inoradde.com/4533056/?var=5038130&request_var=12659-234cd46z
139.45.197.238200 OK 789 B URL HTTP/1.1 inoradde.com/4533056/?var=5038130&request_var=12659-234cd46z
IP 139.45.197.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (428)
Hash a5d56f0139a1145dcba2e5f558078f40
4da676f13a935fbcaff3ce02aece364dd97b6893
fb0d830609d4a0da99ee38402e705c25c2ecd8cfd5406a280a263300c04d47ac
GET /4533056/?var=5038130&request_var=12659-234cd46z HTTP/1.1
Host: inoradde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Mar 2023 06:25:51 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: ebd8d06d35e297dec964f01fb27beccc
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://sweepstakessurvey.org>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=7e54037325954c2ca92d756db921751e; expires=Thu, 07 Mar 2024 06:25:51 GMT; path=/
oaidts=1678256751; expires=Thu, 07 Mar 2024 06:25:51 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8f33f56c329fe0b1570d2ee3e000ce4e
b11fcecd7cc1210d3f3b4e1426a37d3cd138119e
ebcb744a032452533c000c0a9f193fd2566b2389729c41b6c5ed69b9e4cd42d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBCB744A032452533C000C0A9F193FD2566B2389729C41B6C5ED69B9E4CD42D4"
Last-Modified: Tue, 07 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18335
Expires: Wed, 08 Mar 2023 11:31:27 GMT
Date: Wed, 08 Mar 2023 06:25:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7989fc4a69327c765a7e4e68f46c169b
1f3e8e6e9e640c3d99ec52dc947b68fa9c1d335b
b15c98c58fae6a49e831bc0db617bedf8538bbfa011a84553debdcbe461433d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B15C98C58FAE6A49E831BC0DB617BEDF8538BBFA011A84553DEBDCBE461433D0"
Last-Modified: Tue, 07 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9915
Expires: Wed, 08 Mar 2023 09:11:07 GMT
Date: Wed, 08 Mar 2023 06:25:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6d096b44c5db01960a5d03dbb2a238c0
8e818de0e82041f2d9edeb14ddaf3916983b3729
8c69b4883e45e3e993ffdf24922c6ff7f0131f1eece0c3d0016137ca29f48d04
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C69B4883E45E3E993FFDF24922C6FF7F0131F1EECE0C3D0016137CA29F48D04"
Last-Modified: Tue, 07 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17974
Expires: Wed, 08 Mar 2023 11:25:26 GMT
Date: Wed, 08 Mar 2023 06:25:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Mar 2023 06:08:46 GMT
content-type: application/json
age: 1026
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: y76F+2YO9kJr4ahR6mrBg+QHyAa9/R+hMY6BQ1mZkbsEMTjA4y81pPOWWY75q5IkjGAw1EY6Drc=
x-amz-request-id: C5S842J7NFPA4H7V
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Mar 2023 06:17:52 GMT
age: 480
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b7d1eeccbb12755fc516d185aabd7f44
eda6b959ee1534dc095638d5bf34eb6c7bd04d6f
952b80ef82e8ed69c3eaa84e01f80db3ecae50dced144775a5c81688040fcc62
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "952B80EF82E8ED69C3EAA84E01F80DB3ECAE50DCED144775A5C81688040FCC62"
Last-Modified: Tue, 07 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19056
Expires: Wed, 08 Mar 2023 11:43:28 GMT
Date: Wed, 08 Mar 2023 06:25:52 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=merge&userId=7e54037325954c2ca92d756db921751e
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=7e54037325954c2ca92d756db921751e
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=7e54037325954c2ca92d756db921751e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=7e54037325954c2ca92d756db921751e; expires=Thu, 07 Mar 2024 06:25:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b7d1eeccbb12755fc516d185aabd7f44
eda6b959ee1534dc095638d5bf34eb6c7bd04d6f
952b80ef82e8ed69c3eaa84e01f80db3ecae50dced144775a5c81688040fcc62
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "952B80EF82E8ED69C3EAA84E01F80DB3ECAE50DCED144775A5C81688040FCC62"
Last-Modified: Tue, 07 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19056
Expires: Wed, 08 Mar 2023 11:43:28 GMT
Date: Wed, 08 Mar 2023 06:25:52 GMT
Connection: keep-alive
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 64916c509521a9767157ed370ee186aa
b7bf64c991b259259cddcb1fd41bec712fb58386
8ba2a65123fe7ec48772e59d1adec24781e2a5543a7e3f832cfea3d74f5317c2
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://sweepstakessurvey.org
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=33d2b75962dd49dc9ffd7665d68d7b26; expires=Thu, 07 Mar 2024 06:25:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/config/dict/cookie-consent-1.json?v=10
104.26.15.215200 OK 70 kB URL HTTP/2 sweepstakessurvey.org/js/config/dict/cookie-consent-1.json?v=10
IP 104.26.15.215:0
File type JSON data\012- HTML document, Unicode text, UTF-8 text
Hash f906fcefd705492fe69e6e63112b6a4d
e976e8f3f40c507788eac4fac111aab482809a3e
df56fe837f7f6165db7d7b3e250e2b71935578d311f9801e5120831d2a1489ee
Analyzer Verdict Alert fortinet Phishing
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/json
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
etag: W/"640720f7-1a66"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMHlnh%2FwRqmjaOv4Pt1mXsHAYSWCxQxhQ%2FGFz%2BIqkG%2FFil8pSNBame6oahUDrD91aaJtlXRdfv5IKKDLg22QpyRg7LNIaByF9YU0HucSEvXqqa8B%2FHWnZv7yPnU50bxnMggJtajWsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900df7c551c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/unnamed.jpg
104.26.15.215200 OK 1.4 kB URL HTTP/2 sweepstakessurvey.org/img/comments/unnamed.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 449aaf5a54e3fe3aa4f0f5875bede090
b2b897362626700277b7f8baca8b1f292d08b7e5
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59
GET /img/comments/unnamed.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1378
cf-bgj: h2pri
etag: "640720f7-562"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HC3arQBgk0AF81LI6u1T%2BSm%2Bf0M4XqZe9mR8%2Fs%2F6bFCf5dbSy99DAvVQGZwqZ01S7gdTF3AWByh7Bz1lg2LHmHZf%2BXmMlGIFO3MrprxDo3XLr%2FkofE%2BzCc15mzHl8AvtepATtnEu2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0bd231c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-2.jpg
104.26.15.215200 OK 1.0 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-2.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash e489d022a40ba80f51fb5acc1addea46
41c334f49c248783037ceaf6fc335acff62f760c
c39b4bfbcc6aa147547ca922c4f80350b48dbfa59cbd5176f44373e3b20f3567
GET /img/comments/person-sweep-2.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1042
cf-bgj: h2pri
etag: "640720f7-412"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fIoZTfubjrP341m%2FPG9NQN5vz3GQaz0yTbf62vG1fbG048lxLuNMd9I%2BwxIbKy14%2BM4wGusrR%2BLSWXI1x%2FIUa1T6PctwXGAMJtqrEfHlDsRYSzd8Z7%2B5EdONRvvCBddTektRLXw9Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0bd261c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-1.jpg
104.26.15.215200 OK 3.9 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-1.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x52, components 3\012- data
Hash 72c067fe856886245e7c47c7ff84e041
5210cb05f897db334c61f8971ccec9a7396ea8a7
9a106ad9f340c7bafdd365ea1ad24b9336c304b1e72653eb58e84b5604471030
GET /img/comments/person-sweep-1.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 3900
cf-bgj: h2pri
etag: "640720f7-f3c"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1393
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2PwXx8ifqR83%2FkYLuVa%2BERFBMI4%2BnuNW89RS6yYSH61%2FC3r984yNAbvIw64tUQnp4NEpoV8UW%2FKBtdEc5lFpy7PmlkfG13rHxVSgfvxz3mCFP%2BTJqnYpPHEo4pdKRtoJ63TL6RQLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0bd251c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-3.jpg
104.26.15.215200 OK 1.1 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-3.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 72ab252d8ff828965ad984b8ab16991f
e45ea3665e80feb2e6309b04e1ec2e8d41bb279b
c5d70c3abf95aecc84bcc1b1f9fc25848e690852071169bf57522fd671550291
GET /img/comments/person-sweep-3.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1063
cf-bgj: h2pri
etag: "640720f7-427"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XvBMuqMiGuwOdGivmtwCA6cy5EDb5CTvJ%2BMcQ17vhHcG6FhRRekclE1M9AfxmC%2BPeBzrVhVOoFsnVdJWp%2FFeWkUJgpV919Bw4QPK%2BKweq%2FJ4zWKEGIAH2Rxrhx3GT7PQhLblm8VjgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0bd271c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-4.jpg
104.26.15.215200 OK 3.7 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-4.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x50, components 3\012- data
Hash 02eebe83bc6786ef27b852477d4c4998
205314ba911137b6f6be4eefd946a2c62229e591
a0038f9d5f6fe1ce8fe1bf1cc7256f05e16c11d27041739c55918b823744753c
GET /img/comments/person-sweep-4.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 3694
cf-bgj: h2pri
etag: "640720f7-e6e"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DX2kjUnV%2BqDUYgY6h%2BGwRlKlp8tu%2FvieSucUhcQXcUkWRUPWeP3wKEK8hm7qEWDEMLqMHqg8tZZrM%2F2QGed0mzavA3ldNugVVRlOkylAj6LUn3eNjZ0%2F6a247NNlv96oNmaJWZP%2BFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0bd2b1c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-5.jpg
104.26.15.215200 OK 3.3 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-5.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x50, components 3\012- data
Hash 92c40a962aa579868b64b8b7f1b6575c
f676f1ce463a7b0b7b2c05587a9b52285e55e679
64e47fb0b1dc439d03463c15a7977d88988a4d3f7d563e3d772cc9ca8d41e414
GET /img/comments/person-sweep-5.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 3268
cf-bgj: h2pri
etag: "640720f7-cc4"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Chf%2Fm6Dw4XVUwXvfe7GkqKzkkjaebgwZVfENABB%2BZtbCYDssFw9SrQx0AIsdmjdJ5dLk5zhgeDzQC8pA7a3Lo16GoNU8%2FSFlVOtaWPq60EQAMBApfTF2lcGhm0ub%2BgVdIs%2BZ2ti3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0cd2d1c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-6.jpg
104.26.15.215200 OK 10 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-6.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:31:13], baseline, precision 8, 50x50, components 3\012- data
Hash eecc2c7e1efc1d69f01f47b677666cf2
c4e909b86e22612ca4c5e599c7fc7204573b1baa
92aaaee44b9c6f7f69cd778106927274a9c6f0fec665555be6b020d220207fb6
GET /img/comments/person-sweep-6.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 10400
cf-bgj: h2pri
etag: "640720f7-28a0"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86NNupsz3p6nwEYhraWR%2BMgmUpdat1uMh1mdZ%2Bi8ZrR7TMcAZ7V8no1v0OqHZ0WAtgmCNgxqaVNrsJkzc3phfftIziAyjZsVcxjhu%2Bg0CTZInNPuSnbFb4QgWJthddBM3RAj7tScdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0cd301c06-OSL
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 4cab696597c4ed332ba17718b7107a06
2d434b239deab74abe23a8badb79d4c5016f1705
067b86413b05b94048b294f3cb17d06f5e26a48bfd09374c8e032dc292bb581e
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Mar 2023 06:25:52 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 12 Mar 2023 03:54:56 GMT
ETag: "2d434b239deab74abe23a8badb79d4c5016f1705"
Last-Modified: Wed, 08 Mar 2023 03:54:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 685
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a4900e0d894b50b-OSL
sweepstakessurvey.org/img/comments/unnamed.jpg
104.26.15.215200 OK 1.4 kB URL HTTP/2 sweepstakessurvey.org/img/comments/unnamed.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 449aaf5a54e3fe3aa4f0f5875bede090
b2b897362626700277b7f8baca8b1f292d08b7e5
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59
GET /img/comments/unnamed.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1378
cf-bgj: h2pri
etag: "640720f7-562"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6dWT2hmJViWozdvdSOJdAr00A6Uqb3jBRYYzEhxnHdyqu9DzymyZjoub%2BvM09Bc9erOHuIypkDKRx79eRVV3OEV8uLJjYocGOvYFso6VdymWCOC1A%2FO4O9RQKASnZCbfgspKa7%2FJwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0fd471c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-1.jpg
104.26.15.215200 OK 3.9 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-1.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x52, components 3\012- data
Hash 72c067fe856886245e7c47c7ff84e041
5210cb05f897db334c61f8971ccec9a7396ea8a7
9a106ad9f340c7bafdd365ea1ad24b9336c304b1e72653eb58e84b5604471030
GET /img/comments/person-sweep-1.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 3900
cf-bgj: h2pri
etag: "640720f7-f3c"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1393
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVKpNWEkdNSfuhyRW3FXk%2B8PeSOkU7mWwVPSv%2FZRNBPSnOXibffEJ9xviWsERQdXeRxsQUar8fhKAuT6%2F7QTf5DpsDh33obTXXvoRGuzEGhXnrYlDkz0ymTnn%2FnV4GiU%2BM2EMHPLRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e0fd491c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-2.jpg
104.26.15.215200 OK 1.0 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-2.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash e489d022a40ba80f51fb5acc1addea46
41c334f49c248783037ceaf6fc335acff62f760c
c39b4bfbcc6aa147547ca922c4f80350b48dbfa59cbd5176f44373e3b20f3567
GET /img/comments/person-sweep-2.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1042
cf-bgj: h2pri
etag: "640720f7-412"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y3pdZh5iYFHx%2BJy6Od5Ik1sqiz7J9OObL1oTtt%2Bb6izfk99KcnZKeXYXnOZ0kzKXGbMmqLZt4BlwutWRTv5wr1AauKn2GN%2BmIIJvJc9BfVy4Y63UCGQG%2BIPZ%2FjF0lk7Qxo0mp5Odzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e10d4c1c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-3.jpg
104.26.15.215200 OK 1.1 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-3.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 72ab252d8ff828965ad984b8ab16991f
e45ea3665e80feb2e6309b04e1ec2e8d41bb279b
c5d70c3abf95aecc84bcc1b1f9fc25848e690852071169bf57522fd671550291
GET /img/comments/person-sweep-3.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1063
cf-bgj: h2pri
etag: "640720f7-427"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Ia9oxqrfOvQBGAKmYP6pKkvZcIxGKBOLy0%2BUSQYggLSZ64O8FyV285DYO8mx1zL5zxohpKh0lHCVzrV8uFXjQ6JN4f5JYlZWwoj1IJKK1sgPHJTyf9TmChOEdv3rAeho8UA0uogmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e10d4f1c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-4.jpg
104.26.15.215200 OK 3.7 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-4.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x50, components 3\012- data
Hash 02eebe83bc6786ef27b852477d4c4998
205314ba911137b6f6be4eefd946a2c62229e591
a0038f9d5f6fe1ce8fe1bf1cc7256f05e16c11d27041739c55918b823744753c
GET /img/comments/person-sweep-4.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 3694
cf-bgj: h2pri
etag: "640720f7-e6e"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2BrOE9kt5nu%2F8X5qvjidlZwJXEszmx8W%2FraudeiZhCsqBgjRlTGWOV%2B3LYvq6i0mSNjr4Ep87XSNcvJO74JPuK4tXdImW%2FbVxLFR3wf1i5AULs7zOvMQIuofS9tKNQXDT3bZ9eaxog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e10d521c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-6.jpg
104.26.15.215200 OK 10 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-6.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:31:13], baseline, precision 8, 50x50, components 3\012- data
Hash eecc2c7e1efc1d69f01f47b677666cf2
c4e909b86e22612ca4c5e599c7fc7204573b1baa
92aaaee44b9c6f7f69cd778106927274a9c6f0fec665555be6b020d220207fb6
GET /img/comments/person-sweep-6.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 10400
cf-bgj: h2pri
etag: "640720f7-28a0"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ruXWWGmtMmC%2FoP4EXcuaL5XD4sKow07SVJT3Ho2cl%2Bps7bHWyPoE8tw7BTPJ0mRGOPO1OAiOv5cKDpDf19hjjKQJMqdUp1csJLV8qas6xVnrI2dEk4%2F9vI5fT7fCgxDJM%2BK1VhAOWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e10d551c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-7.jpg
104.26.15.215200 OK 11 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-7.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:30:25], baseline, precision 8, 50x50, components 3\012- data
Hash 583a669aef17441f222db5be083f3750
f869d6bf98c43f0a0a935305096fe637df202687
5afe11e79d5ce7715f2dd2a291c3841d7abc1a62ac89002214f9562f6f58865b
GET /img/comments/person-sweep-7.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 10884
cf-bgj: h2pri
etag: "640720f7-2a84"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LGROqn%2BRiD3Fa98AcKwkBERz7XJwlDpZ%2FsV0Ff3y8tXBMyW7fH8Lcgo%2FBXw5ia1XNNkOpwEhyKfhHYWjeqkG7FTbgjlcW8O3%2F%2FSk8Ursuo71MziWEi4djBCJj5U%2FDOJLtNna5h1bTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e10d561c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-5.jpg
104.26.15.215200 OK 3.3 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-5.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x50, components 3\012- data
Hash 92c40a962aa579868b64b8b7f1b6575c
f676f1ce463a7b0b7b2c05587a9b52285e55e679
64e47fb0b1dc439d03463c15a7977d88988a4d3f7d563e3d772cc9ca8d41e414
GET /img/comments/person-sweep-5.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 3268
cf-bgj: h2pri
etag: "640720f7-cc4"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pg%2BEnjyp%2BIYRvh6QSC0OIzeBw2SqEXnaw6hawktRLzXI9sTEt0jtCkYxH%2BtAv4XdZgxYhJ76UjEET6gH0FesBxAw3oxfTrCaNd6IDEOYgQxqqtJKxrdkJUcg%2FoT4UJl%2BaWx1GN7JBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e10d541c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-9.jpg
104.26.15.215200 OK 12 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-9.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:32:23], baseline, precision 8, 50x50, components 3\012- data
Hash f950070b2582c8f9202b5d084e91905f
7154a29bb2ecd778435943cf02c88fb9b0a86183
ccfcb58ee86d9df13807286e232dd153f04c84527fd80d5efc2212157cb6386e
GET /img/comments/person-sweep-9.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 11871
cf-bgj: h2pri
etag: "640720f7-2e5f"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LuPnt8m1DaMFzeHO9fDBu3xw4O3NLs1zs1%2FHzaKKmN5dfYU0uxQjGTain9Zn220ZNQ9Luf9HetaPqNigHH5mbwAjvSGDAsHVLccktvF718YjmB5Oo4SsipV98VneXfPPAPqj8oZ6ew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e11d611c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-8.jpg
104.26.15.215200 OK 1.2 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-8.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash f60b9c2d018d7a29d014742ae8e36839
1b59e7eec38eb9f620256742f83ae7938ac0bb07
ed7ea3a5c85d0ba010c783b9599441ba28fb4333cf1ef534f6ec07b5d81e7fd8
GET /img/comments/person-sweep-8.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1182
cf-bgj: h2pri
etag: "640720f7-49e"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BRgpppMsXWd1xMgZ44BlpIRF3NlrIibPpnYnd0hX%2BsMvnPmS0CPSIHGuWOYllAcZwB81RHxxaKJjBSK54tJBwEWY%2By2qswauRBetfKrK6H3okZWEWprfttnDYBUaZml5cBwwlfN5lg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e11d5d1c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-10.jpg
104.26.15.215200 OK 11 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-10.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:33:44], baseline, precision 8, 50x50, components 3\012- data
Hash 2f7d5d907d9e6d0250afbdbeb7f3cb0c
136703751a36b76b1fe599930ec855f90fde9f23
271e2dabe37ae76b27d28edfeaf49c9a4135f62dd24a3c0ff3387ea9354841f1
GET /img/comments/person-sweep-10.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 10828
cf-bgj: h2pri
etag: "640720f7-2a4c"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZzEo2n7P01b7XjfnODt1X%2B6uXp3HkGL9Glsx63Xg2omEAGr0Z8vW1Yya1Zt%2BD88Pri1PYdqc750wJir1%2FAa9B%2BN7YiVFog224mR0P2evcL%2BPxlHEFa%2BSX2P503ZdcyZOV%2FaWnlS0WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e11d661c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/s-storageService.js.d208f1c2.js
104.26.15.215200 OK 12 kB URL HTTP/2 sweepstakessurvey.org/js/s-storageService.js.d208f1c2.js
IP 104.26.15.215:0
File type ASCII text, with very long lines (2572), with no line terminators
Hash 1fc04451c5f97ed23738b4ba0764e6fe
bd37cfd77a0d7ffd375739553a06342896faeafc
339af4c46fa90db4477128ddb9a165555048b94b23640857624a0fdbaef0060f
Analyzer Verdict Alert fortinet Phishing
GET /js/s-storageService.js.d208f1c2.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-a0c"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ufXDkVQZN5Hts%2FH68QbZ8cl78IHtawr39IWTKrPcyjpcjKRPVbSNdUoFMhX%2BrQBGpj7uEkZGpk1SctwDnAGCtoHeJ1%2Bp0c0PIoZpn2g1IXNq7kwei7izwLRqie2GUyfcBX8tvGXf4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de4b701c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/_rtc.b49461f5.js
104.26.15.215200 OK 15 kB URL HTTP/2 sweepstakessurvey.org/js/_rtc.b49461f5.js
IP 104.26.15.215:0
File type ASCII text, with very long lines (11189), with no line terminators
Hash 60fa9beea448c09c6016b0c4f9a99c3f
6bf71c46eada0843af37b7b309d87850a1d811e5
3f5e4099ea475fedb6edc993d81636c03bb08e4358d1a7fa3f2bdf5b293da830
Analyzer Verdict Alert fortinet Phishing
GET /js/_rtc.b49461f5.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-2bb5"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OySzS8o1N6PAk%2Bm8H%2BIfusqqwLNWlas8cQ7XhcDFNBLtmYc0FNngMMiW45NF5QPaM1XRKKJxt8rVb6hOpDHyASNVjAIJXzrKOg26CmypmxwYA8BL5XIUFL5OoX1gaQ6ezUjRSmhfIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de4b6e1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-15.jpg
104.26.15.215200 OK 1.1 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-15.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash ca57a3f68e171ebeb7798679d5fb79ca
688e6a4ffeeae81c9e970e03081de1fe26afac9a
f739552ded4074fa25475c5a5ed9c49dc0a769e791e9916b5d8bcbc044f8818a
GET /img/comments/person-sweep-15.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1067
cf-bgj: h2pri
etag: "640720f7-42b"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tv8C0y3ayILnCcO4oobu1jd22CexvwSGrS4ODdtbhfR%2BtjeloHSO%2F%2BJq98rN%2FAnJVhEhF7%2BOS%2FjiYyNFaZzoFFJg%2FQd4ggpS95zPO2z9ypwtWwLk0bf2Pm0zwZ%2BQxTUt0zw7lEL08A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e12d6e1c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/v-index.js.217dab77.js
104.26.15.215200 OK 13 kB URL HTTP/2 sweepstakessurvey.org/js/v-index.js.217dab77.js
IP 104.26.15.215:0
File type ASCII text, with very long lines (35272), with no line terminators
Hash cd214469df8eca600c1231507b735069
4c3222d4573b2f50ae38ca00a34548e8fa6f835a
759a11486efc26d742a6d6c5ad55be7263bdf820507e4286ee5d891815ed884d
Analyzer Verdict Alert fortinet Phishing
GET /js/v-index.js.217dab77.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-89c8"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kn2wsJL6vaM%2BYAJXnt5oh6YAXdm1jcIKwmimu6nvNlKBSESR2w3SrVeMuNqeBbH4V6OJ9FKaLYfJw42yZZPxujr9RG9%2BEEs%2BOO%2F2y74W2mNbiBNfBafE7PNozvksTWsv1WtWYLkhqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de5b711c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-16.jpg
104.26.15.215200 OK 1.2 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-16.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 9574e9e3f629fc4cc0f470f678a232ca
89412a05077b4eaa423f7790bd5fb4ee3efc84eb
15f660e8aec56d65e9da4efcd552984e5a623c25b8484c3efbdfa7567bdab17d
GET /img/comments/person-sweep-16.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1208
cf-bgj: h2pri
etag: "640720f7-4b8"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S1U5Y3PJ3My3DSm7c7sGa%2F4c3lZZQv3EmfB6%2BNWIPD9T56XKaLhwk2uHmNptFIux%2FMHCcfLRos4i9E34nhd%2BjY1xgHEqSPbx7YiT%2B%2BQpUeGrRBOp4ADr%2FFVg%2FwAQmJsIg1JHU1rEig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e12d6f1c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/img/comments/person-sweep-13.jpg
104.26.15.215200 OK 1.1 kB URL HTTP/2 sweepstakessurvey.org/img/comments/person-sweep-13.jpg
IP 104.26.15.215:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 85059de53011f0ef712a5f4b5dd13219
481385e3fe4b3ec1fd703de246796396a33777b1
7f442be1fc6ab7aa64035207cedeff057625371b7a58d551fda451acee6b4f58
GET /img/comments/person-sweep-13.jpg HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: image/jpeg
content-length: 1110
cf-bgj: h2pri
etag: "640720f7-456"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1392
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1xKmxgy1pd72RkrWE6SVdE5Y%2Bx2YZThvRn%2FCufyyFkmNA1NDEmvxCOWOtfsLYNKlM3fOmRoN1iebc%2FenN%2B%2Bgs20lErN5vIdcQxXw4EHcPMQYFio5iaeMBV%2BcXy5FBBE7Rf0Q2Qjig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900e11d6c1c06-OSL
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/config/comments/en-sweep.json
104.26.15.215200 OK 75 kB URL HTTP/2 sweepstakessurvey.org/js/config/comments/en-sweep.json
IP 104.26.15.215:0
File type JSON data\012- , ASCII text
Hash 46eba4deb405cdd25143fed5b7ef152a
1bd18b2b3de595a59a585a534d7f37cdae731344
dbb28495d76d4e0356da965bf7912a49a3b653610aa03e8df903d77c11a4d34e
Analyzer Verdict Alert fortinet Phishing
GET /js/config/comments/en-sweep.json HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/json
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
etag: W/"640720f7-12f9"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEZWlDdVZValRYn%2FY8paje7tPD4ReQAdAPEbZJHRKjgaWG%2FsLoHa%2BK2NY%2BkI0i9Wxbh%2BJL36caKV9ieekHHZ%2F7ikZL4UzfX1A6fIG%2F6UaGbIvxX0%2FyYyF6H7bn9AnpFXKa1iOYByAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900dffca91c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Cache-Control, Expires, Alert, Content-Type, Pragma, Retry-After, Last-Modified, Backoff, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Mar 2023 06:12:30 GMT
age: 802
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bc9a86b8d3035b57b58750f8896202e8
1485042fff689cadbf0c7a540f430993f23d45e3
b06e4961e184d51008f4adb9c8fe571f08b21b4728e5eac0bb4795861e03aa2f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B06E4961E184D51008F4ADB9C8FE571F08B21B4728E5EAC0BB4795861E03AA2F"
Last-Modified: Tue, 07 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20201
Expires: Wed, 08 Mar 2023 12:02:34 GMT
Date: Wed, 08 Mar 2023 06:25:53 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Mar 2023 06:25:53 GMT
access-control-allow-origin: *
etag: "6406e24d-2b"
expires: Wed, 08 Mar 2023 07:25:53 GMT
accept-ranges: bytes
last-modified: Tue, 07 Mar 2023 10:05:49 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A583653325%3Arqn%3A1%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C18%2C77%2C1%2C%2C0%2C%2C133%2C2%2C%2C%2C%2C338%3Aco%3A0%3Ans%3A1678256752089%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
93.158.134.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A583653325%3Arqn%3A1%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C18%2C77%2C1%2C%2C0%2C%2C133%2C2%2C%2C%2C%2C338%3Aco%3A0%3Ans%3A1678256752089%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash c209e937494cb6061474a23a0b3b49b6
ce856693b85ff448dfbf53af9f3a3609d50a8f16
4e2e6d8bce0c26054b81a169d21a031407dca3b79f6d9d74f3a5813273e2ebcf
GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A583653325%3Arqn%3A1%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C18%2C77%2C1%2C%2C0%2C%2C133%2C2%2C%2C%2C%2C338%3Aco%3A0%3Ans%3A1678256752089%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Wed, 08 Mar 2023 06:25:53 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Mar-2023 06:25:53 GMT
last-modified: Wed, 08-Mar-2023 06:25:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonStepChange&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A712161683%3Arqn%3A4%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonStepChange&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A712161683%3Arqn%3A4%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonStepChange&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A712161683%3Arqn%3A4%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Mar 2023 06:25:53 GMT
access-control-allow-origin: https://sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Mar-2023 06:25:53 GMT
last-modified: Wed, 08-Mar-2023 06:25:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonUnique&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A352062725%3Arqn%3A3%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(3)aw(1)fip(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonUnique&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A352062725%3Arqn%3A3%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(3)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonUnique&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A352062725%3Arqn%3A3%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(3)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Mar 2023 06:25:53 GMT
access-control-allow-origin: https://sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Mar-2023 06:25:53 GMT
last-modified: Wed, 08-Mar-2023 06:25:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonSurveyStart&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A613717098%3Arqn%3A2%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1015%2C1015%2C1%2C%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(2)aw(1)fip(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonSurveyStart&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A613717098%3Arqn%3A2%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1015%2C1015%2C1%2C%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(2)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2FonSurveyStart&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&hittoken=1678256753_9dc03d4b58d936c578f3144ff9180a3c3b493168beb32143bfdba106f13e8e59&browser-info=ar%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A613717098%3Arqn%3A2%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1015%2C1015%2C1%2C%3Aco%3A0%3Ans%3A1678256752089%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(2)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 49
Origin: https://sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 08 Mar 2023 06:25:53 GMT
access-control-allow-origin: https://sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Mar-2023 06:25:53 GMT
last-modified: Wed, 08-Mar-2023 06:25:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.148.84.125101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.84.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Z+vibrz+VYLeGu1cDCh1bg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: t6IUOOfdZKElt9chcGm1u5qqg+c=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8a6537b4a65c84adca1fb7711c6a43ff
7699cc3f74c2dfa4a1209d0c437aa35b7a7b6c91
a08506a0a1f9142952faef06f140ed67202e4717bb90dca169e87f7b802bada1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A08506A0A1F9142952FAEF06F140ED67202E4717BB90DCA169E87F7B802BADA1"
Last-Modified: Tue, 07 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 08 Mar 2023 08:51:29 GMT
Date: Wed, 08 Mar 2023 06:25:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8a6537b4a65c84adca1fb7711c6a43ff
7699cc3f74c2dfa4a1209d0c437aa35b7a7b6c91
a08506a0a1f9142952faef06f140ed67202e4717bb90dca169e87f7b802bada1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A08506A0A1F9142952FAEF06F140ED67202E4717BB90DCA169E87F7B802BADA1"
Last-Modified: Tue, 07 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 08 Mar 2023 08:51:29 GMT
Date: Wed, 08 Mar 2023 06:25:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8a6537b4a65c84adca1fb7711c6a43ff
7699cc3f74c2dfa4a1209d0c437aa35b7a7b6c91
a08506a0a1f9142952faef06f140ed67202e4717bb90dca169e87f7b802bada1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A08506A0A1F9142952FAEF06F140ED67202E4717BB90DCA169E87F7B802BADA1"
Last-Modified: Tue, 07 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 08 Mar 2023 08:51:29 GMT
Date: Wed, 08 Mar 2023 06:25:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8a6537b4a65c84adca1fb7711c6a43ff
7699cc3f74c2dfa4a1209d0c437aa35b7a7b6c91
a08506a0a1f9142952faef06f140ed67202e4717bb90dca169e87f7b802bada1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A08506A0A1F9142952FAEF06F140ED67202E4717BB90DCA169E87F7B802BADA1"
Last-Modified: Tue, 07 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 08 Mar 2023 08:51:29 GMT
Date: Wed, 08 Mar 2023 06:25:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8a6537b4a65c84adca1fb7711c6a43ff
7699cc3f74c2dfa4a1209d0c437aa35b7a7b6c91
a08506a0a1f9142952faef06f140ed67202e4717bb90dca169e87f7b802bada1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A08506A0A1F9142952FAEF06F140ED67202E4717BB90DCA169E87F7B802BADA1"
Last-Modified: Tue, 07 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17421
Expires: Wed, 08 Mar 2023 11:16:15 GMT
Date: Wed, 08 Mar 2023 06:25:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b9125cf-f7a3-4e5a-a08b-5a4d575a74a4.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b9125cf-f7a3-4e5a-a08b-5a4d575a74a4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a3157382cba898444000db29aa50d0d
19b5ad2e62ea7866ea182d36089f97564d2dcc80
dd9fcaca076517a17637bfbd2b33c6b148ca530d2c2100fba72f881d860c4890
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b9125cf-f7a3-4e5a-a08b-5a4d575a74a4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11784
x-amzn-requestid: af462ef2-e0c3-4300-8fd5-ce98653ddb8d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BU82MEJboAMFguA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64050e8d-22585475022a1ea0311b99a3;Sampled=0
x-amzn-remapped-date: Sun, 05 Mar 2023 21:50:05 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: dd72JKkRbtf1S4LNCqAsU43i0u9LLMEnIUaKadgQnMqMjfMfOPeHGQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e11ee4e3208082d534c251b36bbee268.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Mar 2023 19:21:23 GMT
age: 39871
etag: "19b5ad2e62ea7866ea182d36089f97564d2dcc80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98d706fd-31b0-40d9-a435-bc1fd2ca5bd0.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98d706fd-31b0-40d9-a435-bc1fd2ca5bd0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c834ae7d5c86fa5a189b46f3ef23bcc2
b9d150a7bfe93beb0f72da20c9563df7f96aed9d
6c237850e36acbba8feec07a0c685dbe5598089f8de77f5ce37d8069b044290a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98d706fd-31b0-40d9-a435-bc1fd2ca5bd0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8384
x-amzn-requestid: 39b2baf8-b9e5-4e71-9062-589f366881aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bbg_cHB-oAMFfSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6407aec8-2381da991d5dbde1727387e8;Sampled=0
x-amzn-remapped-date: Tue, 07 Mar 2023 21:38:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: v6zbBwg198cx-Tt3Kx5oaOAJXEVRZC2EzCzp7YxUVTx0FkoMV3Vz8g==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 f958a3846d80a3925f664b320dfad9c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Mar 2023 22:51:47 GMT
age: 27247
etag: "b9d150a7bfe93beb0f72da20c9563df7f96aed9d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2702b0-2374-4a7d-87af-c09842669e5d.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2702b0-2374-4a7d-87af-c09842669e5d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f46eff01f1bbc5549a10539f87bdbec
ea3bad22405cf50b779acddb510b256dd29a3ab8
294cfd20d9965260125b37f379364ba6f4ad008a38084b293f8e8a785d2510ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2702b0-2374-4a7d-87af-c09842669e5d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7678
x-amzn-requestid: 25220fb8-8b01-4916-bd21-da9d4955a2f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bbf_MHBEoAMFebw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6407ad2d-1f3968821902468e7aa71a4b;Sampled=0
x-amzn-remapped-date: Tue, 07 Mar 2023 21:31:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 58861urCDHtPcvZFCUiMrP8MN863KkdruXkfjyqqip90jk8lU2PsRQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Mar 2023 21:45:02 GMT
etag: "ea3bad22405cf50b779acddb510b256dd29a3ab8"
content-type: image/jpeg
age: 31252
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38c5365c-e953-4f7b-9671-8725bbef1913.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38c5365c-e953-4f7b-9671-8725bbef1913.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ebfd75f1a70ab5e3778350233b7fd3b
ac3209fb137ca7109853c80d937c2a92d3c062c6
4aca1f2b4505b25c78ccf6176b951c90d14e6a7dd118c912befa626c8c4dfa38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38c5365c-e953-4f7b-9671-8725bbef1913.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5730
x-amzn-requestid: dedd80e2-b3cf-4f26-9080-e7731733c41c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bbf_MFJ4IAMFo0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6407ad2d-472f7a32073a686734574add;Sampled=0
x-amzn-remapped-date: Tue, 07 Mar 2023 21:31:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: qli8D2DWoLYbi--7nOKYN1pJXXNcB8UdHLnpdfCol1qaVjuphwJxfw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Mar 2023 21:58:29 GMT
age: 30445
etag: "ac3209fb137ca7109853c80d937c2a92d3c062c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80b9ce82-5e4b-44ae-836c-48fecd026559.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80b9ce82-5e4b-44ae-836c-48fecd026559.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bd60cb0d79597b92d5999582962c2925
2e3d830f56e5c154478a4c4824ce9547d9e27eb3
b1019398c693bc092a5a127a54bad340198fa5fac33a505865a229a275e22ca6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80b9ce82-5e4b-44ae-836c-48fecd026559.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9920
x-amzn-requestid: 5214cc4e-fc2c-46c3-8e1a-8ffc84b89e8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bbg_fGfGIAMFi_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6407aec9-250a9f943cb6224040a1d111;Sampled=0
x-amzn-remapped-date: Tue, 07 Mar 2023 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: p9YTQGxfPj3OZhbTDE8GG49oMczWBvZfzq4Rssw9JlnLCLw362yt9A==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 28fdf6e146f70e7372911f118404fb20.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Mar 2023 21:41:29 GMT
etag: "2e3d830f56e5c154478a4c4824ce9547d9e27eb3"
content-type: image/jpeg
age: 31465
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cd018ed-7ccb-4718-8ca8-722523738a19.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cd018ed-7ccb-4718-8ca8-722523738a19.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b4c2db9869c88bae7d0404c1dcec413
e7c7dcc46ce107a7a026c0d4b4f2628c8e9b2f00
bec9134b244ba67c17b521040803ab01fb15e20f51b5d2f087b78a5c21b871bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cd018ed-7ccb-4718-8ca8-722523738a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10282
x-amzn-requestid: 1e8e3352-2149-4709-a610-a2c2a0cffe21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bbf_TFcEoAMFskw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6407ad2e-76c8b341197f21f532ad217b;Sampled=0
x-amzn-remapped-date: Tue, 07 Mar 2023 21:31:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: gBY6DCwsc-JgYL-zM5NXGQwQqSwJJVeaQFCpP1V8h8Qxgq4ptn67Zw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 50faaaa196a6b0875217ef7827f97d7c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Mar 2023 21:41:30 GMT
age: 31464
etag: "e7c7dcc46ce107a7a026c0d4b4f2628c8e9b2f00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Cookie: ID=33d2b75962dd49dc9ffd7665d68d7b26
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Mar 2023 06:26:00 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=33d2b75962dd49dc9ffd7665d68d7b26; expires=Thu, 07 Mar 2024 06:26:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=NO&oaid=7e54037325954c2ca92d756db921751e&s=657219050212172532&z=4533056&b=10037337&var=5038130&campaignid=4634920&utm_campaign=5038130&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2&rdk=rk1
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=NO&oaid=7e54037325954c2ca92d756db921751e&s=657219050212172532&z=4533056&b=10037337&var=5038130&campaignid=4634920&utm_campaign=5038130&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2&rdk=rk1
IP 104.26.15.215:0
GET /sweep.html?survey_id=999901&comments=en-sweep&geo=NO&oaid=7e54037325954c2ca92d756db921751e&s=657219050212172532&z=4533056&b=10037337&var=5038130&campaignid=4634920&utm_campaign=5038130&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2&rdk=rk1 HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: text/html
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Shu%2FcBOxO8ffjJXgSdpxGxdL8omFTlwGY0Xfl8anwocYbUfX3R0M36P5ZqEGdI%2FLI4mUXXEPCgNAKCD%2FEoHEqWTJc8hBsDuiT7bPd5dk4ikyo%2BfKtkX7ySILodnAZmAaSowkbUNeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900dd6ae21c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/v-immer.esm.mjs.d4480123.js
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/v-immer.esm.mjs.d4480123.js
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-immer.esm.mjs.d4480123.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-2900"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFzPxrw8cGuPfa4Vd5yhEsn%2FshpSzjNyFPUlhXmOoV%2F7ZvvVRcNWYjXN080d0o3J4k5i%2BIc7fthbv28iLX9xB9vMcN70xzEIt%2BRfGBv8LBnqISoa2vHZZkKqbFuy3BMK3mV7U1U%2B4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de5b731c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/v-redux-toolkit.esm.js.c884ac17.js
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/v-redux-toolkit.esm.js.c884ac17.js
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-redux-toolkit.esm.js.c884ac17.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-29c5"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ipTUjvxdECJ8TTqIZmHPTpYHCfxKfZzkRTWcDA05JZeTX28ezWzt7qvdR5gapaoZrMRagGQtiAeEZcjHzBiAdc%2BgXsSxrW2zOUNjGL9h9ZftZfOJSY8zDsU036hv5RllaJTocMQFrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de5b721c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/_each-land-config.c7ac5299.js
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/_each-land-config.c7ac5299.js
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/_each-land-config.c7ac5299.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-cdb3"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YhK8T6AS7V2%2BsQqkDdycipUKZMrU3rGHCvYvJb14oRjD3AnSmVatB9AMFpfORv7cUDySTHHfYVbBmJcZNCSHYP%2BTk7yDpJa3qXVDwuk6%2FdtMFCOq5uQ2UQFsW7pSo%2FtGrj0hPSKRzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de5b761c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/sweeps-survey.ffe09122.js
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/sweeps-survey.ffe09122.js
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/sweeps-survey.ffe09122.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-1f1"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKS9M7lgHjAsl3xvQqk7b83PRUx3xv2GRIfyYcKOjiZWsNI9ftW1uf%2F3bIMF7N9r4SE57ACFPLtGsBT8FKMH7EJX%2B03ssa6h60Ip1CKL6mU3RcwR2zjdFckkFR5J14uxcxZCWliGDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de6b831c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/css/sweeps-survey.2de100f7.css
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/css/sweeps-survey.2de100f7.css
IP 104.26.15.215:0
GET /css/sweeps-survey.2de100f7.css HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=82444
etag: W/"640720f7-1420c"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JwXGn33jnrLSvIyVWgrvZs%2B6MksSI4%2Be2reNsLoCA6AUF9AGGZKoe5XqehiY3w1EcEOeElQQKC3DjAieFPqsULQ5KMAFtt5hfoD4ci7QDj30hmxDDMgvq38tODDM9t3O6hhphpes4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de6b871c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/config/data/sd-999901.js?v=10
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/config/data/sd-999901.js?v=10
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/config/data/sd-999901.js?v=10 HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
etag: W/"640720f7-1306"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5p6bbCdUulr2BJQqZ2yIDhxdImyiM9QueHPrr7oGyWBZCxqdnP0EuYhWnE0jPiK02%2FkRaPwC%2FaadZH9TEd0rDEzyv1PdOiPikMOBVG0Us2I1bIC3zWcXRQKryU8TjN95XctPJfwyAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900dedbda1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/_is-browser-supported.c275dfa9.js
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/_is-browser-supported.c275dfa9.js
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/_is-browser-supported.c275dfa9.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-3e9"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNQZLlOzZ1yNDAmKPioZ2JQa4hcmbwZ3R%2Fssh2aOaZ7R%2BeyokZInqCMQcLsxXzKlF5zKFwoKYE1KuMvjkmyp75KnNVtqbclQkw7jMUA7LPnDcrVyLFjW%2BVl2rn96RnuxBhiZxW7lYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de4b6a1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/_global-config-sd.b46486be.js
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/_global-config-sd.b46486be.js
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/_global-config-sd.b46486be.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-3c4"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E8qSc%2FosieaFfAbVuXUHdXgdpmACjFI6RJzpOhtSlIzEn2WIH0tYQ3MY0dhh4TVGmVKA70qknfErRMdjgA7lo%2Bn75Vg7wyk5pSGTHm4VFvMUAYbsfsArQHORn4Xpry6UiFKzijsE9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de4b6c1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/css/_core-survey.4a4f0a3c.css
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/css/_core-survey.4a4f0a3c.css
IP 104.26.15.215:0
GET /css/_core-survey.4a4f0a3c.css HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1440
etag: W/"640720f7-5a0"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVXZ1PUQTR8F5rYuSdXQiSKO8e6dwAR2%2BmHKHk6r4qB9HJlKCWDJkp6YRs%2Fy2kMapI7F%2Bxdo9OXlop8uNmTuh5%2B172huj7DNqIlHCyiWuM93kS9iVNeUXz5cZfZ%2FR%2BrSnzcw0GgOVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de6b861c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A583653325%3Arqn%3A1%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C18%2C77%2C1%2C%2C0%2C%2C133%2C2%2C%2C%2C%2C338%3Aco%3A0%3Ans%3A1678256752089%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A583653325%3Arqn%3A1%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C18%2C77%2C1%2C%2C0%2C%2C133%2C2%2C%2C%2C%2C338%3Aco%3A0%3Ans%3A1678256752089%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A583653325%3Arqn%3A1%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C18%2C77%2C1%2C%2C0%2C%2C133%2C2%2C%2C%2C%2C338%3Aco%3A0%3Ans%3A1678256752089%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DNO%26oaid%3D7e54037325954c2ca92d756db921751e%26s%3D657219050212172532%26z%3D4533056%26b%3D10037337%26var%3D5038130%26campaignid%3D4634920%26utm_campaign%3D5038130%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2%26rdk%3Drk1&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Asm0eap24cmhk4ozkpnx0n%3Afp%3A302%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A970%3Acn%3A1%3Adp%3A0%3Als%3A1505589677409%3Ahid%3A282316753%3Az%3A0%3Ai%3A20230308062553%3Aet%3A1678256753%3Ac%3A1%3Arn%3A583653325%3Arqn%3A1%3Au%3A1678256753610214709%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C18%2C77%2C1%2C%2C0%2C%2C133%2C2%2C%2C%2C%2C338%3Aco%3A0%3Ans%3A1678256752089%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1678256753%3At%3ADear%20user&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Wed, 08 Mar 2023 06:25:53 GMT
access-control-allow-origin: https://sweepstakessurvey.org
set-cookie: yabs-sid=1959077831678256753; Path=/; SameSite=None; Secure
i=MzefsvwEG1cJGaFTEC38weaIShnl9OM2a8O5TsTLBIBmESJOCQGUCuBctG4i+EMMP7Wd3pKSNgdm53xURqMrjzGHuQc=; Expires=Sat, 05-Mar-2033 06:25:51 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=3658325751678256753; Expires=Thu, 07-Mar-2024 06:25:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3658325751678256753; Expires=Thu, 07-Mar-2024 06:25:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1709792753.yc.1678256753#1709792753.yrts.1678256753#1709792753.yrtsi.1678256753; Expires=Thu, 07-Mar-2024 06:25:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 08-Mar-2023 06:25:53 GMT
last-modified: Wed, 08-Mar-2023 06:25:53 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/_core-survey.1900d488.js
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/_core-survey.1900d488.js
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/_core-survey.1900d488.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-2c54d"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DIYsbgkwN0gOKaoWcQve6u0sPIaaazorDdWRKbszT1UunAdmxxar%2FVYn8zJHDTIwqxdf7YItBay6C8k18kgg8%2FRGC8PricqCA6VK6O%2FNG50sLlEPcLr4LM5NeYsHkZAkTtUP1%2Fhf6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de5b7b1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
sweepstakessurvey.org/js/v-react-dom.production.min.js.dac34671.js
104.26.15.215200 OK 0 B URL HTTP/2 sweepstakessurvey.org/js/v-react-dom.production.min.js.dac34671.js
IP 104.26.15.215:0
Analyzer Verdict Alert fortinet Phishing
GET /js/v-react-dom.production.min.js.dac34671.js HTTP/1.1
Host: sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Mar 2023 06:25:52 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"640720f7-1f8eb"
last-modified: Tue, 07 Mar 2023 11:33:11 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FZW01VJmO80j2Dt2kr6a0nL42aRotgLUksdxL%2FbtTi0HyrlmhIfdqtcrzBOzLauIv%2FcMoLorysB6ZQOAfAnb9yi4LjIELZN%2Flq%2B4ykKmsAZVIS%2BkZLJ%2Bsk0ARf0SnzbELubPwkpew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a4900de5b781c06-OSL
content-encoding: br
X-Firefox-Spdy: h2