Overview

URL viapawniarda.com/4/5545650/
IP139.45.197.238
ASNRETN Limited
Location United Kingdom
Report completed2022-11-22 19:17:34 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-22 2 takeallsurvey24.top/js/survey-site.js Phishing
2022-11-22 2 takeallsurvey24.top/js/data/_global-config-sd.js?v=5 Phishing
2022-11-22 2 takeallsurvey24.top/css/survey.css?v=2 Phishing
2022-11-22 2 takeallsurvey24.top/css/style.css?v=1 Phishing
2022-11-22 2 takeallsurvey24.top/css/finance-many.css?v=1 Phishing
2022-11-22 2 takeallsurvey24.top/img/icon-survey.svg Phishing
2022-11-22 2 takeallsurvey24.top/js/data/rtc.js?v=2 Phishing
2022-11-22 2 takeallsurvey24.top/js/binom-pixel.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-22 2 datatechonert.com Sinkholed
2022-11-22 2 itcleffaom.com Sinkholed


Files

No files detected



Passive DNS (18)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
mnemonic passive DNS cdntechone.com (1) 64371 2021-12-24 17:09:58 UTC 2022-11-22 05:38:29 UTC 172.67.149.153
mnemonic passive DNS e1.o.lencr.org (1) 6159 No data No data 23.36.77.32
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.38.198.114
mnemonic passive DNS itcleffaom.com (1) 72236 2021-07-29 11:48:44 UTC 2022-11-22 14:31:38 UTC 139.45.197.237
mnemonic passive DNS my.rtmark.net (2) 9054 2017-08-22 14:11:49 UTC 2022-11-22 09:37:11 UTC 139.45.195.8
mnemonic passive DNS takeallsurvey24.top (11) 0 2022-08-17 20:16:02 UTC 2022-11-22 04:45:52 UTC 104.21.91.69 Unknown ranking
mnemonic passive DNS ocsp.globalsign.com (2) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 104.18.20.226
mnemonic passive DNS viapawniarda.com (3) 0 2022-06-09 22:17:57 UTC 2022-11-22 05:48:00 UTC 139.45.197.238 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-22 05:47:51 UTC 34.102.187.140
mnemonic passive DNS mc.yandex.ru (11) 2672 2012-05-21 09:38:30 UTC 2022-11-22 11:14:14 UTC 77.88.21.119
mnemonic passive DNS datatechonert.com (1) 46154 2021-12-24 16:44:17 UTC 2022-11-22 14:37:35 UTC 139.45.195.253
mnemonic passive DNS adfstat.yandex.ru (1) 22826 2020-12-25 10:59:13 UTC 2022-11-22 14:37:35 UTC 87.250.250.145
mnemonic passive DNS r3.o.lencr.org (7) 344 No data No data 23.36.76.226
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-22 05:40:51 UTC 34.117.237.239
mnemonic passive DNS ocsp.sectigo.com (4) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 139.45.197.238

Date UQ / IDS / BL URL IP
2022-12-01 02:19:07 +0000
0 - 0 - 3 waufooke.com/4/3296904/ 139.45.197.238
2022-12-01 00:17:23 +0000
0 - 0 - 2 ungroudonchan.com/4/3233247 139.45.197.238
2022-11-30 19:39:43 +0000
0 - 0 - 3 waufooke.com/4/3393192/ 139.45.197.238
2022-11-30 16:14:05 +0000
0 - 0 - 7 untropiuson.com/4/5368898/ 139.45.197.238
2022-11-30 13:49:53 +0000
0 - 0 - 2 whairtoa.com/ 139.45.197.238

Last 5 reports on ASN: RETN Limited

Date UQ / IDS / BL URL IP
2022-12-01 04:30:28 +0000
0 - 0 - 1 pushsar.com/pfe/current/qf.html?action=omnatu (...) 139.45.197.251
2022-12-01 02:19:07 +0000
0 - 0 - 3 waufooke.com/4/3296904/ 139.45.197.238
2022-12-01 01:57:26 +0000
0 - 0 - 4 l.apphomeforbests.com/ 139.45.197.151
2022-12-01 01:56:17 +0000
0 - 0 - 4 j.apphomeforbests.com/ 139.45.197.151
2022-12-01 00:45:02 +0000
0 - 0 - 2 overzubatan.com/ 139.45.197.239

Last 5 reports on domain: viapawniarda.com

Date UQ / IDS / BL URL IP
2022-11-29 08:11:23 +0000
0 - 0 - 4 viapawniarda.com/4/5189437/ 139.45.197.238
2022-11-28 04:19:25 +0000
0 - 0 - 4 viapawniarda.com/4/5303318/ 139.45.197.238
2022-11-27 15:20:51 +0000
0 - 0 - 17 viapawniarda.com/4/5545650/ 139.45.197.238
2022-11-26 03:07:55 +0000
0 - 0 - 9 viapawniarda.com/4/5189437/ 139.45.197.238
2022-11-25 12:09:38 +0000
0 - 0 - 2 viapawniarda.com/4/5189437/ 139.45.197.238

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-01 00:03:17 +0000
0 - 0 - 5 gainrulesurvey.top/finance-survey.html?z=5072 (...) 172.67.154.121
2022-11-30 21:13:15 +0000
0 - 0 - 3 dgmojo.com/fts/1rhVtiv1JLBb-1pdzh954JRAK 188.114.97.1
2022-11-30 20:53:19 +0000
0 - 0 - 10 mkuu.2659b.xk.wy5532.com/ 199.115.115.118
2022-11-30 16:14:05 +0000
0 - 0 - 7 untropiuson.com/4/5368898/ 139.45.197.238
2022-11-30 11:29:20 +0000
0 - 0 - 3 dti.easymoneysurvey.space/finance-survey.html (...) 104.21.91.112


JavaScript

Executed Scripts (17)


Executed Evals (1)

#1 JavaScript::Eval (size: 80, repeated: 1) - SHA256: 1cca9987e529903bc4ab3a3d9e28205740e6eaee62ab0f1f53b25e1978186a8b

                                        (() => {
    const a = async
    function name() {};
    window['3ef5oloq6xy'] = true;
})()
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 4, repeated: 1) - SHA256: b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0

                                        2022
                                    


HTTP Transactions (59)


Request Response
                                        
                                            GET /4/5545650/ HTTP/1.1 
Host: viapawniarda.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         139.45.197.238
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
                                        
Server: nginx
Date: Tue, 22 Nov 2022 19:17:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: b453235dcc8e731ec7364fe0ef7ae36b
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=84c9d55b9f6646da98cc05defdb18c75; expires=Wed, 22 Nov 2023 19:17:23 GMT; path=/ oaidts=1669144643; expires=Wed, 22 Nov 2023 19:17:23 GMT; path=/ syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Size:   2956
Md5:    3a3971811d95c23d426a40a7c57755fe
Sha1:   5877f7552ed5718ba0755ff1505c5501ed849bcb
Sha256: ad69dea27df4a46927f9d4422d8719544e5cda8d7cfd1d7da58e03ed5706924d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9977
Expires: Tue, 22 Nov 2022 22:03:40 GMT
Date: Tue, 22 Nov 2022 19:17:23 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6110
Cache-Control: max-age=147342
Date: Tue, 22 Nov 2022 19:17:23 GMT
Etag: "637ca4f3-1d7"
Expires: Thu, 24 Nov 2022 12:13:05 GMT
Last-Modified: Tue, 22 Nov 2022 10:31:15 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9750
Expires: Tue, 22 Nov 2022 21:59:53 GMT
Date: Tue, 22 Nov 2022 19:17:23 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 22 Nov 2022 19:09:19 GMT
cache-control: public,max-age=3600
age: 484
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 81t92YNaBoWOBHFryWZ6rvdoFLrIbq/ell1xRdkwOBEaTTOxfFiXJgszPJlOxrQ0e4TaG7k1A/A=
x-amz-request-id: H6ZX3SSFV6HPXACM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 22 Nov 2022 18:42:41 GMT
age: 2082
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 22 Nov 2022 19:17:23 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: viapawniarda.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viapawniarda.com/4/5545650/
Cookie: OAID=84c9d55b9f6646da98cc05defdb18c75; oaidts=1669144643

                                         
                                         139.45.197.238
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Tue, 22 Nov 2022 19:17:23 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 22 Nov 2022 19:08:53 GMT
cache-control: public,max-age=3600
age: 511
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 22 Nov 2022 19:17:24 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 06:25:22 GMT
Expires: Mon, 28 Nov 2022 06:25:21 GMT
Etag: "0a6f467107ca0284e5d9c7a89e2431b3709b41ae"
Cache-Control: max-age=471476,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e4014998c90b41-OSL

                                        
                                            GET /img.gif?f=merge&userId=84c9d55b9f6646da98cc05defdb18c75 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://viapawniarda.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Tue, 22 Nov 2022 19:17:24 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=84c9d55b9f6646da98cc05defdb18c75; expires=Wed, 22 Nov 2023 19:17:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5576
Cache-Control: max-age=141747
Date: Tue, 22 Nov 2022 19:17:24 GMT
Etag: "637c912f-1d7"
Expires: Thu, 24 Nov 2022 10:39:51 GMT
Last-Modified: Tue, 22 Nov 2022 09:06:55 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /?z=5545650&syncedCookie=true&rhd=false HTTP/1.1 
Host: viapawniarda.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 446
Origin: http://viapawniarda.com
Connection: keep-alive
Referer: http://viapawniarda.com/afu.php?zoneid=5545650&var=5545650&rid=VUu1AGkgg4vvaREMoZG78A%3D%3D&rhd=false
Cookie: OAID=84c9d55b9f6646da98cc05defdb18c75; oaidts=1669144643
Upgrade-Insecure-Requests: 1

                                         
                                         139.45.197.238
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Tue, 22 Nov 2022 19:17:24 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 3a2716feb8d8cae505ae0a478d0746bf
Link: <https://takeallsurvey24.top>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://takeallsurvey24.top/finance-survey.html?offer_id=112025&z=5545650&s=619000105437241586&b=13412327&campaignid=14083&var=&ymid=619000105437241586&var_3={var_3}&testinapp=4816639&rdk=rk3
Access-Control-Allow-Origin: http://viapawniarda.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=84c9d55b9f6646da98cc05defdb18c75; expires=Wed, 22 Nov 2023 19:17:24 GMT; path=/ oaidts=1669144643; expires=Wed, 22 Nov 2023 19:17:24 GMT; path=/ syncedCookie=true; expires=Tue, 29 Nov 2022 19:17:24 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "181B2A6FD14B8688916202BB09F7551772666B2F642D73B419572ED51A055974"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20913
Expires: Wed, 23 Nov 2022 01:05:57 GMT
Date: Tue, 22 Nov 2022 19:17:24 GMT
Connection: keep-alive

                                        
                                            GET /finance-survey.html?offer_id=112025&z=5545650&s=619000105437241586&b=13412327&campaignid=14083&var=&ymid=619000105437241586&var_3={var_3}&testinapp=4816639&rdk=rk3 HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=miTetfFFVvcwKMUcxeIbfhJqKX4iOmyxLjetrVeYRlpBuJNWFaxd6xBwz4DpHlUeRQmD89jpOO0j%2F68b%2FntFwAZXFxeztuD47b82IGRJ3lzs8Cy3Ns9x%2B1wx63of1IXAYtbfJtpp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014d1be2b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2224)
Size:   2433
Md5:    8dbb37a4ed5cd49496e7170cf862f2ef
Sha1:   bd79f46f13826374f97b0af4fe4cea466e9bcd63
Sha256: 9cf57a76d2d63240c9386f3e7ea3a906ba124cf6947412a14bd0d5cbaadea39f
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0AuEQZHVJxAoNiO2u1mBaw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.38.198.114
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zadGsgbVMc3akgEJycnxDt4dz5A=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 22 Nov 2022 19:17:25 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 06:25:22 GMT
Expires: Mon, 28 Nov 2022 06:25:21 GMT
Etag: "0a6f467107ca0284e5d9c7a89e2431b3709b41ae"
Cache-Control: max-age=471475,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e4014f7d180b41-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 454
Cache-Control: max-age=104203
Date: Tue, 22 Nov 2022 19:17:25 GMT
Etag: "637c128a-118"
Expires: Thu, 24 Nov 2022 00:14:08 GMT
Last-Modified: Tue, 22 Nov 2022 00:06:34 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 22 Nov 2022 19:17:25 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 06:25:22 GMT
Expires: Mon, 28 Nov 2022 06:25:21 GMT
Etag: "0a6f467107ca0284e5d9c7a89e2431b3709b41ae"
Cache-Control: max-age=471475,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e40150a9a80b65-OSL


--- Additional Info ---
Magic:  data
Size:   2560
Md5:    01b0fe08922b12ead3d22c62ab44aaaf
Sha1:   77545c8b14682fa62e0bea1e2eea7ea9c1689450
Sha256: 396fcd75ab8a5d2058164cb9b7f60d1e92952dd67ea5140613bf77fec9dfca7b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 454
Cache-Control: max-age=104203
Date: Tue, 22 Nov 2022 19:17:25 GMT
Etag: "637c128a-118"
Expires: Thu, 24 Nov 2022 00:14:08 GMT
Last-Modified: Tue, 22 Nov 2022 00:06:34 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /gid.js HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://takeallsurvey24.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Tue, 22 Nov 2022 19:17:25 GMT
content-length: 65
access-control-allow-origin: https://takeallsurvey24.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a0cb20c50e764542af0fb78dcec00c18; expires=Wed, 22 Nov 2023 19:17:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    e6d2f81ef30131346813ef4fe48cb685
Sha1:   2887c5b2414d7fbd4e4c53791d7389503d012c0d
Sha256: 10dd532f9e1d690e7abf990f5c49da82ec3e77f729448c70a79cf39de6606ab0
                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 22 Nov 2022 19:17:25 GMT
Content-Length: 938
Connection: keep-alive
Expires: Sat, 26 Nov 2022 16:41:17 GMT
ETag: "511cd993360647f10db71318098ac2f95243d715"
Last-Modified: Tue, 22 Nov 2022 16:41:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1201
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e40151dcd2b512-OSL

                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 76044
date: Tue, 22 Nov 2022 19:17:25 GMT
access-control-allow-origin: *
etag: "637b3777-1290c"
expires: Tue, 22 Nov 2022 20:17:25 GMT
last-modified: Mon, 21 Nov 2022 11:31:51 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (731)
Size:   76044
Md5:    a4f2d3f045ef341c24c9b9fae42ef3f5
Sha1:   22a94644d409feff849097f01806c3ce94cfd233
Sha256: 6b5ebefc16cfe9b8f9b6a252deac37907445f40540a5d0789b44a8814a023bda
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 22 Nov 2022 19:17:25 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 01:33:16 GMT
Expires: Tue, 29 Nov 2022 01:33:15 GMT
Etag: "78e21c7a408c8ef34065defa22dbcb926f562d9b"
Cache-Control: max-age=540349,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76e401527ab20b41-OSL

                                        
                                            POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1 
Host: datatechonert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1140
Origin: https://takeallsurvey24.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Tue, 22 Nov 2022 19:17:25 GMT
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://takeallsurvey24.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    adb4650bfc9d2a73d4dd69583b0ceb14
Sha1:   1ce399d6e936232aaf2192cd7903a279c5015f22
Sha256: 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:25 GMT
access-control-allow-origin: *
etag: "637b3777-2b"
expires: Tue, 22 Nov 2022 20:17:25 GMT
accept-ranges: bytes
last-modified: Mon, 21 Nov 2022 11:31:51 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /rotate?zz=4292523;4326652;5128285;4949467&var=5545650&uid=a0cb20c50e764542af0fb78dcec00c18 HTTP/1.1 
Host: itcleffaom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://takeallsurvey24.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.237
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 22 Nov 2022 19:17:25 GMT
x-trace-id: 935319186e04cf0b64b8f37cbe3e3d8d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://takeallsurvey24.top
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=a0cb20c50e764542af0fb78dcec00c18; expires=Wed, 22 Nov 2023 19:17:25 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1655
Md5:    78fc6de72c15a237654dd8f89c4e7a34
Sha1:   74bad0080179b905b6004bfbcd9a66427cfa5560
Sha256: 6e38c15a47de1247fa59860997ce7986d2c979823c0a6989c2894d6d48675d83

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8913
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 19:17:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8913
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 19:17:26 GMT
Connection: keep-alive

                                        
                                            GET /js/survey-site.js HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
etag: W/"637ccd97-121e"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 3206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wj1QM27lLc1oZx7oCE4w1Uin70eEfSIGp0F3qS%2B9dnaGVAKBHZKkDn4xE%2BR1jxfU6%2FRumES%2Br9LFfKvoLuIyzk%2Bv7OB6Qd2Aqim9Ts7up1fjFMxBElgSORg1ggSLFUHqUiWi%2B%2B3i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014dfdcbb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4638), with no line terminators
Size:   2119
Md5:    8a4aba79b356bfa6480ff6e9c9c9f67b
Sha1:   13e185e6f4575e137c78c9214635c10490c533ac
Sha256: 755af4cc1b18835ff7d65b306fb37f0a2ddb9ed0f3fd12d7f58d14731a92bd52

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8913
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 19:17:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8913
Expires: Tue, 22 Nov 2022 21:45:59 GMT
Date: Tue, 22 Nov 2022 19:17:26 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5342
x-amzn-requestid: e396cea4-ddae-4b88-a73a-ceafb1e11620
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0b91EMLoAMFYYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63780d25-7f1187713f288a0c158508ea;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 22:54:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: j7GPHu9Gq8cF2_j3-uXucAzJPSBWsFelX1EWZa_2sEW-Vo7b4WlaFg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:40:13 GMT
age: 74233
etag: "2dcc6187d7173ce741975ad4ec24435c9dcb0880"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5342
Md5:    a9e0f5c07511d0f6ad0f2441db92797d
Sha1:   2dcc6187d7173ce741975ad4ec24435c9dcb0880
Sha256: 3c57bf58bab9d54dd152eb0260a203b1cb201a9e2d960f25a0cea685b539ea04
                                        
                                            GET /metrika/metrika_match.html HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 696
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: *
etag: "637b3777-2b8"
expires: Tue, 22 Nov 2022 20:17:26 GMT
last-modified: Mon, 21 Nov 2022 11:31:51 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (540)
Size:   696
Md5:    784e2d6c9868e5d3aca06efb9fc6bdd2
Sha1:   9496aba69de55c6b74b1494d0479772a28a7f29c
Sha256: cf75bbfd28015ee0303483f2224ef09129135c7487ddb6537f999b6095619698
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55f882f4-a410-42f1-919d-e59d9058875d.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7751
x-amzn-requestid: 577947ab-4fbe-4b07-944a-2b65cf5ed6d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b4UE9GJ9IAMFVtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63799a1f-1a26961e20c88cd54a613ddb;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 03:08:15 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: QB2RJo7NR7FMDRC7fC9eLMW99KR7andopIeu4qi0yp_tihE0vtpkXw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 04:49:03 GMT
age: 52103
etag: "f3f2e5a8d14e009d0eaa3d7637730c4c525e3a9a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7751
Md5:    472ceca597feefba355fbd65998977b7
Sha1:   f3f2e5a8d14e009d0eaa3d7637730c4c525e3a9a
Sha256: e201f706ba38f04ef07d74a67eec187ad8b882027b96b0e4e700162f96da422f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8089
x-amzn-requestid: f3c55266-9b03-4b7f-b076-fdf56704318e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QQyECioAMFzdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6b-3e10cef6117a10a4115cfce7;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9FO1gkdftjvJFDvAlxwLD63BP-liwnS2MImVhVdjg83wi4xJdM73Kg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:35:40 GMT
age: 78106
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8089
Md5:    c8f6118fc03f31862ff68fef8a2b9a7f
Sha1:   318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
Sha256: cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39
                                        
                                            GET /js/data/_global-config-sd.js?v=5 HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
cf-polished: origSize=683
etag: W/"637ccd97-2ab"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 3206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x0So1ggkzZDRN2KDzKxrthxyE5c%2Bfp%2B1if1jSuP7onPm4VlBZ3cWh%2BwUmpgxfpTCet3oISdQGmIkLTacsdJctu%2FiVQmmYEIpdF%2BctOT998SJDmZfxcF0foDWy7Eg2IHmMtSeSzIl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014ded90b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (370), with no line terminators
Size:   6301
Md5:    a0323405408e9f8ebfb5ee9c19933fcc
Sha1:   c04c6642211cd76f5242710703f5122b1a8dfe77
Sha256: 6718681be59553d5fc2415afe4e62d1e46f2fdf2048a456e9dcb97bbb251e1f1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4639
x-amzn-requestid: 8a93fa29-158b-4402-aac4-85ad29a74ae1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-I6oELooAMFWFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637beeaa-5a85509b26d9aeef7ae59b4c;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:33:30 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bmrDryUp_4bvIikGkppa36e9isEfvK0gjunV6xmU5ApJtxlLR_GYkA==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:05:18 GMT
age: 76328
etag: "12e2654db1f384bb04f5c5042848b25dda86b710"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4639
Md5:    dafd9e17dc0023e71ae513c6025e4b80
Sha1:   12e2654db1f384bb04f5c5042848b25dda86b710
Sha256: e9c885a102dc811648cec4ac292db63564e81a48d7a3611cb31fba73b37286dd
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8685
x-amzn-requestid: 66455cc7-83d7-4570-99f9-5fa838da947f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrAHwKoAMFUHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee46-354d65e9609bc05647556a5a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -9tZPsMl7i5hr0N1rwJdQBLiOImuEO12RDL0pcPNjf6t-LkRbPaN2A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:58:29 GMT
age: 76737
etag: "b8c928f93a8d82b48491448d811a95ad99dc6aef"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8685
Md5:    2ed6b76d15fc8d6295acdb6fb47461d3
Sha1:   b8c928f93a8d82b48491448d811a95ad99dc6aef
Sha256: de326836a9de677438b9ae724198e94348b0900c62817ff10de3677ce93fdae0
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 22 Nov 2022 19:17:26 GMT
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 26 Nov 2022 16:12:47 GMT
ETag: "320915d955ed01ef544850764c181acb1c270666"
Last-Modified: Tue, 22 Nov 2022 16:12:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 563
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76e40156f810b512-OSL


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    edb18098030b9cf6ccf62d58343cb5db
Sha1:   320915d955ed01ef544850764c181acb1c270666
Sha256: de99cfa7384ec9a647dac117dc92587bbfffad3e76f1bdb74bac6c8539ad776d
                                        
                                            GET /metrica?id=411976381 HTTP/1.1 
Host: adfstat.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mc.yandex.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         87.250.250.145
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Tue, 22 Nov 2022 19:17:26 GMT
Content-Length: 15
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=10, immutable


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   15
Md5:    0c776997933eb60833b37beaf43814c8
Sha1:   bff63526eb02853c6b414ccfb4d00ac9ca283930
Sha256: 3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Ftakeallsurvey24.top%2FonAdexCall&page-ref=https%3A%2F%2Ftakeallsurvey24.top%2Ffinance-survey.html%3Foffer_id%3D112025%26z%3D5545650%26s%3D619000105437241586%26b%3D13412327%26campaignid%3D14083%26var%3D%26ymid%3D619000105437241586%26var_3%3D%257Bvar_3%257D%26testinapp%3D4816639%26rdk%3Drk3%26utm_medium%3D5545650%26utm_source%3Dzd_14083%26utm_term%3D13412327%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669144645_6638743fbf2f37406139888b609d32a512089e1a44b1ae70f2bbdb36092a018f&browser-info=ar%3A1%3Avf%3Aynz2f7f3y7l8rj188tji4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A930%3Acn%3A1%3Adp%3A0%3Als%3A1586562887013%3Ahid%3A411976381%3Az%3A0%3Ai%3A20221122191725%3Aet%3A1669144646%3Ac%3A1%3Arn%3A237102764%3Arqn%3A3%3Au%3A1669144645998193932%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669144644625%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669144646%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)mtb(129)rqnt(3)aw(1)efid(1)fip(1)ti(0)&force-urlencoded=1&site-info=%7B%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 22-Nov-2022 19:17:26 GMT
last-modified: Tue, 22-Nov-2022 19:17:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Ftakeallsurvey24.top%2FonUnique&page-ref=https%3A%2F%2Ftakeallsurvey24.top%2Ffinance-survey.html%3Foffer_id%3D112025%26z%3D5545650%26s%3D619000105437241586%26b%3D13412327%26campaignid%3D14083%26var%3D%26ymid%3D619000105437241586%26var_3%3D%257Bvar_3%257D%26testinapp%3D4816639%26rdk%3Drk3%26utm_medium%3D5545650%26utm_source%3Dzd_14083%26utm_term%3D13412327%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669144645_6638743fbf2f37406139888b609d32a512089e1a44b1ae70f2bbdb36092a018f&browser-info=ar%3A1%3Avf%3Aynz2f7f3y7l8rj188tji4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A930%3Acn%3A1%3Adp%3A0%3Als%3A1586562887013%3Ahid%3A411976381%3Az%3A0%3Ai%3A20221122191725%3Aet%3A1669144646%3Ac%3A1%3Arn%3A558797942%3Arqn%3A4%3Au%3A1669144645998193932%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669144644625%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669144646%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)mtb(129)rqnt(4)aw(1)efid(1)fip(1)ti(0)&force-urlencoded=1&site-info=%7B%22isUnique%22%3Atrue%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 22-Nov-2022 19:17:26 GMT
last-modified: Tue, 22-Nov-2022 19:17:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Ftakeallsurvey24.top%2FonAdexLoad&page-ref=https%3A%2F%2Ftakeallsurvey24.top%2Ffinance-survey.html%3Foffer_id%3D112025%26z%3D5545650%26s%3D619000105437241586%26b%3D13412327%26campaignid%3D14083%26var%3D%26ymid%3D619000105437241586%26var_3%3D%257Bvar_3%257D%26testinapp%3D4816639%26rdk%3Drk3%26utm_medium%3D5545650%26utm_source%3Dzd_14083%26utm_term%3D13412327%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669144645_6638743fbf2f37406139888b609d32a512089e1a44b1ae70f2bbdb36092a018f&browser-info=ar%3A1%3Avf%3Aynz2f7f3y7l8rj188tji4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A930%3Acn%3A1%3Adp%3A0%3Als%3A1586562887013%3Ahid%3A411976381%3Az%3A0%3Ai%3A20221122191725%3Aet%3A1669144646%3Ac%3A1%3Arn%3A487448681%3Arqn%3A6%3Au%3A1669144645998193932%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669144644625%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669144646%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)mtb(129)rqnt(6)aw(1)efid(1)fip(1)ti(0)&force-urlencoded=1&site-info=%7B%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 22-Nov-2022 19:17:26 GMT
last-modified: Tue, 22-Nov-2022 19:17:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Ftakeallsurvey24.top%2FonStepChange&page-ref=https%3A%2F%2Ftakeallsurvey24.top%2Ffinance-survey.html%3Foffer_id%3D112025%26z%3D5545650%26s%3D619000105437241586%26b%3D13412327%26campaignid%3D14083%26var%3D%26ymid%3D619000105437241586%26var_3%3D%257Bvar_3%257D%26testinapp%3D4816639%26rdk%3Drk3%26utm_medium%3D5545650%26utm_source%3Dzd_14083%26utm_term%3D13412327%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669144645_6638743fbf2f37406139888b609d32a512089e1a44b1ae70f2bbdb36092a018f&browser-info=ar%3A1%3Avf%3Aynz2f7f3y7l8rj188tji4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A930%3Acn%3A1%3Adp%3A0%3Als%3A1586562887013%3Ahid%3A411976381%3Az%3A0%3Ai%3A20221122191725%3Aet%3A1669144646%3Ac%3A1%3Arn%3A809634851%3Arqn%3A5%3Au%3A1669144645998193932%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669144644625%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669144646%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)mtb(129)rqnt(5)aw(1)efid(1)fip(1)ti(0)&force-urlencoded=1&site-info=%7B%22stepName%22%3A%22main%22%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 22-Nov-2022 19:17:26 GMT
last-modified: Tue, 22-Nov-2022 19:17:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Ftakeallsurvey24.top%2FonSurveyStart&page-ref=https%3A%2F%2Ftakeallsurvey24.top%2Ffinance-survey.html%3Foffer_id%3D112025%26z%3D5545650%26s%3D619000105437241586%26b%3D13412327%26campaignid%3D14083%26var%3D%26ymid%3D619000105437241586%26var_3%3D%257Bvar_3%257D%26testinapp%3D4816639%26rdk%3Drk3%26utm_medium%3D5545650%26utm_source%3Dzd_14083%26utm_term%3D13412327%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669144645_6638743fbf2f37406139888b609d32a512089e1a44b1ae70f2bbdb36092a018f&browser-info=ar%3A1%3Avf%3Aynz2f7f3y7l8rj188tji4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A930%3Acn%3A1%3Adp%3A0%3Als%3A1586562887013%3Ahid%3A411976381%3Az%3A0%3Ai%3A20221122191725%3Aet%3A1669144646%3Ac%3A1%3Arn%3A220350376%3Arqn%3A2%3Au%3A1669144645998193932%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C904%2C904%2C0%2C%3Aco%3A0%3Ans%3A1669144644625%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669144646%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)mtb(129)rqnt(2)aw(1)efid(1)fip(1)ti(0)&force-urlencoded=1&site-info=%7B%22userOfferId%22%3A%22112025%22%2C%22userSurveyId%22%3A111203000%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 22-Nov-2022 19:17:26 GMT
last-modified: Tue, 22-Nov-2022 19:17:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Ftakeallsurvey24.top%2FonNotificationPermission&page-ref=https%3A%2F%2Ftakeallsurvey24.top%2Ffinance-survey.html%3Foffer_id%3D112025%26z%3D5545650%26s%3D619000105437241586%26b%3D13412327%26campaignid%3D14083%26var%3D%26ymid%3D619000105437241586%26var_3%3D%257Bvar_3%257D%26testinapp%3D4816639%26rdk%3Drk3%26utm_medium%3D5545650%26utm_source%3Dzd_14083%26utm_term%3D13412327%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669144645_6638743fbf2f37406139888b609d32a512089e1a44b1ae70f2bbdb36092a018f&browser-info=ar%3A1%3Avf%3Aynz2f7f3y7l8rj188tji4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A930%3Acn%3A1%3Adp%3A0%3Als%3A1586562887013%3Ahid%3A411976381%3Az%3A0%3Ai%3A20221122191725%3Aet%3A1669144646%3Ac%3A1%3Arn%3A366959195%3Arqn%3A7%3Au%3A1669144645998193932%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669144644625%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669144646%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)mtb(129)rqnt(7)aw(1)efid(1)fip(1)ti(0)&force-urlencoded=1&site-info=%7B%22notificationPermission%22%3A%7B%7D%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 22-Nov-2022 19:17:26 GMT
last-modified: Tue, 22-Nov-2022 19:17:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Ftakeallsurvey24.top%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Ftakeallsurvey24.top%2Ffinance-survey.html%3Foffer_id%3D112025%26z%3D5545650%26s%3D619000105437241586%26b%3D13412327%26campaignid%3D14083%26var%3D%26ymid%3D619000105437241586%26var_3%3D%257Bvar_3%257D%26testinapp%3D4816639%26rdk%3Drk3%26utm_medium%3D5545650%26utm_source%3Dzd_14083%26utm_term%3D13412327%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669144645_6638743fbf2f37406139888b609d32a512089e1a44b1ae70f2bbdb36092a018f&browser-info=ar%3A1%3Avf%3Aynz2f7f3y7l8rj188tji4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A930%3Acn%3A1%3Adp%3A0%3Als%3A1586562887013%3Ahid%3A411976381%3Az%3A0%3Ai%3A20221122191725%3Aet%3A1669144646%3Ac%3A1%3Arn%3A880540583%3Arqn%3A9%3Au%3A1669144645998193932%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669144644625%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669144646%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)mtb(129)rqnt(9)aw(1)efid(1)fip(1)ti(0)&force-urlencoded=1&site-info=%7B%22trafficQuality%22%3A%22alert%22%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 22-Nov-2022 19:17:26 GMT
last-modified: Tue, 22-Nov-2022 19:17:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /watch/66423859/1?page-url=goal%3A%2F%2Ftakeallsurvey24.top%2FonGetIppRotate&page-ref=https%3A%2F%2Ftakeallsurvey24.top%2Ffinance-survey.html%3Foffer_id%3D112025%26z%3D5545650%26s%3D619000105437241586%26b%3D13412327%26campaignid%3D14083%26var%3D%26ymid%3D619000105437241586%26var_3%3D%257Bvar_3%257D%26testinapp%3D4816639%26rdk%3Drk3%26utm_medium%3D5545650%26utm_source%3Dzd_14083%26utm_term%3D13412327%26utm_content%3Dzd_public_v2&charset=utf-8&hittoken=1669144645_6638743fbf2f37406139888b609d32a512089e1a44b1ae70f2bbdb36092a018f&browser-info=ar%3A1%3Avf%3Aynz2f7f3y7l8rj188tji4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A930%3Acn%3A1%3Adp%3A0%3Als%3A1586562887013%3Ahid%3A411976381%3Az%3A0%3Ai%3A20221122191725%3Aet%3A1669144646%3Ac%3A1%3Arn%3A65950105%3Arqn%3A8%3Au%3A1669144645998193932%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1669144644625%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669144646%3At%3AWould%20You%20Make%20A%20Great%20Career%20Online%20And%20Become%20A%20Millionaire%20By%202022%3F&t=gdpr(14)mc(g-8)clc(0-0-0)mtb(129)rqnt(8)aw(1)efid(1)fip(1)ti(0)&force-urlencoded=1&site-info=%7B%22getIppLinkTime%22%3A0%2C%22mainExitDirection%22%3A%22ipp%22%2C%22teenageExitDirection%22%3A%22ipp%22%2C%22mainExitPopunderDirection%22%3A%22ipp%22%2C%22teenageExitPopunderDirection%22%3A%22ipp%22%7D HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Tue, 22 Nov 2022 19:17:26 GMT
access-control-allow-origin: null
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 22-Nov-2022 19:17:26 GMT
last-modified: Tue, 22-Nov-2022 19:17:26 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7DBCB46E259050720D03A8A04194CA7317139BA4229BDC6977A09BD9525B0462"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20018
Expires: Wed, 23 Nov 2022 00:51:10 GMT
Date: Tue, 22 Nov 2022 19:17:32 GMT
Connection: keep-alive

                                        
                                            GET /css/survey.css?v=2 HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
cf-polished: origSize=19859
etag: W/"637ccd97-4d93"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 3206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YoAwRsJLCLZrWth07ZB2NAF6bUC7hSqa92zi%2BwhlFmr9cN%2BV%2FdtgmBmxSwM2PGFpqQhD%2FsRTqX5EHsrQniaMJQXkkTMUDtarrvJfRz7SVOGhbYacOiqy070Jmj28Rwny8P6tVUYV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014ded9ab4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/survey.js?v=16 HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
etag: W/"637ccd97-4c18c"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 3206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mu%2BK4s9ZpPvmBns4DXJr%2Fh4yHY9wae0r5gA75X7F2h%2FJP3Nrxem%2BRDT%2B0SmtNKMbvzisojY5S7rlRov6irLX2I8yS15o6hPAPx781AcSQkmsT5PBpC6QZ5xRKu5TdEOaFitxC9RC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014dfdceb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css/style.css?v=1 HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
cf-polished: origSize=40821
etag: W/"637ccd97-9f75"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 3206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IacrQRruudEA63MUlpXzvHKxAcNU%2B2ADmd8nsqBh3LQvTSigrg11%2BIz%2BGq8%2FbUCsstDPP2veIhIW4lN7188kdYfiHozfriuE1u2NQRl0LEBTU3aeJAFAWUxftNGqhHPtjuHoZ4LY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014dfdc4b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /css/finance-many.css?v=1 HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
cf-polished: origSize=16082
etag: W/"637ccd97-3ed2"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ScgNTYsB%2BurRPi10AudPDYadnw9j0pNiOgbOyQrm2gXGFcltGhjXf6pq0KGAJFkFnYBs0N4wWo955yxy7RSrggufhtGLhtJeVwTePQpgfQLqJ078qXnoDx3TNtiuPl98xsQpaK4O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014dfdc7b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /img/icon-survey.svg HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
etag: W/"637ccd97-c26"
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WcRIFSbe1vH0K2VIbPV98F2I5anNjYqUF%2B1Ewn%2FYN%2BrfBW1aVX%2BlJawJa5LcUtycLjbjgSDMIjbEgr4Rbt9bXmXlkjeWhdMsnqpqMyt0y2goaYTDL4y%2Bxo%2BXxfmwjVhqSeThUaa2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014dfdc9b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/data/rtc.js?v=2 HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
cf-polished: origSize=14949
etag: W/"637ccd97-3a65"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 3206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2btM680NDN2vZ8r1Ut3mveGdiXTeeVtM%2BaQ4hvixwYfjXN4EZ9hBVyZGzNjSS7GoL05ic71YO9iQYAQ2tr7B1h3JOKiPhti42o1rer%2Fr6HHfNg0%2F7xs54yWSNtg5tNhodvR5vvlZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014ded95b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /js/config.js?v=10 HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
etag: W/"637ccd97-11c13"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 3206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIo0HGwUY3WFH8etBmL%2BUegKc7vPg07vmLrNwcpo4H2uMCrNs3envuq9n09Tbc60VWDbAgGqiskSW9m%2BTdQnXFtITToFV%2FZPnZ72iIUzSIVIwNGTCN%2BIVZ3YE%2F8TBJpOr0kdArlb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014ded98b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/binom-pixel.js HTTP/1.1 
Host: takeallsurvey24.top
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.91.69
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 22 Nov 2022 19:17:24 GMT
cf-bgj: minify
etag: W/"637ccd97-4de"
last-modified: Tue, 22 Nov 2022 13:24:39 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRnRha5fWHMXlKczyZ3xO0epvgrELvQvS%2BRzImavEDkvpMT1KTAFpaV1zxpg9oPXLdGfX8HQAzldq%2FnbwwWjaiHngYB%2BfMjoDbVpG2XRwcYk9EnZeJwkpvpgp8vWUaizXk%2BoL3Sr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76e4014dfdcfb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /stattag.js HTTP/1.1 
Host: cdntechone.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.149.153
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 22 Nov 2022 19:17:25 GMT
last-modified: Tue, 18 Oct 2022 14:05:52 GMT
etag: W/"634eb2c0-32b7"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xNVuzC4ZjbASM45APNH6pVAWg3yML9hojmV%2FsrrXuI98Q1Em%2BpvDWb4f6KCWPd%2FL41GEUFktwtIFbTqV%2FhRege5uXQ2%2B7a9sENtqC7atIndPAPoV7bNhlF8nuFsSWVSkTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76e40150ee0db500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---