firefox.settings.services.mozilla.com/v1/
54.230.111.118200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mceCCmYhbZdUpC4AKmf5UrSGI7ziplxHQFPBq6xhb5juGsbvD4ZgeQ==
Age: 172047
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8438
Expires: Fri, 07 Oct 2022 17:55:23 GMT
Date: Fri, 07 Oct 2022 15:34:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2777
Expires: Fri, 07 Oct 2022 16:21:02 GMT
Date: Fri, 07 Oct 2022 15:34:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Vjxl2clG9D/fLjMRYtj/cwCvn1FMBrZB55IyQCBfNEaHfge9hx5y3O67PA7FZstodDdAQcxJ1Bg=
x-amz-request-id: 0832DS4FF2SMDEBM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 14:59:13 GMT
age: 2132
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 15:34:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
smrturl.co/o/190569/53195605
172.67.197.247200 OK 351 B URL HTTP/1.1 smrturl.co/o/190569/53195605
IP 172.67.197.247:0
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 97428446cd028c804d833376ed5407fb
2ac33c9449b5f3be34b6a03053fdf3e3198aa67d
c88879c92522dc6352dc1782f8565dcffa5607849c9f443c8f49e937daa14ea9
Analyzer Verdict Alert fortinet Malware
GET /o/190569/53195605 HTTP/1.1
Host: smrturl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 15:34:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.11
Set-Cookie: dynamo_v_id=Vdb83d73da91cb; expires=Sat, 08-Oct-2022 15:34:45 GMT; Max-Age=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nH8UMSYNJWlK9s%2BAIOAZY732QuZVSCzZr6PA9cyeiE2ZbxShptU1pDmj2HmQlavp%2Fx1qZnw6xzyUQYCver2K%2FWxivezc0ZNok8svlMBOBosKTmlJwKLS%2F%2BAFaA7T"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7567b3e6fd92b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
smrturl.co/favicon.ico
172.67.197.247200 OK 33 B IP 172.67.197.247:0
File type ASCII text, with no line terminators
Hash a507f082d1ff4d66b6a35b9051966b68
adbc0197fb4580d38a5a93496ac92f63ceddc8b2
45e808721383e5a9a8e2fab39bb5d910c3b8986e0737bd3df7ce21e49da2a0df
GET /favicon.ico HTTP/1.1
Host: smrturl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 15:34:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.11
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3546
Last-Modified: Fri, 07 Oct 2022 14:35:40 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NuQRoIh0MLb7u0FzLaQMxvYAZQ8Z7VIr7KuRU6FcUefkqgCElupPUaIU7Gs4zdypRc9EI413kbcEm1gZ5PW91flcZPSU%2FErZCU1ZaVysoWEFiTqN4j4NecmfJoIg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7567b3eb4c2fb4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.118200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 07 Oct 2022 15:29:41 GMT
Expires: Fri, 07 Oct 2022 16:19:44 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mudjSq2I2JW3iucqi0NhxFqjkDVuryeM3QcahBrQWKge3mNp0FAcBQ==
Age: 305
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d6c404502c7987174a84d8f0a3efab23
fc3a3f6d63acab3f659fb3536b65fd8564ec8628
94b5693df873bd923ffbf31f576fff01d2628e5796af4c6b91306a743e27d19b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4520
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 15:34:46 GMT
Last-Modified: Fri, 07 Oct 2022 14:19:26 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6620c37142eecb3ca9658d29e4602eb9
5480f8a06612a4d231e7ba563c8c318e8bae29f2
2a7fc3290730cb05642f12adfa8100d1be3726d1e48071ac7712ba166ae42e92
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 15:34:46 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 00:50:32 GMT
Expires: Fri, 14 Oct 2022 00:50:31 GMT
Etag: "5480f8a06612a4d231e7ba563c8c318e8bae29f2"
Cache-Control: max-age=551144,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7567b3ed6b8d0afa-OSL
run.storkmobi.com/click?pid=1309&offer_id=73824&sub1=Cdb32cad9b2fa0&sub5=190569&sub6=&sub7=null
35.204.59.16302 Found 0 B URL HTTP/2 run.storkmobi.com/click?pid=1309&offer_id=73824&sub1=Cdb32cad9b2fa0&sub5=190569&sub6=&sub7=null
IP 35.204.59.16:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=1309&offer_id=73824&sub1=Cdb32cad9b2fa0&sub5=190569&sub6=&sub7=null HTTP/1.1
Host: run.storkmobi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 07 Oct 2022 15:34:46 GMT
content-length: 0
location: https://allgainnnowsurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_190569&ymid=63404716902fa0000196c4a0
referer:
referrer-policy: no-referrer
set-cookie: afclick=63404716902fa0000196c4a0; expires=Sat, 07 Oct 2023 15:34:46 GMT; secure; SameSite=None
afoffers={"73824":1665156886}; expires=Sat, 07 Oct 2023 15:34:46 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0bb2e166049a39295b5be8b937659f38
e6d715f361d776792626d5d7bea288d9e9a81a45
8ce21cee77c0b11d2e0ef615babebe771f2709ad4e7684b246475ec6822030e2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8CE21CEE77C0B11D2E0EF615BABEBE771F2709AD4E7684B246475EC6822030E2"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10727
Expires: Fri, 07 Oct 2022 18:33:34 GMT
Date: Fri, 07 Oct 2022 15:34:47 GMT
Connection: keep-alive
push.services.mozilla.com/
35.165.143.157101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.143.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PhWJWIw0/KLwLUd5zXy3OQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dLMeoErCY5NiCZRa54PPaOMX6Kw=
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0bb2e166049a39295b5be8b937659f38
e6d715f361d776792626d5d7bea288d9e9a81a45
8ce21cee77c0b11d2e0ef615babebe771f2709ad4e7684b246475ec6822030e2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "8CE21CEE77C0B11D2E0EF615BABEBE771F2709AD4E7684B246475EC6822030E2"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10727
Expires: Fri, 07 Oct 2022 18:33:34 GMT
Date: Fri, 07 Oct 2022 15:34:47 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 15:34:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=528031,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7567b3f36c960afa-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2fae55dc5e7590339da1d29f3e50b3d
673a218545c434de504b49c872d4814612dc15c9
da9bc74f8d93db43f9e73d2b69f4ddfe18d8b948cfd059c470579ea407e5fe5c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA9BC74F8D93DB43F9E73D2B69F4DDFE18D8B948CFD059C470579EA407E5FE5C"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=123
Expires: Fri, 07 Oct 2022 15:36:50 GMT
Date: Fri, 07 Oct 2022 15:34:47 GMT
Connection: keep-alive
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash f037374cb8042db35d753eb685ac1435
3d471e89326a9ae1e226478018e2c7176c474676
106f1070bf5d920cff180916f882f95d9ad4a72d225b94e0567b3198402b75c5
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://allgainnnowsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://allgainnnowsurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=84e4023d32c84dceb41a05148d36e3de; expires=Sat, 07 Oct 2023 15:34:47 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
itcleffaom.com/track?offer_id=2897&z=4493500&request_var=1309_190569&variable2=63404716902fa0000196c4a0
139.45.197.237200 OK 172 B URL HTTP/2 itcleffaom.com/track?offer_id=2897&z=4493500&request_var=1309_190569&variable2=63404716902fa0000196c4a0
IP 139.45.197.237:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 4043618b09ace9f92c3329c1524a3841
26b0ddd9409037e39c82d4512eb06d135cedd1bf
dc1020484c2372b94681ea4d4b8a7ee6096d0666015e1666a25a9444f8ae55be
GET /track?offer_id=2897&z=4493500&request_var=1309_190569&variable2=63404716902fa0000196c4a0 HTTP/1.1
Host: itcleffaom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://allgainnnowsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/json
content-length: 172
x-trace-id: c0038906f06486e405faafa96da6665d
access-control-allow-origin: https://allgainnnowsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash edee55f2da9c9f22e74e45ab7052f5f2
1adf102ceb294df30931748a6906a0f2f5ba8508
ac94c09690e62c98d43e3e6c1c8b01d9a92a0fe3374553ff62d029d2f3cc889a
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 15:34:47 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Tue, 11 Oct 2022 13:23:20 GMT
ETag: "1adf102ceb294df30931748a6906a0f2f5ba8508"
Last-Modified: Fri, 07 Oct 2022 13:23:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2015
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7567b3f4ef28b505-OSL
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (731)
Hash 64adf2282f72dc350e916cb82af41ab7
d5c10f65a7ac0cce6eb0c78df805965a9a3ad017
4942011d5f3623476ceff936e757245d89ce2af664558a7031497d370a3d3771
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73219
date: Fri, 07 Oct 2022 15:34:47 GMT
access-control-allow-origin: *
etag: "633fab48-11e03"
expires: Fri, 07 Oct 2022 16:34:47 GMT
last-modified: Fri, 07 Oct 2022 07:30:00 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash fb7c213564f3d5b3d1d7ff76b91f78ba
6cdba6ae4c57b17a081f03e8d1c4ea0c8790982e
9a4e59a394d8fe0065332cc2dc6cfaf2989c1d89aa1414c58307cbbe1f95bbf9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 15:34:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 13:33:15 GMT
Expires: Fri, 14 Oct 2022 13:33:14 GMT
Etag: "6cdba6ae4c57b17a081f03e8d1c4ea0c8790982e"
Cache-Control: max-age=596906,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7567b3f59f950afa-OSL
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
139.45.195.253200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP 139.45.195.253:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://allgainnnowsurvey.top
Content-Length: 1680
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 07 Oct 2022 15:34:47 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://allgainnnowsurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 07 Oct 2022 15:34:48 GMT
access-control-allow-origin: *
etag: "633fab48-2b"
expires: Fri, 07 Oct 2022 16:34:48 GMT
accept-ranges: bytes
last-modified: Fri, 07 Oct 2022 07:30:00 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A209%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A101251750%3Arqn%3A1%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C70%2C0%2C%2C0%2C%2C82%2C2%2C%2C%2C%2C273%3Ans%3A1665156887249%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 1.1 kB URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A209%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A101251750%3Arqn%3A1%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C70%2C0%2C%2C0%2C%2C82%2C2%2C%2C%2C%2C273%3Ans%3A1665156887249%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
Hash d52969d9224e571ec03ffcc601306c8e
1da1526d8726afba48f15f280cbcac51fcded9a9
6b9ed8d3f7d4e6508f647e1f5450333c844c497ef69e5a02c9663369fdc73f8a
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A209%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A101251750%3Arqn%3A1%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C70%2C0%2C%2C0%2C%2C82%2C2%2C%2C%2C%2C273%3Ans%3A1665156887249%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://allgainnnowsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A209%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A101251750%3Arqn%3A1%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C70%2C0%2C%2C0%2C%2C82%2C2%2C%2C%2C%2C273%3Ans%3A1665156887249%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Fri, 07 Oct 2022 15:34:48 GMT
access-control-allow-origin: https://allgainnnowsurvey.top
set-cookie: yandexuid=7330432101665156888; Expires=Sat, 07-Oct-2023 15:34:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7330432101665156888; Expires=Sat, 07-Oct-2023 15:34:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1611658501665156888; Path=/; SameSite=None; Secure
i=IpasHceOLRHXpF9qLeS6AUN/EI8qNDc8HnAaNt29uZTUxOOiMYYDLyAZZlHp/Na/YZxVy/RLFcjhjgt5rwd4ul319FY=; Expires=Mon, 04-Oct-2032 15:34:42 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696692888.yrts.1665156888#1696692888.yrtsi.1665156888; Expires=Sat, 07-Oct-2023 15:34:48 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 07-Oct-2022 15:34:48 GMT
last-modified: Fri, 07-Oct-2022 15:34:48 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
allgainnnowsurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_190569&ymid=63404716902fa0000196c4a0
104.21.7.180200 OK 1.9 kB URL HTTP/2 allgainnnowsurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_190569&ymid=63404716902fa0000196c4a0
IP 104.21.7.180:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2072)
Hash 1fb778c5e2d2d6eed35d8e953b7adce7
022e047047cd78a51afaeca4083163707dce524b
6d366c84315db962019c24bbee19c8483fe23fc1440453319520dda14d95c513
Analyzer Verdict Alert quad9 Sinkholed
GET /finance-survey.html?z=4493500&offer_id=2897&var=1309_190569&ymid=63404716902fa0000196c4a0 HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: text/html
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B79VybOGr3NThaKK7ikHGQHdDy9VPxVwdJGWVAvmQCaGRKK3ahJ05wkw1Evqa34TYn9nTTn8Vch6JU13KQEkvVuNdVjqqyLAYbg03ysuPfpYvbhCqnr2dk0aoBcHmtnANFi4%2FPaWR5k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7567b3f0499d0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonUnique&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A236981640%3Arqn%3A4%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonUnique&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A236981640%3Arqn%3A4%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonUnique&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A236981640%3Arqn%3A4%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://allgainnnowsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 07 Oct 2022 15:34:48 GMT
access-control-allow-origin: https://allgainnnowsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 07-Oct-2022 15:34:48 GMT
last-modified: Fri, 07-Oct-2022 15:34:48 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
allgainnnowsurvey.top/css/survey.css?v=1
104.21.7.180200 OK 6.2 kB URL HTTP/2 allgainnnowsurvey.top/css/survey.css?v=1
IP 104.21.7.180:0
File type ASCII text, with very long lines (19833), with no line terminators
Hash e77d5a678893ec7e194805deb0dd968c
34484e61bfc63792c0bb8f760598f45367b1d392
f6e2477a7b92a70c32c1491b60f6fed1097cfbf77cdd6372a616e11ec3fc0cec
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /css/survey.css?v=1 HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=19835
etag: W/"63401445-4d7b"
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdv7JhIadbR%2FS4hTWrGcqHaQL8pKb8vou6tKCT0pzJJS2%2FrtiCg0l5lJ307nZlxDMoRQJf7DAetKto5oPiH001TYq89zPcUYDpJ3UnoMxKhW1F0WCioCEIB1vrQLun2kCodD%2FGzA7Uw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7567b3f0da080b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonAdexCall&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A982687352%3Arqn%3A3%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonAdexCall&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A982687352%3Arqn%3A3%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonAdexCall&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A982687352%3Arqn%3A3%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://allgainnnowsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 07 Oct 2022 15:34:48 GMT
access-control-allow-origin: https://allgainnnowsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 07-Oct-2022 15:34:48 GMT
last-modified: Fri, 07-Oct-2022 15:34:48 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
allgainnnowsurvey.top/img/icon-survey.svg
104.21.7.180200 OK 834 B URL HTTP/2 allgainnnowsurvey.top/img/icon-survey.svg
IP 104.21.7.180:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1080), with CRLF line terminators
Hash 3977363b74316bc3e062ee9192b7335d
4c61d51ee7467ef9270197b76c625b6acf19abe4
40f46b7e378af52ebeaf4172862824efe03f2baaee5629374cb0a7d2339e063a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /img/icon-survey.svg HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: image/svg+xml
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
etag: W/"63401445-c26"
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PnFNgOIq%2Fvd2vglG327Y1Ap73692Nk7HLQN1%2FxEpJbPZi4zyPXbwcLLlCUM%2F0H0L1fkYTLbnQY4oqAKCzw6sczUwzeHA824CeMXG3D3oDCMeFg3GgyV5OqQQ84Y3RknDfUsZGYuCNEg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7567b3f0ea0b0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
allgainnnowsurvey.top/js/survey-site.js
104.21.7.180200 OK 1.4 kB URL HTTP/2 allgainnnowsurvey.top/js/survey-site.js
IP 104.21.7.180:0
File type ASCII text, with very long lines (3805), with no line terminators
Hash 9191b93a213bc0d94b0054fe9f93e734
1a2f8f327f33936f033ce5a7a00f85efba4f9ceb
44140a82c457d0712b6090b95b802cfaf6e4731bc2912b08fd77e4a535d2ec8a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /js/survey-site.js HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63401445-edd"
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MjXM5PfOVs%2BKeLaG0iQ1iWPhlTMNTqp6hOVnHP0%2FB7zyqS7M5NOUQDve5ZxDwFMqf9lhSZoi4P8hwN%2B3hzeN83t6PVvlYO%2BiMr%2F%2F7WNmWJPI3%2BfJ7zdBP51TRIyjIB2bHvI%2FuV%2FGNdk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7567b3f0ea0c0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonAdexLoad&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A608222299%3Arqn%3A7%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonAdexLoad&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A608222299%3Arqn%3A7%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonAdexLoad&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A608222299%3Arqn%3A7%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(7)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
Origin: https://allgainnnowsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 07 Oct 2022 15:34:48 GMT
access-control-allow-origin: https://allgainnnowsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 07-Oct-2022 15:34:48 GMT
last-modified: Fri, 07-Oct-2022 15:34:48 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
allgainnnowsurvey.top/js/data/rtc.js?v=1
104.21.7.180200 OK 4.5 kB URL HTTP/2 allgainnnowsurvey.top/js/data/rtc.js?v=1
IP 104.21.7.180:0
File type ASCII text, with very long lines (10798), with no line terminators
Hash a5bf7ab99d24c4e6ea1fbdb5a65e9953
59d2dc772210da87201371fd4165c38076d982b5
5884e0dcb95cf61f6f7df32b05296d73e730bd67a6989fcb1710f1736c8ec907
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /js/data/rtc.js?v=1 HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=14949
etag: W/"63401445-3a65"
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5hyWP25xxF9M6jpaXfyFnq03iup0syaNQU1ebHZ4vSmyzIkeeoxQnSl91%2FOm6pUI%2BXQPnR%2F%2BkH3KtpFUSyc9b2F9EwIE2I4o5Hvii5C1%2FqTYL%2BSFWB9ANVYcTTOLFaA5DEQI9SYh8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7567b3f0da030b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonTrackImpression&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A83767219%3Arqn%3A8%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2)
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonTrackImpression&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A83767219%3Arqn%3A8%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fallgainnnowsurvey.top%2FonTrackImpression&page-ref=https%3A%2F%2Fallgainnnowsurvey.top%2Ffinance-survey.html%3Fz%3D4493500%26offer_id%3D2897%26var%3D1309_190569%26ymid%3D63404716902fa0000196c4a0%26utm_campaign%3D1309_190569%26utm_medium%3D4493500%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1665156888_6d41e06d9c35d09064e2a76d86425984b189a010395edc66d6ba547db99f2244&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A477623062672%3Ahid%3A165034016%3Az%3A0%3Ai%3A20221007153448%3Aet%3A1665156888%3Ac%3A1%3Arn%3A83767219%3Arqn%3A8%3Au%3A1665156888739856035%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1665156887249%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665156888%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-9)clc(0-0-0)aw(1)rqnt(8)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 190
Origin: https://allgainnnowsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 07 Oct 2022 15:34:48 GMT
access-control-allow-origin: https://allgainnnowsurvey.top
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 07-Oct-2022 15:34:48 GMT
last-modified: Fri, 07-Oct-2022 15:34:48 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2438
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 15:34:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2438
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 15:34:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2438
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 15:34:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cfb29b1-34eb-4ec3-8390-1145a644534c.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cfb29b1-34eb-4ec3-8390-1145a644534c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06283ec49d3981b60b28731fd8a9940d
10c0d991f7ad234557792c175fdbf81e3356416a
0d8d932cd46fa377ce3dfe5fe1287ab1cd0daad0ef52a42baad2462d10e5a80f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cfb29b1-34eb-4ec3-8390-1145a644534c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6052
x-amzn-requestid: 6c8abd32-7499-4636-bf8a-3baaa88bf1ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi-HWOoAMFalA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-464364630dd2dbfa0d69f6f5;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 4EEoZVMtDaWUiCVvGW_0w4BSa1f1KDudnzPEoSIVF_ckE9MdhiflOw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:45:54 GMT
age: 64134
etag: "10c0d991f7ad234557792c175fdbf81e3356416a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2438
Expires: Fri, 07 Oct 2022 16:15:26 GMT
Date: Fri, 07 Oct 2022 15:34:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4572451a09430ca7a9203f14ddc035ba
46e17c44fba23988d7a9d9832c411ba2810136c3
fa54e73c4b32d8e109504ebcd46e4316de8143f44b7eae20a44ba63d14a6f24b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7758caee-c969-46dd-96d0-b4402437781d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8445
x-amzn-requestid: 7d295b3b-29d6-4b2e-8314-c9055d1def80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmju5FxwoAMFeQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4cc5-3f58c18b1159ad512c60422b;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:46:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: DC1ECXhkAhfdrU8ZyMhhDdwydsq4PQfzzGOPd-REjCkCsDbXQLnLiA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:57 GMT
etag: "46e17c44fba23988d7a9d9832c411ba2810136c3"
content-type: image/jpeg
age: 62751
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 16339989f5c6c229a3dcc0ed1e52032f
a1ea26d6e4eb4a72cc8c87100b40035dab69d285
16703f888ee6f974bb89e1c4c16a75186b31b64130abcd1a3bcd3741159d912c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ca4df15-4ecd-467c-a658-2352fca9a8ff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13437
x-amzn-requestid: ec801fbc-c339-46ce-ac5f-18d064e5ef21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_HdeoAMFyOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-02b52b770e6e76cf52b26e47;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: Iesqk_XbGiZE-n3mTa1_1WtlXiyEqz-4qfyt3_609O1eujdLcFu3zA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:47:25 GMT
age: 64043
etag: "a1ea26d6e4eb4a72cc8c87100b40035dab69d285"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed3fa86bbe319c9a2f81ff625e677cb0
e3d5210207f6ff922bc28e328285059c19a523a4
5919694bd942a4f25d5b7ffc3f8aee1af6cdb8461d4ba3dba9a2e72cf19164c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7261
x-amzn-requestid: e1bdf299-b29e-4f58-9c8a-33f5dacdb081
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmirBELYoAMFfgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4b13-1969b32c6f4f7e5749e7caa0;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: FO5iGJFmDfdklhzIVOxp4x3AV7ltFqBDDlYBz39Zzx99t7oykNR2WQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a4479a6315f90864adc6175b280f8f44.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 64268
etag: "e3d5210207f6ff922bc28e328285059c19a523a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: JYDg0-KelCPr__4bKtpARLrwiE1CHGICcFI6I9_TFCMcmESbykNhXQ==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:50 GMT
age: 62758
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e30ca5022768294665070cafc9d489c
c6ebf53c21206cfcf8e70279d3ae43f0170ade3a
6b834cdae692318a114c0d82ebff4fa8f4e65526983758e08ffb130d4d86020f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9046
x-amzn-requestid: d560c8ba-6e81-46f7-a451-30c40fbfce6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_F7qIAMFkQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-012e65d675558ec8544a1f30;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Vy9jQu1a8BGypY4C4u_9gao5wPEkVHgArhG2zMNdH8KfBS0lfmyHBA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57bd3a2d9e0e4cbf89d9eb3d7dfb916e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 64268
etag: "c6ebf53c21206cfcf8e70279d3ae43f0170ade3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
allgainnnowsurvey.top/js/data/_global-config-sd.js?v=3
104.21.7.180200 OK 0 B URL HTTP/2 allgainnnowsurvey.top/js/data/_global-config-sd.js?v=3
IP 104.21.7.180:0
Analyzer Verdict Alert quad9 Sinkholed
GET /js/data/_global-config-sd.js?v=3 HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=651
etag: W/"63401445-28b"
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BKdw9aFCwgk6ZyyVbPJ2u9Nd%2BvN%2BEvhBl9FTj67RZbLQgWEpH7fmWSDL7exquYu3bHKsiNwNKyUxvq3M%2FeEIWd3tsl3K5os7kKTQ1RHWc4%2BSRjDlwh6jrpaJr5lBbuI49eVMjOMRQVA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7567b3f0da020b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
allgainnnowsurvey.top/js/survey.js?v=14
104.21.7.180200 OK 0 B URL HTTP/2 allgainnnowsurvey.top/js/survey.js?v=14
IP 104.21.7.180:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /js/survey.js?v=14 HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63401445-4a5a2"
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQSvPOm8mbjKr79y9lb7V9WUk5JavBL%2FwGbYNcP1RgeqIt9jzYEDET9y8iJyjBsQiOdseFeVI1paDD7xbXTdZu%2FKiMVui%2FlET1za%2FPinQUGvgphz286EAanB3U%2BY9EH9q3H3lWCuuAw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7567b3f0ea120b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
itcleffaom.com/rotate?zz=4292527;4326652;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_190569&uid=84e4023d32c84dceb41a05148d36e3de
139.45.197.237200 OK 0 B URL HTTP/2 itcleffaom.com/rotate?zz=4292527;4326652;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_190569&uid=84e4023d32c84dceb41a05148d36e3de
IP 139.45.197.237:0
GET /rotate?zz=4292527;4326652;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_190569&uid=84e4023d32c84dceb41a05148d36e3de HTTP/1.1
Host: itcleffaom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://allgainnnowsurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/javascript
x-trace-id: e833bbf08d4ecabe2e53e1bcb09b00a8
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://allgainnnowsurvey.top
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=84e4023d32c84dceb41a05148d36e3de; expires=Sat, 07 Oct 2023 15:34:47 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
allgainnnowsurvey.top/js/config.js?v=8
104.21.7.180200 OK 0 B URL HTTP/2 allgainnnowsurvey.top/js/config.js?v=8
IP 104.21.7.180:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /js/config.js?v=8 HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63401445-1085d"
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUtIwnS0zHUD8cGuIbY7G5J%2B5%2B%2FYpJDDBkHCaHWLo8HtoTAiNgMiDH%2FfKj7rIvGL8MSA3xxyOQoxk9NmhFBr2%2FeVuYtBJPvBS%2BS30SigRFOP4XA7p%2FMkyuXcxzLnjQ8RaKuR63WhhaQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7567b3f0da040b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
allgainnnowsurvey.top/css/style.css?v=1
104.21.7.180200 OK 0 B URL HTTP/2 allgainnnowsurvey.top/css/style.css?v=1
IP 104.21.7.180:0
Analyzer Verdict Alert quad9 Sinkholed
GET /css/style.css?v=1 HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=40801
etag: W/"63401445-9f61"
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bt8Adxe8kEcMjud2vAqbCU6NPpWfn6UGYt3wUmThK2YU2pqQegHlArKOslak2cvGd%2BXLsvXsulFkmPUNTy3%2FebqtRqfwGYL06YOXrxtj8Ih5QbGggDx11HXh1voL9mPOzoqVsgkhGXc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7567b3f0da0a0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
allgainnnowsurvey.top/js/binom-pixel.js
104.21.7.180200 OK 0 B URL HTTP/2 allgainnnowsurvey.top/js/binom-pixel.js
IP 104.21.7.180:0
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /js/binom-pixel.js HTTP/1.1
Host: allgainnnowsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"63401445-4a3"
last-modified: Fri, 07 Oct 2022 11:57:57 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 5008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jk8Kjzx8PrJydXWwB4ZIWrqEXXdjrKyYMYG54Kjr3kweAcY2uVtgb3doCx4jZcde8pLQwbGD9Wr6h%2BZbiXqo3LHeX0w5TEemPe8WC1HckGAAiIsyZ3y19h7UHLrbhG0KGTl4evgI8bQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7567b3f0ea130b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdntechone.com/stattag.js
104.21.29.183200 OK 0 B URL HTTP/2 cdntechone.com/stattag.js
IP 104.21.29.183:0
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 15:34:47 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:17:49 GMT
etag: W/"62ebe31d-a8fa"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6085
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h6XzGChX8s8uaMYQe7QJaVEL55tVgzJAGr1pRHkxZhZm8sxx3Io3ByzsCsBlg94Z8SGK83Dp33PG3Q5B3m%2FMRCQdXbq2Ob7%2B%2BXrCp7vnk6BeuoeRGHJy%2BYGJABduflVefw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7567b3f35ecf0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2