Overview

URL collegemaza.com/3rb/dx4/index.html
IP199.115.115.116
ASNLEASEWEB-USA-WDC
Location United States
Report completed2022-09-14 02:28:52 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-14 2 collegemaza.com/3rb/dx4/index.html Phishing
2022-09-14 2 artax-evn.com/zcvisitor/f28047d7-33d4-11ed-8b9c-0a8a08795e4d/72092e88-2c53- (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (22)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-13 04:56:58 UTC 95.101.11.115
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-13 04:58:37 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-09-13 04:56:27 UTC 142.250.74.3
mnemonic passive DNS my.rtmark.net (2) 9054 2017-08-22 14:11:49 UTC 2022-09-13 07:12:32 UTC 139.45.195.8
mnemonic passive DNS pulsersurvey.com (1) 0 2020-04-01 21:21:43 UTC 2022-09-13 12:29:20 UTC 139.45.197.154 Unknown ranking
mnemonic passive DNS ocsp.globalsign.com (2) 2075 2012-05-25 06:20:55 UTC 2022-09-13 05:06:18 UTC 104.18.21.226
mnemonic passive DNS collegemaza.com (1) 0 2014-10-12 02:06:10 UTC 2022-09-14 01:29:46 UTC 199.115.115.116 Unknown ranking
mnemonic passive DNS ocsp.sectigo.com (4) 487 2018-12-17 11:31:55 UTC 2022-09-13 17:42:46 UTC 104.18.32.68
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-09-13 12:32:54 UTC 34.120.237.76
mnemonic passive DNS ugyplysh.com (2) 51119 2019-05-21 13:46:58 UTC 2022-09-13 19:02:59 UTC 139.45.197.253
mnemonic passive DNS mc.yandex.ru (14) 2672 2017-01-29 05:34:36 UTC 2022-09-13 18:59:08 UTC 87.250.251.119
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-13 22:14:45 UTC 143.204.55.115
mnemonic passive DNS artax-evn.com (3) 0 2022-08-26 23:27:30 UTC 2022-09-14 01:46:30 UTC 52.45.156.125 Unknown ranking
mnemonic passive DNS storage.googleapis.com (1) 420 2019-10-15 20:25:09 UTC 2022-09-14 01:03:06 UTC 142.250.74.144
mnemonic passive DNS championtest.top (1) 0 2021-08-24 18:09:00 UTC 2022-09-11 09:21:21 UTC 104.21.10.131 Unknown ranking
mnemonic passive DNS adfstat.yandex.ru (1) 22826 2020-12-25 10:59:13 UTC 2022-09-13 18:31:40 UTC 87.250.250.145
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-13 05:25:58 UTC 143.204.55.110
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-13 21:21:55 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-13 05:09:29 UTC 34.208.31.97
mnemonic passive DNS f5ac6e7aac.smapp.work (2) 0 2022-06-05 07:13:43 UTC 2022-09-11 09:21:21 UTC 35.186.250.143 Domain (smapp.work) ranked at: 230295
mnemonic passive DNS itcleffaom.com (2) 72236 2021-07-29 11:48:44 UTC 2022-09-13 23:01:46 UTC 139.45.197.237
mnemonic passive DNS cdntechone.com (1) 64371 2021-12-24 17:09:58 UTC 2022-09-13 21:04:51 UTC 104.21.82.172


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 199.115.115.116

Date UQ / IDS / BL URL IP
2022-12-04 22:58:49 +0000
0 - 0 - 1 njvsgjd.cn.wy5532.com/ 199.115.115.116
2022-12-04 22:41:57 +0000
0 - 0 - 1 uuffom.www.wy5532.com/ 199.115.115.116
2022-12-04 22:22:33 +0000
0 - 0 - 1 gruujxxs.ll.wy5532.com/ 199.115.115.116
2022-12-04 03:11:06 +0000
0 - 0 - 1 rerew.33f11.al.wy5532.com/ 199.115.115.116
2022-12-04 02:36:12 +0000
0 - 0 - 4 mkuu.63f36.xr.wy5532.com/ 199.115.115.116

Last 5 reports on ASN: LEASEWEB-USA-WDC

Date UQ / IDS / BL URL IP
2022-12-05 01:36:42 +0000
0 - 0 - 1 yty.41208.kl.wy5532.com/ 162.210.196.167
2022-12-05 01:36:22 +0000
0 - 0 - 1 qwrer.72058.oj.wy5532.com/ 162.210.196.167
2022-12-05 01:35:57 +0000
0 - 0 - 1 sfluk.gov.wy5532.com/ 162.210.196.167
2022-12-05 01:32:14 +0000
0 - 0 - 1 iuyuyt.55c77.kb.wy5532.com/ 207.244.67.215
2022-12-05 01:21:32 +0000
0 - 0 - 1 govyty.fcc0.yu.wy5532.com/ 199.115.115.119

Last 5 reports on domain: collegemaza.com

Date UQ / IDS / BL URL IP
2022-12-04 01:14:06 +0000
0 - 0 - 7 collegemaza.com/20191210/952689.html 37.48.65.155
2022-11-21 03:12:46 +0000
0 - 0 - 1 collegemaza.com/hxn/0jx.html 207.244.67.214
2022-11-20 03:36:32 +0000
0 - 0 - 6 collegemaza.com/fjcd/800318.html 81.171.22.7
2022-11-19 01:31:46 +0000
0 - 0 - 1 collegemaza.com/dx1/fnl/index.html 81.171.22.6
2022-11-18 10:53:18 +0000
0 - 0 - 8 collegemaza.com/ln9/vpl/index.html 81.171.22.6

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-27 22:02:37 +0000
0 - 0 - 3 a.wintest.top/betting-survey.html 172.67.171.66
2022-10-27 13:34:10 +0000
0 - 0 - 10 getbonus.quest/X5JDLmQf 165.22.196.103
2022-10-27 11:27:03 +0000
0 - 0 - 1 xtfnn.npracticalwhic.buzz/ADNZ?tag_id=900714& (...) 44.195.137.121
2022-10-27 05:55:25 +0000
0 - 0 - 2 vexacion.com/afu.php?var=862524&ymid=46560946 (...) 139.45.197.236
2022-10-27 03:28:25 +0000
0 - 0 - 1 championtest.com/betting-survey.html 188.114.97.1


JavaScript

Executed Scripts (23)


Executed Evals (1)

#1 JavaScript::Eval (size: 80, repeated: 1) - SHA256: f473889b9de08f23581136b4b4a131556f53eaae0a71cff1c021c34a6813d49c

                                        (() => {
    const a = async
    function name() {};
    window['u3nxu35m7v8'] = true;
})()
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 4, repeated: 1) - SHA256: b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0

                                        2022
                                    


HTTP Transactions (58)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 14 Sep 2022 02:09:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Yh-alEtlRYjBiaeU1j7obja5F38XVhd8iWEQGBUXY21wTpW1JpXxFQ==
Age: 1158


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    99b7d23c1748d0526782b9ff9ea45f09
Sha1:   eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10948
Expires: Wed, 14 Sep 2022 05:31:09 GMT
Date: Wed, 14 Sep 2022 02:28:41 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 13 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vNimQfMIwr-DcmTZxNpC0idsC54V3_-dHMpD3GME3kFwdHe6wZ6NVA==
age: 78807
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 14 Sep 2022 02:28:41 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 14 Sep 2022 02:03:22 GMT
Expires: Wed, 14 Sep 2022 02:56:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0ginQeny9t0n5V_NoIQujiyDEbKYmX6u2A67eUixlA9ZdfI3Dly8Qw==
Age: 1519


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /3rb/dx4/index.html HTTP/1.1 
Host: collegemaza.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         199.115.115.116
HTTP/1.1 302 Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Wed, 14 Sep 2022 02:28:41 GMT
location: http://artax-evn.com/zcvisitor/f28047d7-33d4-11ed-8b9c-0a8a08795e4d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=7e3f9bd0-43cc-11ec-ba04-0a918cbcbb97
server: nginx
set-cookie: sid=f27a1b9e-33d4-11ed-bbf8-e0036c1c1c16; path=/; domain=.collegemaza.com; expires=Mon, 02 Oct 2090 05:42:48 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   11
Md5:    32682312d17c7cbf18e73594f5570319
Sha1:   60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3113
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 02:28:42 GMT
Last-Modified: Wed, 14 Sep 2022 01:36:49 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /zcvisitor/f28047d7-33d4-11ed-8b9c-0a8a08795e4d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=7e3f9bd0-43cc-11ec-ba04-0a918cbcbb97 HTTP/1.1 
Host: artax-evn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         52.45.156.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Wed, 14 Sep 2022 02:28:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: iYGQAnil


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   996
Md5:    07ed06873f41139b05b310d1cb44b2a7
Sha1:   590ddefb10c48a39b0411f7c8f5f7944b7ef29e0
Sha256: ce2470c4f5beadaef6983d628fb8ef00e09b6e03c2216f5e3e37b7b6538b38a8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ALv4vLfXlACwqlBbpmznXg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.208.31.97
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3hcZ3XB90rSoqN059PPQoRecaRM=

                                        
                                            GET /zcredirect?visitid=f28047d7-33d4-11ed-8b9c-0a8a08795e4d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1 
Host: artax-evn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://artax-evn.com/zcvisitor/f28047d7-33d4-11ed-8b9c-0a8a08795e4d/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=7e3f9bd0-43cc-11ec-ba04-0a918cbcbb97
Upgrade-Insecure-Requests: 1

                                         
                                         52.45.156.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Wed, 14 Sep 2022 02:28:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: wbQqZArb


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   426
Md5:    41d814b11b33021683e2fb450b4b724a
Sha1:   668f4a681ca77ba223e045aa699a8fb9a2a35438
Sha256: f7c37538720656539384ab2d07b432c1a8bebf93a5faae26b3fe3c1e94be293e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Sep 2022 02:28:42 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 04:47:02 GMT
Expires: Tue, 20 Sep 2022 04:47:01 GMT
Etag: "fa76cb451959880165c1599aa9a36324b30c57d1"
Cache-Control: max-age=526098,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a5b0d5fd9fb512-OSL

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: artax-evn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://artax-evn.com/zcredirect?visitid=f28047d7-33d4-11ed-8b9c-0a8a08795e4d&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

                                         
                                         52.45.156.125
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Wed, 14 Sep 2022 02:28:42 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: qWrwXBsZ


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Sep 2022 02:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /tmp-static/instal-impressions/impressions.html?data=eyJjbGlja19pZCI6ICIxOTFjNWZjYi1hYWI0LTRjMjYtYWQ4YS1lNTBjODU3OWY1YjE6NDNhN2VmNDQ1Yjk2MzMxYzExYWY3ZGMyYzVhMWQ5NzQ2M2RmM2JiMCIsICJjb3VudHJ5IjogIk5PIn0= HTTP/1.1 
Host: storage.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f5ac6e7aac.smapp.work/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.144
HTTP/2 200 OK
content-type: text/html
                                        
x-guploader-uploadid: ADPycdvrU6Vn_JUSLEItpdKtQFThnMp04NOlsZE7SSDEC9eI1JcEKyple4UBBB4K46jBFXDF48TDf3azt33rZ_Gea6xtbg
expires: Wed, 14 Sep 2022 03:28:42 GMT
date: Wed, 14 Sep 2022 02:28:42 GMT
cache-control: public, max-age=3600
last-modified: Mon, 10 Jun 2019 16:09:51 GMT
etag: "54f99c9e98a5b4f17b219e94417e6d2f"
x-goog-generation: 1560182991115409
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1357
x-goog-hash: crc32c=+7k9hA==, md5=VPmcnpiltPF7IZ6UQX5tLw==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 1357
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   1357
Md5:    54f99c9e98a5b4f17b219e94417e6d2f
Sha1:   80247746ede724755155d0aa8c0082c8b00542bf
Sha256: c7f94d1b21fdadbcc934c2d31503832763070136eafd23d65cec53f6e49b5634
                                        
                                            GET /api/v1/click/confirm.js?data=gAAAAABjITxaqNEUp5VPtsoNx9Gx3Uj8i1A-vIWGAvYiwIVVMTGTqna7KC3sLGrqiyX3QbBbasKQ_-3IjouB2pIl9jSLd-pPpk-XnS0U3_-qTokUaAW-NfzslxzojZb7jcVVyjpNkmIzGqf0FerGm-EjA7iEWQsJ_lJQ6WuQ54bXr6mE47MN0-IxNb1x0YsqcQeZIh4rFigfecGHGOz78_NPMljhg617mcjm6TRaTFqzKG5bpGacGP-MpG-B7-_zE2ErcbOprEBf4N3wk2-raRaMgnIsvN1GlXpj8IqmnTsfAS1e8g36mosmhM6sMTfLVwq3p6f4SewXuZcgqCJng3IaCgrQuYPiaFIQgmugODvgymZvq0zN3TwoVrNSLxky3j1192eh8nGIMvvtzOlK6ki6RBaACCL-hsDMWrEMPxhTOsZkGMc6DKxIARFCDGFU9zjztCJa5piqxkHuO7ohzi_G1RacOXtJQiKV0Cj1Gp7SouTWEicmJS4eHJs9_4c21-uZaqcHzhCmQuajPoyu6sSGFAOTxkwHz4F2Ouglb4LylULOWX8SRvmGe71wJppcTtDJAD50QHrL4ZON7nsNz-I4hS6cszLkEpTMKORWHxxtAAkVr8T3KNYYZS9xRG6z7avZegg10pebQ4jxWvSVVqdzlAaLF16sorhzEDbnmkPS9euNvMUcBp27PMzfZe_6xWb9ThixbLTVUPnln3MaxIyKewInoO4p-j23EbPpxn32d7H0nkW1wpir8RhRXTjqVEH7YAujwjw8xd_uvuGbgbiYgRIOvQkZXN1db6KGgweaosHFrfOEqT9UAz-JERKWVLCDaBCjxwPmqk1cDtEwlA3HWtdBcRWADLltlb_YlNXpcNHF7-RvnA90EUj4LlFOiIdBbG5tsra70Tp2kfuQe4u4sEPc7z35gXfeDgFfL0zzZddyTJRQoduW6b15Kid47b6uGFM8No7_apmrxgP0MWcwUpmBcrx4dfLmX9YF_QKm3DMUZ-G2XOWai4tEys37Uv0QTXm7PsrYEJ6EMJ0wgEM-RGMwuDd2OlshJ5Xv8yBpmSULcbg36zwSyw2AA63sVGWDOqMelSvCJ1XcwAUdqGtqwvMFq2cVlymSbbSthL7RmInm1ZKJr0VrntXsrq52EhnFFMIrYctrm5fSCEdHZvmbPPhbw2qzj2fITLNbigiDHNAnFZ36nwmRU5R_y4k3ZFXOtmLxurMZ_JeYu2E_RY1rxYQcPHiIbnGP9M-1pKPbEmwVhfJKHaKM_Y0U_2i1zmvJHWOmS0Vx2leKua5v6VWWJezR2gpPW-4X0zFYhfta0UnpL3wjFbPYDkTHAMJ1XoP2oA_FEBbMFnH3X2NiOAkHV_XAQhkxSMxrqeYt9YZjT6aI8QNFKVIJcRzvk6BOtD9I6UNuJT9c7qlpRqEkNQF27p6l3vgG1ZS2xiLmGJLGjwY22hTHMYyqHODB4y0QCsLZd0oaGhQhKkf1NERPBuRqFa55s8v2kjyHvusAePzg3riFTX3TXeuWR1NBtmRDOLWHJxjmm2lIuhID2b2BHw0UwYSpczUFNx7Xo7KnFakxpAc8SFjplbxNGNav0JVEXxhlVzqlo-4piVbYGuv0UeUWy0S4zEBl3ZMdypa6Ye2kkx0BLPfH9L4sPRvxuVUde6iOVmIqrJwhACrs8JZaJU4k5Dj0mSKctyYg05n9J1u7rt-3qbKlvigYpSajp-gdwacXezt3aLx-0TID-ZPZmOQ2wNBbR3NSLGcswM2tkM79YMs-pN6EN7cmw4-T5TzkPVmuZNtvnnjaBM-4acATqXjxMThurLuIwwldbxJzBu-fGRrIwwocYGUBIBTai-xxClrKC50kzwdVziatJIMzfz3pdqRZ7PZgrPqAh7pWBgBdegthBxe-wjC5Zb08JhAuGNHmoA6pEZjZM7quMVFXOZAAMqrSauDhg-d5sL9cFUOglxbNGaojWU0p51Fj4dvgdST4iTM_f2eN6wKdT_qNT0k-obeyshmhfYAZZKN2x3OH2fpDehYP29Vu6_M33UBnlx8i_BW6s3XwH5WVa39pUzQrzxYsHwtjlk1Ev662GAOlG9DwHaOdMdY2PU-tq8C4PMQDgZbWMEEoQaZk-PMF7mLgJSo9fdQyN6P8-1RjuvD7uNrwjdEoTAT86BtvPTtea0cIwhvKhyZhl6Xz9kAtvSwstwsAtSaJvELKU5VL-kLWLISksH9PLGzDQORs4DzGF-EBBiefuD0hMWHo6YtMu8puKacp8wW24u9pxqYv_7lX21dwKNJXwhJ7X9MCTlSErctjsvAZyh81gW6NeIBG0Wb3tViPy1F3REe2eBYpkUpxe4ICPO_FwkeH96RpdPYnwn0WUQgSK3x9m0dRoaE8_w86LdMYAa8ZZC8vEv5_axSlk5_eYBbAsRAWwak4gCiiO6Fkc3X7pFbVg4xD8OOw8MUW7xXF0sFrVbMMYBT60lTolJNfeRzlWikVVafaAPr8GCK8YT7naqOc HTTP/1.1 
Host: f5ac6e7aac.smapp.work
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f5ac6e7aac.smapp.work/trkclk/?pid=6100&cid=3244675&custom1=CPC&fw1=badious-buzzard&aff_sub_id=juliet-mor-49cymi7yl
Cookie: cx_ntsl_i=a5147f6d-4762-43a7-8236-6dd62d2465e4; instal-cookie="2|1:0|10:1663122522|13:instal-cookie|124:eyIzMjQ0Njc1IjogIjE5MWM1ZmNiLWFhYjQtNGMyNi1hZDhhLWU1MGM4NTc5ZjViMTo0M2E3ZWY0NDViOTYzMzFjMTFhZjdkYzJjNWExZDk3NDYzZGYzYmIwIn0=|738888721028f7ecb28c351ff4a00d71238e565ad3576d90d7477437dab9e47f"
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         35.186.250.143
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 14 Sep 2022 02:28:42 GMT
content-length: 0
server: TornadoServer/4.3
etag: "da39a3ee5e6b4b0d3255bfef95601890afd80709"
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Sep 2022 02:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Sep 2022 02:28:43 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 04:47:02 GMT
Expires: Tue, 20 Sep 2022 04:47:01 GMT
Etag: "fa76cb451959880165c1599aa9a36324b30c57d1"
Cache-Control: max-age=526097,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a5b0d78e0db512-OSL

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3034
Expires: Wed, 14 Sep 2022 03:19:17 GMT
Date: Wed, 14 Sep 2022 02:28:43 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3034
Expires: Wed, 14 Sep 2022 03:19:17 GMT
Date: Wed, 14 Sep 2022 02:28:43 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14151
x-amzn-requestid: d5bc9be4-af3a-40fd-bfc9-1ac4769d2d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4GhboAMF2dA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-375df72d2d67582635b9e4ae;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CZRpgjU_AxNYoyeSTOwhJhONl2DS4pvCLJ62RgAFp0flw-kPz3GkpQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 22:06:54 GMT
etag: "a3e706d6309e4a9d7b293f2b9255f1550ba5e9b7"
age: 15709
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14151
Md5:    fef8234ab83f6f8f8b29665f592cbc9f
Sha1:   a3e706d6309e4a9d7b293f2b9255f1550ba5e9b7
Sha256: 569c8c9736026fc310e148d4d74081e96a86245baaa1f784280d44a1cbd25ed0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Sep 2022 02:28:43 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 01:21:26 GMT
Expires: Tue, 20 Sep 2022 01:21:25 GMT
Etag: "0fc36a87fcedb98f3748739cc0718470de2f59c2"
Cache-Control: max-age=513761,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a5b0dc0fd1b512-OSL

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5988
x-amzn-requestid: a0d81c7a-14e3-443d-8fb7-19241f06d3c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yaux0H77IAMF2_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f80b-0fe6fbbe75e891b925f88dc2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3PbHWkNMa0XkuY_FcTO22i9YwMdqlJPCho7FlBwdbuUnbWrOv0w5Hg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:59:03 GMT
age: 16180
etag: "e5b46c3ca439a09950290cada1af5e27cede10f2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5988
Md5:    f5befd5bb8e6d5dad2465be69d5a33e4
Sha1:   e5b46c3ca439a09950290cada1af5e27cede10f2
Sha256: 4dc0a3373fb4c1830c4e2420dddbcbe8dceecf10e969cbe8d02368e41207832c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5c31b50-df9d-4fb5-8912-45e00991efb0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8658
x-amzn-requestid: 02eef443-b348-43c4-a541-d9bd5f8fcb72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvltHKfIAMFb6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c8a-0f779de53c6380b11012eef9;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:08:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c4BroZwps_zm09y1aY3VaBZWxV0za1lsNYTPr-egbo8-5PKOQ6xRzg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 07:21:43 GMT
age: 68820
etag: "41d9a867d08faf7ff6269e8be37170db5ccc4b12"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8658
Md5:    0a8f751d08647c72b709802aef65c313
Sha1:   41d9a867d08faf7ff6269e8be37170db5ccc4b12
Sha256: ee7ac0fc01b3820dd1125644a4f260595a387385c835857ac8ab128441fc3e12
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa480f096-89f3-415c-b9a8-76b981146555.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4482
x-amzn-requestid: e9a99ad0-f093-4c9b-87b4-13ebac164413
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv5FIUoAMFcUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-4438ced526ebec8e7819b700;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _et90o-4_I8qkmQuwvLolMCtcidFgElQfg9KcHeCgMiaDvxndleAgg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:41:46 GMT
age: 17217
etag: "ef6cd4bdd5ddbdb92b25816dc82796f857d29cce"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4482
Md5:    34b74681f6d64ca1c010044535056275
Sha1:   ef6cd4bdd5ddbdb92b25816dc82796f857d29cce
Sha256: d3ffb558a261fd982989931ed8bd8e8f132735bb99fa5a42a032efdbdfbf6ce5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf0c9f83-0c77-48d8-9406-aadc344ec5eb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7925
x-amzn-requestid: 2242598f-531e-4fa0-9ea2-1588c4ed68ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yau8DE5koAMFZ2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f84c-35c429676b6204b717a04806;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:38:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QmtOAjxOWSMUzbAUMTbGZ-yA272AY89rFmF2Uiykhu1DCeXyfsKBDA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 22:02:40 GMT
etag: "dd077082f3da6b1ba6e2067984333e6191bc9116"
age: 15963
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7925
Md5:    fbc34e055f3f72baa6ed55ad86f43a35
Sha1:   dd077082f3da6b1ba6e2067984333e6191bc9116
Sha256: 32fd04fca7541ecd3ffc395286aaf66250f1b4bf45e2cd337515585dab8bed63
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7859b5f-1c86-429e-be16-f7b41657b096.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16980
x-amzn-requestid: 7c555cd5-4a33-452e-82d4-cac3282c0b0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYZfRHYOoAMFtIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320092e-0bbd43cc499db9ed24226439;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 04:38:06 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: m4lRTnfzeQluGV3fqyeSS6yLeU8tcfijOqcqyVdZ2L2pENHfWdrUHg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 09:39:44 GMT
age: 60539
etag: "7674123112859fd79ee9214c5308ad6a5e4ed015"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   18813
Md5:    416666958a4580ffc60e2beae8a60f2f
Sha1:   673ad596fcba65ddc1290891bece849cb09bbebf
Sha256: ba04f81b839eabaddeb644ee798eafa691fdcea7d0c13d8e2ffcfcf19d7f142f
                                        
                                            GET /gid.js HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://championtest.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Wed, 14 Sep 2022 02:28:43 GMT
content-length: 65
access-control-allow-origin: https://championtest.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1163e55d79e24e87b327e833004e744b; expires=Thu, 14 Sep 2023 02:28:43 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1528
Md5:    005adc91718c4a050ebaec620ac09760
Sha1:   a7369c6c3fb2f912ff72d5a02333c37533aa5796
Sha256: 14479d91673266a1620761776438ab26e004c17f9b6ae77aa58318312958d748
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "81B0C810CB3E84D06B9E0DC6116565D2222087868F54DCC94EF72FAFAEA1BC0B"
Last-Modified: Sun, 11 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7823
Expires: Wed, 14 Sep 2022 04:39:06 GMT
Date: Wed, 14 Sep 2022 02:28:43 GMT
Connection: keep-alive

                                        
                                            GET /gid.js?pub=0&userId=&zoneId=4843163&checkDuplicate=true&ymid=6100_305&var=4654991 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://championtest.top
Connection: keep-alive
Cookie: ID=1163e55d79e24e87b327e833004e744b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Wed, 14 Sep 2022 02:28:43 GMT
content-length: 65
access-control-allow-origin: https://championtest.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1163e55d79e24e87b327e833004e744b; expires=Thu, 14 Sep 2023 02:28:43 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    93ce27d77f396435b1a149f60d53c01e
Sha1:   58dd7efb203f75b1cd57ca8a9f1f45e782fec77b
Sha256: d42b4e35cc46b6c06e2a7d5aad3b5502bfeab15cd02abb667f7cf21eadafd797
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2ACBB29F4954EFF99A12BAD4301EB1DF99EF8B7134CF103EA31ACC0510407A69"
Last-Modified: Tue, 13 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1357
Expires: Wed, 14 Sep 2022 02:51:20 GMT
Date: Wed, 14 Sep 2022 02:28:43 GMT
Connection: keep-alive

                                        
                                            GET /track?offer_id=2058&z=4654991&request_var=6100_305&variable2=191c5fcb-aab4-4c26-ad8a-e50c8579f5b1:43a7ef445b96331c11af7dc2c5a1d97463df3bb0 HTTP/1.1 
Host: itcleffaom.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://championtest.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 14 Sep 2022 02:28:43 GMT
content-length: 172
x-trace-id: 7fa7fed25d7a4545c052dde811d697bf
access-control-allow-origin: https://championtest.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   172
Md5:    79a01e4de940f1a202b0b88f09095dab
Sha1:   d7c891ea29b42640283a424c7d5a812e64279a1c
Sha256: 66fc08a55ab6cb6c81b07cd1de270c3581955b446aa99599343fdabe1096d9fe
                                        
                                            GET /rotate?zz=4326385&var=4654991&ymid=6100_305&uid=1163e55d79e24e87b327e833004e744b HTTP/1.1 
Host: itcleffaom.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://championtest.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 14 Sep 2022 02:28:43 GMT
content-length: 489
x-trace-id: 5d54248fd170e31fa6e2e77e4e6f10a4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://championtest.top
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=1163e55d79e24e87b327e833004e744b; expires=Thu, 14 Sep 2023 02:28:43 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (489), with no line terminators
Size:   489
Md5:    cfb5fef0e425879f210c46cbc70d7165
Sha1:   d8620bdc0b38d4408f1192fc92b837879f686449
Sha256: a176cb927d0b46490b2d8fb767f88f8a54aacd1e92ef4c169f1f692691c1f2d0
                                        
                                            POST /zone?&pub=0&zone_id=4843163&is_mobile=false&domain=championtest.top&var=4654991&ymid=6100_305&var_3=null&dsig=&action=prerequest HTTP/1.1 
Host: ugyplysh.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         139.45.197.253
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 14 Sep 2022 02:28:37 GMT
content-length: 0
x-trace-id: c57128445c333deb37f4a5c8af1ba68f
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

                                        
                                            GET /zone?&pub=0&zone_id=4843163&is_mobile=false&domain=championtest.top&var=4654991&ymid=6100_305&var_3=null&dsig=&action=settings HTTP/1.1 
Host: ugyplysh.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://championtest.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.253
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Wed, 14 Sep 2022 02:28:43 GMT
content-length: 735
x-trace-id: f429dfd78c8686794de5c01bdb1d985b
access-control-allow-origin: https://championtest.top
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (734)
Size:   735
Md5:    e85efca32c95055063297da57d9fb171
Sha1:   389104665fde58a315f999e802586f610f55c300
Sha256: 45675d1202c78c9d6d41514a1ab2120f9169f1109459f663cb169eb49a4b6b38
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Sep 2022 02:28:43 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 13 Sep 2022 10:14:11 GMT
Expires: Tue, 20 Sep 2022 10:14:10 GMT
Etag: "458de0e6cbcb5512cf74bc1883d42eaded5c6466"
Cache-Control: max-age=545726,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a5b0dde8a9b512-OSL

                                        
                                            GET /stattag.js HTTP/1.1 
Host: cdntechone.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.82.172
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 14 Sep 2022 02:28:43 GMT
last-modified: Thu, 04 Aug 2022 15:17:49 GMT
etag: W/"62ebe31d-a8fa"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5917
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FZ9irvfLkJFcDuIX6x57qzdWp7Ega0RriDNyWNlEOJltmOTK9VQpnLaTn5IdBbunWC5q9ykod5dj4a4%2BEZXB28z%2Bzi5sIrU%2FABLn80BzlkZOn9xuTaFngfMSlTMh2FBNWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a5b0dc1f36b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (43256), with no line terminators
Size:   15616
Md5:    4caf4adabbe80dae6b58ae9af43e221c
Sha1:   379c43b05d457add852d26c54dd33c452cd2646c
Sha256: fed37ddfe89cf0e67e5570d214b8649ab84dd86198706c092abce1a74924c9ae
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AB67C828951C0F1E485FDE8D9A30C1D0462810916065DB6CA1A3B37D5EBC38E"
Last-Modified: Tue, 13 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 14 Sep 2022 08:28:43 GMT
Date: Wed, 14 Sep 2022 02:28:43 GMT
Connection: keep-alive

                                        
                                            GET /contents/s/0f/b5/a0/eccfe6fe27747ca4a84abb1c9b/0926450336462.png HTTP/1.1 
Host: pulsersurvey.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.154
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Wed, 14 Sep 2022 02:28:44 GMT
content-length: 10580
last-modified: Thu, 21 Jan 2021 09:10:34 GMT
etag: "6009450a-2954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 140 x 140, 8-bit/color RGB, non-interlaced\012- data
Size:   10580
Md5:    0fb5a0eccfe6fe27747ca4a84abb1c9b
Sha1:   f83ae7f2c746872a9ba9da626928946e3b6de28d
Sha256: 70eba3a4b499c4ffe4a8e62461c1b8581a9dd904f14b5742b48632dbebdd30a6
                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Sep 2022 02:28:44 GMT
Content-Length: 938
Connection: keep-alive
Expires: Sun, 18 Sep 2022 00:44:47 GMT
ETag: "d4f85a81cab8834513a7857b0cbbb224fd3831e9"
Last-Modified: Wed, 14 Sep 2022 00:44:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1115
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74a5b0dfb88cb527-OSL

                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 74749
date: Wed, 14 Sep 2022 02:28:44 GMT
access-control-allow-origin: *
etag: "63076de4-123fd"
expires: Wed, 14 Sep 2022 03:28:44 GMT
last-modified: Thu, 25 Aug 2022 15:41:08 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (681)
Size:   74749
Md5:    1cc0c1f6e686260b4032d3a2c3c84bea
Sha1:   62f4a7ee04093374ca76e761b6b7e65f1c7f771d
Sha256: b18d088442b7af5b9df459a03641de3d7ae1078d924c7024a63f81943fa05b01
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:44 GMT
access-control-allow-origin: *
etag: "63076e51-2b"
expires: Wed, 14 Sep 2022 03:28:44 GMT
accept-ranges: bytes
last-modified: Thu, 25 Aug 2022 15:42:57 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afp%3A128%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022830%3Aet%3A1663122511%3Ac%3A1%3Arn%3A701705245%3Arqn%3A1%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663122509730%3Ads%3A0%2C0%2C35%2C0%2C%2C0%2C%2C53%2C3%2C%2C%2C%2C221%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr%2814%29clc%280-0-0%29mtb%280%29aw%281%29rqnt%281%29efid%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://championtest.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 400
date: Wed, 14 Sep 2022 02:28:44 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://championtest.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:44 GMT
last-modified: Wed, 14-Sep-2022 02:28:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Size:   400
Md5:    b813356ebcf0ac830fa964a98c02900e
Sha1:   05bdd31bbff707b3916e491f0a7d93c497812d58
Sha256: 42a3e3bc58438b6db617264f4f8013c278fcdf3357019c51b304e3faa260f72c
                                        
                                            GET /metrika/metrika_match.html HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 698
date: Wed, 14 Sep 2022 02:28:44 GMT
access-control-allow-origin: *
etag: "63076e51-2ba"
expires: Wed, 14 Sep 2022 03:28:44 GMT
last-modified: Thu, 25 Aug 2022 15:42:57 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (540)
Size:   698
Md5:    d6d901488de20f057239c827342327b8
Sha1:   92c1bd30486ccd86c989a5214b8b22d35943b2e9
Sha256: bdc08719640417a85ba25136a6f7450a2c9659e372e9d8db43f1340de7dc2df1
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 14 Sep 2022 02:28:44 GMT
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 17 Sep 2022 23:38:28 GMT
ETag: "79fa7d79a9a063b2b7bbef0a04472753d3e53dab"
Last-Modified: Tue, 13 Sep 2022 23:38:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1412
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74a5b0e49a6db527-OSL


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    de3ed4841f04058df5b753f008f8ba02
Sha1:   79fa7d79a9a063b2b7bbef0a04472753d3e53dab
Sha256: 3c0327d25a46125497fe09506c5b245938506fde19bdda15f31c0d4aeb3ee253
                                        
                                            GET /metrica?id=1050525535 HTTP/1.1 
Host: adfstat.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mc.yandex.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         87.250.250.145
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Wed, 14 Sep 2022 02:28:44 GMT
Content-Length: 15
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=10, immutable


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   15
Md5:    0c776997933eb60833b37beaf43814c8
Sha1:   bff63526eb02853c6b414ccfb4d00ac9ca283930
Sha256: 3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonAdexCall&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A722515325%3Arqn%3A2%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1205%2C1205%2C0%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(2)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonUnique&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A90331829%3Arqn%3A4%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(4)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22isUnique%22%3Atrue%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonSurveyStart&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A1006403238%3Arqn%3A3%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(3)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22userOfferId%22%3A%222058%22%2C%22userSurveyId%22%3A1509001%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonStepChange&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A434074348%3Arqn%3A5%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(5)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22stepName%22%3A%22main%22%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonAdexLoad&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A205408858%3Arqn%3A6%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(6)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A443565218%3Arqn%3A7%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(7)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22notificationPermission%22%3A%7B%22default%22%3A%22onLoadTag%22%7D%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonTrackImpression&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A100520847%3Arqn%3A9%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(9)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22user_browser%22%3A%22firefox%22%2C%22user_os%22%3A%22linux%22%2C%22user_os_version%22%3A0%2C%22user_proxy%22%3A0%2C%22user_geo%22%3A%22no%22%2C%22user_getsubid_time%22%3A0%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonNotificationPermission&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A941665042%3Arqn%3A8%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(8)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22notificationPermission%22%3A%7B%22default%22%3A%22onLoadTag%22%7D%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Fchampiontest.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1663122524_848cdf3afd662f815051f0ca21be230aba7bad90186bd905b8d73afb91a0be0f&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022831%3Aet%3A1663122511%3Ac%3A1%3Arn%3A67717362%3Arqn%3A10%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Aeu%3A1%3Ans%3A1663122509730%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)mc(g-9)clc(0-0-0)mtb(79)aw(1)rqnt(10)efid(1)fip(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22trafficQuality%22%3A%22alert%22%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 14 Sep 2022 02:28:45 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:45 GMT
last-modified: Wed, 14-Sep-2022 02:28:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c86775f-a6ef-49b2-85ad-4272db5b9f42.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9467
x-amzn-requestid: d14b460e-2aa5-41c8-9a8b-4da671156014
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv3HJJoAMFWgg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7fe-0643dea6458034ab51d840d5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: rVAqQoiN5d1Ph-lVvB7luXmG0zQJuvLi8I_B-xGbJjLkyyAid6rktw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 22:07:08 GMT
etag: "94663318844e6567f2d160d620eb9ed777fba2a3"
age: 15702
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9467
Md5:    80786e640acccfa61ef2aaa27a2a95fa
Sha1:   94663318844e6567f2d160d620eb9ed777fba2a3
Sha256: 686348c1aa038c5109c39c3491524a98bcfc5b1559568391ba7fb240a285a064
                                        
                                            GET /trkclk/?pid=6100&cid=3244675&custom1=CPC&fw1=badious-buzzard&aff_sub_id=juliet-mor-49cymi7yl HTTP/1.1 
Host: f5ac6e7aac.smapp.work
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://artax-evn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         35.186.250.143
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 14 Sep 2022 02:28:42 GMT
clickid: 191c5fcb-aab4-4c26-ad8a-e50c8579f5b1:43a7ef445b96331c11af7dc2c5a1d97463df3bb0
set-cookie: cx_ntsl_i=a5147f6d-4762-43a7-8236-6dd62d2465e4; expires=Thu, 10 Sep 2037 02:28:42 GMT; Path=/ instal-cookie="2|1:0|10:1663122522|13:instal-cookie|124:eyIzMjQ0Njc1IjogIjE5MWM1ZmNiLWFhYjQtNGMyNi1hZDhhLWU1MGM4NTc5ZjViMTo0M2E3ZWY0NDViOTYzMzFjMTFhZjdkYzJjNWExZDk3NDYzZGYzYmIwIn0=|738888721028f7ecb28c351ff4a00d71238e565ad3576d90d7477437dab9e47f"; expires=Fri, 14 Oct 2022 02:28:42 GMT; Path=/; SameSite=None; secure
server: TornadoServer/4.3
etag: W/"94f2742602d2b0bdce2bea47c61520c2858d6d33"
x-frame-options: SAMEORIGIN
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /betting-survey.html?var=6100_305&ymid=191c5fcb-aab4-4c26-ad8a-e50c8579f5b1:43a7ef445b96331c11af7dc2c5a1d97463df3bb0&offer_id=2058&z=4654991 HTTP/1.1 
Host: championtest.top
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://f5ac6e7aac.smapp.work/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.21.10.131
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 14 Sep 2022 02:28:43 GMT
last-modified: Tue, 13 Sep 2022 13:51:27 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MRUiY9Zw4AC1%2BdTKzEGnDXywSl1Vj7Me%2FBmQ4gbsi26olJdOfCrFmX7Wj7SP8b1rxS6YgvDDDhlAlPVd4MYTGx5%2BvN6CQLGLaUp2XCho7f%2BM8ANYiaGomOM9HmqdqAOTiCT7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74a5b0d93f1eb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afp%3A128%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022830%3Aet%3A1663122511%3Ac%3A1%3Arn%3A701705245%3Arqn%3A1%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663122509730%3Ads%3A0%2C0%2C35%2C0%2C%2C0%2C%2C53%2C3%2C%2C%2C%2C221%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr(14)clc(0-0-0)mtb(0)aw(1)rqnt(1)efid(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://championtest.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         87.250.251.119
HTTP/2 302 Found
                                        
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fchampiontest.top%2Fbetting-survey.html%3Fvar%3D6100_305%26ymid%3D191c5fcb-aab4-4c26-ad8a-e50c8579f5b1%253A43a7ef445b96331c11af7dc2c5a1d97463df3bb0%26offer_id%3D2058%26z%3D4654991%26utm_campaign%3D6100_305%26utm_medium%3D4654991%26utm_content%3Dzd_public_v2&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7qpk%3Afp%3A128%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A140192622226%3Ahid%3A1050525535%3Az%3A0%3Ai%3A20220914022830%3Aet%3A1663122511%3Ac%3A1%3Arn%3A701705245%3Arqn%3A1%3Au%3A1663122511461612461%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663122509730%3Ads%3A0%2C0%2C35%2C0%2C%2C0%2C%2C53%2C3%2C%2C%2C%2C221%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663122511%3At%3ASports%20Pro%20Test&t=gdpr%2814%29clc%280-0-0%29mtb%280%29aw%281%29rqnt%281%29efid%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 14 Sep 2022 02:28:44 GMT
access-control-allow-origin: https://championtest.top
set-cookie: yandexuid=8412512521663122524; Expires=Thu, 14-Sep-2023 02:28:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yuidss=8412512521663122524; Expires=Thu, 14-Sep-2023 02:28:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yabs-sid=530420151663122524; Path=/; SameSite=None; Secure i=NLe601GEjkbMC8aJAc9mCniidebfZOdBjrrWzJebRFQkwEIQFNb0BwMHdPBqAwgdTqbK2dIoJfK9NOnJP04BjoB70OA=; Expires=Sat, 11-Sep-2032 02:28:32 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None ymex=1694658524.yrts.1663122524#1694658524.yrtsi.1663122524; Expires=Thu, 14-Sep-2023 02:28:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 14-Sep-2022 02:28:44 GMT
last-modified: Wed, 14-Sep-2022 02:28:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---