618.novitrk1.com/smartlink?mongo_id=631ceea7d0b23846ad1e11fb&mongo_grouped_id=631cee84ab3f972b462cb5f1&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
188.240.52.20302 Found 718 B URL HTTP/1.1 618.novitrk1.com/smartlink?mongo_id=631ceea7d0b23846ad1e11fb&mongo_grouped_id=631cee84ab3f972b462cb5f1&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
IP 188.240.52.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ec8649dbc716c5a561e3c22027f9f30f
e0725957c2c21697abcbcd37bd169461ef7f9031
731efa3b8199ea311e5efaa5709ccac2afc339e5081e325f6766b1795a73812d
GET /smartlink?mongo_id=631ceea7d0b23846ad1e11fb&mongo_grouped_id=631cee84ab3f972b462cb5f1&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript HTTP/1.1
Host: 618.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Sat, 10 Sep 2022 20:08:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
Location: https://618.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImxlUTJlU1JjOTFTN1doY1dMQjBQclE9PSIsInZhbHVlIjoib01TWS91cjZOWGw3bjhpOVYwK3A5b0NLK0lrZWg0MStDSjRYMllMU2FXMWxXV2tlVitmMzVEUGJYNHM0RERyVjB0NG1rbmZIQlFJWlJkdVAvVjBISnFaMUxMeHhHb1FRWC9EOGpndGpRQm1jeE04ZldJMDNkT3o5dmtNMkFSMjAiLCJtYWMiOiJiY2Q0NjJhM2JiOTNkZjZkNzNlMDhkODhmZGIyNzQ1NjliNzUxZGYzYTBmMGJlNWRmODVjMzRiODZhMjgzNjMzIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 22:08:22 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Im1kcndnY3dOY0dkZTRrR0J4VkFXYXc9PSIsInZhbHVlIjoiWXdNZjBlQmF6cFBmbThveWlEZmFuQ1hsUXFONURFK0lja1lsRU1YeFMzV0NWYW1sMEZSNDZaenU5RzFKN3hxZ3U1YUlMaFQwU292OHkwT2d3WU1BYjFkMVI2d3pkeUNzZmJpb1h4Y1RsUy9yb2MzV2c2MmdpSXlQTTJqS1BCK1ciLCJtYWMiOiJlNzFhODY5NjU3OGViMzY1YmU4MjZkNWIwMmY3OGM4MGJmMjFlMDM2YzUxYzFhMzNmMjcyMzk3OGIwYzFiY2EwIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 22:08:22 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 10 Sep 2022 20:06:52 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: e0GtOvO5ZNAZ5ado4D8SdIUETD0ChC-_FZVD_M2ai5GBCa8j63eKoQ==
Age: 90
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14670
Expires: Sun, 11 Sep 2022 00:12:52 GMT
Date: Sat, 10 Sep 2022 20:08:22 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6XVZKZAAHIdJmzHNg4KnmrgyyXyHhIGp6s7QkJOcc835O2QNXXV4qA==
age: 46270
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 20:08:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 10 Sep 2022 19:56:07 GMT
Cache-Control: max-age=3600
Expires: Sat, 10 Sep 2022 20:00:14 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8rFI09TuPEnPFTFbX0cysBjlhKL9A2ICcP8ZXxowGcp856PUwfZ-bg==
Age: 736
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 36fe04277220227ba5ecfe7d2ff1d9d9
2eb9f6560336248cc45c1cd66d87505b5ebdf5d4
94f8f2f8f3b67db18825ea48740ff0ce218d7156fe851d6b023ef43b6bee4f7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3917
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 20:08:23 GMT
Last-Modified: Sat, 10 Sep 2022 19:03:06 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.39.57.61101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.57.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tIzjSOP+KBf9IW8TcMrAXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LxnmzR3fTsJZJPFcAapsea82/WE=
www.tiltimagic.com/?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
51.68.81.31200 OK 5.2 kB URL HTTP/1.1 www.tiltimagic.com/?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
IP 51.68.81.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3760)
Hash 7beebaa8586e28e1f29b1d4e2084b86e
ebfd333700fd8711fa36dde5edd63a95ce365395
fb7b9646e74494f871983f03a0807c6ffbe6cc1670452b416dcdedf14bd0a7a1
GET /?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1
Host: www.tiltimagic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 20:08:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
www.tiltimagic.com/?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3976bfebae0cbb6c180b2af2500dca77&eyer=0.01087573184988877&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
51.68.81.31302 Found 0 B URL HTTP/1.1 www.tiltimagic.com/?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3976bfebae0cbb6c180b2af2500dca77&eyer=0.01087573184988877&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3976bfebae0cbb6c180b2af2500dca77&eyer=0.01087573184988877&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net HTTP/1.1
Host: www.tiltimagic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Sat, 10 Sep 2022 20:08:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.tiltimagic.com/?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.01087573184988877&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
www.tiltimagic.com/?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.01087573184988877&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
51.68.81.31302 Found 0 B URL HTTP/1.1 www.tiltimagic.com/?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.01087573184988877&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.01087573184988877&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net HTTP/1.1
Host: www.tiltimagic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Sat, 10 Sep 2022 20:08:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=59a83ff913943bff7e8b4571&pid=503&sub1=33000938c3dde2ed0b4aa03ab8915d94e65af0910-202209-flb*5467515-f6d9b*M7141845578865967174*sl_5467515-f6d9b*65536a5998d33c07ea4bf67a0a4ca989921d80bc*4472-bfdf314f-6f01772b*4472
www.tiltimagic.com/favicon.ico
51.68.81.31204 No Content 0 B URL HTTP/1.1 www.tiltimagic.com/favicon.ico
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.tiltimagic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Sat, 10 Sep 2022 20:08:24 GMT
Connection: keep-alive
618.novitrk1.com/smartlink?mongo_id=631ceeb679f8af7a0935a4f7&mongo_grouped_id=631ceeb679f8af7a0935a4f8&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D902030248%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjo0Mn0=&js=1
188.240.52.20302 Found 4.1 kB URL HTTP/2 618.novitrk1.com/smartlink?mongo_id=631ceeb679f8af7a0935a4f7&mongo_grouped_id=631ceeb679f8af7a0935a4f8&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D902030248%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjo0Mn0=&js=1
IP 188.240.52.20:0
Hash 95240cd68dc2bfa6412905dd0b9a91f3
3c8aaea596069b1e089577177a05b907b4ca5d6a
531ac4775c0754a043dfd7af7b7acff671d9a4cbc049bffef129fb3ced055b1e
GET /smartlink?mongo_id=631ceeb679f8af7a0935a4f7&mongo_grouped_id=631ceeb679f8af7a0935a4f8&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D902030248%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjo0Mn0=&js=1 HTTP/1.1
Host: 618.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InBFMm82V3Fja0d3OEpCZm1wL3lySkE9PSIsInZhbHVlIjoibnpGL3RndGhsODNSRzBmdHZRbVo4bzRqa1FneXhaNEVpWXJObjlYMXRQVWMwd0RxamZkZzRsaTV6MFl6WTJWZDFzcHhiWjRXTFNERDUzUHdJeUJNUk5CRGFhZjlBTlFxMFlSSFhiZVMvc3ZVTGN5Y2t5NWlOc3d4QXE2L2x5TGMiLCJtYWMiOiJiZjBkMjRmN2Y0ODQ3ZDU3OTkzOWVkNGJkZWNhZTU1MzRmMzAxMmM2MTJlNDFlMGIyZDI5ZmYxNzIwMzdiOTZhIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6ImN5QTMwMkphekJlSk51RVpBbHhURFE9PSIsInZhbHVlIjoiUGI5K0hPS2hIN013a2piOVZvb013WmNIK085NUpUcUJDam0xYUNETExYS2pRanhUOXZORGFwb0dpNE81VmpidmNLUmt6aWticzBDaWdhakVyUWxNbHdkYTdrRjJSaTNqTmFnNS9iN2xpbExvZVcxQkxkbmdIeEloK2NQd3VBZk4iLCJtYWMiOiIzYmE0ZjhhNTUzZjg1YzFhNzM1OWY3Y2UwMzJhZjIxYTY4MmQzMjY2YTc1OWZmYWM2YWE4NTdiMjM2Yjk5MjhlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.10
date: Sat, 10 Sep 2022 20:08:23 GMT
content-type: text/html; charset=UTF-8
location: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=902030248&np=1
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InZoOXVvMm9MWU1kVmVjcFAraWNmVmc9PSIsInZhbHVlIjoiZUtlVWZsbXFIb0VqKyt2LzdkZUVEVitzckdTQ1Fya3Y5bk5saFVCUWdIR0xLUjJiZTVQWlhkR1pCMU5LSnAzOGFCNmFVdE5hMDFueUJpLzFoTDczK3NGbFRmRk4wakRzNEwyL0xkQXgySEpudGRHSFl6NzFheHhmRmNJanc1ZksiLCJtYWMiOiI3YWU0OTg3NWM5M2Q1YTE3NGU2OWMwN2E0ZmQxYzQzNjc5YWNkNTJjZjM1OWVlMjJlM2RmMDc0ZjBkMDA1MjgyIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 22:08:23 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkJWVGpKZEhEVHBwbng0d1EvSWY3aWc9PSIsInZhbHVlIjoiSFR3TUFKdFFob3RneW5renJ2K3BIREFOcEZKU3hQV0JhS1FIRFlyZ0xIeGM1RWNTSFpaSWFPazVuMEI3Wm9HcWc1Y091NCtVRi9NdHZPcm4zUnJ6SnVLUnN3cXdIMk1oSlFFUkRJYWlxbW5RYldsOUlOcE9uNWYzYUhKaTcvcXIiLCJtYWMiOiI0YTE0ZWI0YmJkYjE3YzViOTJhMjBjZTJkNDE5ZTVjYzI1MGNjNjhlMjNlZjU0ODA1MDUyNDFlNzdlNDJkODFiIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 22:08:23 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
admoustache.go2affise.com/sl?id=59a83ff913943bff7e8b4571&pid=503&sub1=33000938c3dde2ed0b4aa03ab8915d94e65af0910-202209-flb*5467515-f6d9b*M7141845578865967174*sl_5467515-f6d9b*65536a5998d33c07ea4bf67a0a4ca989921d80bc*4472-bfdf314f-6f01772b*4472
34.91.27.112302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=59a83ff913943bff7e8b4571&pid=503&sub1=33000938c3dde2ed0b4aa03ab8915d94e65af0910-202209-flb*5467515-f6d9b*M7141845578865967174*sl_5467515-f6d9b*65536a5998d33c07ea4bf67a0a4ca989921d80bc*4472-bfdf314f-6f01772b*4472
IP 34.91.27.112:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=59a83ff913943bff7e8b4571&pid=503&sub1=33000938c3dde2ed0b4aa03ab8915d94e65af0910-202209-flb*5467515-f6d9b*M7141845578865967174*sl_5467515-f6d9b*65536a5998d33c07ea4bf67a0a4ca989921d80bc*4472-bfdf314f-6f01772b*4472 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 10 Sep 2022 20:08:24 GMT
content-length: 0
location: https://www.makeitprof.com/rc/86b528a829?affclick=631ceeb802a85a000139152d&pubid=503
referer:
referrer-policy: no-referrer
set-cookie: afclick=631ceeb802a85a000139152d; expires=Sun, 10 Sep 2023 20:08:24 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9473
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 20:08:24 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9473
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 20:08:24 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9473
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 20:08:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4e8861b-4d5e-4f2e-8b1c-e85d23f02c52.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4e8861b-4d5e-4f2e-8b1c-e85d23f02c52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2b83fa95ed30533299bc754adaced672
27eda8377e1c00c53fb66b4e2fa4f0dd6c7020af
bc59e5ba6abafd8e7b10d6f8ae2269cbf739a4b28f9cbbf3adfc29a9195e6985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4e8861b-4d5e-4f2e-8b1c-e85d23f02c52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8626
x-amzn-requestid: af5e61ab-4f7b-4b03-8413-5d750b17e0df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLj9TH7vIAMFVMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ae6bb-309144fb6e02564c4fcdb966;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 07:09:47 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 3gzR4efCGz9QsLoxAMuTUgBAwEc5WdyHBhw_wRPGmfnS9SWm-0vE7w==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 07:27:32 GMT
age: 45652
etag: "27eda8377e1c00c53fb66b4e2fa4f0dd6c7020af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d21a3e07583d9fad4104b6457f7915e7
fdc9453562f993e2545ca99731a7741e748b6082
8ea38264c82c6b544447079cc92eae70d0968a070ba39022af0e18c498916338
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8266
x-amzn-requestid: 3411ec4b-ac18-4b4e-8876-c99b94d3a4a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNitWEjhIAMFWpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb188-4d9e496e7ff141b46748d850;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: vyV1_onImxuLNGp4UI1W5grcuVW3LHJFJjvmO0VXU-OYorF6RVcoDw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:50:11 GMT
age: 80293
etag: "fdc9453562f993e2545ca99731a7741e748b6082"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ade70e6dbcfb3ca1765f95112671e69
3768753be084c0e0fc268be5b192d02d769114b6
9670a3bf2476ba193cfeb3153c1254bdcfc980a28503dda0d9b398a3a59f53f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: 720a4111-91de-4672-88c8-f40db517c07d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHsjRE13oAMFbCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63195ae1-288f1f5456bf4d146dcf774c;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 03:00:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HwwG0Hjf8uZn1AtbLU_wKs3w9lict3tRP31XQY6tIxDz9KDNaBMAqw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 04:00:05 GMT
age: 58099
etag: "3768753be084c0e0fc268be5b192d02d769114b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e8f11aeba65478b039cfb4100aa23435
88db17a82ea0207ccb4826c2961875c5106b427a
6f6ec5922ec54d824e7f933de87608c5a763da119ae9461d99c6525649b1a9af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8676
x-amzn-requestid: 64a58aa8-8321-4c91-98fe-dbf97996c513
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNiuZEjnIAMFRFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb18f-77b635593b202d7d3cd0ac84;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: VWwNSpFvcDq3nrn91QvYjrJX5hLjp96vrKgZzR-pOdrdHx7MlcagGQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d1d67b07408bba8c682597d8303642e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:13:43 GMT
age: 78881
etag: "88db17a82ea0207ccb4826c2961875c5106b427a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 71bafbee3867c04c3712ff98a123d52c
ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf
58ff1700e0b125caefb73719e2b3d734b2fbcc5ed1aabe5a11bb73b43edab831
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4477
x-amzn-requestid: bbdca46e-5628-4faf-a0fe-ea1b5b39ac2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjzaHrIoAMF-iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb348-567e946e7cf77f2e11c17c97;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:42:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: a0AyKhmYA7WPwciU2nTXwyChZV_riw1QsqI_giBIcdZhi3Nz4jM0Sw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:59:11 GMT
age: 79753
etag: "ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15249f3dafdd1690bc87ebb4fa6d518d
f930fcb22325e28592bc39b0b1974f5197c19afd
a0b9e88c78e85a037363e0b0e4e03478718f8715fe69e72bfd159922eca28301
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10950
x-amzn-requestid: 435fc2f4-fbcb-4eec-81d8-a23154dcec61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YFUwZEfvIAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63186802-2348a4000430702d4e9ea132;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 09:44:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ORlM8dFTc_iThvJghFakY86D3ToJ5TCmP8Ip2PcvXCCkSKKHpWQ0Zw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:12:29 GMT
age: 78955
etag: "f930fcb22325e28592bc39b0b1974f5197c19afd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7ac3cb1924487788f5ee800ac7f5a02b
914a8cd9b7510f003bfaca0cb5cbe843dc4334f1
5352eb31d3d0752e2a4881d3c12cb32d6d485ffb24e107ad42ec303452876215
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 634
Cache-Control: max-age=118626
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 20:08:24 GMT
Etag: "631c18a0-117"
Expires: Mon, 12 Sep 2022 05:05:30 GMT
Last-Modified: Sat, 10 Sep 2022 04:54:56 GMT
Server: ECS (amb/6BA4)
X-Cache: HIT
Content-Length: 279
cdn.addlnk.com/redirect.css
172.67.191.221200 OK 675 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 172.67.191.221:0
File type ASCII text, with very long lines (1242), with no line terminators
Hash a7d322a3e390c922d1e2d489f3cbd133
a426f34a0a31238c28c4e844725fef41d1eb86fc
d26e55acde300edcdde719d1bb823f01ba5c19a2d213e00a8d7b51fa5320da30
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.makeitprof.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 20:08:24 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 5332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqkEVLP8Uj6Yp1aCsZBTqucMJvhOCXF6FQuG7M%2BoeSaKPmsJLcma33Iuh0PkOCYjB8limnI%2FFsGUGaXsIpm%2BCQngCykHp98AQJ840pZ54VEHMTR5zERglXU6XyxcB9Q%2Bxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 748acba2dc6eb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 307adab794fbe11c2afb282aeb8daca6
429b228a0cb5c62729a0335bc92a7f2deb4c90dd
7d9d198f75bc8daf26218dbd3e751cbf197ade3c9bd36172520afcdd5794206b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D9D198F75BC8DAF26218DBD3E751CBF197ADE3C9BD36172520AFCDD5794206B"
Last-Modified: Thu, 08 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15347
Expires: Sun, 11 Sep 2022 00:24:11 GMT
Date: Sat, 10 Sep 2022 20:08:24 GMT
Connection: keep-alive
www.wazazu.com/Smartlink/Dating/Soft?w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b
195.160.203.19307 Temporary Redirect 13 kB URL HTTP/2 www.wazazu.com/Smartlink/Dating/Soft?w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b
IP 195.160.203.19:0
Hash 7bdb41844cde5febfde1af26b13b7e26
fbe71b19c838bdf400d5175d43d4913949e89a46
96b3815844202ada823f07df824db3fff8f4f0ec55cdada577182dafd5251166
GET /Smartlink/Dating/Soft?w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b HTTP/1.1
Host: www.wazazu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.makeitprof.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
access-control-allow-origin: *
set-cookie: w=45580; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
ws=8063a697_503; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
wt=pube6070c368f84473ab362d24b92d20d1b; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
sid=%16%03%E5%02w%95%23%7Bq%1Ace%25x%0DP%92%05%D7%F8%D3%06%2B%9B%2A%C9n%BB%F0C%1E%9C; expires=Mon, 12-Sep-2022 22:08:25 GMT; Max-Age=180000; path=/; SameSite=Strict
CSRFToken=76d22598f024c43a4c0a96c0ac37aa423faa03ace2588a5ce5a4c83de71c5b01.1662840505; expires=Sat, 10-Sep-2022 20:38:25 GMT; Max-Age=1800; path=/; SameSite=Strict
location: https://track.vxctr.com/b679be98-1f4b-40a3-8a42-70b1dc3605ca?adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
content-length: 20
date: Sat, 10 Sep 2022 20:08:24 GMT
server: Webserver
X-Firefox-Spdy: h2
track.vxctr.com/b679be98-1f4b-40a3-8a42-70b1dc3605ca?adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
18.195.174.160302 Found 0 B URL HTTP/2 track.vxctr.com/b679be98-1f4b-40a3-8a42-70b1dc3605ca?adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
IP 18.195.174.160:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b679be98-1f4b-40a3-8a42-70b1dc3605ca?adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F HTTP/1.1
Host: track.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.makeitprof.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 10 Sep 2022 20:08:25 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
pragma: no-cache
set-cookie: b679be98-1f4b-40a3-8a42-70b1dc3605ca-v4=Q4zaI50-T_0nMz3UkgxLtOl1woks2wxKugO7m0nxugI; Max-Age=86400; Expires=Sun, 11-Sep-2022 20:08:25 GMT; Domain=track.vxctr.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=5IeNwVpQk_vIz9odhkMqQL075y6gwLpR3KNYXBAEyZFrPosPuRwbMFqa66zihKdNszZe26nM2tL9EfykN5-UrbirUJKziCz0dPdxzz_BgttTx4zkbquTjqYRKEJd7EeMPXlX3Rl38Rq1XPPHokhORw9ZBAJiggMiI5lNuo-wo9YPJBXfID098ZgC7ejHOo9H13KQhCYAQTzXipVoo7K9NhaShGjpAjwWyUCTxaoXvbp1sEQD0KqZyPj_iqtPG1iosXE3hR2RcD_JrY57mOxbZKTqNZC2ctCnCZMXEhtdqqVEELqhMT2Ii_VO_ZuzlrkpUoQn-DIjodgO1sXkMiOsRqybPb5Sk0OfnQAmAxMJAQmJ4dh0qTDUOg7_5MYFE4yBbhgHk-1yLrTO9i-VXXIxmEeY6mlDAH9WjDwDwOGXNmouuqJjuTG06aS0_WRKjQBrYrFtJoD809u0DJ0JUVpVP-m6U5rFNowc3MD0Ao_6HSaSDLw_KuZkBZxpDjUgL3qI; Max-Age=86400; Expires=Sun, 11-Sep-2022 20:08:25 GMT; Domain=track.vxctr.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6ea4598b1736f84130969481b2d46a08
37366a919f8760a84e5870d46237aea079bc14fd
305ee5e49b42e26c7ffd387c8753369d1c532cee6ec43fbed931f07c2923a20f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "305EE5E49B42E26C7FFD387C8753369D1C532CEE6EC43FBED931F07C2923A20F"
Last-Modified: Thu, 08 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15531
Expires: Sun, 11 Sep 2022 00:27:16 GMT
Date: Sat, 10 Sep 2022 20:08:25 GMT
Connection: keep-alive
www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
195.160.203.18200 OK 16 kB URL HTTP/2 www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
IP 195.160.203.18:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (876)
Hash bfbc36f9efbbf7e84ca5f10c6fc7616d
ab4d0120524b897c327f5f08a9901105bc7a30b9
07b4952a5a036ce17e67b90c55c3576cdb7b0489ad05b4d8f9c01801a1145aff
GET /EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.makeitprof.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
set-cookie: w=45580; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
ws=8063a697_503; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
wt=pube6070c368f84473ab362d24b92d20d1b; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; expires=Mon, 12-Sep-2022 22:08:25 GMT; Max-Age=180000; path=/; SameSite=Strict
CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505; expires=Sat, 10-Sep-2022 20:38:25 GMT; Max-Age=1800; path=/; SameSite=Strict
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 16061
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/bundle.91375b2395ffa3312264.css
195.160.203.18200 OK 2.3 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/bundle.91375b2395ffa3312264.css
IP 195.160.203.18:0
File type ASCII text, with very long lines (8148)
Hash d8968fdbf73f3c37064ef0cd0bfe8ee2
9f5ddf129469288bbeb9307e2e1810ffd8ecf488
7cb1490daa5253cad808653eb684c501de8d1a37bcf09cdbe71f702805bdf822
GET /DynBanner/PreUmfrage3/bundle.91375b2395ffa3312264.css HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
etag: "2176-br"
last-modified: Tue, 23 Nov 2021 13:26:06 GMT
content-length: 2305
cache-control: public
vary: Accept-Encoding
content-encoding: br
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_01.jpg
195.160.203.18200 OK 1.8 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_01.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 23e2cea11cf05ab3f8119159f6f2f152
47fd7ebdd0220965f3627280e9f69b83ce16b2e0
203f86e9e52d29515cd326c03fa134d0b200d68fe5bfe3020003596261f9ec14
GET /DynBanner/PreUmfrage3/img/18/user_01.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "3221227617"
last-modified: Mon, 28 Jun 2021 13:02:37 GMT
content-length: 1804
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_02.jpg
195.160.203.18200 OK 1.6 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_02.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 8011cc8766140de0a906cf9560a242cf
e99e1e5510db79a0f833ad9d8eec892d8a6a949c
336c516303f00e086cd62fe8ef2709bfed56d7d981384ec95f3dccae0cd8e2fa
GET /DynBanner/PreUmfrage3/img/18/user_02.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "2147486201"
last-modified: Mon, 28 Jun 2021 13:02:37 GMT
content-length: 1599
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_03.jpg
195.160.203.18200 OK 2.2 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_03.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 4f942fb4b77d9ae65b8d77a283c858de
3385cd0369738d1a21b966f8e91c3bca3abb141a
e74fffbe33c5dbacc0d36bba5cc1219d75c9c2599bc541939631879e679c2e18
GET /DynBanner/PreUmfrage3/img/18/user_03.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "3298"
last-modified: Mon, 28 Jun 2021 13:02:37 GMT
content-length: 2204
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_04.jpg
195.160.203.18200 OK 2.2 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_04.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 05ea8b7b705ffebe57375718468649a5
2024cf1e2ec1edc1d2db0ddb27ea055eddb31b16
d97b742b75527e441e3201e3ca1b0ae7db689e26c3e049665acf2be666266acd
GET /DynBanner/PreUmfrage3/img/18/user_04.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "3170"
last-modified: Mon, 28 Jun 2021 13:02:37 GMT
content-length: 2188
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_05.jpg
195.160.203.18200 OK 1.6 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_05.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash c31827faf46172aee0f5889ac89a33d8
658c99c1428cb4cfa28fda54fe24c2f5f26e56bb
a2bd2d629540ce01607e269646740bdf37fc8515c51523c625e37e5b818d9eb2
GET /DynBanner/PreUmfrage3/img/18/user_05.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "2147486057"
last-modified: Mon, 28 Jun 2021 13:02:37 GMT
content-length: 1581
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_06.jpg
195.160.203.18200 OK 1.8 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_06.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash f2bed9b802ce13ed8f423dae8c0fadd6
9ee1206958fdf94b026d1d9e5fb0da4c94961fa3
b75aeb6feafd137680e89f2d1ac25d6e1ef343b30ab7dc144ad3affb55682319
GET /DynBanner/PreUmfrage3/img/18/user_06.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "2147487729"
last-modified: Mon, 28 Jun 2021 13:02:37 GMT
content-length: 1790
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_07.jpg
195.160.203.18200 OK 2.2 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_07.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash 3ba2fbbcb3d0e2450f90e1c06f417777
3f8f72ab2af7412431c7be5bb0402db8dd823539
2d4d90c5c4774dd9268250e67a0384ff53841cecec79165d6f77ba929f91e814
GET /DynBanner/PreUmfrage3/img/18/user_07.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "2970"
last-modified: Mon, 28 Jun 2021 13:02:37 GMT
content-length: 2163
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/map-marker-alt-solid.svg
195.160.203.18200 OK 495 B URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/map-marker-alt-solid.svg
IP 195.160.203.18:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (494)
Hash 46ca092853e106bb9459e5821b582bb9
b9881faa2716bf46c10d88e86cdae08517aecdd7
21567fa34740d15ceee439d4caabaeebd6f49b347cfa2fbf73ce18842573a8b7
Analyzer Verdict Alert fortinet Phishing
GET /DynBanner/PreUmfrage3/img/map-marker-alt-solid.svg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
etag: "1073745784"
last-modified: Wed, 14 Apr 2021 11:43:27 GMT
content-length: 495
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/img/18/1.jpg
195.160.203.18200 OK 42 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/1.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 560x430, components 3\012- data
Hash b150e2bfe6e3b745542cbb954f065e99
8a27b4110cce4665d1f1f938e1b10bb564ebbdba
a000f9c0efa705acb3eda76d9062b4acd46662d1bec922942d44eea2fac9e3c0
GET /DynBanner/PreUmfrage3/img/18/1.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "2209"
last-modified: Wed, 14 Apr 2021 11:43:27 GMT
content-length: 42001
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/bundle.91375b2395ffa3312264.js
195.160.203.18200 OK 33 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/bundle.91375b2395ffa3312264.js
IP 195.160.203.18:0
File type Unicode text, UTF-8 text, with very long lines (49059), with NEL line terminators
Hash 83be3a9f352ba3ff48af2b433b5552fb
6eac35e5a0f63bad736be75bb51f8e2c5199b315
85afc967a60c182d59a0e8ba0461172f0de340c9dd01354a120165c6e79767d5
Analyzer Verdict Alert fortinet Phishing
GET /DynBanner/PreUmfrage3/bundle.91375b2395ffa3312264.js HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
etag: "3254783406-br"
last-modified: Tue, 23 Nov 2021 13:26:06 GMT
content-length: 32779
cache-control: public
vary: Accept-Encoding
content-encoding: br
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/DynBanner/PreUmfrage3/fonts/OpenSans-Regular.8abbb9d98c0c7304060190592408ab78.woff2
195.160.203.18200 OK 45 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/fonts/OpenSans-Regular.8abbb9d98c0c7304060190592408ab78.woff2
IP 195.160.203.18:0
File type Web Open Font Format (Version 2), TrueType, length 44672, version 1.0\012- data
Hash 8abbb9d98c0c7304060190592408ab78
9f3b18b564d841c179edd73f471d50fb9afbe9f7
9a2f879336b3b182afb6b4cfc49db53f4593f88e4cb7158ce223c201991b7f4e
Analyzer Verdict Alert fortinet Phishing
GET /DynBanner/PreUmfrage3/fonts/OpenSans-Regular.8abbb9d98c0c7304060190592408ab78.woff2 HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.vxctr.com/DynBanner/PreUmfrage3/bundle.91375b2395ffa3312264.css
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
etag: "2147486763"
last-modified: Wed, 14 Apr 2021 11:43:27 GMT
content-length: 44672
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/CrM/Close/Smart?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F&js=1&initial=DynBanner%3A12954.11104_cd5586_8be96
195.160.203.18200 OK 18 kB URL HTTP/2 www.vxctr.com/CrM/Close/Smart?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F&js=1&initial=DynBanner%3A12954.11104_cd5586_8be96
IP 195.160.203.18:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (25220)
Hash 45881459204042ccf40219d9ad95358d
d2de7fbf83b512a0a37ab14e8345e8333f046686
36837cf310692e096406364e521d6a22aeac759b310d9de737071ff6caa039f2
GET /CrM/Close/Smart?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F&js=1&initial=DynBanner%3A12954.11104_cd5586_8be96 HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
set-cookie: w=45580; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
ws=8063a697_503; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
wt=pube6070c368f84473ab362d24b92d20d1b; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; expires=Mon, 12-Sep-2022 22:08:25 GMT; Max-Age=180000; path=/; SameSite=Strict
CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505; expires=Sat, 10-Sep-2022 20:38:25 GMT; Max-Age=1800; path=/; SameSite=Strict
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 18179
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/Dyn/Webpush/Pre?w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&js=1&age=18
195.160.203.18200 OK 7.0 kB URL HTTP/2 www.vxctr.com/Dyn/Webpush/Pre?w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&js=1&age=18
IP 195.160.203.18:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (18846)
Hash d3eb55c8a28d9420ad2bd068e0b55d3d
38fd35f05ae4bc79f85d8e28404705b2702eb112
054eb05d237f7eb18299c62d1a5e26bd493cca7216d0f732e64dfe3074e5f6ee
GET /Dyn/Webpush/Pre?w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&js=1&age=18 HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
set-cookie: w=45580; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
ws=8063a697_503; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
wt=pube6070c368f84473ab362d24b92d20d1b; expires=Sat, 10-Sep-2022 20:08:25 GMT; Max-Age=0; SameSite=Lax
sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; expires=Mon, 12-Sep-2022 22:08:25 GMT; Max-Age=180000; path=/; SameSite=Strict
CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505; expires=Sat, 10-Sep-2022 20:38:25 GMT; Max-Age=1800; path=/; SameSite=Strict
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 6974
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
www.vxctr.com/icons/ext.png
195.160.203.18200 OK 2.2 kB URL HTTP/2 www.vxctr.com/icons/ext.png
IP 195.160.203.18:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 3b58b839ade1bae5069a4eb40822322d
e326255ec2882ce0dcca92fb9b3eeb1050362076
4b06e0a2080f0c0ccd4442b336ab382bbf45de1092b28c4db7f1e2825daee07f
GET /icons/ext.png HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
etag: "3018"
last-modified: Wed, 02 Dec 2020 08:15:40 GMT
content-length: 2169
cache-control: public
date: Sat, 10 Sep 2022 20:08:25 GMT
server: Webserver
X-Firefox-Spdy: h2
cdn.fantecio.com/dynbanner/webpush/52_webpush_7835398.jpg
194.116.150.162200 OK 122 kB URL HTTP/1.1 cdn.fantecio.com/dynbanner/webpush/52_webpush_7835398.jpg
IP 194.116.150.162:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 360x360, components 3\012- data
Size 122 kB (122349 bytes)
Hash 3658b6d4cd520d8c8a6be92cafb00744
ffa7feca981fb1acea0121a751a9623ade595bf2
3da4030c4a3aa818a8f27c8fc31a5504e6de95cdbf51a601c0f1ba0a7383098a
GET /dynbanner/webpush/52_webpush_7835398.jpg HTTP/1.1
Host: cdn.fantecio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With,Content-Range,If-Range,Range,Content-Type,Authorization,X-Request,Accept
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Last-Modified: Tue, 12 Jul 2022 12:34:34 GMT
P3p: CP="OTI DSP COR IVDo IVAo PSA PSD TAI DEV ADM CUR CONo OUR IND PHY ONL UNI PUR FIN COM NAV INT CNT PRE", policyref="/w3c/p3p.xml"
Date: Sat, 10 Sep 2022 13:59:44 GMT
Content-Length: 122349
Content-Type: image/jpeg
Accept-Ranges: bytes
Connection: keep-alive
www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_08.jpg
195.160.203.18200 OK 2.2 kB URL HTTP/2 www.vxctr.com/DynBanner/PreUmfrage3/img/18/user_08.jpg
IP 195.160.203.18:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash ba8e18e4bce6c3c4d07a309c690d0543
4d93e471663fa7573066e16d397e72bce5af4a92
f18ab6773ae7924a0b9ec517fb1e56e572b1fc803b429320b3e0e59a60e2322b
GET /DynBanner/PreUmfrage3/img/18/user_08.jpg HTTP/1.1
Host: www.vxctr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vxctr.com/EXT/Pre/Umfrage/3?age=18&vkamp=b679be98-1f4b-40a3-8a42-70b1dc3605ca&cep=JTmCqjqTfdrKSmLxuVz4jG-_hrlrMVULM4ZCUR3OH5sEzC-Ol0IsOs0BWH_heoaCAf7rKrIjcsMG9z3nbbwI1vDvK9n8Dfd9VlqqRHPlF-0Zias-6G1aE0qFEvYkycfX6EuqHflC6eVDZdRt6tn56Ox5R_hwGlekT3vyr_B25KUr_u3Nawhcr7QQ2qpmCnEAvff673L68-lWGv5n0h9O6hwGmM4NohoQuTGp0w_H56RPBJ6fYc8lOlhzSCb5xg1kheFN-Zi3RTmC-7OwMic3iwMHUobt0qhRxr5caT3jaF9Dq1IiOEXzkNIMpk6zPRiFoQAZOFyfQ1NQaE4ll9OkKKdphErtumHtb2VJAMHTKNe1H_dD7jSIc8-aLpEBZ8LYTgW5LnymPNh-WD7qUflUfAlHOBYeJA8vtCr7xTmOlKnjtPI_7-1wGROnMwXC3QLgGULoBCCqWt8sgwhTu3C9PbJ-yKOS2mnSRowBLOHbNZBrsjxyD-tZkl931rbFyln9&lptoken=16d06228848523e70562&adtv=11135.11104_308a76_609af&w=45580&ws=8063a697_503&wt=pube6070c368f84473ab362d24b92d20d1b&referer=https%3A%2F%2Fwww.makeitprof.com%2F
Cookie: sid=%B3%F2%B0%BA%1D%28%06%DC%AC%E8%17%F1%85%5E%17%D4%3E%A8d%FEX7%8CZ%C6%BF%FEa%AF%22%2A%B2; CSRFToken=76d664d5cf12fec2ad89ccf12e5f607b9e9d7e73171bdd2fd5b1a097e3cf12f8.1662840505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
etag: "3202"
last-modified: Mon, 28 Jun 2021 13:02:37 GMT
content-length: 2192
cache-control: public
date: Sat, 10 Sep 2022 20:08:29 GMT
server: Webserver
X-Firefox-Spdy: h2
www.makeitprof.com/rc/86b528a829?affclick=631ceeb802a85a000139152d&pubid=503
172.67.139.28200 OK 0 B URL HTTP/2 www.makeitprof.com/rc/86b528a829?affclick=631ceeb802a85a000139152d&pubid=503
IP 172.67.139.28:0
GET /rc/86b528a829?affclick=631ceeb802a85a000139152d&pubid=503 HTTP/1.1
Host: www.makeitprof.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 20:08:24 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=BTjsUKGYHyk3Ztl8QgrILcHi10kTkyzZTkHtZPm1KWlCJpauf2W4jLtdbpO/O8E4eupxdNiVvMS4RqV0esP2NU6rqcrjgPO27OGqQn18LE9nLgQaVcYIRKxzsYnM; Expires=Sat, 17 Sep 2022 20:08:24 GMT; Path=/
AWSALBCORS=BTjsUKGYHyk3Ztl8QgrILcHi10kTkyzZTkHtZPm1KWlCJpauf2W4jLtdbpO/O8E4eupxdNiVvMS4RqV0esP2NU6rqcrjgPO27OGqQn18LE9nLgQaVcYIRKxzsYnM; Expires=Sat, 17 Sep 2022 20:08:24 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6HJAFItpqKFei0WpbzhQxLlQYrXZTUqCTTTo4PDLTKi7m9IUYb0y60IKjjJ8EEHiVUKSEcN%2FMAzRwNkW82tRTn3I7uQmGAAZIaozOuBTXkwN3OP2BDo2OBzKc4efGNPJUVG90I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748acba16a610afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
m.news-page.net/?utm_term=7141845578865967174&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
99.198.108.195200 OK 0 B URL HTTP/2 m.news-page.net/?utm_term=7141845578865967174&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
IP 99.198.108.195:0
GET /?utm_term=7141845578865967174&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=902030248&np=1
Cookie: u=bfe17c7ec5192c80c104c54afb5ef43e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 20:08:23 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
m.news-page.net/proc.php?08ea3e8614c8cb4627f8eb2d787c886196c275b1
99.198.108.195200 OK 0 B URL HTTP/2 m.news-page.net/proc.php?08ea3e8614c8cb4627f8eb2d787c886196c275b1
IP 99.198.108.195:0
GET /proc.php?08ea3e8614c8cb4627f8eb2d787c886196c275b1 HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_term=7141845578865967174&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=bfe17c7ec5192c80c104c54afb5ef43e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 20:08:23 GMT
content-type: text/html; charset=UTF-8
location: https://www.tiltimagic.com/?sl=5467515-f6d9b&data1=Track1&data2=Track2&tag=M7141845578865967174&website=4472-bfdf314f-6f01772b&placement=4472
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
618.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
188.240.52.20200 OK 0 B URL HTTP/2 618.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
IP 188.240.52.20:0
GET /smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source= HTTP/1.1
Host: 618.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 10 Sep 2022 20:08:22 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InBGZklQUHBxZXRDTThsQlBGQlA0OEE9PSIsInZhbHVlIjoiWFNabW5CRVlHMXJJUXEyQW82TG5lbUl2eEh6T1NTbTk3RkJnTHpOc1hMWGg5Rmw5RUtFbnppdTh2U0RvaXlHTnR1b2QwRU90Ym55K2JUSnBMeG5lbHpLck52czdOaER2cjRqZHBlUU1BN25kNzBnWTF1Zlh4bDNNbVB6b3MzcDAiLCJtYWMiOiI4ZmU0ODA4MzFjMjIzODliNGRmNWU4NDEyMmI0NWViYTcxM2Q4NDYyY2JhOWE2ZTcxNzBjMWRkNDBmNzYyYWZjIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 22:08:22 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlR5N1N6aHhGc1BYL09MMTVKTkxuTnc9PSIsInZhbHVlIjoidGZsQ2dVQ3FEM2sxeGhEazR2RWhhVWduMnZYcy9rTlFZSGpKWG8wbGtYMVJvNUlDMngwUU1DejFjRmgvVTdnL1JtYjdTU1VkTGxyd2o2NHRTamNXclpHbGd5RUFKeTl3M25WcjAxOVNCL1VtV1hhMGoydTNLM09FaXZZRlphOGkiLCJtYWMiOiI2NjU1NDMzYWMwZjExNGIyODViMTJmNDYxNDQ2NjhhYzM4YzNlMDU5OTFlYmY1ODgyMDliZDVjYmRkNzk1NmY2IiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 22:08:22 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
618.novitrk1.com/smartlink-css/631ceeb679f8af7a0935a4f7
188.240.52.20200 OK 0 B URL HTTP/2 618.novitrk1.com/smartlink-css/631ceeb679f8af7a0935a4f7
IP 188.240.52.20:0
GET /smartlink-css/631ceeb679f8af7a0935a4f7 HTTP/1.1
Host: 618.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://618.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
Cookie: XSRF-TOKEN=eyJpdiI6InBGZklQUHBxZXRDTThsQlBGQlA0OEE9PSIsInZhbHVlIjoiWFNabW5CRVlHMXJJUXEyQW82TG5lbUl2eEh6T1NTbTk3RkJnTHpOc1hMWGg5Rmw5RUtFbnppdTh2U0RvaXlHTnR1b2QwRU90Ym55K2JUSnBMeG5lbHpLck52czdOaER2cjRqZHBlUU1BN25kNzBnWTF1Zlh4bDNNbVB6b3MzcDAiLCJtYWMiOiI4ZmU0ODA4MzFjMjIzODliNGRmNWU4NDEyMmI0NWViYTcxM2Q4NDYyY2JhOWE2ZTcxNzBjMWRkNDBmNzYyYWZjIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IlR5N1N6aHhGc1BYL09MMTVKTkxuTnc9PSIsInZhbHVlIjoidGZsQ2dVQ3FEM2sxeGhEazR2RWhhVWduMnZYcy9rTlFZSGpKWG8wbGtYMVJvNUlDMngwUU1DejFjRmgvVTdnL1JtYjdTU1VkTGxyd2o2NHRTamNXclpHbGd5RUFKeTl3M25WcjAxOVNCL1VtV1hhMGoydTNLM09FaXZZRlphOGkiLCJtYWMiOiI2NjU1NDMzYWMwZjExNGIyODViMTJmNDYxNDQ2NjhhYzM4YzNlMDU5OTFlYmY1ODgyMDliZDVjYmRkNzk1NmY2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 10 Sep 2022 20:08:22 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InBFMm82V3Fja0d3OEpCZm1wL3lySkE9PSIsInZhbHVlIjoibnpGL3RndGhsODNSRzBmdHZRbVo4bzRqa1FneXhaNEVpWXJObjlYMXRQVWMwd0RxamZkZzRsaTV6MFl6WTJWZDFzcHhiWjRXTFNERDUzUHdJeUJNUk5CRGFhZjlBTlFxMFlSSFhiZVMvc3ZVTGN5Y2t5NWlOc3d4QXE2L2x5TGMiLCJtYWMiOiJiZjBkMjRmN2Y0ODQ3ZDU3OTkzOWVkNGJkZWNhZTU1MzRmMzAxMmM2MTJlNDFlMGIyZDI5ZmYxNzIwMzdiOTZhIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 22:08:22 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImN5QTMwMkphekJlSk51RVpBbHhURFE9PSIsInZhbHVlIjoiUGI5K0hPS2hIN013a2piOVZvb013WmNIK085NUpUcUJDam0xYUNETExYS2pRanhUOXZORGFwb0dpNE81VmpidmNLUmt6aWticzBDaWdhakVyUWxNbHdkYTdrRjJSaTNqTmFnNS9iN2xpbExvZVcxQkxkbmdIeEloK2NQd3VBZk4iLCJtYWMiOiIzYmE0ZjhhNTUzZjg1YzFhNzM1OWY3Y2UwMzJhZjIxYTY4MmQzMjY2YTc1OWZmYWM2YWE4NTdiMjM2Yjk5MjhlIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 22:08:22 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2