Overview

URL www.wownicepop.com/f1b1b6aa-e00a-4989-b3b7-3fdf9d2e8ab1
IP18.196.84.70
ASNAMAZON-02
Location Germany
Report completed2022-09-27 21:47:20 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-27 2 www.wownicepop.com/f1b1b6aa-e00a-4989-b3b7-3fdf9d2e8ab1 Phishing
2022-09-27 2 yourtopsurvey180.top/js/binom-pixel.js Phishing
2022-09-27 2 yourtopsurvey180.top/js/data/_global-config-sd.js?v=3 Phishing
2022-09-27 2 yourtopsurvey180.top/img/icon-survey.svg Phishing
2022-09-27 2 yourtopsurvey180.top/js/config.js?v=6 Phishing
2022-09-27 2 yourtopsurvey180.top/css/style.css?v=1 Phishing
2022-09-27 2 yourtopsurvey180.top/js/survey-site.js Phishing
2022-09-27 2 yourtopsurvey180.top/js/survey.js?v=12 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (24)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-27 05:14:54 UTC 143.204.55.49
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-27 12:08:14 UTC 93.184.220.29
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-27 04:53:14 UTC 142.250.74.3
mnemonic passive DNS www.google.com (5) 7 2016-08-04 12:36:31 UTC 2022-09-27 11:57:58 UTC 142.250.74.164
mnemonic passive DNS pagead2.googlesyndication.com (1) 101 2021-02-20 15:52:05 UTC 2022-09-27 16:38:59 UTC 142.250.74.162
mnemonic passive DNS tberjonk.com (1) 227047 2021-12-24 08:40:01 UTC 2022-09-27 14:59:00 UTC 139.45.197.238
mnemonic passive DNS www.wownicepop.com (1) 0 2022-05-28 08:52:51 UTC 2022-09-27 04:59:18 UTC 18.196.84.70 Unknown ranking
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-27 05:00:30 UTC 104.18.21.226
mnemonic passive DNS cdntechone.com (1) 64371 2021-12-24 17:09:58 UTC 2022-09-27 14:54:57 UTC 104.21.29.183
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-27 13:22:33 UTC 34.120.237.76
mnemonic passive DNS tagstaticx.com (1) 246305 2020-11-07 07:01:39 UTC 2022-09-27 19:11:57 UTC 104.21.28.10
mnemonic passive DNS r3.o.lencr.org (8) 344 2020-12-02 08:52:13 UTC 2022-09-27 04:52:25 UTC 23.36.76.226
mnemonic passive DNS trenhsasolc.com (1) 0 2022-07-08 17:53:35 UTC 2022-09-27 05:00:38 UTC 139.45.197.238 Unknown ranking
mnemonic passive DNS tagdatax.com (6) 241117 2020-11-06 18:57:09 UTC 2022-09-27 19:11:46 UTC 139.45.195.253
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-27 05:14:54 UTC 54.187.71.185
mnemonic passive DNS browser.sentry-cdn.com (1) 4393 2018-07-13 11:42:06 UTC 2022-09-27 06:22:39 UTC 151.101.194.217
mnemonic passive DNS mc.yandex.ru (11) 2672 2017-01-29 05:34:36 UTC 2022-09-27 16:04:45 UTC 87.250.251.119
mnemonic passive DNS datatechonert.com (1) 46154 2021-12-24 16:44:17 UTC 2022-09-27 17:50:47 UTC 139.45.195.253
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-27 14:55:40 UTC 143.204.55.36
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-27 04:52:33 UTC 34.117.237.239
mnemonic passive DNS ocsp.sectigo.com (6) 487 2018-12-17 11:31:55 UTC 2022-09-27 20:01:39 UTC 104.18.32.68
mnemonic passive DNS my.rtmark.net (2) 9054 2017-08-22 14:11:49 UTC 2022-09-27 14:07:47 UTC 139.45.195.8
mnemonic passive DNS e1.o.lencr.org (2) 6159 2021-08-20 07:36:30 UTC 2022-09-27 05:36:01 UTC 23.36.77.32
mnemonic passive DNS yourtopsurvey180.top (10) 0 2022-08-25 15:11:31 UTC 2022-09-27 14:59:06 UTC 172.67.170.163 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 18.196.84.70

Date UQ / IDS / BL URL IP
2022-11-27 14:48:27 +0000
0 - 0 - 1 www.wownicepop.com/ef154031-44a3-4b92-b57f-08 (...) 18.196.84.70
2022-11-27 04:49:34 +0000
0 - 0 - 1 www.wownicepop.com/ef154031-44a3-4b92-b57f-08 (...) 18.196.84.70
2022-11-27 04:32:41 +0000
0 - 0 - 1 www.wownicepop.com/21d679fc-f4c8-4d2b-aca1-54 (...) 18.196.84.70
2022-11-26 22:07:09 +0000
0 - 0 - 1 www.wownicepop.com/d8f862ed-a99f-4c76-8f78-19 (...) 18.196.84.70
2022-11-26 21:19:17 +0000
0 - 0 - 1 www.wownicepop.com/41f7fa6c-5848-42c2-896d-09 (...) 18.196.84.70

Last 5 reports on ASN: AMAZON-02

Date UQ / IDS / BL URL IP
2022-11-28 07:33:27 +0000
0 - 0 - 15 a.vfgtc.com/90bfa31c-3b87-4244-8c8c-f7716ecf9 (...) 18.192.108.151
2022-11-28 07:33:30 +0000
0 - 0 - 23 a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629 (...) 18.192.108.151
2022-11-28 07:32:57 +0000
0 - 0 - 3 13.208.83.197/ 13.208.83.197
2022-11-28 07:32:54 +0000
0 - 0 - 1 www.ecir.pl/ 75.2.115.196
2022-11-28 07:28:22 +0000
0 - 0 - 2 innovationm.co/wp-content/uploads/2015/b.php 13.235.43.235

Last 5 reports on domain: wownicepop.com

Date UQ / IDS / BL URL IP
2022-11-27 14:48:27 +0000
0 - 0 - 1 www.wownicepop.com/ef154031-44a3-4b92-b57f-08 (...) 18.196.84.70
2022-11-27 04:49:34 +0000
0 - 0 - 1 www.wownicepop.com/ef154031-44a3-4b92-b57f-08 (...) 18.196.84.70
2022-11-27 04:32:41 +0000
0 - 0 - 1 www.wownicepop.com/21d679fc-f4c8-4d2b-aca1-54 (...) 18.196.84.70
2022-11-26 22:07:09 +0000
0 - 0 - 1 www.wownicepop.com/d8f862ed-a99f-4c76-8f78-19 (...) 18.196.84.70
2022-11-26 21:19:17 +0000
0 - 0 - 1 www.wownicepop.com/41f7fa6c-5848-42c2-896d-09 (...) 18.196.84.70

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-27 22:59:05 +0000
0 - 0 - 5 hrenbjkdas.com/link?z=5410700&var=&ymid=2QsGD (...) 139.45.197.239
2022-11-27 22:48:25 +0000
0 - 0 - 17 hrenbjkdas.com/link?z=5410700&var=&ymid=JRYQs (...) 139.45.197.239
2022-11-27 21:06:20 +0000
0 - 0 - 18 vardson-progenes.icu/fa84c8f1-6b6c-4d8c-be81- (...) 18.192.108.151
2022-11-27 20:17:15 +0000
0 - 0 - 4 hrenbjkdas.com/link?z=5410700&var=&ymid=SZFrg (...) 139.45.197.239
2022-11-27 16:06:16 +0000
0 - 0 - 9 www.mediacdnc.com/go/18843712-d5fd-49ff-8828- (...) 3.70.16.242


JavaScript

Executed Scripts (19)


Executed Evals (1)

#1 JavaScript::Eval (size: 79, repeated: 1) - SHA256: 1697d08821c50bb47f6a841919cd4dd1d91b405bce4817826a99fe2029c3362b

                                        (() => {
    const a = async
    function name() {};
    window['sbv8jqztq4'] = true;
})()
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 4, repeated: 1) - SHA256: b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0

                                        2022
                                    


HTTP Transactions (78)


Request Response
                                        
                                            GET /f1b1b6aa-e00a-4989-b3b7-3fdf9d2e8ab1 HTTP/1.1 
Host: www.wownicepop.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         18.196.84.70
HTTP/1.1 302
                                        
Server: nginx
Date: Tue, 27 Sep 2022 21:47:09 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://trenhsasolc.com/link?z=5300150&var=&ymid=wvkkjh5med4v6lbjil1kiueg
Pragma: no-cache
Set-Cookie: f1b1b6aa-e00a-4989-b3b7-3fdf9d2e8ab1-v4=IZc9rpvNn_OzSMWX9dRf1O7HPlkln-mxwdXiaEOzcUs; Max-Age=86400; Expires=Wed, 28-Sep-2022 21:47:09 GMT; Domain=www.wownicepop.com; Path=/; HttpOnly cc-v4=ub6EiHU6A3ftezeX5rEtls3bHB%2FMfOTyhWtHq8O16GGiVxt8DvTlZZ1XytJfPFxFm%2FZzbG0FpsndrUW9UXePNFVH9%2BXA4EpmBzprOLtR8EUW9%2FMuHLkCXYOkiYuEHH4BXk0LDFajI1xexrZO6E1iTw%3D%3D; Max-Age=31536000; Expires=Wed, 27-Sep-2023 21:47:09 GMT; Domain=www.wownicepop.com; Path=/; HttpOnly


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5538
Expires: Tue, 27 Sep 2022 23:19:28 GMT
Date: Tue, 27 Sep 2022 21:47:10 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 21:15:33 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IpW6E69jvHDYM0QYIyYmpemMZ3xqR6p-lKFa9rBlr3K3OWMC9Hi2Wg==
Age: 1897


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hPyS2Rr7g0qSKOQOWIUHgmhgr37SJR6UnJCshC85KMgVSxovam8o2Q==
age: 44577
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F4D37E00471313DC7D1091C20365AC2CBB07BD2F1D668C1DDE86C7660FFB87BD"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20765
Expires: Wed, 28 Sep 2022 03:33:15 GMT
Date: Tue, 27 Sep 2022 21:47:10 GMT
Connection: keep-alive

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 27 Sep 2022 21:47:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /link?z=5300150&var=&ymid=wvkkjh5med4v6lbjil1kiueg HTTP/1.1 
Host: trenhsasolc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         139.45.197.238
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 27 Sep 2022 21:47:10 GMT
content-length: 0
location: https://tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5300150&axcusid1=&clid={ymid}&r=https%3A%2F%2Ftberjonk.com%2Flink%3Fz%3D3956710%26var%3D5300150%26acb%3Dproxy&axcusid2=Finance&axadvid=866469&axcamid=4612
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: e792d453cd5105825ae324265506109c
link: <https://tagstaticx.com>; rel="dns-prefetch preconnect"
referrer-policy: no-referrer
set-cookie: OAID=94d10fc00f944c2389b79add814c0713; expires=Wed, 27 Sep 2023 21:47:10 GMT oaidts=1664315230; expires=Wed, 27 Sep 2023 21:47:10 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 21:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 21:11:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IdHF8pqceJsuZXD-bR0JkxtXcgIJalEF5KROCYA6DCcSmmo-fBUbmA==
Age: 2184


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:10 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 09:40:13 GMT
Expires: Mon, 03 Oct 2022 09:40:12 GMT
Etag: "70d323c2748ee3286cfe598ef209338474ae03ce"
Cache-Control: max-age=474181,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75176fb0eaf8b4f7-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:10 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 09:40:13 GMT
Expires: Mon, 03 Oct 2022 09:40:12 GMT
Etag: "70d323c2748ee3286cfe598ef209338474ae03ce"
Cache-Control: max-age=474181,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75176fb0bd8bb518-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:10 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 09:40:13 GMT
Expires: Mon, 03 Oct 2022 09:40:12 GMT
Etag: "70d323c2748ee3286cfe598ef209338474ae03ce"
Cache-Control: max-age=474181,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75176fb0baee0b69-OSL

                                        
                                            GET /ws?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tagstaticx.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /ERMGLMhhvBuhZhIN/kGSQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         139.45.195.253
HTTP/1.1 101 Switching Protocols
                                        
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 21:47:10 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: As4ST93BURGGDfXg38A7ccnmXkk=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3773
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 21:47:10 GMT
Last-Modified: Tue, 27 Sep 2022 20:44:17 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /ir/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 354
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 21:47:10 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            GET /version.js?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 21:47:10 GMT
Content-Length: 57
Connection: keep-alive
Cache-Control: private, max-age=63072000


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    df9611590f2de09f7d86edbcaad0125a
Sha1:   4963fd8daf0650884168e1c2dd9ebf45c3edb109
Sha256: c732d88b3df8c6a9fd261d2601b9e8b5ff6c4aa152fb52e637f282df73c55783
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=462487,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75176fb0b8df0b06-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 09:40:13 GMT
Expires: Mon, 03 Oct 2022 09:40:12 GMT
Etag: "70d323c2748ee3286cfe598ef209338474ae03ce"
Cache-Control: max-age=474181,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75176fb0c9630b4d-OSL

                                        
                                            GET /gid.js HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Origin: https://tagstaticx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Tue, 27 Sep 2022 21:47:11 GMT
content-length: 65
access-control-allow-origin: https://tagstaticx.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9c2f06b838b241a1bd4247e26988e500; expires=Wed, 27 Sep 2023 21:47:11 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    74e9a015a1e7903b35687822fa553e2f
Sha1:   65858a5b3643eb92f3b2b18c3e578a0ab757e331
Sha256: d486df257cebd3c7b751722e7ea5209e40d7f07c26e7debee6ae76cdef1d7280
                                        
                                            GET /pix.jpg?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Origin: https://tagstaticx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 21:47:11 GMT
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag
Etag: a8f899d4-4dc0-4e90-98c5-4a4a6e69d87d
Cache-Control: private, must-revalidate, proxy-revalidate


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   28
Md5:    160988f32f3a9fc12fd2958350f5a758
Sha1:   ea0e78c6b9e28345b0c69748ed7b4a6dca96c711
Sha256: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18
                                        
                                            POST /etag?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 375
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 21:47:11 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /images/branding/googlelogo/2x/googlelogo_color_90x40dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 3934
date: Tue, 27 Sep 2022 21:47:11 GMT
expires: Tue, 27 Sep 2022 21:47:11 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 180 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size:   3934
Md5:    c198051c3b22e6fa2e26712e855da980
Sha1:   6cac1226aff75d94809534c373f43a28253879da
Sha256: a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b
                                        
                                            GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 5969
date: Tue, 27 Sep 2022 21:47:11 GMT
expires: Tue, 27 Sep 2022 21:47:11 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size:   5969
Md5:    8f9327db2597fa57d2f42b4a6c5a9855
Sha1:   1737d3dfb411c07b86ed8bd30f5987a4dc397cc1
Sha256: 5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826
                                        
                                            GET /images/branding/googlelogo/2x/googlelogo_color_272x92dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 13504
date: Tue, 27 Sep 2022 21:47:11 GMT
expires: Tue, 27 Sep 2022 21:47:11 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced\012- data
Size:   13504
Md5:    80fa4bcab0351fdccb69c66fb55dcd00
Sha1:   26f471f6ebe3b11557506f6ae96156e0a3852e5b
Sha256: 262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d
                                        
                                            GET /images/branding/googlelogo/2x/googlelogo_color_160x56dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 7048
date: Tue, 27 Sep 2022 21:47:11 GMT
expires: Tue, 27 Sep 2022 21:47:11 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 320 x 112, 8-bit/color RGBA, non-interlaced\012- data
Size:   7048
Md5:    d6b993cd3a71d84e8dd51dc9bf01f537
Sha1:   41f57a52be2447b7b4ee458887e860a702150396
Sha256: 9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f
                                        
                                            GET /images/branding/googlelogo/2x/googlelogo_color_120x44dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 5087
date: Tue, 27 Sep 2022 21:47:11 GMT
expires: Tue, 27 Sep 2022 21:47:11 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 240 x 88, 8-bit/color RGBA, non-interlaced\012- data
Size:   5087
Md5:    8d2b7f3d00f50b8aebb7d1c002c64ca1
Sha1:   b3d5a78c18020868d322a0ac54c9d8e45a59a3b3
Sha256: 29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa
                                        
                                            HEAD /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.162
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Tue, 27 Sep 2022 21:47:11 GMT
expires: Tue, 27 Sep 2022 21:47:11 GMT
cache-control: private, max-age=3600
etag: 8055152887775681615
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W8NH8x4QIJKdmRJEs527Qg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.187.71.185
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QrI9AL/lVb6PxLvdsaV7G4tZf7s=


--- Additional Info ---
Magic:  data
Size:   17758
Md5:    fc60bc085abaee45cd0ca74339bae690
Sha1:   38fd7b6daf36b9359675b5f110986bafdc60a243
Sha256: 3c443c7cd9d1135b36a92a71d7b3d0ef908a07049f419e40b0c572cf122e4a03
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 1907
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 21:47:11 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B9AC3F30B53E4FFF10494032F4DF391F14E41621D0DE5EC719F547BB80D2C8BD"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5398
Expires: Tue, 27 Sep 2022 23:17:09 GMT
Date: Tue, 27 Sep 2022 21:47:11 GMT
Connection: keep-alive

                                        
                                            GET /link?z=3956710&var=5300150&acb=proxy&axcusid2=Finance&axadvid=866469&axcamid=4612 HTTP/1.1 
Host: tberjonk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Cookie: OAID=1ec034269dc14bdaa22bdc24fe8f5d94; oaidts=1664310599; OXCCLK=4105106.1; allcnt=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.238
HTTP/2 302 Found
                                        
server: nginx
date: Tue, 27 Sep 2022 21:47:11 GMT
content-length: 0
location: https://yourtopsurvey180.top/survey.html?offer_id=1916&geo=NO&oaid=1ec034269dc14bdaa22bdc24fe8f5d94&s=598743837793587219&z=3956710&var=5300150&testinapp&autoexit_86400=3953544&abtest=10101
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 716bbc8792685b3569e00e46b756d003
link: <https://yourtopsurvey180.top>; rel="dns-prefetch preconnect"
referrer-policy: no-referrer
set-cookie: OAID=1ec034269dc14bdaa22bdc24fe8f5d94; expires=Wed, 27 Sep 2023 21:47:11 GMT oaidts=1664310599; expires=Wed, 27 Sep 2023 21:47:11 GMT OXCCLK=4105106.2; expires=Wed, 27 Sep 2023 21:47:11 GMT allcnt=2; expires=Wed, 27 Sep 2023 21:47:11 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "D8805AA063B1E9AB796BDFC46CE9ABA293835C1B94BCF029E4FE560C4DC061C6"
Last-Modified: Tue, 27 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5545
Expires: Tue, 27 Sep 2022 23:19:36 GMT
Date: Tue, 27 Sep 2022 21:47:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "D8805AA063B1E9AB796BDFC46CE9ABA293835C1B94BCF029E4FE560C4DC061C6"
Last-Modified: Tue, 27 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5545
Expires: Tue, 27 Sep 2022 23:19:36 GMT
Date: Tue, 27 Sep 2022 21:47:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:12 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=462485,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75176fb7e93bb4f7-OSL


--- Additional Info ---
Magic:  data
Size:   4840
Md5:    4aead7035cf2602b4d52b0973e66df96
Sha1:   a61eac38780adb30e50eb3135729bc9806488c18
Sha256: c3cd917442fd84aa00352b00258b687bd2e5945923c0193c17aebe60a27cef6f
                                        
                                            GET /5.15.5/bundle.min.js HTTP/1.1 
Host: browser.sentry-cdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.194.217
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
x-guploader-response-body-transformations: gunzipped
expires: Thu, 29 Jun 2023 06:51:22 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 22 Apr 2020 15:41:15 GMT
etag: W/"8c32735049305a5594a56ef0e4519e8e"
accept-ranges: bytes
date: Tue, 27 Sep 2022 21:47:12 GMT
age: 7829750
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 56762
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (56632)
Size:   56762
Md5:    6d2599c3a0c08598d287e2cc71c44611
Sha1:   ff40a23e52dc6d62287366e46256f83f65c58f75
Sha256: 1ee94537308b969ae3e3fe075f960e89e5817fc57f9464fd66b65a124448c66a
                                        
                                            GET /gid.js HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Cookie: ID=9e6dd2f2d7a848c19bb87612d098488d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Tue, 27 Sep 2022 21:47:12 GMT
content-length: 65
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9e6dd2f2d7a848c19bb87612d098488d; expires=Wed, 27 Sep 2023 21:47:12 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    bf7ea9d025ebb0d120b55c5457171bfd
Sha1:   20e5dd3ae8483c83d9e635683e364ea6e65e3318
Sha256: 9b858a86c053bf431f782084db34b92ea01318738bfb23e19ea9e3ab08530cb5
                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 21:47:12 GMT
Content-Length: 938
Connection: keep-alive
Expires: Sat, 01 Oct 2022 18:57:11 GMT
ETag: "69f5eac7b8180159ab0c46703df3e0812a621ca2"
Last-Modified: Tue, 27 Sep 2022 18:57:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2603
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75176fb9fc64b517-OSL

                                        
                                            GET /stattag.js HTTP/1.1 
Host: cdntechone.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.29.183
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 27 Sep 2022 21:47:12 GMT
last-modified: Thu, 04 Aug 2022 15:17:49 GMT
etag: W/"62ebe31d-a8fa"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 7179
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MdjvpI4KL2Xp6KxIGE8EXwcCY1YtcTtbF3wIj%2BW0io1s5l8Ikbj%2F89gEEE1wo37PeJZIZECccZTnfbXMU2ANt2gYlOiex6FEpfBRSYzAfZu%2BVoZDMoa%2BHeQDkEBbgxZxiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75176fb8d9f71c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (43256), with no line terminators
Size:   20996
Md5:    4b1f263ca6b7b9c402b249cbbde35baa
Sha1:   d0711ea82667512478eea5dc3b1946c915dcfa34
Sha256: d570610071c96398fb5257b1f73ba69da83fbee77131a155ba58f99914574d6c
                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 72341
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: *
etag: "632d6d03-11a95"
expires: Tue, 27 Sep 2022 22:47:12 GMT
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Size:   72341
Md5:    7a68c8644032413981e4ba5bc0d66c4a
Sha1:   2d46ca8055e8577ae7138140e34a6e633434973c
Sha256: e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
                                        
                                            POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1 
Host: datatechonert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://yourtopsurvey180.top
Content-Length: 1736
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 21:47:12 GMT
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://yourtopsurvey180.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    adb4650bfc9d2a73d4dd69583b0ceb14
Sha1:   1ce399d6e936232aaf2192cd7903a279c5015f22
Sha256: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9656
Expires: Wed, 28 Sep 2022 00:28:08 GMT
Date: Tue, 27 Sep 2022 21:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9656
Expires: Wed, 28 Sep 2022 00:28:08 GMT
Date: Tue, 27 Sep 2022 21:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9656
Expires: Wed, 28 Sep 2022 00:28:08 GMT
Date: Tue, 27 Sep 2022 21:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9656
Expires: Wed, 28 Sep 2022 00:28:08 GMT
Date: Tue, 27 Sep 2022 21:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9656
Expires: Wed, 28 Sep 2022 00:28:08 GMT
Date: Tue, 27 Sep 2022 21:47:12 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:39:01 GMT
age: 491
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13213
Md5:    62e68c3cd08dd94d910507512a67e85f
Sha1:   3d4fa8701f17e8818c25584ef5f04bfbee8440cd
Sha256: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 5o526KdLqw6zOzHIXOblele1f7_gwCE900s964tzIYUdz4Fz2LStdA==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:06:19 GMT
age: 85253
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8637
Md5:    d02ede0c964f3346fd53ae2950bf2a62
Sha1:   e49306a3713cb724be024a4ddb5e90645718a718
Sha256: c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lf6qqokEw32egp3ofmJGtUTAt3RD2f9rVq5gskbhrk_VFGweeo0oCQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:39:07 GMT
age: 485
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9163
Md5:    deb8d1e3b6d7fbc8c8ba478269621676
Sha1:   84f5a4c8b38acde814bc790e5b514347718d5bb9
Sha256: ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IWzfDNFlgYdqYnbQ9uWfOvqb5zl3I3mgTZrT5pU5P3EvetMRDN5P7w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:06:47 GMT
age: 74425
etag: "1a26007f761e439db575fb80fb403031260aecf4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7455
Md5:    5274e770cb5a704916c8965659709f4a
Sha1:   1a26007f761e439db575fb80fb403031260aecf4
Sha256: e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10318
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhFNAIAMFmBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 19:30:15 GMT
age: 8217
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10318
Md5:    a90590f26bae9ad9e95ffdfbfb7dd21d
Sha1:   cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3
Sha256: 33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5319
x-amzn-requestid: 74191b02-ebea-48bd-8522-f05bf8080f31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlOKFtsIAMFyGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bf4-1f2daa9d7906bf9812e10953;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Y0gjPs-l9_JD9F-LSH_i1uL2Nz0UcWCG-9PmDmRH8cN_cNAeSchJTA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:32:06 GMT
age: 906
etag: "75df3341e30281fcbf78c7074980356fdf0be8e2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5319
Md5:    46e31aa06b8e86a9a5f9ba1cc3feca08
Sha1:   75df3341e30281fcbf78c7074980356fdf0be8e2
Sha256: d1fd4f81b7e0f43de960f0ee024d9e87bcb395f032a4ab0360e3829d1ec8a42b
                                        
                                            GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A216%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A111593366%3Arqn%3A10%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C62%2C0%2C%2C0%2C%2C96%2C2%2C%2C%2C%2C271%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 400
date: Tue, 27 Sep 2022 21:47:12 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Size:   400
Md5:    5454acf87e0c9ed5343468547536a5ea
Sha1:   3dfb9ced78d71ec16a8ac4edbf3441572c777073
Sha256: dbd3e2911afdb7ea5fe705b14ad9e07556ff629819b1b40d7d4f7372d6becce6
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fyourtopsurvey180.top%2FonSurveyStart&page-ref=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664315232_70f8b434f7dd6de9944083188a549f8916eec01672a60f4130145aba997680e8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A92522832%3Arqn%3A11%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C714%2C714%2C0%2C%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-7)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 77
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fyourtopsurvey180.top%2FonUnique&page-ref=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664315232_70f8b434f7dd6de9944083188a549f8916eec01672a60f4130145aba997680e8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A868520243%3Arqn%3A13%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-7)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fyourtopsurvey180.top%2FonStepChange&page-ref=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664315232_70f8b434f7dd6de9944083188a549f8916eec01672a60f4130145aba997680e8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A731086034%3Arqn%3A14%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-7)clc(0-0-0)aw(1)rqnt(5)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fyourtopsurvey180.top%2FonAdexCall&page-ref=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664315232_70f8b434f7dd6de9944083188a549f8916eec01672a60f4130145aba997680e8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A827856893%3Arqn%3A12%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-7)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fyourtopsurvey180.top%2FonAdexLoad&page-ref=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664315232_70f8b434f7dd6de9944083188a549f8916eec01672a60f4130145aba997680e8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A688501614%3Arqn%3A15%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-7)clc(0-0-0)aw(1)rqnt(6)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fyourtopsurvey180.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664315232_70f8b434f7dd6de9944083188a549f8916eec01672a60f4130145aba997680e8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A58188711%3Arqn%3A17%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-7)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fyourtopsurvey180.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664315232_70f8b434f7dd6de9944083188a549f8916eec01672a60f4130145aba997680e8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A633453028%3Arqn%3A16%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-7)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fyourtopsurvey180.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664315232_70f8b434f7dd6de9944083188a549f8916eec01672a60f4130145aba997680e8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214716%3Aet%3A1664315236%3Ac%3A1%3Arn%3A216148028%3Arqn%3A18%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315236%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)mc(g-7)clc(0-0-0)aw(1)rqnt(9)ecs(1)fid(200)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 84
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 27 Sep 2022 21:47:18 GMT
access-control-allow-origin: https://yourtopsurvey180.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:18 GMT
last-modified: Tue, 27-Sep-2022 21:47:18 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /survey.html?offer_id=1916&geo=NO&oaid=1ec034269dc14bdaa22bdc24fe8f5d94&s=598743837793587219&z=3956710&var=5300150&testinapp&autoexit_86400=3953544&abtest=10101 HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
last-modified: Tue, 27 Sep 2022 12:49:48 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PKPu%2FjHzk%2BoeghfNBR7k91Dq4OLmdZXZcfFEIWTFpJzZEmuf53zyxJnPLucxza9sFAT%2FJQJFuX3NZcPllBGeWd%2B3H%2BIK%2BBmk837JoK2xjDJUly23ZMR1a5UkKVE6YfLWIDMsYGfDuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fb5df880b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/data/rtc.js?v=1 HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
cf-bgj: minify
cf-polished: origSize=14949
etag: W/"6332f16c-3a65"
last-modified: Tue, 27 Sep 2022 12:49:48 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcoLdTHj5fBjLzwrxCtSJnKblFW8GU6Jdvp0GSY4iw5bvnvbQxaW5aRnioDNgyIGnfe9zm6fPgVKyBh28ffImiYcRRJUOToQzPz8Xpy3lkkiWXstzkNDubO23ZKHMGSKAtp6AK%2FhCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fb688090b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css/survey.css?v=1 HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
cf-bgj: minify
cf-polished: origSize=19835
etag: W/"6332f16d-4d7b"
last-modified: Tue, 27 Sep 2022 12:49:49 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7E87w2GQ9kd7QthD%2Fd9Knhzg4MmZNy7iVjx71ZBNq1JYZ3mMbhI3kxo3%2FLeP5CP%2BpGcbNjUqq3pf36oTMmmXfDBUwYr449xyqRi%2BhSK5QtXpyOVGCFW6bihEYkFFKyja9lU3AtV6iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fb698100b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/binom-pixel.js HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
cf-bgj: minify
etag: W/"6332f16c-4a3"
last-modified: Tue, 27 Sep 2022 12:49:48 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jJQaN3CBHOJ7%2FTsy4W%2FtgedgNllzZOOqznxPzlls2GsRiY75k%2B6aJNdUaSzdaeHg3dx8NYd5yqGPyuRI11iBmVirQShzC8ciPk3AeBwJBCWzTztl%2FEzeswhy26depcYEZQX%2BI5Rgvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fb6a81c0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/data/_global-config-sd.js?v=3 HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
cf-bgj: minify
cf-polished: origSize=651
etag: W/"6332f16c-28b"
last-modified: Tue, 27 Sep 2022 12:49:48 GMT
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mZn1mgG2isKATgbgASNXIZlldwMVxW5Z7yn%2F2swiH4EoCHxiOnmG3BWYVDZDwfhxUVF4lOpxm3zfGyXSmiVS0AoGsbVQQ%2B%2FvlEdXvkvGM7UO6ZeXqHxJuBuow5Cbws5sT6%2Bo5YGsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75176fb688080b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /img/icon-survey.svg HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
last-modified: Tue, 27 Sep 2022 12:49:49 GMT
etag: W/"6332f16d-c26"
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJerEc%2BIhObcDnLLUz%2Fm5xGBVeq9cUDRgzKaRsaHnfqkAx37eXo6oXsl4s2OgQTnSHV1NgG%2FHAe90m9jBkYc%2FX9LPfelqsndGmyp0IS3jCc9WUXhsyEEIZclzUSHwazOld1%2BnCmFXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75176fb698120b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/config.js?v=6 HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
cf-bgj: minify
etag: W/"6332f16c-1029a"
last-modified: Tue, 27 Sep 2022 12:49:48 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BYMkMMQahk1JOizQwOqA0kKMOXMS9SJinbZ1XGTtqLA0RQJORhyd7Inc%2BuPNyl8P0kGXKXgQb31kfKi19w5WSexHURiSnTc%2BJMDD0Ezg57hc7o8WYz5yUOCysVLcfPGahkpplVOLQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fb6980f0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5300150&axcusid1=&clid={ymid}&r=https%3A%2F%2Ftberjonk.com%2Flink%3Fz%3D3956710%26var%3D5300150%26acb%3Dproxy&axcusid2=Finance&axadvid=866469&axcamid=4612 HTTP/1.1 
Host: tagstaticx.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.21.28.10
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 27 Sep 2022 21:47:10 GMT
last-modified: Thu, 04 Aug 2022 15:17:25 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLZPp7oE9wvylLB%2B9XmQlRrXilwf9DDZXhdgD3Mi5tPpjy8W85MiXaHxEo7a1OOsTSmbtIqWaG7WnaZPB67WQ0pvuNkUHrs8BMACwzyr1VJu1w5Pg00yXp4BO6HQ8e7icw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fad48e9b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css/style.css?v=1 HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
cf-bgj: minify
cf-polished: origSize=40801
etag: W/"6332f16d-9f61"
last-modified: Tue, 27 Sep 2022 12:49:49 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tscU9XD2eNPaVRHRsS3EljU4urEZckpQea79ooFrEclLXzukyKm1qOdwyrUrv1hy4hFhhRmH7JABVwq%2F7WkFhUGCNiXWpjRJ82TK6Vh3qHw08w3OyLcoT5fSUb058nFHDIIPpknt5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fb698110b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/survey-site.js HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
cf-bgj: minify
etag: W/"6332f16c-edd"
last-modified: Tue, 27 Sep 2022 12:49:48 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cWBfnZhbildh6E3WcFR3OHEyo3PO70jyD0wCtdB0QgUEeIDw9%2FB7BINMhNeRa3lOSn2w9QQRtfHEiwVwtSAkPaXP%2BPW4Dhn02eSWzcnhwor0KMMQqGlZxIkxYnYPqF9%2F%2FE4ZaupuZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fb698150b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/survey.js?v=12 HTTP/1.1 
Host: yourtopsurvey180.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ym_uid=16643105987678429; _ym_d=1664310598; _ym_isad=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.170.163
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 27 Sep 2022 21:47:11 GMT
cf-bgj: minify
cf-polished: origSize=300619
etag: W/"6332f16c-4964b"
last-modified: Tue, 27 Sep 2022 12:49:48 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 2563
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=stvOSYJtyI83kKM28%2FA0u%2BoKlNt2tQxCDttWPEefvL1cXU4KgZr2e3yii2fDowpEJf%2B1hGfxLDn%2Bf08D0PLOkTou23D%2FLbnD%2BCdNYDVzASzwBC%2BJlfsZURb9f9UitYmgJGvBJBzHnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75176fb698190b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A216%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A111593366%3Arqn%3A10%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C62%2C0%2C%2C0%2C%2C96%2C2%2C%2C%2C%2C271%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yourtopsurvey180.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 302 Found
                                        
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fyourtopsurvey180.top%2Fsurvey.html%3Foffer_id%3D1916%26geo%3DNO%26oaid%3D1ec034269dc14bdaa22bdc24fe8f5d94%26s%3D598743837793587219%26z%3D3956710%26var%3D5300150%26testinapp%3D%26autoexit_86400%3D3953544%26abtest%3D10101%26utm_campaign%3D5300150%26utm_medium%3D3956710%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A216%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1174621623586%3Ahid%3A774175207%3Az%3A0%3Ai%3A20220927214710%3Aet%3A1664315230%3Ac%3A1%3Arn%3A111593366%3Arqn%3A10%3Au%3A16643105987678429%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C62%2C0%2C%2C0%2C%2C96%2C2%2C%2C%2C%2C271%3Ans%3A1664315229596%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664315230%3At%3AWhich%20Online%20Business%20Would%20Make%20You%20A%20Billionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 27 Sep 2022 21:47:12 GMT
access-control-allow-origin: https://yourtopsurvey180.top
set-cookie: yandexuid=2456228161664315232; Expires=Wed, 27-Sep-2023 21:47:12 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yuidss=2456228161664315232; Expires=Wed, 27-Sep-2023 21:47:12 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yabs-sid=517557891664315232; Path=/; SameSite=None; Secure i=7xZSbfLqZqXwXIfXi1Ps3iGWkxOTeyywIt9r8iWcQEc74+9w2yugslXA7jfEMEtlI5tb5E+DzbPv6vmHn23+KXsh4aw=; Expires=Fri, 24-Sep-2032 21:47:06 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None ymex=1695851232.yrts.1664315232#1695851232.yrtsi.1664315232; Expires=Wed, 27-Sep-2023 21:47:12 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 27-Sep-2022 21:47:12 GMT
last-modified: Tue, 27-Sep-2022 21:47:12 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---