f17a52499d59e263b019c9677ca46d9fd1e9b50
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shunumsasurvey.space
Connection: keep-alive
Cookie: ID=85519e76ef5e42e9bf0eb9cdbe5c5c66
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=85519e76ef5e42e9bf0eb9cdbe5c5c66; expires=Thu, 08 Feb 2024 21:05:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.185.138.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.185.138.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bQOyfIdCmsY3cTBayl5DkQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TjxBW9kFlvKq5iiADNb1upHoE88=
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2553f9b37a617d218e1d8ce725118332
853a8ac6a1c78f232ac9ea416b816a0a1b6b4595
46d25c12d94e283f7c006cd3e8362221cd42dfd15a81f30b34bb7a0ec3dd41c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3851
Cache-Control: max-age=164551
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:05:04 GMT
Etag: "63e3df3c-118"
Expires: Fri, 10 Feb 2023 18:47:35 GMT
Last-Modified: Wed, 08 Feb 2023 17:43:24 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a9bb077f501697149d17a958de17f9ea
2c1f0a0d330ed20fbabbf8005dd726fcab890cc7
0efab6eab1484bff48e8cdd6e23b0dbed9917d65014eb47f7d91377c05f95564
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0EFAB6EAB1484BFF48E8CDD6E23B0DBED9917D65014EB47F7D91377C05F95564"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6338
Expires: Wed, 08 Feb 2023 22:50:42 GMT
Date: Wed, 08 Feb 2023 21:05:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2553f9b37a617d218e1d8ce725118332
853a8ac6a1c78f232ac9ea416b816a0a1b6b4595
46d25c12d94e283f7c006cd3e8362221cd42dfd15a81f30b34bb7a0ec3dd41c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3851
Cache-Control: max-age=164551
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:05:04 GMT
Etag: "63e3df3c-118"
Expires: Fri, 10 Feb 2023 18:47:35 GMT
Last-Modified: Wed, 08 Feb 2023 17:43:24 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280
shunumsasurvey.space/js/v-index.js.9beb3c1d.js
172.67.178.79200 OK 12 kB URL HTTP/2 shunumsasurvey.space/js/v-index.js.9beb3c1d.js
IP 172.67.178.79:0
File type ASCII text, with very long lines (35280), with no line terminators
Hash 4dca2e2bdc053f37ef776aa5011ce8c6
662fdf2bd881e2477ed96a4f39de5bb7b7c74a27
dd1e9de10a78ff05c3f224ba39dadbfb74b7888b8b2e5b1fddd1ad237a5b85ea
GET /js/v-index.js.9beb3c1d.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-89d0"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dwwtHkozGH0dLpI9oaH9Fjc%2Bx2MMi%2Fj7LbDJiGnMWmTNNXGnQMnB6VNbaaZyQUkldj56DCtPOiKSvJor92ssMHGsYN0FWb%2BoCUY7I8y%2FQU6qheIIvjVbMEbX5%2FlWM79NccoP3wEyQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752410e4ab527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
laugoust.com/zone?&pub=0&zone_id=4843161&is_mobile=false&domain=shunumsasurvey.space&var=5232927&ymid=&var_3=647293449565118958&dsig=&action=prerequest
139.45.197.250200 OK 0 B URL HTTP/2 laugoust.com/zone?&pub=0&zone_id=4843161&is_mobile=false&domain=shunumsasurvey.space&var=5232927&ymid=&var_3=647293449565118958&dsig=&action=prerequest
IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /zone?&pub=0&zone_id=4843161&is_mobile=false&domain=shunumsasurvey.space&var=5232927&ymid=&var_3=647293449565118958&dsig=&action=prerequest HTTP/1.1
Host: laugoust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:05:04 GMT
content-length: 0
x-trace-id: e434ade24662c42589bb735b3229bc48
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1c80af36001bb411e8b9ea62aafc5f1f
48269815d3b33eb54eedecd6e6fe20f3a89203a7
cc4cb2b7ee1298a7df95dbd697f69a5f9b57b7fc64db07eb807f813aeb894219
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CC4CB2B7EE1298A7DF95DBD697F69A5F9B57B7FC64DB07EB807F813AEB894219"
Last-Modified: Wed, 08 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18304
Expires: Thu, 09 Feb 2023 02:10:08 GMT
Date: Wed, 08 Feb 2023 21:05:04 GMT
Connection: keep-alive
pulsersurvey.com/contents/s/0f/b5/a0/eccfe6fe27747ca4a84abb1c9b/0926450336462.png
139.45.197.153200 OK 11 kB URL HTTP/2 pulsersurvey.com/contents/s/0f/b5/a0/eccfe6fe27747ca4a84abb1c9b/0926450336462.png
IP 139.45.197.153:0
File type PNG image data, 140 x 140, 8-bit/color RGB, non-interlaced\012- data
Hash 0fb5a0eccfe6fe27747ca4a84abb1c9b
f83ae7f2c746872a9ba9da626928946e3b6de28d
70eba3a4b499c4ffe4a8e62461c1b8581a9dd904f14b5742b48632dbebdd30a6
GET /contents/s/0f/b5/a0/eccfe6fe27747ca4a84abb1c9b/0926450336462.png HTTP/1.1
Host: pulsersurvey.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: image/png
content-length: 10580
last-modified: Thu, 21 Jan 2021 09:10:34 GMT
vary: Accept-Encoding
etag: "6009450a-2954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
itcleffaom.com/rotate?zz=4326387;5592670;5592658;5592700;5592634;5592702;5622941&var=5232927&uid=85519e76ef5e42e9bf0eb9cdbe5c5c66
139.45.197.237200 OK 3.0 kB URL HTTP/2 itcleffaom.com/rotate?zz=4326387;5592670;5592658;5592700;5592634;5592702;5622941&var=5232927&uid=85519e76ef5e42e9bf0eb9cdbe5c5c66
IP 139.45.197.237:0
Hash aebd48abc46edb3805b6d8f114872856
2fc1d75465b94c01f3b1338b4fd4626500df0427
35824124355fb5bf7ee0321abfb268f1fa42cd7d4ec7ef1d3e0b25911c7c5aed
GET /rotate?zz=4326387;5592670;5592658;5592700;5592634;5592702;5622941&var=5232927&uid=85519e76ef5e42e9bf0eb9cdbe5c5c66 HTTP/1.1
Host: itcleffaom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
x-trace-id: 6b8e8d879741b8ada3ea3d0327157951
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://shunumsasurvey.space
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=85519e76ef5e42e9bf0eb9cdbe5c5c66; expires=Thu, 08 Feb 2024 21:05:04 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
37.48.68.71200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1295
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 08 Feb 2023 21:05:05 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://shunumsasurvey.space
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
cdntechone.com/stattag.js
188.114.96.1200 OK 7.7 kB URL HTTP/2 cdntechone.com/stattag.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (17301), with no line terminators
Hash 318e3a40f81ad972f5bfef998d988fc9
40c4e941041d629ced0252eb9d064af8bac7b3d0
2b26d7489fcc19638f334e584cb1542eb9ad6ec70797202854947534546b15dd
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 16:30:45 GMT
etag: W/"63dd36b5-4395"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1587
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u9FSMDIcubVW2M%2B2f2ElDejR4IWYTMtK8NNrTL5t19vq61%2FOeVbRvoz97GWoY5uWQbnQBsnTPJ2g0XOR6tbYBtPpW7QeHyeM6kg16wjHOF%2BEl7Y%2Fo4Q%2BRPdRpQmoBv%2Binw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79675244782bb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
87.250.251.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.251.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash a236c7014c1f1a1e52d356f59e5d665a
b66c638eb2346287364c37725819bbab1f409d66
ad2d57579e453af0eac49156840bcd1dcfbd802a82135af98f41f714d7e698f2
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73769
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: *
etag: "63e36f34-12029"
expires: Wed, 08 Feb 2023 22:05:05 GMT
last-modified: Wed, 08 Feb 2023 12:45:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: *
etag: "63e36f34-2b"
expires: Wed, 08 Feb 2023 22:05:05 GMT
accept-ranges: bytes
last-modified: Wed, 08 Feb 2023 12:45:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A391%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890361%3Ac%3A1%3Arn%3A808009556%3Arqn%3A1%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C86%2C1%2C%2C0%2C%2C125%2C0%2C%2C%2C%2C315%3Aco%3A0%3Ans%3A1675890360285%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890361%3At%3ASports%20Pro%20Test&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
87.250.251.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A391%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890361%3Ac%3A1%3Arn%3A808009556%3Arqn%3A1%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C86%2C1%2C%2C0%2C%2C125%2C0%2C%2C%2C%2C315%3Aco%3A0%3Ans%3A1675890360285%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890361%3At%3ASports%20Pro%20Test&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash 14081868638a08a293f7f7ad1d1fc62f
e08d2017c3c425cf1d85a9f55798a3af8e733739
477de2cedab651079c5c921c36b8404044ade24a7c9f8ce2bc42485f48b39a94
GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A391%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890361%3Ac%3A1%3Arn%3A808009556%3Arqn%3A1%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C86%2C1%2C%2C0%2C%2C125%2C0%2C%2C%2C%2C315%3Aco%3A0%3Ans%3A1675890360285%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890361%3At%3ASports%20Pro%20Test&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Wed, 08 Feb 2023 21:05:05 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A391%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890361%3Ac%3A1%3Arn%3A808009556%3Arqn%3A1%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C86%2C1%2C%2C0%2C%2C125%2C0%2C%2C%2C%2C315%3Aco%3A0%3Ans%3A1675890360285%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890361%3At%3ASports%20Pro%20Test&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.251.119302 Found 43 B URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A391%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890361%3Ac%3A1%3Arn%3A808009556%3Arqn%3A1%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C86%2C1%2C%2C0%2C%2C125%2C0%2C%2C%2C%2C315%3Aco%3A0%3Ans%3A1675890360285%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890361%3At%3ASports%20Pro%20Test&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A391%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890361%3Ac%3A1%3Arn%3A808009556%3Arqn%3A1%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C86%2C1%2C%2C0%2C%2C125%2C0%2C%2C%2C%2C315%3Aco%3A0%3Ans%3A1675890360285%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890361%3At%3ASports%20Pro%20Test&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afp%3A391%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890361%3Ac%3A1%3Arn%3A808009556%3Arqn%3A1%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C86%2C1%2C%2C0%2C%2C125%2C0%2C%2C%2C%2C315%3Aco%3A0%3Ans%3A1675890360285%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890361%3At%3ASports%20Pro%20Test&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: https://shunumsasurvey.space
set-cookie: yabs-sid=1803709151675890305; Path=/; SameSite=None; Secure
i=6c4ucyJoebrMlOmwvIPM0/UehO/1gLe5XJDK7yBwvgzRzXWLd8p2ssvSNuHXdrWKt9zUU/fEJFNyj546R6xUIB3S5LA=; Expires=Sat, 05-Feb-2033 21:05:03 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=4617134441675890305; Expires=Thu, 08-Feb-2024 21:05:05 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=4617134441675890305; Expires=Thu, 08-Feb-2024 21:05:05 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1707426305.yc.1675890305#1707426305.yrts.1675890305#1707426305.yrtsi.1675890305; Expires=Thu, 08-Feb-2024 21:05:05 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonAdexCall&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A358499085%3Arqn%3A3%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(3)aw(1)fip(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonAdexCall&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A358499085%3Arqn%3A3%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(3)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonAdexCall&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A358499085%3Arqn%3A3%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(3)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonNotificationPermission&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A523639267%3Arqn%3A6%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(6)aw(1)fip(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonNotificationPermission&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A523639267%3Arqn%3A6%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(6)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonNotificationPermission&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A523639267%3Arqn%3A6%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(6)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonStepChange&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A984889787%3Arqn%3A5%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonStepChange&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A984889787%3Arqn%3A5%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonStepChange&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A984889787%3Arqn%3A5%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonUnique&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A261444154%3Arqn%3A4%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonUnique&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A261444154%3Arqn%3A4%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonUnique&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A261444154%3Arqn%3A4%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A252299788%3Arqn%3A9%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(9)aw(1)fip(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A252299788%3Arqn%3A9%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(9)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A252299788%3Arqn%3A9%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(9)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonGetIppRotate&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A362880689%3Arqn%3A8%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonGetIppRotate&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A362880689%3Arqn%3A8%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonGetIppRotate&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A362880689%3Arqn%3A8%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(8)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 316
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonAdexLoad&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A867865884%3Arqn%3A7%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonAdexLoad&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A867865884%3Arqn%3A7%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fshunumsasurvey.space%2FonAdexLoad&page-ref=https%3A%2F%2Fshunumsasurvey.space%2Fbetting-survey.html%3Foffer_id%3D2058%26s%3D647293449565118958%26z%3D5232927%26var%3D%26geo%3DNO%26ipp%3D1%26rdk%3Drk3%26utm_medium%3D5232927%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1675890305_c9be16668dde7aa79f75c0e707e3ba1a9e48ac1cc38dbef0c00e12d9999f3fd4&browser-info=ar%3A1%3Avf%3Asm0eap24hzlr84c06sesn%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A960%3Acn%3A1%3Adp%3A0%3Als%3A1245291086774%3Ahid%3A570224873%3Az%3A0%3Ai%3A20230208210601%3Aet%3A1675890362%3Ac%3A1%3Arn%3A867865884%3Arqn%3A7%3Au%3A1675890361974307181%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1675890360285%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1675890362%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-8)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://shunumsasurvey.space
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Feb 2023 21:05:05 GMT
access-control-allow-origin: https://shunumsasurvey.space
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Feb-2023 21:05:05 GMT
last-modified: Wed, 08-Feb-2023 21:05:05 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6081
Expires: Wed, 08 Feb 2023 22:46:26 GMT
Date: Wed, 08 Feb 2023 21:05:05 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6081
Expires: Wed, 08 Feb 2023 22:46:26 GMT
Date: Wed, 08 Feb 2023 21:05:05 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6081
Expires: Wed, 08 Feb 2023 22:46:26 GMT
Date: Wed, 08 Feb 2023 21:05:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 544181f4aba24fc687a14522dd20f720
2b117270563b8c466ec774acce55271c38f6135b
607c45cc5b4726b92c8507988bbb90ac6a44a3cf22b290030d440266350099a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4961
x-amzn-requestid: c3b9db99-726f-4473-a6b6-9cff0dceb949
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswe1GeRoAMFiAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-17b52fcd74e374f1104af709;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dSxTM3mmYK8cLOy5_x4o-lew1goEgwT4fBHi0pM-HSK_qBC6rDAlzg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 05:47:57 GMT
age: 55028
etag: "2b117270563b8c466ec774acce55271c38f6135b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
34.120.237.76200 OK 23 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP 34.120.237.76:0
Hash cbcc44d1114c4e510d656d5a411bac52
863052cef12e67a4d8adaf6a6a324da27a7ccb3d
c0685455d1a9a990b6cbcec4c56f3210946698b6b91aefddd38f238a153fb6bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:22 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 83383
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b327816bc2c6fd7291c75c693685d54
771070be61d0724b1c90ca86ea34c804bd7e501a
d45188239cacc7b228bc75ccc95afb48914aaa434c418cd5b786533e8b9cb983
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mgfr5wO7Bj5BVjKYY7O0c4ogLognfq09QrA9khZROr2CVyOWgKTz1g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:35 GMT
age: 83550
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 726928e5de19ef978faebbe933c34008
bdaba3ed0c7efb65de88af96063d830683c8499b
c6d208fcee052da80de1bf2dcccbbc48853511b8888c4777799ee676abba51b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8644
x-amzn-requestid: d6d71f42-f887-4ad0-a2b7-9073d3857b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjRHBFoAMF4_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-57490f255d8d30a561fdcd3a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qfHMhMAdnYcOa0Xm23enTGXj4CQC-QFHV50Pq6QQdvM5YcIgUZVPRQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:54:36 GMT
etag: "bdaba3ed0c7efb65de88af96063d830683c8499b"
content-type: image/jpeg
age: 83429
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qYXu_I4vL00EOopA1nQcxCTMKf4nObKFk9XQozhw6FezKsfTDem3Mw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:35 GMT
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
age: 82710
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: ef7a879d-25be-42b0-a5c5-df6ad8f1482c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_R2FFv5IAMFZ7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c9c0-2f8fa7ef41b70de04cfb5ac6;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:59:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JxJrYYY7fMm_DCBcuC4OEdR62HL5VMvJbt_a6TWp4QfqN0qxgFgj-A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:50 GMT
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
age: 82695
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
shunumsasurvey.space/js/v-_equalByTag.js.ead4b604.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/v-_equalByTag.js.ead4b604.js
IP 172.67.178.79:0
GET /js/v-_equalByTag.js.ead4b604.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-3a6"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2dzyaUo8zo%2BRwPRs7KMOQLvZQc63ZyNxXVMzn6%2Fw%2BYdKgQNQMlGgp0sgqvBQHPOtZRoGxIkJxpiwOiS%2Flb57ftXIMvFSUOeoMAnKRqaC29FJWtkgyZXIaQm34zpZGnnQ3fAMXppsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752410e4db527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/js/_global-config-sd.72e733ae.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/_global-config-sd.72e733ae.js
IP 172.67.178.79:0
GET /js/_global-config-sd.72e733ae.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-3c4"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IG%2B6R7glfv8kkNJGEqyoTb1S3%2FpvbwNZPMrbFHn%2FjMKHP7PgofeJ9YD4uEuLtPpR294i5gfJxzrIakzoK0kZzorwR1DMgKAITFxD2PtbQMOUhI19ZHJKTEhHD1FI3GRNtlQql1sNmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752410e3fb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/css/_core-survey.4a4f0a3c.css
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/css/_core-survey.4a4f0a3c.css
IP 172.67.178.79:0
GET /css/_core-survey.4a4f0a3c.css HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1440
etag: W/"63e3940b-5a0"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L1zLPR0GORwF1VoPYxLZG4m70TXb6liYtfePxvdqFvPTr13QKcW4sCaYEJqPExCoSf4ikwwaLCD%2FgNfbAEE7LyzEA1WrrEaNwyF%2BZwN%2B17dBAQQgF80iwb0%2FtFc%2Bu4MTIrtdqa4H1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752412e86b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/js/v-react-dom.production.min.js.e61a9061.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/v-react-dom.production.min.js.e61a9061.js
IP 172.67.178.79:0
GET /js/v-react-dom.production.min.js.e61a9061.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-1f8eb"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L9pjR8fGm8Og2PbeR5uM%2FMwdK4K%2BJ29lsNwFWlmCf2U1nuENp%2FZkkOFMAjRhB72%2Bj1zJkXLNMrS4u8wsP1CEQePjGdKTVKf4aUKHX4w5dfO2Z%2BdhEcEanv7SXq3BIJywBOrO5Z0rAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752412e7cb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/js/_rtc.d31e31d0.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/_rtc.d31e31d0.js
IP 172.67.178.79:0
GET /js/_rtc.d31e31d0.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-2bb5"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2QOIuy62lTbDk40GULEzUwh6rHWiphVXQpXcxVkbt4P3fN6NGHSklzrPKI15xJJ%2Fgg3kbXXVZ%2FkMamCE%2BwAauS0z4uRO6nK0SKuBeZg9UOXEspdCSAH%2BByrKpVyQr7%2BuQ%2Fc85EOE4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752410e42b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/js/_each-land-config.a8efdcbd.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/_each-land-config.a8efdcbd.js
IP 172.67.178.79:0
GET /js/_each-land-config.a8efdcbd.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-a2ee"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8gy66HhyxRev2BPD3U6aaKbMFPbsUlh11yAEyXtnLb3t1V%2F3ss3jHGZ6XCfJH9JMImAF6m8CuSN5g%2B8TfSXyyBjABOmbouyUQHQGhwaYs%2BErD4RZlkYbpkTdWef1sx9PcRChmLVJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752410e48b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/js/v-_baseIsEqualDeep.js.11f83715.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/v-_baseIsEqualDeep.js.11f83715.js
IP 172.67.178.79:0
GET /js/v-_baseIsEqualDeep.js.11f83715.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-2cf"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VXP4VnJ3Uuu8V%2FiDIC%2Bx4z9FPFWF1K0B7MCOIoZmmgXDm0%2Fds%2BekUwnGhy58g2Y5VDv5YAJbJiYIsKr2B7T%2Fhn6d2FYnx7GmOxmuQAWhWuSOQ%2BMIqnud4bZRwwjXf%2BnKEjGwksuMfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752410e54b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/js/v-redux-toolkit.esm.js.7a6548a7.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/v-redux-toolkit.esm.js.7a6548a7.js
IP 172.67.178.79:0
GET /js/v-redux-toolkit.esm.js.7a6548a7.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-29c5"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FOXKqjn3O2o3WWBt6ZuDP64pBB%2BZCxAffHzmnUVKb002oNE337O4kBGzzGDBuHf%2BtJSXLu17gZCM56LloB5211VleSkkNMhvwBIOOeybskIB51b%2F%2B9jJCM7TS1tpBhYBMVA5QWm4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752412e7db527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/css/betting-survey.fd65bb58.css
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/css/betting-survey.fd65bb58.css
IP 172.67.178.79:0
GET /css/betting-survey.fd65bb58.css HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=25092
etag: W/"63e3940b-6204"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hCVEiCGv7Yrg%2FkB0m9Dds1zZ7v1RKuB13Li822II2pC%2BnM%2F53SfKQ7l6zx85anokJPLyPNcNbi1GiA%2Bvfoe9GF9jBhfRL%2BkNMY5vCasUVVPs2CG9BE%2BTWhCUwBZz%2BdbQTdmpyhi%2Bbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752412e88b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/betting-survey.html?offer_id=2058&s=647293449565118958&z=5232927&var=&geo=NO&ipp=1&rdk=rk3
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/betting-survey.html?offer_id=2058&s=647293449565118958&z=5232927&var=&geo=NO&ipp=1&rdk=rk3
IP 172.67.178.79:0
GET /betting-survey.html?offer_id=2058&s=647293449565118958&z=5232927&var=&geo=NO&ipp=1&rdk=rk3 HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: text/html
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJER53CawUpGhr6goc%2B44Gp02oiqIlOYIH%2FCe32aDJeoBVHom%2BpyROQ5ZhBu6phmpevvW0UO3axoa5ydnKb0iWqfCZaxkT9hWtECeCVDyoWZx5dkuQSYDA7ETk%2FIkjmdYeNY8Wcajg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752401cbab527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shunumsasurvey.space/js/s-storageService.js.c2d14bf0.js
172.67.178.79200 OK 0 B URL HTTP/2 shunumsasurvey.space/js/s-storageService.js.c2d14bf0.js
IP 172.67.178.79:0
GET /js/s-storageService.js.c2d14bf0.js HTTP/1.1
Host: shunumsasurvey.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:05:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63e3940b-a0c"
last-modified: Wed, 08 Feb 2023 12:22:35 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=71HkDDl1bn%2B5LzHHil%2FTNLko9%2Fvk3tT7Js52QCP%2BQIJFCHH8gnbY1qNFjWAq4f9VDmjhLu%2BYVTcUQIhkRlkhVJA7AP%2FG2HycxXGLShMEUXzs9YPevrcCTKcWnASOKjtXXtfhDKZcYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796752410e44b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2