paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815/
52.5.54.148301 Moved Permanently 134 B URL HTTP/1.1 paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815/
IP 52.5.54.148:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
Analyzer Verdict Alert fortinet Phishing
GET /go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815/ HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 31 Mar 2023 21:02:29 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://paidsurvey.pro:443/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815/
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5428
Expires: Fri, 31 Mar 2023 22:32:57 GMT
Date: Fri, 31 Mar 2023 21:02:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2410
Expires: Fri, 31 Mar 2023 21:42:39 GMT
Date: Fri, 31 Mar 2023 21:02:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 374c9e295a804e605c402f48ae7e2446
967394b36ecdff2dd32842f878887f061024c6b3
7652dfcb9e2d620ce1d033be8ecc53166d2881154c15decd60899415e5ac2706
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7652DFCB9E2D620CE1D033BE8ECC53166D2881154C15DECD60899415E5AC2706"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16362
Expires: Sat, 01 Apr 2023 01:35:11 GMT
Date: Fri, 31 Mar 2023 21:02:29 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 20:16:13 GMT
content-type: application/json
age: 2776
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OGuyaG3s5aXfCRT7EMEmSdQlL+ArSESAnlA5YaZdkRdOPRartYgiD+ckVYFaU7KWuXAx5ezFXV8=
x-amz-request-id: 07BY4BZTATK0PRAG
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 20:03:28 GMT
age: 3541
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 21:02:29 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 466b02e85418b6daefac5aa813625a02
01ba68a8e17a3bcf9852c433a816c4d00bbf65d8
582609843bfc134541079a7bbab3baa3e028089e4977d244f61ec01f13372ad2
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125336
Date: Fri, 31 Mar 2023 21:02:30 GMT
Etag: "64267b70-1d7"
Expires: Sun, 02 Apr 2023 07:51:26 GMT
Last-Modified: Fri, 31 Mar 2023 06:19:28 GMT
Server: ECAcc (nya/79EB)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Wbfo13xuE9xnkfVCzC494nUgK7M1xaiRS752xaVF5vVY6y3JM08luw==
Age: 5518
paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815/
3.228.163.244301 Moved Permanently 300 B URL HTTP/2 paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815/
IP 3.228.163.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 16da2e6e65dd3f2db91fbd02338d17bd
f9551dbcbb65907c3d5b973e3bd4d1a49ef7f5e5
4b582ae344ba7c846f27a2f4c749e56720a150500b8010dbb3b4dd200afd7030
Analyzer Verdict Alert fortinet Phishing
GET /go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815/ HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: text/html; charset=iso-8859-1
content-length: 300
location: http://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
server: Apache/2.4.41 (Ubuntu)
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Last-Modified, Alert, Backoff, Content-Type, ETag, Cache-Control, Retry-After, Expires, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 20:17:26 GMT
age: 2704
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
52.5.54.148301 Moved Permanently 134 B URL HTTP/1.1 paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
IP 52.5.54.148:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
Analyzer Verdict Alert fortinet Phishing
GET /go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815 HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Fri, 31 Mar 2023 21:02:30 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://paidsurvey.pro:443/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b3df8c73360b4239af64e11f9d2388be
dc5463ff26615b40e4eab388052790d6c30ea5e6
877b23d16abf2e0e9f649f53747e82af0b75e8595abd71728254e612847cfdb6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "877B23D16ABF2E0E9F649F53747E82AF0B75E8595ABD71728254E612847CFDB6"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10000
Expires: Fri, 31 Mar 2023 23:49:10 GMT
Date: Fri, 31 Mar 2023 21:02:30 GMT
Connection: keep-alive
paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
3.228.163.244200 OK 6.9 kB URL HTTP/2 paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
IP 3.228.163.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (939)
Hash 28754be544225b60419a329752affd7d
5b1494d5f898da666b2e28ee2cb5293ca689d516
186b70757774ba6186d7a0dbf13f0f292d7c5f67fd7ea02e5d387f15aeb185d8
Analyzer Verdict Alert fortinet Phishing
GET /go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815 HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: text/html; charset=UTF-8
content-length: 6891
server: Apache/2.4.41 (Ubuntu)
set-cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-store, max-age=0, no-cache
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ads.pro-market.net/ads/scripts/site-141028.js
23.36.76.115200 OK 1.1 kB URL HTTP/1.1 ads.pro-market.net/ads/scripts/site-141028.js
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (514), with CRLF line terminators
Hash 540b7c85a21cf48ee81735b2ffcc335f
e5eaedc157c73717aab322629e3f1ad8569bc0a1
aa2916440a5dc9e91cc213dc3503845a97fe91cfd12fe8e6cd92032b675a4da9
GET /ads/scripts/site-141028.js HTTP/1.1
Host: ads.pro-market.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 23 Jul 2019 13:39:45 GMT
Server: nginx/1.0.15
Content-Type: application/x-javascript
Content-Encoding: gzip
Content-Length: 1101
Cache-Control: max-age=86400
Date: Fri, 31 Mar 2023 21:02:30 GMT
Connection: keep-alive
Vary: Accept-Encoding
cdnjs.cloudflare.com/ajax/libs/bootstrap-formhelpers/2.3.0/js/bootstrap-formhelpers.min.js
104.17.24.14200 OK 59 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap-formhelpers/2.3.0/js/bootstrap-formhelpers.min.js
IP 104.17.24.14:0
File type Unicode text, UTF-8 text, with very long lines (65274)
Hash a63b2977b01b6e2d2e2086c3f63a3c9a
560409f64e40f5078e1ba8d496657badd7a3a6ee
4a477bb786727bd8c49a1dbc25dd37dcce7f2ceece74576dffd8a3da739b034f
GET /ajax/libs/bootstrap-formhelpers/2.3.0/js/bootstrap-formhelpers.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 58913
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8e-46f6d"
last-modified: Mon, 04 May 2020 16:06:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 23339724
expires: Wed, 20 Mar 2024 21:02:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8nox0bnsSJ%2F8c7YQDIEUBpcuyogjbiamYQQT7ijhZRXdw19oyBbpmk3XPzeDW%2FeEaWN6EDqb0pxCQqulJPgSZJHvGZqxzOR6rsqXXKFGF3tRKVCduVc5dYATFkBfgEwyp1BphQ32"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7b0b88a28923b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a5ac29d7d71ef6c0cc7547974c8c4f7b
29108a8370757ef63f347d1fd2ae696f5842342c
3371093d6dab54c7c3b612e3774435f0a592bee4e40fbcc2edd55d29d7715c26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 741a2f47aab81a2c7ed0fadaa1fa74e3
be34e0df4a5f272589a017ce77ece974d890f27c
4ea1737c8246072ea1072314ae684c1f7e518a81a5200c46374e47378bfb6b63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a5ac29d7d71ef6c0cc7547974c8c4f7b
29108a8370757ef63f347d1fd2ae696f5842342c
3371093d6dab54c7c3b612e3774435f0a592bee4e40fbcc2edd55d29d7715c26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
paidsurvey.pro/assets/css/paidsurveypro/style_post_reg_form.css
3.228.163.244200 OK 1.7 kB URL HTTP/2 paidsurvey.pro/assets/css/paidsurveypro/style_post_reg_form.css
IP 3.228.163.244:0
File type ASCII text, with CRLF line terminators
Hash d4d5889efd1da6a090302cb09917bc64
da7320a8b9673878bd4a3f3407006bf2f0138d49
b09fc522151d49aa15f0ad5038c18b9f56ad6025a25dad7eb8e36464063a9b23
GET /assets/css/paidsurveypro/style_post_reg_form.css HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: text/css
content-length: 1717
server: Apache/2.4.41 (Ubuntu)
last-modified: Wed, 24 Nov 2021 19:26:26 GMT
etag: "1f14-5d18dd57ebc80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js
142.250.74.74200 OK 64 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (32035)
Hash d42e0db378c3b7ae639f482be65ca7e0
febb6ba0cb20fbf345e42afbb194f557de4fdb3b
9a978650fc7920f6ce184b5febda53dfadb49086ee56326e0f7ca999b7e802ef
GET /ajax/libs/jqueryui/1.11.4/jquery-ui.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 64481
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Mar 2023 17:25:29 GMT
expires: Fri, 29 Mar 2024 17:25:29 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 99421
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi
142.250.74.132200 OK 586 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi
IP 142.250.74.132:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 8dd0de24f72cce7712a0efb51d0d3e92
d2032bdc2ddf7ceca278e91617906b5bbe4ef66a
af4fafb915327dbc20473b5a36532b0ce3e7ff85eb1bf44500c6d804f0f65929
GET /recaptcha/api.js?render=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 31 Mar 2023 21:02:30 GMT
date: Fri, 31 Mar 2023 21:02:30 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 586
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.162.11.178101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.11.178:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /Tc1Wpy7mrJyRC924U2a1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: luQ9P5ajoKEsXSe0PbUUnAbwXBQ=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a5ac29d7d71ef6c0cc7547974c8c4f7b
29108a8370757ef63f347d1fd2ae696f5842342c
3371093d6dab54c7c3b612e3774435f0a592bee4e40fbcc2edd55d29d7715c26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
paidsurvey.pro/assets/bootstrap/css/bootstrap.min.css
3.228.163.244200 OK 23 kB URL HTTP/2 paidsurvey.pro/assets/bootstrap/css/bootstrap.min.css
IP 3.228.163.244:0
File type Unicode text, UTF-8 text, with very long lines (65306)
Hash 5f798586685e5a6a4a3d8ed812acb2ad
1691f0a10c00bdae717df894234216018770e509
c8f431949116ce9f4e9029eb1f7b1a9ce7c5e601dce49313f68e410d2465f2e4
GET /assets/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: text/css
content-length: 22983
server: Apache/2.4.41 (Ubuntu)
last-modified: Wed, 06 Apr 2022 19:41:50 GMT
etag: "260c5-5dc018d808750-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
paidsurvey.pro/assets/fontawesome/css/all.css
3.228.163.244200 OK 13 kB URL HTTP/2 paidsurvey.pro/assets/fontawesome/css/all.css
IP 3.228.163.244:0
Hash 0d2671994d46a41f2e9f8918cbf7aca0
04e7c99c6ddbaab11906b76248b4b02ba58b5d3d
043d3750dd99d9a711779dfff771c6f3e7e080c6084e6ce038cccab8cbc3b564
GET /assets/fontawesome/css/all.css HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: text/css
content-length: 13366
server: Apache/2.4.41 (Ubuntu)
last-modified: Wed, 06 Apr 2022 19:24:40 GMT
etag: "11f69-5dc015018c968-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
paidsurvey.pro/assets/img/paidsurveypro/shape.png
3.228.163.244200 OK 1.5 kB URL HTTP/2 paidsurvey.pro/assets/img/paidsurveypro/shape.png
IP 3.228.163.244:0
File type PNG image data, 38 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 3a2669fdcc31d5aafb4ee04622465075
2cd89f66fb6f1b8714bd02b2d4a7b61645f3763f
f4eba9f8acbd653e4182a55d2642e1c10163aade9a8488748b33d2dfaf72adaa
GET /assets/img/paidsurveypro/shape.png HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: image/png
content-length: 1489
server: Apache/2.4.41 (Ubuntu)
last-modified: Sun, 21 Nov 2021 11:03:00 GMT
etag: "5d1-5d14a738da100"
accept-ranges: bytes
X-Firefox-Spdy: h2
paidsurvey.pro/assets/img/paidsurveypro/logo_2.png
3.228.163.244200 OK 7.7 kB URL HTTP/2 paidsurvey.pro/assets/img/paidsurveypro/logo_2.png
IP 3.228.163.244:0
File type PNG image data, 528 x 53, 8-bit/color RGBA, non-interlaced\012- data
Hash 24e9fec46556b8e6da40793918b38e8e
c479c6db92bba34a5f5144228cebf86f653a68de
710ac0e79f5c621657cfd20a38808d39b44e2f1ffc086cf1788d2027c84a895c
GET /assets/img/paidsurveypro/logo_2.png HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: image/png
content-length: 7748
server: Apache/2.4.41 (Ubuntu)
last-modified: Sun, 21 Nov 2021 11:03:00 GMT
etag: "1e44-5d14a738da100"
accept-ranges: bytes
X-Firefox-Spdy: h2
paidsurvey.pro/assets/img/paidsurveypro/logo.png
3.228.163.244200 OK 5.6 kB URL HTTP/2 paidsurvey.pro/assets/img/paidsurveypro/logo.png
IP 3.228.163.244:0
File type PNG image data, 358 x 62, 8-bit/color RGBA, non-interlaced\012- data
Hash aeb6cc8515a3234200cefd5c858566e2
69766aedd5c65da90ecaa45c8a4d0175ed0170d2
3ae8eb018f2fde55584c48108d428aced1304a422e36d94cbf50c136322f4b2e
GET /assets/img/paidsurveypro/logo.png HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: image/png
content-length: 5567
server: Apache/2.4.41 (Ubuntu)
last-modified: Fri, 26 Nov 2021 15:40:28 GMT
etag: "15bf-5d1b2e90ed300"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 02ddc021542aadb090aa31099f7b9267
cb2091bff4ad6c225faa4c0c02182217bcdc502c
dcca0f6c051c27f611b9e51981fb34bd0c82a317c2e3ae3412ec6de80c596d24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
paidsurvey.pro/assets/fontawesome/js/fontawesome.min.js
3.228.163.244200 OK 13 kB URL HTTP/2 paidsurvey.pro/assets/fontawesome/js/fontawesome.min.js
IP 3.228.163.244:0
File type ASCII text, with very long lines (37145)
Hash f74100f2599cc03fb4428caa3ba67f76
ccb3e00552c3ec718c25d7f3276d6492afba2d96
bd93d84ca07b916e1eedffa221a99a13a20fb8a976895a0cf0104f7bbd4057d9
Analyzer Verdict Alert fortinet Phishing
GET /assets/fontawesome/js/fontawesome.min.js HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: application/javascript
content-length: 13045
server: Apache/2.4.41 (Ubuntu)
last-modified: Wed, 06 Apr 2022 19:24:43 GMT
etag: "91d3-5dc015047c4c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
paidsurvey.pro/assets/bootstrap/js/bootstrap.bundle.min.js
3.228.163.244200 OK 22 kB URL HTTP/2 paidsurvey.pro/assets/bootstrap/js/bootstrap.bundle.min.js
IP 3.228.163.244:0
File type ASCII text, with very long lines (65299)
Hash 78e81123f2e104a54a00aa30b593d473
29fa8e5010e2062bb83137a8028d7976fceaa4a2
d7ceacdefcd9d4c3208e4a6b07c337d4bf3246a73f74cbd325d37d32d7064a13
Analyzer Verdict Alert fortinet Phishing
GET /assets/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:30 GMT
content-type: application/javascript
content-length: 22447
server: Apache/2.4.41 (Ubuntu)
last-modified: Wed, 06 Apr 2022 19:41:52 GMT
etag: "13397-5dc018da07718-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/balootammudu2/v22/1Pt2g8TIS_SAmkLguUdFP8UaJcKOwnsX.woff2
216.58.207.227200 OK 30 kB URL HTTP/2 fonts.gstatic.com/s/balootammudu2/v22/1Pt2g8TIS_SAmkLguUdFP8UaJcKOwnsX.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 30244, version 1.0\012- data
Hash 9ebc0b97694270dc85b50b9bf4028d27
da0f7cc78ece99207be372a81b167a63280ce453
5475554290fe850f61f90bae1d2859e3c1f3a9762e8940c56aa6219b3f98eee0
GET /s/balootammudu2/v22/1Pt2g8TIS_SAmkLguUdFP8UaJcKOwnsX.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Mar 2023 13:08:03 GMT
expires: Fri, 29 Mar 2024 13:08:03 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 08 Nov 2022 20:00:39 GMT
content-type: font/woff2
age: 114868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ae3ea87480a120c0c32dd3d0e1c1f665
0092290f86c7fbc0b2d6add350e500613b31d65d
f3f8f1be09db4e6661b6cca329b003cee56830e23162ed3f8ed3d7b126a633dc
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 21:02:31 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 29 Mar 2023 10:10:21 GMT
Expires: Wed, 05 Apr 2023 10:10:20 GMT
Etag: "0092290f86c7fbc0b2d6add350e500613b31d65d"
Cache-Control: max-age=604095,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 50
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b0b88a50f1db4ee-OSL
paidsurvey.pro/assets/img/campaign/1300_welcome.png
3.228.163.244200 OK 316 kB URL HTTP/2 paidsurvey.pro/assets/img/campaign/1300_welcome.png
IP 3.228.163.244:0
File type PNG image data, 660 x 633, 8-bit/color RGB, non-interlaced\012- data
Size 316 kB (315546 bytes)
Hash 04255e12d6356b1ff86a932585d7870a
1b392c0e12f87a0dc4798366223ece6fc781834c
c87eb7b2388bb9ca774cdb6c1ba82c1b6c507308dd0697897acec9180d7643ad
GET /assets/img/campaign/1300_welcome.png HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/go/to/pspegl/key/8564aa01d05e041c744f426de3269338/aid/16944/s1/5741815
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:31 GMT
content-type: image/png
content-length: 315546
server: Apache/2.4.41 (Ubuntu)
last-modified: Wed, 11 Jan 2023 16:10:59 GMT
etag: "4d09a-5f1ff3efd79f8"
accept-ranges: bytes
X-Firefox-Spdy: h2
paidsurvey.pro/assets/fontawesome/webfonts/fa-solid-900.woff2
3.228.163.244200 OK 78 kB URL HTTP/2 paidsurvey.pro/assets/fontawesome/webfonts/fa-solid-900.woff2
IP 3.228.163.244:0
File type Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196\012- data
Hash d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
Analyzer Verdict Alert fortinet Phishing
GET /assets/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: paidsurvey.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://paidsurvey.pro/assets/fontawesome/css/all.css
Cookie: ci_session=b4nmagthqskpql5pj5ldt3t0o8isk9lj
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:31 GMT
content-type: font/woff2
content-length: 78268
server: Apache/2.4.41 (Ubuntu)
last-modified: Wed, 06 Apr 2022 19:25:58 GMT
etag: "131bc-5dc0154bc9788"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 2861dcb4dcae0f11fed6021eefcb116e
7b303aaf4248c057fdbd5daa03c27052e33fed22
fb61f93ac93296dd47504278c4dfdd053a5c482d5b347d30545ff1bb0df318b6
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 31 Mar 2023 21:02:31 GMT
Etag: "641ff069-1d7"
Last-Modified: Fri, 31 Mar 2023 19:51:18 GMT
Server: ECAcc (dcb/7F0A)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fbq2wqwQ-RraA3d3cZsd5yujhxBz4Mt961XLhGfJ_hi1smo9QZd4tw==
Age: 4273
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 4bbd65bc6b236b9fd33d83f168cefb9b
95001bf9d79764b9563fa13c06c63229837c4dd6
bdaa98c0a79e6b6af9fac88344603adf734b3924579f72470203abbc7c70d171
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143184
Date: Fri, 31 Mar 2023 21:02:31 GMT
Etag: "6426d6b7-1d7"
Expires: Sun, 02 Apr 2023 12:48:55 GMT
Last-Modified: Fri, 31 Mar 2023 12:48:55 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: n27dk1MGPHFk_1OwSwsiRFjZ7SeY-9skWbFJ2Hp6seJ-wBGFOWT8iA==
api.trustedform.com/trustedform.js?provide_referrer=false&field=trusted_form&l=16802965502200.15121092550807314&invert_field_sensitivity=false
52.54.141.164301 Moved Permanently 134 B URL HTTP/2 api.trustedform.com/trustedform.js?provide_referrer=false&field=trusted_form&l=16802965502200.15121092550807314&invert_field_sensitivity=false
IP 52.54.141.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /trustedform.js?provide_referrer=false&field=trusted_form&l=16802965502200.15121092550807314&invert_field_sensitivity=false HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: awselb/2.0
date: Fri, 31 Mar 2023 21:02:31 GMT
content-type: text/html
content-length: 134
location: https://cdn.trustedform.com:443/bootstrap.js?provide_referrer=false&field=trusted_form&l=16802965502200.15121092550807314&invert_field_sensitivity=false
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 2612a94918728af876b04e1dd7e79531
1c1631eba46390f53fbb7dfedd0f7ecc97607c8e
e0e8b890edb62defb19b76b2c6d19891dad7fd33a1586cdd9466ac69f2a4cb9e
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159277
Date: Fri, 31 Mar 2023 21:02:31 GMT
Etag: "6426fe40-1d7"
Expires: Sun, 02 Apr 2023 17:17:08 GMT
Last-Modified: Fri, 31 Mar 2023 15:37:36 GMT
Server: ECAcc (bsa/EA8F)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lBj7lYNaGIRWMctZ2JgW0cS_dkgzZ-9iWYUczq1V_b5HarBYHsppLg==
Age: 5972
pushpros.tech/GetPushScript?key=2Xa3N8H4tIMDq5DaLOjgimHq4HG8UhWO&domain=paidsurvey.pro
108.157.214.75200 OK 63 B URL HTTP/2 pushpros.tech/GetPushScript?key=2Xa3N8H4tIMDq5DaLOjgimHq4HG8UhWO&domain=paidsurvey.pro
IP 108.157.214.75:0
File type JSON data\012- , ASCII text, with no line terminators
Hash bc3a457d01349e3e833cf27f1b867f3f
fa5800315f9dfe57cb708afbba17dc23d4a6403a
33b2ebd33e9a352f378a0a5b4e7a1413648a9d0382138c5ea355637ecb724274
GET /GetPushScript?key=2Xa3N8H4tIMDq5DaLOjgimHq4HG8UhWO&domain=paidsurvey.pro HTTP/1.1
Host: pushpros.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://paidsurvey.pro/
Origin: https://paidsurvey.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 63
date: Fri, 31 Mar 2023 21:02:31 GMT
x-amzn-requestid: d9b48fb3-e3f6-40cc-b715-1b4eeb14f698
access-control-allow-origin: *
x-amz-apigw-id: CqiQQHoVIAMFehQ=
x-amzn-trace-id: Root=1-64274a67-7c54825f6fb8866767e4dadb;Sampled=0
x-cache: Miss from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: w3z0mwC_-5hu2Jl-VfzRWBLOUfPy1rdCOJ0y3mhrYAHSTnSHy-23Ng==
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 43dd9e03c4c217f5d4f9c5f90b5b37a4
eb1a19b9fbb6b8061d90276895f9abbcf2d2da39
df28d0bf2e4a81a42456bfc00ae49aa2bc3b96184e01c73833c9e1d2c8f9f1c6
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170230
Date: Fri, 31 Mar 2023 21:02:31 GMT
Etag: "6427393e-1d7"
Expires: Sun, 02 Apr 2023 20:19:41 GMT
Last-Modified: Fri, 31 Mar 2023 19:49:18 GMT
Server: ECAcc (nya/1C2C)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DrGKBJH5jEm_zIZZe4glIHaCCVCIcNcNYbtk_5bIqDf-ls1A-1XL1w==
Age: 1823
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5b6731341a66be32757ea461f5bd605a
f9a017cd1195d1eafb3839a899baf75f2e71958f
4bda8352f303d3fb71b8c4b2ecc9fbe75dcfc91dd2232260afb1e37ebbf139fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js
142.250.74.35200 OK 166 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (582)
Size 166 kB (166464 bytes)
Hash b81d6636c3ad72c63e532e5180eaf7f9
ddcd059999fff6218e98af62dbe3fa9c885a0de8
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef
GET /recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166464
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 08:50:01 GMT
expires: Wed, 27 Mar 2024 08:50:01 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 28 Mar 2023 00:02:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 303151
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.142200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.142:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 31 Mar 2023 20:05:12 GMT
expires: Fri, 31 Mar 2023 22:05:12 GMT
cache-control: public, max-age=7200
age: 3440
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pbid.pro-market.net/engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20y2hdt2invy%20x0g%20gp%20kg%20pbxn8k%20lmp%20p5pcj2z1e8w6h4kkgw3f5ax5v3leiv28%20i95%201phdw%20s2%20wzl1r9e-%20uosegdn%20lxe9io;kw=dij9%20sdz46x%20%7C%20g2zdb20ndy%20xig;rnd=(1680296550214)
107.178.240.89200 OK 5.6 kB URL HTTP/2 pbid.pro-market.net/engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20y2hdt2invy%20x0g%20gp%20kg%20pbxn8k%20lmp%20p5pcj2z1e8w6h4kkgw3f5ax5v3leiv28%20i95%201phdw%20s2%20wzl1r9e-%20uosegdn%20lxe9io;kw=dij9%20sdz46x%20%7C%20g2zdb20ndy%20xig;rnd=(1680296550214)
IP 107.178.240.89:0
Hash 759855554c346f33ec551545d0a564ee
8b89ee61e9d4a6391207de823b7e6fc2c669ffaa
052c15ad18aa386ac1af634936bcfd824e1bccbfed0b269ef76bd8c4bccb1c78
GET /engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20y2hdt2invy%20x0g%20gp%20kg%20pbxn8k%20lmp%20p5pcj2z1e8w6h4kkgw3f5ax5v3leiv28%20i95%201phdw%20s2%20wzl1r9e-%20uosegdn%20lxe9io;kw=dij9%20sdz46x%20%7C%20g2zdb20ndy%20xig;rnd=(1680296550214) HTTP/1.1
Host: pbid.pro-market.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
anserver: gapp-eu-4.c.datonics-gcp-01.internal
set-cookie: anProfile="0+1+4=21x+1f=1+1g=2+1j=57:1+rs=s+rt=5B5A2A9A+s0=(2h)+s2=(rsel47)"; Domain=.pro-market.net; Max-Age=15552000; Path=/; Secure; SameSite=None;
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin: *
content-type: text/html
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 31 Mar 2023 21:02:30 GMT
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8878
Expires: Fri, 31 Mar 2023 23:30:30 GMT
Date: Fri, 31 Mar 2023 21:02:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8878
Expires: Fri, 31 Mar 2023 23:30:30 GMT
Date: Fri, 31 Mar 2023 21:02:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8878
Expires: Fri, 31 Mar 2023 23:30:30 GMT
Date: Fri, 31 Mar 2023 21:02:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8878
Expires: Fri, 31 Mar 2023 23:30:30 GMT
Date: Fri, 31 Mar 2023 21:02:32 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5b6731341a66be32757ea461f5bd605a
f9a017cd1195d1eafb3839a899baf75f2e71958f
4bda8352f303d3fb71b8c4b2ecc9fbe75dcfc91dd2232260afb1e37ebbf139fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39bdd16276747b1445a79e674a2a3347
d0676f63738484298a78b7abf7e4934c3d256065
67aa526299060c2a39c4baa10fd03f121497dccd5e765676639ed73ac529c34b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11061
x-amzn-requestid: 428128ec-c441-4ff7-9c84-880a01672b00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnVFnFf0IAMFTvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260223-185c48300f161931310fa35f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:41:55 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: gc77o7y-moH1HuMEZFe9-00DVAda9baa-5VEPlMA4SIZDJNzQ8jUlA==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:49:08 GMT
etag: "d0676f63738484298a78b7abf7e4934c3d256065"
content-type: image/jpeg
age: 83604
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 424b55535e5fd622b2fc96aac1246324
cf7cf08aa8969a86bf03695af2129686fd62fe86
c4bb26a7b2c431282b53b4df9999b9cc8e61369a79c606688a76499b31a65127
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: db0d1fe4-060a-4e61-90f3-ec9befee1295
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoXGh5oAMFfzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afce-2e9251552b4acdcb19e02dfc;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:22 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 1cXec9_e-KpzyTwiHaNAaf0y5i12tw7BkZTXnduS5ek7yAAZ0LXTWw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:44:51 GMT
age: 83861
etag: "cf7cf08aa8969a86bf03695af2129686fd62fe86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8600e41520408df4865627256a0a0736
dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef
9163d80d7b6087b804e6682a50d4f66339d339894cf1c5808f2e5c2e0b3de930
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5806
x-amzn-requestid: cee5b166-592b-405e-b5f1-e36eb249ec59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllFFooAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-01840fa47177285667bca060;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jktkwc3JLU31AY5B5pC5JTjPGARjflqoJRZiD6IpF5-10IO6UNlH_Q==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:33 GMT
age: 83759
etag: "dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nZfXy-IsoHliuLodEocEZlH-IvmIV9G-noSmSEU1wmuMPfBx3rLJ9w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 00:11:32 GMT
age: 75060
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 3paQf8BhyRcZoZNox8660Zyzz0WaiQxJuHmDbj4wpo-rgbDdkxrYgQ==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:23 GMT
age: 83709
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0530376e431b6563796e4abb0db0bc4e
6921f4bd83a806e1ea8247854ad4c045fa7ee298
d6371c81d5494d5e50fd5cc1cfe1ce28213dfa70ea5a94df82c9f4b3e6430a53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10490
x-amzn-requestid: 0525e5c4-485e-47eb-ab95-1136e4d5c29a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnTEztoAMFzMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260161-54b47454475ff6ee4d880534;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: AdbJgoCBGJGvjP53lBj3_GWyuRF8O_fgNTPPEjUmFmyRxMQl2pgTzw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:54:29 GMT
age: 83283
etag: "6921f4bd83a806e1ea8247854ad4c045fa7ee298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=1546599508&t=pageview&_s=1&dl=https%3A%2F%2Fpaidsurvey.pro%2Fgo%2Fto%2Fpspegl%2Fkey%2F8564aa01d05e041c744f426de3269338%2Faid%2F16944%2Fs1%2F5741815&ul=en-us&de=UTF-8&dt=Cash%20Survey%20%7C%20PaidSurvey.pro&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=237112898&gjid=1289738859&cid=535626054.1680296551&tid=UA-39232759-1&_gid=1767046266.1680296551&_r=1&_slc=1&z=656545189
142.250.74.142200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1546599508&t=pageview&_s=1&dl=https%3A%2F%2Fpaidsurvey.pro%2Fgo%2Fto%2Fpspegl%2Fkey%2F8564aa01d05e041c744f426de3269338%2Faid%2F16944%2Fs1%2F5741815&ul=en-us&de=UTF-8&dt=Cash%20Survey%20%7C%20PaidSurvey.pro&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=237112898&gjid=1289738859&cid=535626054.1680296551&tid=UA-39232759-1&_gid=1767046266.1680296551&_r=1&_slc=1&z=656545189
IP 142.250.74.142:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j99&a=1546599508&t=pageview&_s=1&dl=https%3A%2F%2Fpaidsurvey.pro%2Fgo%2Fto%2Fpspegl%2Fkey%2F8564aa01d05e041c744f426de3269338%2Faid%2F16944%2Fs1%2F5741815&ul=en-us&de=UTF-8&dt=Cash%20Survey%20%7C%20PaidSurvey.pro&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=237112898&gjid=1289738859&cid=535626054.1680296551&tid=UA-39232759-1&_gid=1767046266.1680296551&_r=1&_slc=1&z=656545189 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://paidsurvey.pro
date: Fri, 31 Mar 2023 21:02:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-39232759-1&cid=535626054.1680296551&jid=237112898&gjid=1289738859&_gid=1767046266.1680296551&_u=IEBAAEAAAAAAACAAI~&z=1573391789
64.233.161.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-39232759-1&cid=535626054.1680296551&jid=237112898&gjid=1289738859&_gid=1767046266.1680296551&_u=IEBAAEAAAAAAACAAI~&z=1573391789
IP 64.233.161.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-39232759-1&cid=535626054.1680296551&jid=237112898&gjid=1289738859&_gid=1767046266.1680296551&_u=IEBAAEAAAAAAACAAI~&z=1573391789 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://paidsurvey.pro
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 31 Mar 2023 21:02:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d2m2wsoho8qq12.cloudfront.net/iframe.html?token=45657806-210E-E6B1-A6CD-18F918E16ED5&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4
54.230.245.35200 OK 1.4 kB URL HTTP/1.1 d2m2wsoho8qq12.cloudfront.net/iframe.html?token=45657806-210E-E6B1-A6CD-18F918E16ED5&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4
IP 54.230.245.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ef825b8a88a51cd76a51d08dfc1d4f99
5bf247bd91a4be0c3b76a70ec8e5e462de0e9f3b
2ac453ec379c3e7b0fa69b810ecf2d6771de3e7611a2599a20f8e8ce9a240af1
GET /iframe.html?token=45657806-210E-E6B1-A6CD-18F918E16ED5&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4 HTTP/1.1
Host: d2m2wsoho8qq12.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Wed, 22 Mar 2023 16:44:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Thu, 30 Mar 2023 23:14:37 GMT
ETag: W/"641b3057-dbb"
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rBf76utGrgU9Eb2oU5OKlvgwlVrJusmMIgOL9k6pdNUhYda1wCoO9g==
Age: 78475
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 21:02:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:35 GMT
expires: Wed, 27 Mar 2024 10:31:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 297057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:03 GMT
expires: Wed, 27 Mar 2024 10:31:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 297089
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash d9e641278a473ad3a4564170b14ace42
9e5c7f2f178bd355c0736617e171ce8bc4290e6f
6b4e8999331e182f6c7fbc56ff76aecd34bbcd17a76aa790fc2668d492e471e7
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 31 Mar 2023 21:02:32 GMT
Last-Modified: Fri, 31 Mar 2023 20:33:22 GMT
Server: ECAcc (nya/7968)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q40xdTZD0FxKaDx85fQhZFhTjV9djRi-N-bO7x5xnm4eV4Hu8y47VQ==
Age: 1751
api.trustedform.com/certs
52.54.141.164201 Created 475 B URL HTTP/2 api.trustedform.com/certs
IP 52.54.141.164:0
File type JSON data\012- , ASCII text, with very long lines (475), with no line terminators
Hash 309108953db8afa8667baac21340b43d
8d6e4425aa8d61321c70330f4b32cb817620d878
5bc6d1c9e266be9298a068af23e48502cc185d7c29692950a34c2e48c401ce70
POST /certs HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 645
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 201 Created
date: Fri, 31 Mar 2023 21:02:33 GMT
content-type: application/json; charset=utf-8
content-length: 475
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2
api.trustedform.com/certs/8f976c4aa18982cd01e3892573f3e18554e28f90/snapshot
52.54.141.164204 No Content 0 B URL HTTP/2 api.trustedform.com/certs/8f976c4aa18982cd01e3892573f3e18554e28f90/snapshot
IP 52.54.141.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /certs/8f976c4aa18982cd01e3892573f3e18554e28f90/snapshot HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 10347
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 21:02:33 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2
api.trustedform.com/certs/8f976c4aa18982cd01e3892573f3e18554e28f90/fingerprints
52.54.141.164204 No Content 0 B URL HTTP/2 api.trustedform.com/certs/8f976c4aa18982cd01e3892573f3e18554e28f90/fingerprints
IP 52.54.141.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /certs/8f976c4aa18982cd01e3892573f3e18554e28f90/fingerprints HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 219
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 21:02:33 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/InitFormData?msn=5&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465128
50.16.132.247200 OK 20 B URL HTTP/2 create.leadid.com/2.11.9/InitFormData?msn=5&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465128
IP 50.16.132.247:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /2.11.9/InitFormData?msn=5&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465128 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 1063
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:33 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rguserid=00331f4a-1d99-4a6d-8eb7-08d0d108574d; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
create.lidstatic.com/campaign/3cced9a6-4a67-d637-acdc-ccf79b4a5210.js?snippet_version=2
172.67.41.229200 OK 0 B URL HTTP/2 create.lidstatic.com/campaign/3cced9a6-4a67-d637-acdc-ccf79b4a5210.js?snippet_version=2
IP 172.67.41.229:0
GET /campaign/3cced9a6-4a67-d637-acdc-ccf79b4a5210.js?snippet_version=2 HTTP/1.1
Host: create.lidstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:31 GMT
content-type: text/javascript
x-amz-id-2: FJL1lRjYRx7SksiKM9zA8yGg5OQC0pptK2hAK6FBKkxPvFIT1C6iZXADyl5KHgXym9pqeIlBOBc=
x-amz-request-id: RHB91EP0SNPD5M2T
x-amz-replication-status: COMPLETED
last-modified: Fri, 12 Nov 2021 00:55:16 GMT
etag: W/"97495a102c98049f30e62264b1eb50f5"
cache-control: max-age=1800
x-amz-version-id: StKcIVmHluaEF1AzrOc3qrEmwMpZOgwG
cf-cache-status: REVALIDATED
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b0b88a4ebbd0b39-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/GenerateToken?msn=1&pid=80131e2f-83db-41df-9212-19f24d55a34f&_=941465124
50.16.132.247200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/GenerateToken?msn=1&pid=80131e2f-83db-41df-9212-19f24d55a34f&_=941465124
IP 50.16.132.247:0
POST /2.11.9/GenerateToken?msn=1&pid=80131e2f-83db-41df-9212-19f24d55a34f&_=941465124 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 248
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:32 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rguserid=812b169a-5ae5-4671-8dfd-5ebc24ba3891; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/SaveDom?msn=2&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465125
50.16.132.247200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/SaveDom?msn=2&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465125
IP 50.16.132.247:0
POST /2.11.9/SaveDom?msn=2&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465125 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 512
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:32 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rguserid=3aea5e32-2d53-4a56-a52c-dd3ce8851b15; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/InitFormData?msn=3&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465126
50.16.132.247200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/InitFormData?msn=3&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465126
IP 50.16.132.247:0
POST /2.11.9/InitFormData?msn=3&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465126 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 2090
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:32 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rguserid=3a2fbacb-07e2-46e4-ba8e-ec94ce7e154f; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.trustedform.com/trustedform-1.8.38.js
54.230.111.111200 OK 0 B URL HTTP/2 cdn.trustedform.com/trustedform-1.8.38.js
IP 54.230.111.111:0
GET /trustedform-1.8.38.js HTTP/1.1
Host: cdn.trustedform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 24 Feb 2023 16:04:14 GMT
x-amz-version-id: ffJa67w_.T4JjuAeq9bT6P3fBUPuRaPp
server: AmazonS3
content-encoding: gzip
date: Fri, 31 Mar 2023 21:02:33 GMT
etag: W/"a71c6d4fa015e7b61cc1fc54ff9b242e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ShSR83CDJ6yR5L5fHJab1_C30iOWDHbi5KvqIScn_lzrR1V-34r63w==
age: 10
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/Snap?msn=4&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465127
50.16.132.247200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/Snap?msn=4&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465127
IP 50.16.132.247:0
POST /2.11.9/Snap?msn=4&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465127 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 160148
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:33 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rguserid=9b89af10-102c-4a0e-955d-cd140ffe5489; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/Snap?msn=6&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465129
50.16.132.247200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/Snap?msn=6&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465129
IP 50.16.132.247:0
POST /2.11.9/Snap?msn=6&pid=80131e2f-83db-41df-9212-19f24d55a34f&token=45657806-210E-E6B1-A6CD-18F918E16ED5&_=941465129 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 32952
Origin: https://paidsurvey.pro
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:33 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rguserid=a831ebb1-b476-44d4-963b-949dada8d52a; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Sun, 30-Apr-2023 21:02:33 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Baloo+Tammudu+2:wght@400;500;600;700;800&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Baloo+Tammudu+2:wght@400;500;600;700;800&display=swap
IP 142.250.74.106:0
GET /css2?family=Baloo+Tammudu+2:wght@400;500;600;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://paidsurvey.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 21:02:30 GMT
date: Fri, 31 Mar 2023 21:02:30 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=trusted_form&l=16802965502200.15121092550807314&invert_field_sensitivity=false
54.230.111.111200 OK 0 B URL HTTP/2 cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=trusted_form&l=16802965502200.15121092550807314&invert_field_sensitivity=false
IP 54.230.111.111:0
GET /bootstrap.js?provide_referrer=false&field=trusted_form&l=16802965502200.15121092550807314&invert_field_sensitivity=false HTTP/1.1
Host: cdn.trustedform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://paidsurvey.pro/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Fri, 31 Mar 2023 21:02:32 GMT
last-modified: Fri, 24 Feb 2023 16:04:14 GMT
x-amz-version-id: oadcnJCg2vYrfrS_vSmPkc6nBoYFDxSV
etag: W/"1b4d8abad5e0668a237e388577c6a93c"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UMJcTM5vpcFGVqXeNentEkCi75CrXxh1bKYmpaDc6DmblJpCuSOT7w==
X-Firefox-Spdy: h2
deviceid.trueleadid.com/iframe.html?token=45657806-210E-E6B1-A6CD-18F918E16ED5&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4
35.169.79.47200 OK 0 B URL HTTP/2 deviceid.trueleadid.com/iframe.html?token=45657806-210E-E6B1-A6CD-18F918E16ED5&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4
IP 35.169.79.47:0
GET /iframe.html?token=45657806-210E-E6B1-A6CD-18F918E16ED5&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4 HTTP/1.1
Host: deviceid.trueleadid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://d2m2wsoho8qq12.cloudfront.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:32 GMT
content-type: text/html
server: nginx
last-modified: Thu, 30 Mar 2023 19:50:33 GMT
etag: W/"6425e809-1049"
expires: Sat, 01 Apr 2023 21:02:32 GMT
p3p: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: max-age=86400, public
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/SaveDeviceId.js?lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&methods=48&token=45657806-210E-E6B1-A6CD-18F918E16ED5&uuid=e2333efa64604371bed3a12ee7271555
50.16.132.247200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/SaveDeviceId.js?lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&methods=48&token=45657806-210E-E6B1-A6CD-18F918E16ED5&uuid=e2333efa64604371bed3a12ee7271555
IP 50.16.132.247:0
GET /2.11.9/SaveDeviceId.js?lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&methods=48&token=45657806-210E-E6B1-A6CD-18F918E16ED5&uuid=e2333efa64604371bed3a12ee7271555 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://deviceid.trueleadid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 21:02:32 GMT
content-type: text/javascript;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rguserid=f68cec45-2767-4c4c-9ba4-4d1bc6e909e1; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Sun, 30-Apr-2023 21:02:32 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2