promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
172.67.172.133200 OK 5.6 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
IP 172.67.172.133:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1663)
Hash 2e002f6aecdd7bc971dc5224c22fb96a
7200efb4868be4030be135bbb7901fceeb0a7aa0
a1f8ad6e2751d8f96cf18bd41eb48d056a4841fa325395f9252be9856f25cd17
Analyzer Verdict Alert fortinet Phishing
GET /n/27/4/z-nrg/nz/no_teaser.html HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Wed, 08 Feb 2023 21:33:31 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YXSXyDVVOIBpm0JSjjojeNlc0c66cGOeHR7lTL5XoIVVBPpogQruaEwaEyEt0zwgJmwuhCHkqWonEZN0BDiyRW%2BHpKD0aGdulSsZymGLfGwbWCmfAwModknJBabiLPja%2B2DGOBsPEGIK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bedc8a3b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3212
Expires: Wed, 08 Feb 2023 22:27:03 GMT
Date: Wed, 08 Feb 2023 21:33:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2594
Expires: Wed, 08 Feb 2023 22:16:45 GMT
Date: Wed, 08 Feb 2023 21:33:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8648
Expires: Wed, 08 Feb 2023 23:57:39 GMT
Date: Wed, 08 Feb 2023 21:33:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 20:36:43 GMT
content-type: application/json
age: 3408
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: F4HR18WHqwAwvBoCBF1IjBfS6jFIMXt0VwQRImAowIr5VqLjNUGD7hUL/GTCB8LeGaoKR09zc+8=
x-amz-request-id: 5WRYAPPM7NWFQHWH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 20:46:06 GMT
age: 2845
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 21:33:31 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/style.min.css
172.67.172.133200 OK 2.7 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/style.min.css
IP 172.67.172.133:0
Hash b517b96ac4aeaf99a9bd4eb88e070705
f3f725f09fea74f5a7413967b79540a55953b26a
96948685e3177cae07707ac500021af40586c3877e43858610bd3f6a33b8301a
GET /n/27/4/z-nrg/nz/css/style.min.css HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: W/"63e3ca5a-34a2"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OyQQraGc%2FuqyswAH1bEcUdb9%2Fm1cyR%2FaP89VV5YwBXMtn3h%2BGJ4ibAaQ%2BmIUVqwEuNQf7nfhA57UQus%2BXSaPqsyhOF8CIxOV2TNEFASkXYeQE%2FdMf4Web1jnIvODAuivNXm1JO8cbSw9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bef6da2b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/assets/css/fonts.css
172.67.172.133404 Not Found 139 B URL HTTP/1.1 promo.quiztionnaire.uk/n/27/assets/css/fonts.css
IP 172.67.172.133:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b855016a5ebfd0a9ddd4aa7b8000e375
06b7d93f43a4b9141c5754e92b1d1271b7b36b6f
efeeb2cbbc306a665997633e5da4bf4349f5373453b0049479302bc307ebd355
GET /n/27/assets/css/fonts.css HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 404 Not Found
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44nCsV07peJwujwPsGi5KcCj%2BwMShGg3fMGTeTHbzxAiva%2Bw4DbMVDrRjJiIgusdr3%2BJ4iC1%2BA4wYoJLWrdNLsTpcOA89T5%2BLrXe0s1imgwwh%2FyUgB4UEI955kRmFmt4PdSf14oYRSEv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bef6847b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/assets/js/script_nojquery.js
172.67.172.133200 OK 342 B URL HTTP/1.1 promo.quiztionnaire.uk/n/27/assets/js/script_nojquery.js
IP 172.67.172.133:0
File type ASCII text, with very long lines (674), with no line terminators
Hash 7c66a03816d852f0c2faf6bd1aa909ed
e6b6659e593b22ea4011fe93f5d9c49b91148c5f
39e58e847b43b723577db2c00e348b9e9ac22104dca978df28c60204cfdb86d4
Analyzer Verdict Alert fortinet Phishing
GET /n/27/assets/js/script_nojquery.js HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: W/"63e3ca5a-2a2"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B558WrnQbBu4TCTX5%2BuF0yc2Tlw%2B6YporPDOVkbFxt%2B%2BmsGS42nXQRpxvx5t85DwLaVklLFU6JOfMMdG5LdyBPd5inqP6NVjVxuWlkWxrWe6pWUNlnsL6NYOiBcT1bFNUINvN4amqUks"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bef6fcbb521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/assets/css/animate.css
172.67.172.133200 OK 698 B URL HTTP/1.1 promo.quiztionnaire.uk/n/27/assets/css/animate.css
IP 172.67.172.133:0
Hash 294d52a591cd80520c03974d1b1d0735
80463fe28f7d9cf814ac239ffe65b13954471b99
d5ba84f3bef5b5ea375aa687c0886473730830435cc8ded4da7ba04aeb9056c5
GET /n/27/assets/css/animate.css HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: W/"63e3ca5a-1578"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dekJMPmyg%2BIuuzdC1FiCdwpi2ZRoh%2FaCAJ8E24VByyNjKJZ%2BnS5WVUHZCNIyqdVJP%2B4VlaKnFUFBlhWh5W9QjmcMqLUOxRFb1m6S4g%2FX0E3IKzm7HUxLYwvx2s89QR35%2FAlljJT4Rcw%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bef6ffc1c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/fbcoms.min.css
172.67.172.133200 OK 381 B URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/fbcoms.min.css
IP 172.67.172.133:0
Hash f8c10925268cbf0331ac3c76d5452448
8dc165b5050e74cbb56893ef22922f78fb55a10e
1ac018becfaaab298bbcb4cba925d5de730a668819d8bf521b8289abaad3fc08
GET /ssi/elements/base/comments/fbcoms.min.css HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: W/"63e3ca60-33c"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZD%2FZ%2BzPujSLJCGsy5OAA1ZtsIFmxkz%2BIek5gt0d%2BVMzUiq6ewtSAZnwYpgVs2F3J6PmDH42ElJc1gTmzD1LHIYhx0I4GU%2FY3Z0p7l7NOKpQrDcw6bMlBTI0kRgLHpQKs%2FNfCJGcp6es"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bef99cab4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/main.css
172.67.172.133200 OK 6.0 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/main.css
IP 172.67.172.133:0
Hash d52fccd828f223616bbd41545f9676c0
0e74de507733b37027ee651d2b6cfc57100d2aa3
ac6355bb5f3f1739d1959af413820bf4e56bc0f378cbc5593923013f24141892
GET /n/27/4/z-nrg/nz/css/main.css HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: W/"63e3ca5a-898b"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F9txHHswFIiimpgL5bSbZgc8z4e7i4l7R%2BwcTN5fG0grOYyn0AoaZ1GjftmS8yZKZxEpHmDcN8p5VEcLzrzJwJgBrZrdb6mOuT4Ytnyttrj6D9gctXBBF5NyrCPIj1XVDXngmUPlLYuv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bef6ae7b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/style.css
172.67.172.133200 OK 1.7 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/style.css
IP 172.67.172.133:0
Hash e9fd41ae3e22eee42cbe5a30dbe38607
ae1730752295382c2b0beba0ae997a7e4826841e
208d14352567358e840760c42d41e2898323f5b9e3b80f948ec597b51cf18366
GET /ssi/elements/base/comments/style.css HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: W/"63e3ca60-14cc"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pzg%2Bo7aEsa%2BJcxQnANcZ9SNgs8WX5ee043cEAXumq%2FGt%2Fa1ijsl%2BCWHiOlm2FccUKke5I%2FafoU4FSl9F%2FQvxAgHCO9mLTBqYAuvMu6HjHQP7%2ByGrNu9fs1X%2FUIbuiwWVZYiDuEr7Kxle"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677beffa05b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/fbcom.js
172.67.172.133200 OK 356 B URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/fbcom.js
IP 172.67.172.133:0
Hash 4960b86f5ee3df06d046a09f7bd275b3
ebc48bb7e186bf44ba24532091b3c0a0093a316b
429c9b5aa7bb0be40d837c267c31e07339ec97c3dd0fe209ab6c1a698abe16b9
Analyzer Verdict Alert fortinet Phishing
GET /ssi/elements/base/comments/fbcom.js HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: W/"63e3ca60-4de"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V56LDYe3XhtwLyZSubJd0fVJO2rCNOlfTyjV2VqHX4XPPoGGDyNfqqTm3cNBvZ4mD6criJcV0aOY55bz13QBPDnyvq8ge4WKRWLU0bhYCr4yuVYwVVDTd101TNx964W9NnXs%2BmZB6P%2BH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677beffeaab506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/assets/js/stepsCounter_nojquery.js
172.67.172.133200 OK 206 B URL HTTP/1.1 promo.quiztionnaire.uk/n/27/assets/js/stepsCounter_nojquery.js
IP 172.67.172.133:0
Hash a56d4e894d1f6db4f1724ec248d1ebd1
e52f0ff204879731c07ab9d4b8f1aa0addc50da8
8367457383a3dddee6495001d49d046f902da535e4e8eace2062254692638646
Analyzer Verdict Alert fortinet Phishing
GET /n/27/assets/js/stepsCounter_nojquery.js HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: W/"63e3ca5a-1e5"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QzeflnqatFCDnhrDhhYd%2FkNA0Of%2F4K9Uje14%2Fh7H1CQbJ1uBPefoYTw%2FX6rkNkG5u7o0np5YbHeAJlScIdKmDLyxYOjd1l%2BfP1a05GnYa%2Fpc1rE5bTdbIVEOnTexyP%2Bf70KEnPR%2F54SV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677beff8c0b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/normalize.css
172.67.172.133200 OK 884 B URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/normalize.css
IP 172.67.172.133:0
File type ASCII text, with very long lines (1880)
Hash 76a81ae22dabe61929658dd1da6c07d6
ab2248dc64b6371e3a1ade09f7bfa3071d0f415a
a005d93026fb35dfd26d9d1c7683e1dd1d8fe500e13567d904eed247da6b2306
GET /n/27/4/z-nrg/nz/css/normalize.css HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: W/"63e3ca5a-75b"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8djqQhG7jGoonArY1v6PGCyvamx%2FjtxQ9ft6xe%2B9X13AmS7o84O2AaBS7HsgiGlqR51Bpl%2B49ICZr2D12xQW3W37iLiMObDYbbL4d0u1824P7vmipmxB%2FEl1cJN3L6G8SuerL%2Bj01QP%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf038fb1c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/comment5.jpg
172.67.172.133200 OK 1.6 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/comment5.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash e1e1c4d1673d0daca69e4d04bcffe826
22a7bafb65fc73960b19cbaa172d76a2c72892cf
de8bfe8399e33d61c93d69aa93632a5bbfc49600d8b9a9a970278141bcaf11b2
GET /ssi/elements/base/comments/comment5.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: image/jpeg
Content-Length: 1589
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-635"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtF%2BXpKCT1cQabyrOjal12rAFFkdkGpPzKnLgAswfZNPaTEt4Oy9ED9%2BcYaKfon%2FnC37tVClMOlphOQKdDRDacE21AtBReQR%2FbA2gdfppbL6J2lK58AFp3YF24ejL4JvjgjOrifMCzXe"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf0bceab511-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/guy4.jpg
172.67.172.133200 OK 1.7 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/guy4.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b5170ef71e82c3b9dd3cb0de6b06d36d
c36c6365a983ce3e211817f3edb0260e500b87af
207761ada2128a5b781713077cf76116149b47ba3222c3b6cf88e99dd58857ec
GET /ssi/elements/base/comments/guy4.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: image/jpeg
Content-Length: 1728
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-6c0"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXi5xldVn0FIG0YdPJEN5De%2Fu2%2FshwNzCy54lX39LL32JuMdzjkzVAbT2hlK4rtj2zU%2B90MxIB4zDlwIJOU8kbOz%2F2Zx8vKC%2B%2FD4Wh%2FkB%2BUr4OgNY0a4UXUJLxKsfJX6b8N2hH1y%2BbNm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf0bb08b4f9-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/comment6.jpg
172.67.172.133200 OK 1.6 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/comment6.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 1547bb14a090e26493220e1ac226c956
1f6a7c79b3b167810acf4cf0ee291b08ec9f019b
3f39d61ca486889335b7d2327da4d0c5fa5f5631899a7f020ff7992b40eed55f
GET /ssi/elements/base/comments/comment6.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: image/jpeg
Content-Length: 1631
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-65f"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46XuQEEtWSFJ1LMCD3HZWoeUarwirTEZwbCxYPpUgr7tAt9M0kKq37VubMExbRV%2B1qHhO2Dc1dK921HnwyXfnVK5eeWC5ouDc6%2FWPFZQXgS8PVaTH1mljcyri07%2Bcnb0wPzkrrEKNnhL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf0bfaab506-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/rev1-a.jpg
172.67.172.133200 OK 1.7 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/rev1-a.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash db2bd208a83dd1e61d8c5eb29d17fc5e
e0bd1558f696d871213fb6e7366bb737c9a7dfdf
247aa5d457438d0701a6985631b571826d33a719e0c1b38535ea1e9c023f91e9
GET /ssi/elements/base/comments/rev1-a.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: image/jpeg
Content-Length: 1683
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-693"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EN5Q9SpJs0VTFJgWiudj1pscGnIgkBnhPsCA%2BwijIyUsY4k43IhcyWjax%2BemVVvNKEoUAd3jzdFugA%2BIuJ6Ephh6Bz0m7x%2F7%2FldO6Bf6ls39mvnmat2u2Bt1HU%2F10xMUmlN7M7TVRzE5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf0b9cdb521-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/comment7.jpg
172.67.172.133200 OK 1.5 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/comment7.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 13e3863ddf9ec66e74794a43955a82aa
176abd806ea55961d5f035d0589861864752eaa5
a98374e6ddf8e424cf2e60899912358531a04e42f74943f717730dc8349fe096
GET /ssi/elements/base/comments/comment7.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: image/jpeg
Content-Length: 1461
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-5b5"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R45rRBCA9zTU03YzZsFvBNEz4rYBOg%2FWmEaAVKibQ8MTXPJqKe4EGSbhVDzi6SuEctf0Z65IBwi0ynqui6%2FDSdb%2BpXRnsfxwtfFjC1a%2Fu%2FXoO5laWpJWGBOz%2BYgT92R5WzxC4zqsipfX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf0bc56b505-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89ac44e19cb97fbd13b274f52428ee77
76875182b99336e4f689c0535d7fa45fda90bd38
11c834c15b2deac67a49965f46be4cc9cbd60ae1f261880bc9ee23249acc3372
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11C834C15B2DEAC67A49965F46BE4CC9CBD60AE1F261880BC9EE23249ACC3372"
Last-Modified: Mon, 06 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2030
Expires: Wed, 08 Feb 2023 22:07:21 GMT
Date: Wed, 08 Feb 2023 21:33:31 GMT
Connection: keep-alive
promo.quiztionnaire.uk/ssi/elements/base/comments/guyiphone.jpg
172.67.172.133200 OK 137 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/guyiphone.jpg
IP 172.67.172.133:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=720, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], progressive, precision 8, 960x720, components 3\012- data
Size 137 kB (136915 bytes)
Hash dd8774375e394460704d201cc9183468
9b17b330fae8a45162e594f1e6e20668079f75f6
7537819dfcae5087f73030b210f9ecb6e9561593e656162973c214af01bbf492
GET /ssi/elements/base/comments/guyiphone.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: image/jpeg
Content-Length: 136915
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-216d3"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDDrmTt%2BY%2Fsta5lmMf%2F45tgsXo1PIxqiM3vXM1k6O1QfNTKyJbFTqfLpesaIVfpvGtLwO3dgvALr5asuFNcE%2F6zDCirhKQOj1lUzo9PLOSyjntTU2LmvTV10nI69wrx%2BuvnK8H%2FP260P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf0b9961c02-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 21:14:52 GMT
age: 1119
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89ac44e19cb97fbd13b274f52428ee77
76875182b99336e4f689c0535d7fa45fda90bd38
11c834c15b2deac67a49965f46be4cc9cbd60ae1f261880bc9ee23249acc3372
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11C834C15B2DEAC67A49965F46BE4CC9CBD60AE1F261880BC9EE23249ACC3372"
Last-Modified: Mon, 06 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4174
Expires: Wed, 08 Feb 2023 22:43:05 GMT
Date: Wed, 08 Feb 2023 21:33:31 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 08342c7fa32cfe83358c029b3a0e0c4b
5896200d434417cbd6db6e379d93f044cf924f0d
3f809bd01b634a929ea2419fb265446368dc9bf9ce282cafbdbdd2d339a3d6c1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=94184
Date: Wed, 08 Feb 2023 21:33:31 GMT
Etag: "63e2e213-1d7"
Expires: Thu, 09 Feb 2023 23:43:15 GMT
Last-Modified: Tue, 07 Feb 2023 23:43:15 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fEWjLMAismEKRLUYWDa-YBOowsmlfn7VVpI2w3twVqlQx7MoyVXyfg==
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/p.js
34.78.252.25200 OK 427 kB URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/p.js
IP 34.78.252.25:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 427 kB (427101 bytes)
Hash 438a07d4f1666f16a4fcf0ad1c5398e8
81a9d3e1ae49539d6452a65c39bc4e954c09ca15
416f92a4eccf40cd99a74a075e791cbbb53b1bfa14879db8c833b884515ee7a1
GET /p/5bbb0ba263dcf80100a2e07f/p.js HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:31 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
set-cookie: lid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
plc=5bbb0ba263dcf80100a2e07f; Path=/; Expires=Fri, 07 Feb 2025 21:33:31 GMT; Secure; SameSite=None
qst.sid=s%3Ao_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT.70zxe7fZQM1mdwwG9f%2FxaMUyyf6LKSiIwEQYg%2B1L%2Fuo; Path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
promo.quiztionnaire.uk/assets/img/spinner/puff.svg
172.67.172.133200 OK 400 B URL HTTP/1.1 promo.quiztionnaire.uk/assets/img/spinner/puff.svg
IP 172.67.172.133:0
File type exported SGML document, ASCII text
Hash 7dd989fcb8fd343e23502438a2a42417
a51ce4de459ff7bcbdd551e84dd3863d5f11e939
95a8dce2b2fe53c44606e1cdb909b26cced2da0c0f3b92d7e097d5056d313ddb
Analyzer Verdict Alert fortinet Phishing
GET /assets/img/spinner/puff.svg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:12:40 GMT
ETag: W/"63e3c9f8-5b4"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTnyCmA4D9%2Fv9r4xpoA%2FMiF6EvCaFuOmjHP1Y552rYhuhcb6xZTRKefr3R2cpYUAnvx2YzPKZ3OjacGGxFylQ4dqzRa9ZrAdjfFt4adCkIERX8G7NxloOy1%2Fb5KzwK2sqd3Mx8ULCcM9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf3dc39b506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/like.png
172.67.172.133200 OK 532 B URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/like.png
IP 172.67.172.133:0
File type PNG image data, 15 x 14, 8-bit colormap, non-interlaced\012- data
Hash ff41d4d4197e3de85a1e23a8e0052229
ae524f976c87dff8e73869f1b41cbf49836f56ef
8759cc524e5fc84eed43ac2b300f9c9af83629f464a6eac33805e1bf1866cd6d
GET /ssi/elements/base/comments/like.png HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/ssi/elements/base/comments/fbcoms.min.css
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/png
Content-Length: 532
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-214"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZZvenKv3i9ooO7XJwi%2BDq6wj3ynsjwq6lZwRyPqvFzXDGzAHE2O4MTWWKJ1ZiycbKWI1isoavaiddrYTKIheUMjWqoU6L%2B6agnqOjme38ZYVAZKIQzBKtwJsugUq%2BCWrlVL1deDfO3gG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf3df70b4f9-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/assets/img/logo/qzt_white.png
172.67.172.133200 OK 5.2 kB URL HTTP/1.1 promo.quiztionnaire.uk/assets/img/logo/qzt_white.png
IP 172.67.172.133:0
File type PNG image data, 132 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash bb16bbfca8cdaa042353a79845eeba47
d9bd97b057f4434ecf041129ab978ecf2bec51ce
1639d12a6a23397077fe402a82cad1f71e15e811d621bc235f60a65960d38869
GET /assets/img/logo/qzt_white.png HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/png
Content-Length: 5187
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:12:40 GMT
ETag: "63e3c9f8-1443"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q88v1h70%2ByFRvIf5mn%2FBdkNm5KYM7KGdZ3n9S0dOKjXMnl8OX7%2FQzZa37rF9K1OM%2FLgCXFlA29EFZ5AikzQ78%2BE0rJwWkAMNSZJszXC%2BDIhbsnOaYQT%2BHul1osvOnax2mg94nFOZTH6a"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf3d8c4b511-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/header.png
172.67.172.133200 OK 13 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/header.png
IP 172.67.172.133:0
File type PNG image data, 1068 x 178, 8-bit colormap, non-interlaced\012- data
Hash ec0b67242eed8bf79b31d028e3f0174c
b7e6c512255c731195c438ade832be4d4c90b6c1
48f16603213ce18c16841925bcfca4a3e9b8554120baec72e613bef6b316513b
GET /n/27/4/z-nrg/nz/images/header.png HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/png
Content-Length: 12989
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: "63e3ca5a-32bd"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NwEoGXXs7gDZnEYxygZuACNXB6EP34R%2FIsfMeZHG4hrEUp9CriNWEtHQ%2BvCfERFwB1YJvXdxZ4mf4ISV7yn3cZm1jIpQeicaW0qIze4oYk6zlGj38kU5ZxojCVn0MMyG0JYUIBBM6OO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf3de60b521-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4801
Expires: Wed, 08 Feb 2023 22:53:33 GMT
Date: Wed, 08 Feb 2023 21:33:32 GMT
Connection: keep-alive
promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/prize.png
172.67.172.133200 OK 40 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/prize.png
IP 172.67.172.133:0
File type PNG image data, 580 x 467, 8-bit colormap, non-interlaced\012- data
Hash f2b6d454f92f248528d54a971ea87da4
04cf3e461b51f0741d3107d70c6777ac1333179d
7327772edf543458a21a64e0e274a440a446e0286b8f18ce3d9026f222d61370
GET /n/27/4/z-nrg/nz/images/prize.png HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/png
Content-Length: 39753
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: "63e3ca5a-9b49"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OFvupaJhdbB%2FVEVfotehJbDP8pddbg99Vj5dIz%2Bm2XO0VmU8HAiQmnJQ1jRfPsV1Rb%2BkAOSw9Ho1TdM7oE2piuA9DIqL8RpaaGXJk74VcVRaUu8CvWCOde0RU3JRruf8fA6bAX7wTTZ%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf3dbe7b505-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/background.jpg
172.67.172.133200 OK 55 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/background.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1917x1281, components 3\012- data
Hash 8dabef81a4a058c58a9ff386f49eb94e
0f1b35a1cbdd705723326ec27d1f073455679b06
e3fea1416be38ef2f551365401ee86538463b99438c98ae09ec44f0be8f737ec
GET /n/27/4/z-nrg/nz/images/background.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/jpeg
Content-Length: 55300
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: "63e3ca5a-d804"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rl8AmmRXc1qRWbs4ACZ7tPtZxks4mOrH122EmHiNXFoLJ9Qa3MEQUZPJF4P3AGmRpCUir%2FADrLhD9Y4C9BnRp2svBBOM95lSt6P8sD%2B72raveCHBiTEIZv6ALfleOxsjcqtASP0hvGc5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf3dd9c1c02-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/girl5.jpg
172.67.172.133200 OK 1.4 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/girl5.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b3aba087230e9009ab500a2c3cd32f67
180ba2ba0f3a41dc96c3d4266db37d96adc0b248
e9e064bbaab7738127c4966595fb2dadfe872941f64e0c04e60914c074e66f82
GET /ssi/elements/base/comments/girl5.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/jpeg
Content-Length: 1412
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-584"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wKCUHVrViAZE5WobjGmW%2Bhr%2FisplsBha%2Fx67JwNo0xe9c%2FzORXHaU0FNuK7L%2B2t9aUvX2fEfqDHdamiftWAuWgUrRFiPwsE4HpjschWGbqHZ7pq9%2B0RmTXswfuMvI1TjEwoRUKbmfQnk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf45d20b506-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/comment1.jpg
172.67.172.133200 OK 1.4 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/comment1.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 8a7c43a73eddd2e9ece5f84986c8d38a
4ee82a68568735d8d55cd23573a02a27e250766a
701f4a6b59464cd1c4d3d5a4a3a03b7b325e9e05e5c40b895857e9a53b24172f
GET /ssi/elements/base/comments/comment1.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-57d"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HAPJk44fwk3a%2BQEdQMa9CW6Oe2OtUJXXl2Ci6lYmp6uqrWzpjUNDeiU9I8SaZWcDMTzL92k9qAR0NT7c7nNX%2FA4AMgu7dkkKYi2WlLmYYBu%2FeC4NKz6UMh9oJ0t1gnSQ4yC76ZUNbNde"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf45831b4f9-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/header-wap.png
172.67.172.133200 OK 9.8 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/header-wap.png
IP 172.67.172.133:0
File type PNG image data, 760 x 150, 8-bit colormap, non-interlaced\012- data
Hash df3c81f55d34d489ab9fa5d39ff769ef
918eec50fae0e32aab3f46ca97265c2d655ed204
c78fd29b18025b93264c63e858dc316ddefd580f93f5c14c9e251640ed0701b0
GET /n/27/4/z-nrg/nz/images/header-wap.png HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/png
Content-Length: 9783
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: "63e3ca5a-2637"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQaAJfVU74uC3nxNWJ1DnRKzloMRH2SLcRvOjUKuJOdwIG7%2FVbpyf7nBDdVvcpts%2FLfmTOqXlprpOXNoynSHeTM%2BhZrIERUzyzGth8UB6coI47tdaLBk0nNe2O1akr5XgNZDMV4RK5NW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf469b4b511-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/comment4.jpg
172.67.172.133200 OK 1.3 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/comment4.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash d1f670b5035713dd517347062a64512e
d5981f937557e33953188bfb65399cf2c2385e5f
5ebcec7153928cb12479835071596036b6bf204d5f015f58b7f0687a1e806b97
GET /ssi/elements/base/comments/comment4.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/jpeg
Content-Length: 1307
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-51b"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fq7IEOqcYWogdnLcftcoXJ0AV%2FyJ3ywi0Uj%2F3or7vpRuNqJGa1ytPGHKG0j1HVgN5rKEB0alyc0Q%2Fm7tLbhGrN5NH0VD7rBvrH8fckqmHsRffqZ1PgsPrQsnkvbaNFA45QA7Yxw8atCK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf46f31b521-OSL
alt-svc: h2=":443"; ma=60
cdn.formulead.com/v/country
34.78.252.25200 OK 51 B URL HTTP/1.1 cdn.formulead.com/v/country
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 91440c116c92d75cfc02cd72bd060a82
591d3adc1d1d80e012b0dd0214df1f0438ae37f5
1b35c679adcfb2f8fbf92afcaf9f7a741f3c6273503a54b6c55448e1b2807c80
GET /v/country HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 51
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"33-WR063B0dgOASsN0CFN8fBDiuN/U"
set-cookie: qst.sid=s%3Ah1B6aSVzgowsk--m6sqHQb8t8T0q1hcf.aUyIR8jyJIpnmiO3FbKsuzhif%2BpWUW6BjdVnqAaOHa0; Path=/; HttpOnly
Vary: Accept-Encoding
promo.quiztionnaire.uk/ssi/elements/base/comments/comment8.jpg
172.67.172.133200 OK 1.2 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/comment8.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 4bc4bb8a43aea3578af4a4cffc1ea983
276c96f4d6d1bdf03381d33c92323ca71e795aae
490adcb33271e416d05908764cad72e1f8b6571d0d8b77998633e675c975e344
GET /ssi/elements/base/comments/comment8.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/jpeg
Content-Length: 1160
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-488"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRVs3C%2FWMX2eE34IGFb4Py%2BtxiZw1p%2F%2Box9jgHdmj5%2BWJhhV86v%2BrxxFlX6LLFAvd8TBjbi8LCzB1kdqQreVcrsvC%2Fue7RSCb1dbvsfEecKIFTpKNnaRczdRxGtLHa94i4b9gNeglG1j"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf49df4b505-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/ssi/elements/base/comments/comment10.jpg
172.67.172.133200 OK 1.4 kB URL HTTP/1.1 promo.quiztionnaire.uk/ssi/elements/base/comments/comment10.jpg
IP 172.67.172.133:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 733b1af1054c6b374e7a2e283c0488c3
1f98a33203a064b43b101966e5b5c439d65b1d18
48771158b0cefed12d509da968dc6ad98fed75d6317982854f012d68bb6b7755
GET /ssi/elements/base/comments/comment10.jpg HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/jpeg
Content-Length: 1383
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:24 GMT
ETag: "63e3ca60-567"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BzW1ApE%2BV5HdK7QKi4q6KKO2wShPDUDk6MT4N3o%2BwAioofSp1o8od6qgiFi8QShuLhNxoJGzx7eA4bvEbmXjsvroIGHTZnYwdpD8TK5yTdOFEJLT3SlGYN9nXp0jg%2FOv7urcLR0lKDMl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf4cec51c02-OSL
alt-svc: h2=":443"; ma=60
promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/prizemob.png
172.67.172.133200 OK 35 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/27/4/z-nrg/nz/images/prizemob.png
IP 172.67.172.133:0
File type PNG image data, 550 x 332, 8-bit colormap, non-interlaced\012- data
Hash a839b323a69826aeee7b1fe51648523e
965614880dd22b1d67553be114119e34e51ee00d
8c43f8327a942bac45f5c6796d45862b358ba348baeee2550ed43271afc75cb8
GET /n/27/4/z-nrg/nz/images/prizemob.png HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: image/png
Content-Length: 34930
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:18 GMT
ETag: "63e3ca5a-8872"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RxSxOiM%2BqP13PiiiDohnFZmWu6dwU6HtCpucqJBGceWA9AYmWlBqUb15YPmnA%2Fx%2FA%2By9fDthRVdsv%2FcUEVvhfdavz0z64oOPrU%2B0p5n9fEsh5aAxKCXvpSWsf88dULd9WQuwvklkNv5R"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf4ddc8b506-OSL
alt-svc: h2=":443"; ma=60
cdn.formulead.com/fonts/Roboto-Regular.ttf
34.78.252.25200 OK 171 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Regular.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Size 171 kB (171272 bytes)
Hash 11eabca2251325cfc5589c9c6fb57b46
096c9245b6a192d1403a82848e104a65f578a8ec
017c0be9aaa6d0359737e1fa762ad304c0e0107927faff5a6c1f415c7f5244ed
GET /fonts/Roboto-Regular.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: font/ttf
Content-Length: 171272
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Wed, 08 Feb 2023 12:12:28 GMT
ETag: W/"29d08-18630f107e0"
push.services.mozilla.com/
44.228.207.167101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.228.207.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: waN3mzuMcjVBIG1BXWWOTA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cBBGFfqg+7BqmOoWELdQfoUixbI=
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=promo.quiztionnaire.uk&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT&sc_url=http%3A%2F%2Fpromo.quiztionnaire.uk%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpromo.quiztionnaire.uk&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&stp=1&feed_type=initial
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=promo.quiztionnaire.uk&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT&sc_url=http%3A%2F%2Fpromo.quiztionnaire.uk%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpromo.quiztionnaire.uk&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=promo.quiztionnaire.uk&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT&sc_url=http%3A%2F%2Fpromo.quiztionnaire.uk%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpromo.quiztionnaire.uk&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://promo.quiztionnaire.uk/
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
st.formulead.com/assets/js/helpers.js
54.230.111.106200 OK 16 kB URL HTTP/2 st.formulead.com/assets/js/helpers.js
IP 54.230.111.106:0
Hash a7423f26767150c5e7cb862bc3c9f189
d54ba8bd0637924ba6fcf47e9fe47e9baf362ab6
32efc25449788db64a8ef308313f81ce2c3df479565eb6fd9110e7369ab15538
GET /assets/js/helpers.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
date: Wed, 08 Feb 2023 13:12:47 GMT
last-modified: Thu, 26 Jan 2023 09:06:13 GMT
etag: W/"63d24285-12044"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SXPv1kg8XW7LHkIkxrMoz2jalH3iEX1FaW0CEf-rkPHFdh1Ut3Euvw==
age: 30045
X-Firefox-Spdy: h2
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=promo.quiztionnaire.uk&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT&sc_url=http%3A%2F%2Fpromo.quiztionnaire.uk%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpromo.quiztionnaire.uk&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&stp=1&feed_type=initial
34.78.252.25200 OK 4.4 kB URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=promo.quiztionnaire.uk&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT&sc_url=http%3A%2F%2Fpromo.quiztionnaire.uk%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpromo.quiztionnaire.uk&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (18393), with no line terminators
Hash e6734d53ef8a5b0bef238f14717c438b
88ac4bccf1790ad0ec7509af0db25c8221993d22
c504f4f0545ef19621f86e6aec1fc897f127825e33296ac59e8afc49d0c21184
GET /p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=promo.quiztionnaire.uk&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT&sc_url=http%3A%2F%2Fpromo.quiztionnaire.uk%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpromo.quiztionnaire.uk&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Fno_teaser.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT.70zxe7fZQM1mdwwG9f/xaMUyyf6LKSiIwEQYg+1L/uo
X-Request-Id: cc35342168c6f05baf8194c4
X-iivmxswc: 2e4aae5b3cf183c56a973603cf4c3e5377778db461eda02711bffe123ecd805c
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Cookie: plc=5bbb0ba263dcf80100a2e07f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Set-Cookie: stp=1; Path=/; Expires=Fri, 07 Feb 2025 21:33:32 GMT; Secure; SameSite=None
ck_tsp=2023-02-08T21%3A33%3A32.668Z; Path=/; Expires=Fri, 07 Feb 2025 21:33:32 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Fri, 07 Feb 2025 21:33:32 GMT; Secure; SameSite=None
ETag: W/"48a1-RSpYdEwyNWV3syGn96V2SR6VNBQ"
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 84889b914548f7820766f27a40699cfa
bc674cdb5819759b5ecd5aabfde47f56127f5d89
e2a69fe4edd028d00a8a744b62ef51dada2aff144da0cd9813efc887a11f70a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: cc35342168c6f05baf8194c4
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Cookie: plc=5bbb0ba263dcf80100a2e07f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
set-cookie: qst.sid=s%3A6Latwert2cZ6kj2-W_HPFcaq6-HCPe-r.tXPdDqaSo6DT1h8fBebe3Rz6mL4PI0m25jafuYy7dVw; Path=/; HttpOnly
Vary: Accept-Encoding
st.formulead.com/assets/js/bioep.min.js
54.230.111.106200 OK 2.6 kB URL HTTP/2 st.formulead.com/assets/js/bioep.min.js
IP 54.230.111.106:0
File type ASCII text, with very long lines (884)
Hash 3853750743e76f1bea9d40cbf5365e3e
6f33365f9c9f586934655c7161075ae3037d16b7
3ea4deb17963e592827db470a6a590b3895999296b6036ea513cc72f2c1e4d01
GET /assets/js/bioep.min.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
date: Wed, 08 Feb 2023 13:12:47 GMT
last-modified: Thu, 26 Jan 2023 09:06:13 GMT
etag: W/"63d24285-14c4"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FqfhQfGiw7vRbUsctaQ2t68ciL4rxz4dK7-uW0hIKPv-zSBlxtS4hw==
age: 30045
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:33:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 21debc4c994e881f82da0e84cfd72483
cd42b40c29f4bb42cef5d53d0b945a83d7c8acee
19626202086ab49ddd56ea38a802766cc74f5578d0f18f4c9e7db59510094b72
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6310
Cache-Control: max-age=164902
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:33:33 GMT
Etag: "63e3ddad-117"
Expires: Fri, 10 Feb 2023 19:21:55 GMT
Last-Modified: Wed, 08 Feb 2023 17:36:45 GMT
Server: ECS (amb/6B7D)
X-Cache: HIT
Content-Length: 279
trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=promo.quiztionnaire.uk
172.64.207.35200 OK 2.6 kB URL HTTP/2 trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=promo.quiztionnaire.uk
IP 172.64.207.35:0
File type ASCII text, with very long lines (7350)
Hash 2f1dcfccad82a239a1dfb8067589d307
25208625280722369cf657da03ea26265dd7f504
ec54928741f0b185a2dc825f5d6cca003e0a44223398fe64a9c8bbb1425177ec
GET /scripts/push/script/z75dnkdk4q?url=promo.quiztionnaire.uk HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:33:33 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: max-age=14400, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: HIT
age: 127
last-modified: Wed, 08 Feb 2023 21:31:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tTGide%2B%2BH9LQquvXPMamBqNsnS7EkgdLNI393L7nD2M4w3nvQy2mIIxSMFdEy52183WGx6KXNv5K%2Fl8AbNBzRQGsvGMGF3Jo%2FlC4xICLf6VEH%2F6k12byM9Kfsxhm4Y%2Bkn%2FtAow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79677bf978267759-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
st.formulead.com/assets/js/dl_modified.js
54.230.111.106200 OK 53 kB URL HTTP/2 st.formulead.com/assets/js/dl_modified.js
IP 54.230.111.106:0
Hash c52f07eeb3dec09e3a1d8578c6843618
96f4f1ea4b7bdda48be5ea65962c91529750ed1f
e5aebb20a67542fa3e282acb24e524b4483775ec1bb7777461a23e5decdc3650
GET /assets/js/dl_modified.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
date: Wed, 08 Feb 2023 13:13:30 GMT
last-modified: Thu, 26 Jan 2023 09:06:13 GMT
etag: W/"63d24285-132f"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MoK3wU5xi_ZO41HKQ4lGOdQVfHjUUJgdxEFk9kzDdWkSuQBq6sYSvg==
age: 30002
X-Firefox-Spdy: h2
promo.quiztionnaire.uk/n/assets/fonts/myriad-pro/MyriadPro-Light.woff
172.67.172.133200 OK 51 kB URL HTTP/1.1 promo.quiztionnaire.uk/n/assets/fonts/myriad-pro/MyriadPro-Light.woff
IP 172.67.172.133:0
File type Web Open Font Format, CFF, length 50836, version 0.0\012- data
Hash 2fa3049613788ce468d3cf3942fef7df
c39a24d21bba273ab8e6de07cf694950a4ab3a19
03232ad9934ac651926b71be790954fd53a9fe10a0dd1b366597df47ebd25382
Analyzer Verdict Alert fortinet Phishing
GET /n/assets/fonts/myriad-pro/MyriadPro-Light.woff HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:33 GMT
Content-Type: application/font-woff
Content-Length: 50836
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:14:19 GMT
ETag: "63e3ca5b-c694"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tVmu4jbS%2BvTq6NxsSwhe4PFPL87%2FjCvK5LP2hGGptxVbPUF%2FEcvOXn4BFpr%2B5mbVUeMx%2BtD8V%2BV1KiSb3bIzff3OEDzSPfxepeZgyWTiVmABj141koeyJCmlQEvxA5of0woMKUpz0eRn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bf96a95b505-OSL
alt-svc: h2=":443"; ma=60
cdn.formulead.com/fonts/Roboto-Bold.ttf
34.78.252.25200 OK 170 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Bold.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size 170 kB (170348 bytes)
Hash e07df86cef2e721115583d61d1fb68a6
3dd713113ff2d79b94d2df343e2e28fa8e7279cf
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a
GET /fonts/Roboto-Bold.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: font/ttf
Content-Length: 170348
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Wed, 08 Feb 2023 12:12:28 GMT
ETag: W/"2996c-18630f107e0"
promo.quiztionnaire.uk/favicon.ico
172.67.172.133200 OK 566 B URL HTTP/1.1 promo.quiztionnaire.uk/favicon.ico
IP 172.67.172.133:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7509350b3ddaf9b4dc8756c61598ac98
f9d27f35d792c36ce4f1ec307563a476c07506ab
bf654afb35dc2ffe110aa8484290126bf5c928e5a66b175b2500e9ba426ec112
GET /favicon.ico HTTP/1.1
Host: promo.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/n/27/4/z-nrg/nz/no_teaser.html
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 21:33:33 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 16:13:34 GMT
ETag: W/"63e3ca2e-47e"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MqNYUDa6pbJ5O%2B6WUeljT3ZMa5ZEanVdi%2FYEMK%2BmqZyEGWohzWLV7gtAe9CJ7Z%2B6x9OD6GlxVwob%2BFOFdLRPswxgLaLGpVdtiWSrieeiOkRbSxqxjFEs2IOrT4izDWbWOc4sa6VvmbzX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79677bfafd761c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5135
Expires: Wed, 08 Feb 2023 22:59:08 GMT
Date: Wed, 08 Feb 2023 21:33:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5135
Expires: Wed, 08 Feb 2023 22:59:08 GMT
Date: Wed, 08 Feb 2023 21:33:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5135
Expires: Wed, 08 Feb 2023 22:59:08 GMT
Date: Wed, 08 Feb 2023 21:33:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5135
Expires: Wed, 08 Feb 2023 22:59:08 GMT
Date: Wed, 08 Feb 2023 21:33:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5135
Expires: Wed, 08 Feb 2023 22:59:08 GMT
Date: Wed, 08 Feb 2023 21:33:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 544181f4aba24fc687a14522dd20f720
2b117270563b8c466ec774acce55271c38f6135b
607c45cc5b4726b92c8507988bbb90ac6a44a3cf22b290030d440266350099a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4961
x-amzn-requestid: c3b9db99-726f-4473-a6b6-9cff0dceb949
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswe1GeRoAMFiAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-17b52fcd74e374f1104af709;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dSxTM3mmYK8cLOy5_x4o-lew1goEgwT4fBHi0pM-HSK_qBC6rDAlzg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 15:13:11 GMT
age: 22822
etag: "2b117270563b8c466ec774acce55271c38f6135b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b327816bc2c6fd7291c75c693685d54
771070be61d0724b1c90ca86ea34c804bd7e501a
d45188239cacc7b228bc75ccc95afb48914aaa434c418cd5b786533e8b9cb983
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mgfr5wO7Bj5BVjKYY7O0c4ogLognfq09QrA9khZROr2CVyOWgKTz1g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:53:56 GMT
age: 85177
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 726928e5de19ef978faebbe933c34008
bdaba3ed0c7efb65de88af96063d830683c8499b
c6d208fcee052da80de1bf2dcccbbc48853511b8888c4777799ee676abba51b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8644
x-amzn-requestid: d6d71f42-f887-4ad0-a2b7-9073d3857b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjRHBFoAMF4_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-57490f255d8d30a561fdcd3a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xU_uVO78ZQRKon3Cz-fVcHJuPEMMgzDsVuY8BXoKL6ntJwkl-SLeQA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:03 GMT
age: 85890
etag: "bdaba3ed0c7efb65de88af96063d830683c8499b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: 9f067f0c-2991-41ae-8dd0-5719a5438abc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PHwEn4IAMFvFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c564-730d01807c13643373d64897;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: eSU1CSydRTodwnN5DNTXbYD3d3kYFCHiCvPRq5DZTTDSTH2L-GV_1g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:19:17 GMT
age: 83656
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1R4SRNvqhRHbrDZsGB06NJbBXf8WRgJEHmXTbop8pqf8etTJSlmQwQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:05 GMT
age: 84448
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f175de8eebe398f5de2829cd551b3f04
e6da63e9b03289bfded190d999a20da78232437c
b5d1ee4bd6186cbac1e4ac037766c9e453e166b0cfb2e08004cb11b8bb7daa88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:13:47 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 83986
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?stp=1&feed_type=full
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?stp=1&feed_type=full
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5bbb0ba263dcf80100a2e07f/feed?stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://promo.quiztionnaire.uk/
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:33 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/errors
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/t/errors
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/errors HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://promo.quiztionnaire.uk/
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/page
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://promo.quiztionnaire.uk/
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
event.trk-consulatu.com/register/event_log/l4ev5zv6g1
172.64.206.35200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/l4ev5zv6g1
IP 172.64.206.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/l4ev5zv6g1 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://promo.quiztionnaire.uk/
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:33:34 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: http://promo.quiztionnaire.uk
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BeSWutOwv1xpdEM5fiThulKvPVQDoOxQUw3078EMxdZhOg0VooUt8BcL6urdP57w6CmcNz7Mdg41KvHvVdbDp519nuB2eefBEPK236isLCw7aYTNqXCg6cmhy9XqLR0USocUvmH4DlkXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79677bffed8772f0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.formulead.com/t/errors
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/t/errors
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/errors HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT.70zxe7fZQM1mdwwG9f/xaMUyyf6LKSiIwEQYg+1L/uo
Content-Type: application/json
Content-Length: 152
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:34 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
cdn.formulead.com/v/fingerprint-cache?vl_fp=391e872fcb1ac8f165404c80dff63646&vl_fp_cljs=803716228
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=391e872fcb1ac8f165404c80dff63646&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/fingerprint-cache?vl_fp=391e872fcb1ac8f165404c80dff63646&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://promo.quiztionnaire.uk/
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:34 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/fingerprint-cache?vl_fp=391e872fcb1ac8f165404c80dff63646&vl_fp_cljs=803716228
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=391e872fcb1ac8f165404c80dff63646&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /v/fingerprint-cache?vl_fp=391e872fcb1ac8f165404c80dff63646&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: cc35342168c6f05baf8194c4
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2023-02-08T21%3A33%3A32.668Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:34 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
set-cookie: qst.sid=s%3AwJeVRYD3Nu2z2pA8VDGcnjWpx82YmNKl.vhb0nrIAKsbgoLNUtp3wAJv8myn3VGyIk7%2Bb%2FYBWijY; Path=/; HttpOnly
Vary: Accept-Encoding
event.trk-consulatu.com/register/event_log/l4ev5zv6g1
172.64.206.35200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/l4ev5zv6g1
IP 172.64.206.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/l4ev5zv6g1 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://promo.quiztionnaire.uk/
Content-type: application/json
Origin: http://promo.quiztionnaire.uk
Content-Length: 103
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 21:33:34 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: http://promo.quiztionnaire.uk
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmQEvjya8GCQ2fAYFLSmD6nlGKBAaUaoAZW6TbEqlsVO0UYwsbcwPzLrj0CBux4zwTt6FI99yyZXZ8A%2FUVk7MKfDnsOauoCB5gBSX9KDcVCWpbUQzJ3%2BK57%2BPKR5W8KB6SFidpwL4VHqHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79677c009e1f72f0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
142.250.74.35200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (633)
Size 164 kB (163841 bytes)
Hash fe98364486b3206867b17008f995646f
35a5e9aa210970f7abd718d99e629c6982a3cc02
1fd703cb16e3f6f3f7192109d19c69d6e5ac1cfa0feb5b105a86564b7970d28a
GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163841
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 08:53:11 GMT
expires: Wed, 07 Feb 2024 08:53:11 GMT
cache-control: public, max-age=31536000
age: 132023
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 21:33:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 21:48:03 GMT
expires: Fri, 02 Feb 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 517531
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 17:20:45 GMT
expires: Tue, 06 Feb 2024 17:20:45 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 187970
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.formulead.com/t/vdt
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/vdt HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-ofvuinwk,x-session-id,x-zqhkygow
Referer: http://promo.quiztionnaire.uk/
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/vdt
34.78.252.25200 OK 16 B IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/vdt HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT.70zxe7fZQM1mdwwG9f/xaMUyyf6LKSiIwEQYg+1L/uo
Content-Type: application/json
x-zqhkygow: aea095746b412c304b1e8a6705197b520a6c7e7252cffb4fdf171bc20ff2b2b5
x-ofvuinwk: 01cd165f6fdf56c3a65398a67d98197efe4b3fe7ab1f845c358f0dda911210e9
Content-Length: 1856
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
cdn.formulead.com/v/recaptcha3?token=03AFY_a8XvvLMK3BZF9uSP9D1sBgeyZVwnPm6jhoX4JLwBKxM7kQpQKqwYmsgKFsHh90aFac-YQ3N3OtwiWZJnVgNnlq9ce6e8hCyGZjbN4xBMUIKdtZhTdHKSBjM0zZkCc_KhH3aQ7ACxlzmEaunP7BZ3xD94tNmO4b1mVT77ofgPrXww5RPuwL-XzCspKLkqpPF-V7XErcWadISkcUIHZzCdqK45S8CnetKOmvUi5YhRhZpo-JqQJ8NuznFY5ynaubzD6chl6r-ICc80nbVjuWSlS7fNYpUL4YbSd9OvGWPxqnn0ZFIuRb4hN5uYztOwvfYzQiaVhMCCsbshHaJ0PfdofcVtrx9MIat_6mjBNfjLwHe6RO6Hq4ZPASr0nVMMvB91nuwikbOKyejmYsU335SNkIJyHkh4a_OgOaQ_SD09L4vO68Y5isNxKzuFJgvW52Wyrgiz0IPRPU3quK_CUEGP3BgWMPI0f49njku_BUQxEdhPqjxm1ZOPF9M-djtZ4xcV345yxyoPRC5if2biWXOrO3oz84bfcA&step=1
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/recaptcha3?token=03AFY_a8XvvLMK3BZF9uSP9D1sBgeyZVwnPm6jhoX4JLwBKxM7kQpQKqwYmsgKFsHh90aFac-YQ3N3OtwiWZJnVgNnlq9ce6e8hCyGZjbN4xBMUIKdtZhTdHKSBjM0zZkCc_KhH3aQ7ACxlzmEaunP7BZ3xD94tNmO4b1mVT77ofgPrXww5RPuwL-XzCspKLkqpPF-V7XErcWadISkcUIHZzCdqK45S8CnetKOmvUi5YhRhZpo-JqQJ8NuznFY5ynaubzD6chl6r-ICc80nbVjuWSlS7fNYpUL4YbSd9OvGWPxqnn0ZFIuRb4hN5uYztOwvfYzQiaVhMCCsbshHaJ0PfdofcVtrx9MIat_6mjBNfjLwHe6RO6Hq4ZPASr0nVMMvB91nuwikbOKyejmYsU335SNkIJyHkh4a_OgOaQ_SD09L4vO68Y5isNxKzuFJgvW52Wyrgiz0IPRPU3quK_CUEGP3BgWMPI0f49njku_BUQxEdhPqjxm1ZOPF9M-djtZ4xcV345yxyoPRC5if2biWXOrO3oz84bfcA&step=1
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/recaptcha3?token=03AFY_a8XvvLMK3BZF9uSP9D1sBgeyZVwnPm6jhoX4JLwBKxM7kQpQKqwYmsgKFsHh90aFac-YQ3N3OtwiWZJnVgNnlq9ce6e8hCyGZjbN4xBMUIKdtZhTdHKSBjM0zZkCc_KhH3aQ7ACxlzmEaunP7BZ3xD94tNmO4b1mVT77ofgPrXww5RPuwL-XzCspKLkqpPF-V7XErcWadISkcUIHZzCdqK45S8CnetKOmvUi5YhRhZpo-JqQJ8NuznFY5ynaubzD6chl6r-ICc80nbVjuWSlS7fNYpUL4YbSd9OvGWPxqnn0ZFIuRb4hN5uYztOwvfYzQiaVhMCCsbshHaJ0PfdofcVtrx9MIat_6mjBNfjLwHe6RO6Hq4ZPASr0nVMMvB91nuwikbOKyejmYsU335SNkIJyHkh4a_OgOaQ_SD09L4vO68Y5isNxKzuFJgvW52Wyrgiz0IPRPU3quK_CUEGP3BgWMPI0f49njku_BUQxEdhPqjxm1ZOPF9M-djtZ4xcV345yxyoPRC5if2biWXOrO3oz84bfcA&step=1 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://promo.quiztionnaire.uk/
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/recaptcha3?token=03AFY_a8XvvLMK3BZF9uSP9D1sBgeyZVwnPm6jhoX4JLwBKxM7kQpQKqwYmsgKFsHh90aFac-YQ3N3OtwiWZJnVgNnlq9ce6e8hCyGZjbN4xBMUIKdtZhTdHKSBjM0zZkCc_KhH3aQ7ACxlzmEaunP7BZ3xD94tNmO4b1mVT77ofgPrXww5RPuwL-XzCspKLkqpPF-V7XErcWadISkcUIHZzCdqK45S8CnetKOmvUi5YhRhZpo-JqQJ8NuznFY5ynaubzD6chl6r-ICc80nbVjuWSlS7fNYpUL4YbSd9OvGWPxqnn0ZFIuRb4hN5uYztOwvfYzQiaVhMCCsbshHaJ0PfdofcVtrx9MIat_6mjBNfjLwHe6RO6Hq4ZPASr0nVMMvB91nuwikbOKyejmYsU335SNkIJyHkh4a_OgOaQ_SD09L4vO68Y5isNxKzuFJgvW52Wyrgiz0IPRPU3quK_CUEGP3BgWMPI0f49njku_BUQxEdhPqjxm1ZOPF9M-djtZ4xcV345yxyoPRC5if2biWXOrO3oz84bfcA&step=1
34.78.252.25200 OK 169 B URL HTTP/1.1 cdn.formulead.com/v/recaptcha3?token=03AFY_a8XvvLMK3BZF9uSP9D1sBgeyZVwnPm6jhoX4JLwBKxM7kQpQKqwYmsgKFsHh90aFac-YQ3N3OtwiWZJnVgNnlq9ce6e8hCyGZjbN4xBMUIKdtZhTdHKSBjM0zZkCc_KhH3aQ7ACxlzmEaunP7BZ3xD94tNmO4b1mVT77ofgPrXww5RPuwL-XzCspKLkqpPF-V7XErcWadISkcUIHZzCdqK45S8CnetKOmvUi5YhRhZpo-JqQJ8NuznFY5ynaubzD6chl6r-ICc80nbVjuWSlS7fNYpUL4YbSd9OvGWPxqnn0ZFIuRb4hN5uYztOwvfYzQiaVhMCCsbshHaJ0PfdofcVtrx9MIat_6mjBNfjLwHe6RO6Hq4ZPASr0nVMMvB91nuwikbOKyejmYsU335SNkIJyHkh4a_OgOaQ_SD09L4vO68Y5isNxKzuFJgvW52Wyrgiz0IPRPU3quK_CUEGP3BgWMPI0f49njku_BUQxEdhPqjxm1ZOPF9M-djtZ4xcV345yxyoPRC5if2biWXOrO3oz84bfcA&step=1
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 75958a76f8966f1e40f7785e764fb217
05dd548bdeaab17184f0e51ae834178314cd4763
68b30c0c2126e9fe067f5345b8e87982fe00b1b649e3693a64f2240baf773f34
GET /v/recaptcha3?token=03AFY_a8XvvLMK3BZF9uSP9D1sBgeyZVwnPm6jhoX4JLwBKxM7kQpQKqwYmsgKFsHh90aFac-YQ3N3OtwiWZJnVgNnlq9ce6e8hCyGZjbN4xBMUIKdtZhTdHKSBjM0zZkCc_KhH3aQ7ACxlzmEaunP7BZ3xD94tNmO4b1mVT77ofgPrXww5RPuwL-XzCspKLkqpPF-V7XErcWadISkcUIHZzCdqK45S8CnetKOmvUi5YhRhZpo-JqQJ8NuznFY5ynaubzD6chl6r-ICc80nbVjuWSlS7fNYpUL4YbSd9OvGWPxqnn0ZFIuRb4hN5uYztOwvfYzQiaVhMCCsbshHaJ0PfdofcVtrx9MIat_6mjBNfjLwHe6RO6Hq4ZPASr0nVMMvB91nuwikbOKyejmYsU335SNkIJyHkh4a_OgOaQ_SD09L4vO68Y5isNxKzuFJgvW52Wyrgiz0IPRPU3quK_CUEGP3BgWMPI0f49njku_BUQxEdhPqjxm1ZOPF9M-djtZ4xcV345yxyoPRC5if2biWXOrO3oz84bfcA&step=1 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: cc35342168c6f05baf8194c4
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2023-02-08T21%3A33%3A32.668Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 169
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"a9-Bd1Ui96qsXGE8OUa6DQXgxTNR2M"
set-cookie: qst.sid=s%3AYTewPSfWxGgIZOFY22nzvHiBIzQ4W_ds.Ze%2BwSxvu7iW2wbnVHDeo0j7qg35GYyUy%2FNbesaG1Dy8; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/t/page
34.78.252.25200 OK 16 B IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT.70zxe7fZQM1mdwwG9f/xaMUyyf6LKSiIwEQYg+1L/uo
Content-Type: application/json
Content-Length: 113
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:37 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?stp=1&feed_type=full
34.78.252.25200 OK 23 kB URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?stp=1&feed_type=full
IP 34.78.252.25:0
File type Unicode text, UTF-8 text, with very long lines (65302), with no line terminators
Hash 8bcba0421a471cd126dc893ebf0f49c3
09b1dfd2fe450100de3933422ae38ad83d75098d
3ec21309fe771c60af6251ae8edab5839fc8bcd9a463a06ecd5f2a288fc60858
GET /p/5bbb0ba263dcf80100a2e07f/feed?stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:o_pDx5FaOFXBkc1FeBxPN0BbRYYTXgxT.70zxe7fZQM1mdwwG9f/xaMUyyf6LKSiIwEQYg+1L/uo
X-Request-Id: cc35342168c6f05baf8194c4
X-iivmxswc: 2e4aae5b3cf183c56a973603cf4c3e5377778db461eda02711bffe123ecd805c
Origin: http://promo.quiztionnaire.uk
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2023-02-08T21%3A33%3A32.668Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:39 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://promo.quiztionnaire.uk
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"17878-NuoKAIju8zG2IEihXK8SIaVLxgk"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/css/main.min.css
34.78.252.25200 OK 0 B URL HTTP/1.1 cdn.formulead.com/css/main.min.css
IP 34.78.252.25:0
GET /css/main.min.css HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://promo.quiztionnaire.uk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 08 Feb 2023 21:33:32 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Wed, 08 Feb 2023 12:12:28 GMT
ETag: W/"b267e-18630f107e0"
Vary: Accept-Encoding
Content-Encoding: gzip