firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 01 Sep 2022 10:41:13 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: G2XB9h32DnbhlVwLxCwP3yhC-MAVitfQwmM6tQM9lsKThcP7BUgyqQ==
Age: 2088
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 517693963cc46e7a35a054296d0edfd5
11dfcd7e118e5f8d31e664e56ac29c57f973b8b3
ece269e8b9be8a5839d75c1343823d68b96930c593c2e3e8d522999176ee3149
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149"
Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3443
Expires: Thu, 01 Sep 2022 12:13:25 GMT
Date: Thu, 01 Sep 2022 11:16:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
date: Thu, 01 Sep 2022 01:15:17 GMT
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
etag: "742edb4038f38bc533514982f3d2e861"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: D0oTHv0r3j8hb4Rukzhl_jLhEr78Q9HGZG_OKSYwubQeald253-J8A==
age: 36046
X-Firefox-Spdy: h2
www.saveday-inc.net/optin1638821352637
104.16.12.194301 Moved Permanently 492 B URL HTTP/1.1 www.saveday-inc.net/optin1638821352637
IP 104.16.12.194:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477)
Hash 0cdcca07ba81b22b5d1e1f5e4303d000
d2b3732e2466c47ebc5758ef090607c4b27f05c1
6ac95d4aa615949df4ba0197a7d93758139b18e0ae7908cf8e942af17d3fc246
Analyzer Verdict Alert quad9 Sinkholed
GET /optin1638821352637 HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Sep 2022 11:16:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.saveday-inc.net/optin1638821352637
CF-Ray: 743d97692de1b50b-OSL
Access-Control-Allow-Origin: *
Cache-Control: max-age=60, public, s-maxage=600, r-maxage=10
Last-Modified: Wed, 15 Dec 2021 19:05:35 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
Status: 301 Moved Permanently
X-Content-Digest: 4791ab4e4bb02c248e0628fc786cdf3652183d0a
X-Frame-Options: ALLOWALL
X-Powered-By: Phusion Passenger Enterprise 6.0.7
X-Rack-Cache: miss, store
X-Request-Id: bfdb242651341d89fd2814f40576b304
X-Runtime: 0.124167
Set-Cookie: __cf_bm=kOACc99bJUAd4J4UsZN9DEfimLPv7UhS_wP0VJyfvGo-1662030962-0-AT00An79eQJNjkrNvAJopiCk84Xjt6pjwqE0Lv1IneAWWJdjxfnEKHBcw/s0TAh3hoGGPs+Fb0gzWAepyLLqTs7jDgsrQNe0uKHIet/XtKDa; path=/; expires=Thu, 01-Sep-22 11:46:02 GMT; domain=.www.saveday-inc.net; HttpOnly; SameSite=None
Server: cloudflare
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/13/8bb6408e8411e7b85fdf1b4f68b035/try8001.png
104.16.16.194200 OK 29 kB URL HTTP/2 www.saveday-inc.net/hosted/images/13/8bb6408e8411e7b85fdf1b4f68b035/try8001.png
IP 104.16.16.194:0
File type PNG image data, 1008 x 727, 8-bit colormap, non-interlaced\012- data
Hash d9225a0254f90a7b70197066418092db
d31c03420b19b48d7b2b8fdc943291042fcadd06
390e21f5319f73df68f611078643756b8504b811044546c92a88c9474ccdc542
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/13/8bb6408e8411e7b85fdf1b4f68b035/try8001.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 28681
cf-ray: 743d976ce8fbb529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "359b179cc2c42c8c056f487c793001ec"
last-modified: Thu, 31 Aug 2017 19:39:28 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: origSize=28863
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/18/ae751067fe11e7b1f597f4a4384b61/bizlendr.png
104.16.16.194200 OK 19 kB URL HTTP/2 www.saveday-inc.net/hosted/images/18/ae751067fe11e7b1f597f4a4384b61/bizlendr.png
IP 104.16.16.194:0
File type PNG image data, 500 x 128, 8-bit colormap, non-interlaced\012- data
Hash a5814f39e63891db033b244f29270c4c
42bbb15bfaf3759f535d86114ca016a4481faea1
01c4b44279e1fb4a32c30ad8d524e10553ae33ca7c89bcf5c37f72fec9db4527
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/18/ae751067fe11e7b1f597f4a4384b61/bizlendr.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 19119
cf-ray: 743d976cf91cb529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "0b0d99a146d61334abaad568d18e5b01"
last-modified: Thu, 13 Jul 2017 19:04:33 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: origSize=20025
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/17/ebf2f067ff11e7ad5ebb6414c806b3/logo-_1_.png
104.16.16.194200 OK 19 kB URL HTTP/2 www.saveday-inc.net/hosted/images/17/ebf2f067ff11e7ad5ebb6414c806b3/logo-_1_.png
IP 104.16.16.194:0
File type PNG image data, 2850 x 468, 8-bit colormap, non-interlaced\012- data
Hash 7052353bfc9af7a56c9a7debed247e06
16d64ea7419fbea88c33f65cc51cfcfcbca89d70
c961f819a80415a4530c268e66eaff17804683304b0be4d84038934355f7073e
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/17/ebf2f067ff11e7ad5ebb6414c806b3/logo-_1_.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 19099
cf-ray: 743d976cf91fb529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "0fbdcd0f6b039c13b6ed66be70fc0314"
last-modified: Thu, 13 Jul 2017 19:11:44 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: origSize=19131
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/14/3fecf0667511e7a4522fc393ea60c4/vmc-logo.png
104.16.16.194200 OK 11 kB URL HTTP/2 www.saveday-inc.net/hosted/images/14/3fecf0667511e7a4522fc393ea60c4/vmc-logo.png
IP 104.16.16.194:0
File type PNG image data, 395 x 115, 8-bit colormap, non-interlaced\012- data
Hash 47596d50f7f6e2c87e90f2b26ae24b60
6e48271e0e666d98581dc0be58acb68aec9e7bbc
65d7a0774ed02b08d5b3f9bb0a6062072b34d5f5b02116d302b5226533897808
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/14/3fecf0667511e7a4522fc393ea60c4/vmc-logo.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 11030
cf-ray: 743d976cf915b529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "a8319ced5fa45dbf94a312e1ad9e9d8e"
last-modified: Tue, 11 Jul 2017 20:11:13 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: origSize=11042
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/5b/c23330667511e78cd7b3b12e64f51a/sbf-logo-2015.png
104.16.16.194200 OK 3.4 kB URL HTTP/2 www.saveday-inc.net/hosted/images/5b/c23330667511e78cd7b3b12e64f51a/sbf-logo-2015.png
IP 104.16.16.194:0
File type PNG image data, 800 x 120, 8-bit colormap, non-interlaced\012- data
Hash 1f38e8262fcc10c890bcf12686fa6f9e
e9c67897a2dd850f858d4207985d97138d1cf697
16fe269d2ef311ebd25fd8f51d592000926d4b04250a78e88705729f5b7a5006
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/5b/c23330667511e78cd7b3b12e64f51a/sbf-logo-2015.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 3415
cf-ray: 743d976cf918b529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "723958dfc7b2d6fb4956404751e621b8"
last-modified: Tue, 11 Jul 2017 20:13:13 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: origSize=4297
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/de/0e695067fe11e792f73f20b3520f1e/logo.png
104.16.16.194200 OK 2.5 kB URL HTTP/2 www.saveday-inc.net/hosted/images/de/0e695067fe11e792f73f20b3520f1e/logo.png
IP 104.16.16.194:0
File type PNG image data, 378 x 88, 8-bit colormap, non-interlaced\012- data
Hash 05bfa1b2ab184dc7ea68a0265d3ff73e
6fb3612c62d80e52d8b2ecd853c600a2c4ab5a85
ad2ee6410ab30d6711b25ae0bf436a87f42e87b7caf69690d1335ad70ad3177d
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/de/0e695067fe11e792f73f20b3520f1e/logo.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 2492
cf-ray: 743d976cf91eb529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "05bfa1b2ab184dc7ea68a0265d3ff73e"
last-modified: Thu, 13 Jul 2017 19:10:04 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/e3/5898c0668411e7acaccf8145dd3756/ev.png
104.16.16.194200 OK 6.7 kB URL HTTP/2 www.saveday-inc.net/hosted/images/e3/5898c0668411e7acaccf8145dd3756/ev.png
IP 104.16.16.194:0
File type PNG image data, 400 x 90, 8-bit colormap, non-interlaced\012- data
Hash f68b926f96eb6f38c9f7ce0a971ba829
b8dd228cc203a00d134bccc02dd75e7405aa6caa
d95d481199724f2d02fd35875e38da134650283fed9732139c13ddd029439343
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/e3/5898c0668411e7acaccf8145dd3756/ev.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 6681
cf-ray: 743d976cf91bb529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "f68b926f96eb6f38c9f7ce0a971ba829"
last-modified: Tue, 11 Jul 2017 22:04:22 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/4e/ef52f098b111e7b71b9976c38ffff7/whatever2.png
104.16.16.194200 OK 26 kB URL HTTP/2 www.saveday-inc.net/hosted/images/4e/ef52f098b111e7b71b9976c38ffff7/whatever2.png
IP 104.16.16.194:0
File type PNG image data, 405 x 872, 8-bit colormap, non-interlaced\012- data
Hash a6a2cceea4519da39f2ef5197771795f
e5c2558962afaaef620108c5e9c065c43067a4a8
be7b50ca96b0374d6da75e4f6cb7b8a00aa01d97515da6808ed6f8dd2d00408c
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/4e/ef52f098b111e7b71b9976c38ffff7/whatever2.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 25878
cf-ray: 743d976ce8fdb529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "538af34ea4ab473bd579d5d061172388"
last-modified: Wed, 13 Sep 2017 18:28:21 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: origSize=25914
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/ab/88d21326a04b7b856568fb725e7bda/fa-logo1.png
104.16.16.194200 OK 9.9 kB URL HTTP/2 www.saveday-inc.net/hosted/images/ab/88d21326a04b7b856568fb725e7bda/fa-logo1.png
IP 104.16.16.194:0
File type PNG image data, 253 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 37b7bc4233cf462b9ae927c515ccf920
68911f3dc2308106f1b7720d38c6d13ebe6a49df
cb5b3df5a5efde3037928aac79b540949669c2c19472934fe52a849cb1beaa0a
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/ab/88d21326a04b7b856568fb725e7bda/fa-logo1.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 9908
cf-ray: 743d976ce8f7b529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "77b1a9149d16b03a46a6c04e8c7a5aae"
last-modified: Tue, 23 Nov 2021 21:15:27 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: origSize=10077
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a7aab826beb3533ba03cfe6bab46f240
000c9a63535a3c7c9cadaea7630f1f1443399d56
5fc3e2785f52dbe5fa0e7bbe8d9bfa8476b574a3357df2374ea991e049a1d73b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
216.58.211.10200 OK 2.9 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700
IP 216.58.211.10:0
Hash f354ca30effde1f40b6362ca5372ce27
d866f7e60bf52d4f2987da1317267b0d59987949
d160c4304accc13f289fec126f7c67ea1032cc79911baf3ca029b593dacbe8d0
GET /css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Sep 2022 11:16:02 GMT
date: Thu, 01 Sep 2022 11:16:02 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.saveday-inc.net/optin1638821352637
104.16.16.194200 OK 26 kB URL HTTP/2 www.saveday-inc.net/optin1638821352637
IP 104.16.16.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10200), with CRLF, LF line terminators
Hash 97f5a098b24b36c586fad6dfc8ab76e0
d80b2194c2081048ed9f611df25d2799707d0790
56912901e09fe993e1aa5e7ad7277ff26ca5efb8fe2aebea138a8175f94c8b87
Analyzer Verdict Alert quad9 Sinkholed
GET /optin1638821352637 HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: text/html; charset=utf-8
cf-ray: 743d976b7eb1b529-OSL
access-control-allow-origin: *
cache-control: max-age=60, public, s-maxage=600, r-maxage=10
last-modified: Wed, 15 Dec 2021 19:05:35 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: REVALIDATED
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
status: 200 OK
x-content-digest: eb72ff27a87274bc80251d3acb7b708b5932e9b0
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss, store
x-request-id: 84f67b7284afa9071a2a8e1ce03ab63d
x-runtime: 0.519141
set-cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi; path=/; expires=Thu, 01-Sep-22 11:46:02 GMT; domain=.www.saveday-inc.net; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.saveday-inc.net/hosted/images/ab/5dfff0471a11e7855f5dca53cab33b/cloudstrip-hero_2x.png
104.16.16.194200 OK 73 kB URL HTTP/2 www.saveday-inc.net/hosted/images/ab/5dfff0471a11e7855f5dca53cab33b/cloudstrip-hero_2x.png
IP 104.16.16.194:0
File type PNG image data, 2672 x 586, 8-bit colormap, non-interlaced\012- data
Hash 62d7d31d12c0dc75b6494d90bbe2eb33
3ae54eed9059d36987731dc39333ee00e7df72e9
e8fcb3e1568229af6b8ef9234c6935b2784c48251f614c66b11a4ab72b0fd870
Analyzer Verdict Alert quad9 Sinkholed
GET /hosted/images/ab/5dfff0471a11e7855f5dca53cab33b/cloudstrip-hero_2x.png HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/png
content-length: 72740
cf-ray: 743d976e1a70b529-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "dbd17d87cba35875b87a1d0333e07214"
last-modified: Thu, 01 Jun 2017 22:36:04 GMT
vary: Accept, Accept-Encoding
cf-cache-status: REVALIDATED
cf-bgj: imgq:85,h2pri
cf-polished: origSize=72836
x-amz-cf-pop: OSL50-C1
server: cloudflare
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc8ab005623fccad97ec544c1b7ff472
afb4a818db5137fc07b986aa4e5a62ff0032096b
20e90eaeefc4c5e091fd10088cbd47d7774010d1ec9bfa9e00b023919ff47c76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.saveday-inc.net/assets/lander.css
104.16.16.194200 OK 128 kB URL HTTP/2 www.saveday-inc.net/assets/lander.css
IP 104.16.16.194:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (53232)
Size 128 kB (127951 bytes)
Hash 3f90cf2147862f523f71344561869705
a4525d8987253e9a9050fcecffe19d74786e2472
4a8626279a72503f877dbe683fb60913a87f0e1d983e0ba39fb494b98fcea97d
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/lander.css HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: text/css
cf-ray: 743d976cd8e5b529-OSL
access-control-allow-origin: *
age: 858
cache-control: public, max-age=1200
etag: W/"630e9cfc-6a514"
expires: Thu, 01 Sep 2022 11:36:02 GMT
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=6nKBpuq8iDDai4cYmUVI7MFMYL3WlDzGZ2pSM5tM1yc-1662030962-0-AbTor-WXBloZGXZ-Xo1p5aQVn5qKhk5QFQw5krNY97rdewhRPzuVz_frn-GKWXoez5B5Rnj3bkdOQorzbub3Y3P6JA6OlJZY5MLzpnvnaR_F"}],"group":"cf-csp-endpoint","max_age":86400}
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=6nKBpuq8iDDai4cYmUVI7MFMYL3WlDzGZ2pSM5tM1yc-1662030962-0-AbTor-WXBloZGXZ-Xo1p5aQVn5qKhk5QFQw5krNY97rdewhRPzuVz_frn-GKWXoez5B5Rnj3bkdOQorzbub3Y3P6JA6OlJZY5MLzpnvnaR_F; report-to cf-csp-endpoint
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc8ab005623fccad97ec544c1b7ff472
afb4a818db5137fc07b986aa4e5a62ff0032096b
20e90eaeefc4c5e091fd10088cbd47d7774010d1ec9bfa9e00b023919ff47c76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2eb022bbcb69557dc09477b624814e87
6030f2c630a01fbc027c887d31e696f84cc60c97
d7a508e276f0ca1b58b6af39720fb7ebb26fb38df50a159eb82d1d2542610b85
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5003
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Last-Modified: Thu, 01 Sep 2022 09:52:40 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
use.fontawesome.com/releases/v5.9.0/css/all.css
172.67.169.247200 OK 12 kB URL HTTP/2 use.fontawesome.com/releases/v5.9.0/css/all.css
IP 172.67.169.247:0
File type ASCII text, with very long lines (55782)
Hash 86ef4a0c105ab124a2c3949720a9878a
9d9e218cc7e75987efaa5709e61aeb60553a5654
228411fcb1860c6781da6cc6c99ff74c9374cda5d0a8e7cb0c2e9f4aadc6250f
GET /releases/v5.9.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: text/css
x-amz-id-2: 5R63sGXcq2LptVgWp1Hbu23fLcn6t7yox4MdVDD4fYkPpwwpE0tP8nap3nE7BUsLxb2kn6BawAQ=
x-amz-request-id: FW5J89H89QA35JM6
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2193553
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=faaW9NgqxZzqbju5Dx5jwdk4zUGQmeXeLg%2BnLb4VtLzBwep8Z6f60%2Ba%2BzcM3kgJL9iYArTDWALGPxC%2BmAkAZm0sxL1SWVLI2kUEgHxlBuoQJnOQTYoIdInBEEUftq2B1YuoPl2gQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 743d976d1e10b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 345c982ec6af16250abc3cfceefc2aca
66711b2640ee505b079e907bbce2233cad0b687c
b3bac8ebd249787713bae59dd97a45da5d9728d2615a91fa9778c3fc20a8f1e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4310
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Last-Modified: Thu, 01 Sep 2022 10:04:13 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Thu, 01 Sep 2022 10:41:12 GMT
expires: Thu, 01 Sep 2022 12:41:12 GMT
cache-control: public, max-age=7200
age: 2091
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1b4a73637dd140aa2a59daa477faa306
7375e688e33e8398841e96d1d8d5a80885a7f744
95be73fc23236be733bc5de76f214a6c9efddf515d7479e1391e95ee1c09441c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 3886a53246a3dfaac5f51aade9081703
3b5d9435d9630584c20a57aac39e497d8eace989
aa1df43802d0b9cd71d4f1beb49efdfe2e6f4665862c2510d90ddeb0ca7453c8
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Ur3gLptfg22CFbN/9uisO08PcxjsubJYNgvYD4JRqN+VKvlfOGaVQLUOLL5kLv4V3yhZMT6MX8oGBVf8Z5AowQ==
content-length: 26683
x-fb-trip-id: 1904183273
date: Thu, 01 Sep 2022 11:16:03 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1623)
Hash 4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 01 Sep 2022 11:16:03 GMT
expires: Thu, 01 Sep 2022 11:16:03 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 345c982ec6af16250abc3cfceefc2aca
66711b2640ee505b079e907bbce2233cad0b687c
b3bac8ebd249787713bae59dd97a45da5d9728d2615a91fa9778c3fc20a8f1e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4310
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Last-Modified: Thu, 01 Sep 2022 10:04:13 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1145866c536ee429cd1062cf67702ce1
7a6539548ef7146a32f8375f0c4b549561ea3f54
d20925f628903a9c88f8cf350448ed265d03e2a7ff24221dda6797501cf58a90
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.starfieldtech.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 1aa7da27b773d254ded01a50b28cec30
6af1e3fba5b644aeb36507ef5f7bd9246416c830
c18690a730f154e4fb76f93440f861622f4e8a73fc07e500fdd90c0cef27a9b0
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 01 Sep 2022 11:16:03 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 01 Sep 2022 08:31:06 GMT
Expires: Fri, 02 Sep 2022 08:31:06 GMT
ETag: "6af1e3fba5b644aeb36507ef5f7bd9246416c830"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1e230d71fac53f0baf663d169fd0ab4b
e6b9eef8b4169298034c58114a94028a16d426e2
bd490fdde2b281ce5559ad22ea4a954037b546adae591950f47c0d37de1125d6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ed0d982177205beee7fe2a874d759219
86649dcfb3b756df526a4ee83445884902a709eb
ad0c07211b6d2c5f157e4f878bfe57ed6d9a094cf3925f3401b6bdd44ee0fce9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-106500592-1&cid=1570946145.1662030964&jid=1860438175&gjid=449284635&_gid=1898542099.1662030964&_u=YGBAgAABAAAAAE~&z=492823044
142.251.1.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-106500592-1&cid=1570946145.1662030964&jid=1860438175&gjid=449284635&_gid=1898542099.1662030964&_u=YGBAgAABAAAAAE~&z=492823044
IP 142.251.1.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-106500592-1&cid=1570946145.1662030964&jid=1860438175&gjid=449284635&_gid=1898542099.1662030964&_u=YGBAgAABAAAAAE~&z=492823044 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.saveday-inc.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Sep 2022 11:16:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/842761054/?random=1662030963615&cv=9&fst=1662030963615&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8t0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&auid=2078061120.1662030963&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.226200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/842761054/?random=1662030963615&cv=9&fst=1662030963615&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8t0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&auid=2078061120.1662030963&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.226:0
File type ASCII text, with very long lines (2254), with no line terminators
Hash f2a43a91e3d958887961f97b4d041f20
87fe5477ca1e33a47d0ffbebb1f9102735bb19d2
e32e2e519a224f7a5bdd91d3fbd2286b7ae3269aea493d5a8a4d2556ca55e01b
GET /pagead/viewthroughconversion/842761054/?random=1662030963615&cv=9&fst=1662030963615&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8t0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&auid=2078061120.1662030963&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Sep 2022 11:16:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1040
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Sep-2022 11:31:03 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1e230d71fac53f0baf663d169fd0ab4b
e6b9eef8b4169298034c58114a94028a16d426e2
bd490fdde2b281ce5559ad22ea4a954037b546adae591950f47c0d37de1125d6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ed0d982177205beee7fe2a874d759219
86649dcfb3b756df526a4ee83445884902a709eb
ad0c07211b6d2c5f157e4f878bfe57ed6d9a094cf3925f3401b6bdd44ee0fce9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a903e9e44a7d33edea89855b8eb81cc0
7de6f45551976c234c93be2a4966c5ee7832e4ea
e622e37b64b87dc7c04e43c424a030a9d09be1e77066d4b22d57743e91007d57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/842761054/?random=1662030963615&cv=9&fst=1662030000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&async=1&fmt=3&is_vtc=1&random=3879187817&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/842761054/?random=1662030963615&cv=9&fst=1662030000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&async=1&fmt=3&is_vtc=1&random=3879187817&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/842761054/?random=1662030963615&cv=9&fst=1662030000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&tiba=SaveDay&async=1&fmt=3&is_vtc=1&random=3879187817&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Sep 2022 11:16:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a903e9e44a7d33edea89855b8eb81cc0
7de6f45551976c234c93be2a4966c5ee7832e4ea
e622e37b64b87dc7c04e43c424a030a9d09be1e77066d4b22d57743e91007d57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 11:16:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=1954455964797727&ev=PageView&dl=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&rl=&if=false&ts=1662030963948&sw=1280&sh=1024&v=2.9.78&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662030963947.1761649430&it=1662030963609&coo=false&rqm=GET
31.13.72.36200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=1954455964797727&ev=PageView&dl=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&rl=&if=false&ts=1662030963948&sw=1280&sh=1024&v=2.9.78&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662030963947.1761649430&it=1662030963609&coo=false&rqm=GET
IP 31.13.72.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=1954455964797727&ev=PageView&dl=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637&rl=&if=false&ts=1662030963948&sw=1280&sh=1024&v=2.9.78&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1662030963947.1761649430&it=1662030963609&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Thu, 01 Sep 2022 11:16:04 GMT
expires: Thu, 01 Sep 2022 11:16:04 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9809
Expires: Thu, 01 Sep 2022 13:59:33 GMT
Date: Thu, 01 Sep 2022 11:16:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9809
Expires: Thu, 01 Sep 2022 13:59:33 GMT
Date: Thu, 01 Sep 2022 11:16:04 GMT
Connection: keep-alive
app.clickfunnels.com/mailcheck.min.js
104.16.14.194200 OK 1.6 kB URL HTTP/2 app.clickfunnels.com/mailcheck.min.js
IP 104.16.14.194:0
File type C source, ASCII text, with very long lines (525)
Hash 2c603dcc3c6d8835064b56e074b1a07b
4ff8c777312613311eeeb9ac84f172d138f14482
a484ef588cb69c43b82110036bbebea07678a762d5ce528fd4e70610b9d30986
GET /mailcheck.min.js HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: application/x-javascript
cf-ray: 743d976d4ba10b02-OSL
access-control-allow-origin: *
age: 1667
etag: W/"630e9cfc-a8d"
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
set-cookie: __cf_bm=4JeIE8tE52QcJ96xed7KRuzaKOPJt16UfBLD3_3EkN4-1662030962-0-AdCMlmVLHmTsQHjdvYuwWBkcXJGK12yECTMyfLYantUoje/g0J9ZeJVEwKrpxl66ytFOTBRAnIVRLr1kWmc7tP7cXYIU8h26hAK5Er9JYwc8; path=/; expires=Thu, 01-Sep-22 11:46:02 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9809
Expires: Thu, 01 Sep 2022 13:59:33 GMT
Date: Thu, 01 Sep 2022 11:16:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4a31025-b077-4937-93a3-a0669697b0ee.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4a31025-b077-4937-93a3-a0669697b0ee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 043263cdba253c3eb4bfa33c95e8ca21
6d814e56d87e2579e51139759fa7dfb8195a6529
9c7cf679c9a6a0d0a2c75a85b13d8407a5e0fe2448d73fced51b45a3e701e9c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4a31025-b077-4937-93a3-a0669697b0ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8044
x-amzn-requestid: 8ea16c8b-f0aa-4ce9-a99d-8e59c51ffb8d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3j7Ge9IAMFQBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2e5-6762d09b569221944f9b7870;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tZWKpWZnFUVhefoWK-AwAYKOsmAcMhTmPXEyWp0BJPKfhgooGpI6xQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:47:20 GMT
age: 48524
etag: "6d814e56d87e2579e51139759fa7dfb8195a6529"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff48464b4-ee99-46c1-8a3e-aa01e1b670f8.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff48464b4-ee99-46c1-8a3e-aa01e1b670f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 494ba0180ab4b2b80ca11aeb67ae69ab
2082e9f809e97bbcaf6ff11846398aca472f9f0f
c6a707e79315677912fa7cf6ab592abf4377aa76e51ae5149d4bae7e663d6801
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff48464b4-ee99-46c1-8a3e-aa01e1b670f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11031
x-amzn-requestid: bd49a4c9-205b-4553-90a3-308ebc6be818
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv4hOHzVoAMFl8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd46e-783de8c2461d7cb9167f734e;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mDad6prX28HjnDw7hq0B9vE_BaX9qqrjaOo7A46jhu2S505prB5SJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:37:11 GMT
age: 49133
etag: "2082e9f809e97bbcaf6ff11846398aca472f9f0f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F761bec2c-917c-4d76-b30f-d952432e80ae.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F761bec2c-917c-4d76-b30f-d952432e80ae.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f6f2d3a00d6d7da233136a2f97288438
db7ad928f5cb3478e16a4827aa1324d5f0441aee
e52e34961bd591a719e421a2c42681ae4e7f53162e708c0e1cd23a032b8c1461
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F761bec2c-917c-4d76-b30f-d952432e80ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8243
x-amzn-requestid: cf7ca552-b255-4629-8115-9dd951f9c4c0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3i4EKBoAMFxPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2df-38f269ff114135be10791fd7;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4gctfV7TlofTF8DzNbjpedJURjS8oVCK3QDciVxHoCaXPLBj1i-bVw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:37:31 GMT
etag: "db7ad928f5cb3478e16a4827aa1324d5f0441aee"
content-type: image/jpeg
age: 49113
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
34.120.237.76200 OK 17 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12756903aaa74164feb5f8525398ca36
9fef9b071daea6793cbbdfe391254ac4326b1aa2
6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16818
x-amzn-requestid: fa921878-2054-453b-b313-681cdd9c9068
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj-Z_HUNIAMFltg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b110c-053ce81943fea70c2de7daa0;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 06:54:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 69fDjN-ZeYA8RVO_WGTY1KQHZ1t3PNdWIwq3ax1e1wKmuPODyGCMcQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 14:46:29 GMT
age: 73775
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfd1bafb-f92b-46dc-9f17-4df493cefb83.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfd1bafb-f92b-46dc-9f17-4df493cefb83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ac4d5b101c9dc6a6f7e4bf252bfa9ca7
b844f3dcb14a2995644312406a80842e3f02a114
e81f08ce6d9c7670f6e291f3d6a674b624386bd550d5c364264c3ff8fb7c797a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfd1bafb-f92b-46dc-9f17-4df493cefb83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10137
x-amzn-requestid: 7d5f19c4-7c9b-4aad-928c-bb44da795f1f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XaISzFY1IAMF-zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630720de-0ea5331041f0167a196f9820;Sampled=0
x-amzn-remapped-date: Thu, 25 Aug 2022 07:12:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qYh5Pc0cx8--7rIjlMt8IhDKNDMnZEpC_7xfNBIJxWllyLcG9Eh6xg==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 04:34:41 GMT
age: 24083
etag: "b844f3dcb14a2995644312406a80842e3f02a114"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bffab86-e623-4ccd-9297-981c9dc6e4cd.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bffab86-e623-4ccd-9297-981c9dc6e4cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0f6c541f6335bb709d2270147bd5aed
b691ef5e7a302e2678302818130a9637c3efbe3a
e63922331a4463519e6df77ae7a1ad3316a36e54dd03c00ff6b119ee3fa684c5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bffab86-e623-4ccd-9297-981c9dc6e4cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 79dc68ea-ea2e-4eab-bab9-1c89b0a955a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjMSvHJ-oAMF6Jw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ac0de-2370cf5363d5f308121f0ca4;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 01:11:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qAEve6mBQ9a1hr2fBR8xq42pxeG9Kjn4yWaMr4z4On46QC9R1K91pw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 14:58:03 GMT
age: 73081
etag: "b691ef5e7a302e2678302818130a9637c3efbe3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-1216.min.js
151.101.86.137200 OK 14 kB URL HTTP/2 js-agent.newrelic.com/nr-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32022)
Hash b7c09cc097b2847f9edc784adba62dcb
5aa648623cf5e3b4b215fe5d068a7904c59f2925
6da450b6a3ba53bdab36f6529e987a245cdfca9a37b77790f06dfd8d5797bdaa
GET /nr-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Vf9xsFZHH0UI6bmTnW+KeBzegICGOxvtMLIWtbljNKoJtdkUEk/MfmbYPFui+bgtiUf/4lC5dk8=
x-amz-request-id: 4AV5AVKCCR961CNG
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Sep 2022 11:16:06 GMT
via: 1.1 varnish
x-served-by: cache-bma1672-BMA
x-cache: HIT
x-cache-hits: 5307
x-timer: S1662030966.370046,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 14391
X-Firefox-Spdy: h2
bam.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1216.487a282&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=4551&ck=1&ref=https://www.saveday-inc.net/optin1638821352637&ap=496&be=630&fe=4306&dc=1267&perf=%7B%22timing%22:%7B%22of%22:1662030961880,%22n%22:0,%22f%22:435,%22dn%22:443,%22dne%22:443,%22c%22:444,%22s%22:447,%22ce%22:461,%22rq%22:462,%22rp%22:600,%22rpe%22:604,%22dl%22:609,%22di%22:1239,%22ds%22:1266,%22de%22:1379,%22dc%22:4305,%22l%22:4305,%22le%22:4416%7D,%22navigation%22:%7B%7D%7D&fcp=999&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1216.487a282&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=4551&ck=1&ref=https://www.saveday-inc.net/optin1638821352637&ap=496&be=630&fe=4306&dc=1267&perf=%7B%22timing%22:%7B%22of%22:1662030961880,%22n%22:0,%22f%22:435,%22dn%22:443,%22dne%22:443,%22c%22:444,%22s%22:447,%22ce%22:461,%22rq%22:462,%22rp%22:600,%22rpe%22:604,%22dl%22:609,%22di%22:1239,%22ds%22:1266,%22de%22:1379,%22dc%22:4305,%22l%22:4305,%22le%22:4416%7D,%22navigation%22:%7B%7D%7D&fcp=999&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-fc902efb332119fff33?a=367981416&v=1216.487a282&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=4551&ck=1&ref=https://www.saveday-inc.net/optin1638821352637&ap=496&be=630&fe=4306&dc=1267&perf=%7B%22timing%22:%7B%22of%22:1662030961880,%22n%22:0,%22f%22:435,%22dn%22:443,%22dne%22:443,%22c%22:444,%22s%22:447,%22ce%22:461,%22rq%22:462,%22rp%22:600,%22rpe%22:604,%22dl%22:609,%22di%22:1239,%22ds%22:1266,%22de%22:1379,%22dc%22:4305,%22l%22:4305,%22le%22:4416%7D,%22navigation%22:%7B%7D%7D&fcp=999&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 11:16:06 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 743d97851b4cb529-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=914b42da07b73ccc; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
app.clickfunnels.com/userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::PageviewsCreatedSummary&nonce=a7b51d15-eb74-4341-a296-0a7bbb2fc6e8&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
104.16.14.194202 Accepted 0 B URL HTTP/2 app.clickfunnels.com/userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::PageviewsCreatedSummary&nonce=a7b51d15-eb74-4341-a296-0a7bbb2fc6e8&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
IP 104.16.14.194:0
GET /userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::PageviewsCreatedSummary&nonce=a7b51d15-eb74-4341-a296-0a7bbb2fc6e8&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637 HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 202 Accepted
date: Thu, 01 Sep 2022 11:16:03 GMT
content-type: text/html
cf-ray: 743d97708f2a0b02-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 50dc18d492937ad0b1125d90454ce656
x-runtime: 0.041022
set-cookie: __cf_bm=43NpW5pBndr92UKhPbaZlqn2XDGWbb3cFRmVtAAZa_c-1662030963-0-AXtG3CAOU8Fe5+mTGpcW/W0hPOnu8zSi1TKAJ1MZKYSUsldt01fAMun1gKVkmcyy71fkahSXHe3BcAXSPJEimmhzdIu6ZPIQu3OoTxQrHzdZ; path=/; expires=Thu, 01-Sep-22 11:46:03 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
172.67.169.247200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
IP 172.67.169.247:0
GET /releases/v5.9.0/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: text/css
x-amz-id-2: 29dQf2WVNOHot5Ay8pBeGC9Jp0pul03AFXB61uD4zFysCnT6qW6VHySxi6MC8oLZjApsDY/NPq0=
x-amz-request-id: B6FTANBTWNEFCW5M
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
etag: W/"e140a7d32f343530f016095df3cc2ae4"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2115149
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxIPmOsgqsWxLmZvvGo9L5u6giySXfY0KuEhaK3V73YtVdmiYWjGupGZAlwNSaLC6GFhPx9S6m89rb56jNDeZhPTUE6GhLg5a%2BjnCQmtCPEPEhsH6rHrfzVeyasHSDrfG8EFxV8j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 743d976d1e13b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.saveday-inc.net/assets/lander.js
104.16.16.194200 OK 0 B URL HTTP/2 www.saveday-inc.net/assets/lander.js
IP 104.16.16.194:0
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/lander.js HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: application/x-javascript
cf-ray: 743d976cf92eb529-OSL
access-control-allow-origin: *
age: 782
cache-control: public, max-age=1200
etag: W/"630e9d40-238fd1"
expires: Thu, 01 Sep 2022 11:36:02 GMT
last-modified: Tue, 30 Aug 2022 23:29:04 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
prospectrmktg.com/1410/st46?s=X33W9DWW-9EX0-C65Y-9638-F1E0E32WD83A&p=https%3A//www.saveday-inc.net/optin1638821352637&r=
199.103.4.90200 OK 0 B URL HTTP/1.1 prospectrmktg.com/1410/st46?s=X33W9DWW-9EX0-C65Y-9638-F1E0E32WD83A&p=https%3A//www.saveday-inc.net/optin1638821352637&r=
IP 199.103.4.90:0
ASN #22663 PROMINIC-NET-INC
GET /1410/st46?s=X33W9DWW-9EX0-C65Y-9638-F1E0E32WD83A&p=https%3A//www.saveday-inc.net/optin1638821352637&r= HTTP/1.1
Host: prospectrmktg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 11:16:07 GMT
Connection: close
Content-Type: image/png
Strict-Transport-Security: max-age=604800
www.saveday-inc.net/cdn-cgi/rum?
104.16.16.194200 OK 0 B URL HTTP/2 www.saveday-inc.net/cdn-cgi/rum?
IP 104.16.16.194:0
Analyzer Verdict Alert quad9 Sinkholed
POST /cdn-cgi/rum? HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 431
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTIwOTg4ODA=:visited=true; cf:visitor_id=431bda82-6c56-4f1f-aedf-2f6826dfdc91; addevent_track_cookie=d4b7c6fb-5459-44a8-4031-327a3ab66bf0; _gcl_au=1.1.2078061120.1662030963; _ga=GA1.2.1570946145.1662030964; _gid=GA1.2.1898542099.1662030964; _dc_gtm_UA-106500592-1=1; _fbp=fb.1.1662030963947.1761649430; is_eu=false; puj70qegsxmgi00v=true; 11661049_viewed_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:11 GMT
content-type: text/plain
access-control-allow-origin: https://www.saveday-inc.net
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 743d97a18a79b529-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
www.saveday-inc.net/assets/pushcrew.js
104.16.16.194200 OK 0 B URL HTTP/2 www.saveday-inc.net/assets/pushcrew.js
IP 104.16.16.194:0
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/pushcrew.js HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: application/x-javascript
cf-ray: 743d976d0943b529-OSL
access-control-allow-origin: *
age: 546
cache-control: public, max-age=1200
etag: W/"630e9cfb-27d"
expires: Thu, 01 Sep 2022 11:36:02 GMT
last-modified: Tue, 30 Aug 2022 23:27:55 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
app.clickfunnels.com/images/closemodal.png
104.16.14.194200 OK 0 B URL HTTP/2 app.clickfunnels.com/images/closemodal.png
IP 104.16.14.194:0
GET /images/closemodal.png HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: image/webp
cf-ray: 743d976d4ba20b02-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 60624
cache-control: public, max-age=2678400
content-disposition: inline; filename="closemodal.webp"
etag: "630e9cfc-314"
expires: Sun, 02 Oct 2022 11:16:02 GMT
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept, Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=788
set-cookie: __cf_bm=6UzkWJNvEiH1iyr3rZ0KMbvcT6oz6oeDaOKm5QYqfjY-1662030962-0-AVfNmydMLnxiSRzQtEdiGCT2xSjLaFGYlFaBYmVVyR2xe7msl80IP1IE1OcdjBTrTNAC5bT+Jm/+BbbaZ47IyL9TrJvszbzTIvc9Hb6IkEhV; path=/; expires=Thu, 01-Sep-22 11:46:02 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/cdn-cgi/rum?
104.16.16.194200 OK 0 B URL HTTP/2 www.saveday-inc.net/cdn-cgi/rum?
IP 104.16.16.194:0
Analyzer Verdict Alert quad9 Sinkholed
POST /cdn-cgi/rum? HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 16708
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTIwOTg4ODA=:visited=true; cf:visitor_id=431bda82-6c56-4f1f-aedf-2f6826dfdc91; addevent_track_cookie=d4b7c6fb-5459-44a8-4031-327a3ab66bf0; _gcl_au=1.1.2078061120.1662030963; _ga=GA1.2.1570946145.1662030964; _gid=GA1.2.1898542099.1662030964; _dc_gtm_UA-106500592-1=1; _fbp=fb.1.1662030963947.1761649430
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:06 GMT
content-type: text/plain
access-control-allow-origin: https://www.saveday-inc.net
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 743d97845a50b529-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
172.64.156.26200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 172.64.156.26:0
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 743d976d5a9b0b65-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
app.clickfunnels.com/userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniqueVisitorsCreatedSummary&nonce=726c224e-7a78-4897-b932-c8ab72a7af41&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
104.16.14.194202 Accepted 0 B URL HTTP/2 app.clickfunnels.com/userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniqueVisitorsCreatedSummary&nonce=726c224e-7a78-4897-b932-c8ab72a7af41&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
IP 104.16.14.194:0
GET /userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniqueVisitorsCreatedSummary&nonce=726c224e-7a78-4897-b932-c8ab72a7af41&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637 HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 202 Accepted
date: Thu, 01 Sep 2022 11:16:03 GMT
content-type: text/html
cf-ray: 743d97709f330b02-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: c897333820adf04d317e991740ee03a6
x-runtime: 0.035976
set-cookie: __cf_bm=6rAFLiDX1k_uIsTYuOWoT.rJ953DJl6LZ5W.DvS4mbY-1662030963-0-AcTEtmslc7SmtCw/vzJDozM9yhb5rHKHkXwOYamZEmsCphPjvSa/JHZCLvBuy63kZ+Kk5RrHnKXx3D0gP9oAE2bNazQgqVBhJCokye+5VLwA; path=/; expires=Thu, 01-Sep-22 11:46:03 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
app.clickfunnels.com/userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniquePageviewsCreatedSummary&nonce=1452e5fc-4b9e-42bb-bdbd-761d5b9a9ead&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
104.16.14.194202 Accepted 0 B URL HTTP/2 app.clickfunnels.com/userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniquePageviewsCreatedSummary&nonce=1452e5fc-4b9e-42bb-bdbd-761d5b9a9ead&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637
IP 104.16.14.194:0
GET /userevents/?funnel_id=TERuLzlMT1QyUmI2cjl6Z2dmZGpRdz09LS0yU09hdVpNTlhWUkVwVnRZRkozRVpRPT0%3D--f8d9c12fd70f7382ad04147506224e188f8d67d9&page_id=ZURDMEF1VEdnK29jY1ZnM3lLZGJBUT09LS1Nc2x6YkhxTEk4TlY3RXlpZlBMM0Z3PT0%3D--540424eab81e55586376c7ede8b78065b59557c1&funnel_step_id=dFMxNStYQ1lnNmFEbE9jZkxlUGpjZz09LS1KdGQ1V244dExTSDQ5TG9UK0JhNGZnPT0%3D--a7bbb107fd353a7d3ed15d79f62491b19266ef83&user_id=MThHRmdSNXYvR3YvVy9zeENKTzZlZz09LS1UNmJ1RkZ3ZU1qamo1TkYxd285RHRnPT0%3D--60a5a656a5aa3e8c8000061a647bf3f7b4290bcb&account_id=MnRualZFVHBndlU0VEtJelJzQU5XUT09LS02bGx2czdQYmphL2pWTGRuQ0IySlV3PT0%3D--098aa40c0a1cf7f3fb301d9f6a197c070efd50be&page_code=NTIwOTg4ODA%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniquePageviewsCreatedSummary&nonce=1452e5fc-4b9e-42bb-bdbd-761d5b9a9ead&url=https%3A%2F%2Fwww.saveday-inc.net%2Foptin1638821352637 HTTP/1.1
Host: app.clickfunnels.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.saveday-inc.net
Connection: keep-alive
Referer: https://www.saveday-inc.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 202 Accepted
date: Thu, 01 Sep 2022 11:16:03 GMT
content-type: text/html
cf-ray: 743d97708f300b02-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 19c0f2aea9ea77d734e2e749473d4a7f
x-runtime: 0.037292
set-cookie: __cf_bm=0ZEB8Y1exSdiNdlvm2lM1z1lKas1.Q70aSXJDxZ4_Uw-1662030963-0-ASXE7zwEGwNW5wljcCpg5IE9vwZrQ/AJbD4xuWH5fne1lPNNGjaS6Z1BSRhiheKsFMBwTPfgFa+zC1QGmNBNzav/QPglVh1HeftMiU9i1FNB; path=/; expires=Thu, 01-Sep-22 11:46:03 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
www.saveday-inc.net/images/background.png?_unique=0.521692029812692&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.saveday-inc.net/optin1638821352637&_title=SaveDay&_key=fq1volzp&_page_key=puj70qegsxmgi00v&_fid=11661049&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.saveday-inc.net/optin1638821352637&_referrer=
104.16.16.194200 OK 0 B URL HTTP/2 www.saveday-inc.net/images/background.png?_unique=0.521692029812692&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.saveday-inc.net/optin1638821352637&_title=SaveDay&_key=fq1volzp&_page_key=puj70qegsxmgi00v&_fid=11661049&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.saveday-inc.net/optin1638821352637&_referrer=
IP 104.16.16.194:0
Analyzer Verdict Alert quad9 Sinkholed
GET /images/background.png?_unique=0.521692029812692&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.saveday-inc.net/optin1638821352637&_title=SaveDay&_key=fq1volzp&_page_key=puj70qegsxmgi00v&_fid=11661049&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.saveday-inc.net/optin1638821352637&_referrer= HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTIwOTg4ODA=:visited=true; cf:visitor_id=431bda82-6c56-4f1f-aedf-2f6826dfdc91; addevent_track_cookie=d4b7c6fb-5459-44a8-4031-327a3ab66bf0; _gcl_au=1.1.2078061120.1662030963; _ga=GA1.2.1570946145.1662030964; _gid=GA1.2.1898542099.1662030964; _dc_gtm_UA-106500592-1=1; _fbp=fb.1.1662030963947.1761649430
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:06 GMT
content-type: text/javascript; charset=utf-8
cf-ray: 743d9783994fb529-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store, private
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
status: 200 OK
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 296b5ab76ec67f7409695455964c589f
x-runtime: 0.018122
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.saveday-inc.net/vendor.js
104.16.16.194200 OK 0 B URL HTTP/2 www.saveday-inc.net/vendor.js
IP 104.16.16.194:0
Analyzer Verdict Alert quad9 Sinkholed
GET /vendor.js HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:03 GMT
content-type: application/javascript
cf-ray: 743d97705d83b529-OSL
access-control-allow-origin: *
cache-control: max-age=900, public
etag: W/"7422e50efbaea439fda7ef3b0eb54ee1"
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: REVALIDATED
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
status: 200 OK
x-content-digest: 581e49c9b7bdd06dab54c00931f4256b223e620e
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss, store
x-request-id: 8159298b09fbce3ec5ae1259a6511998
x-runtime: 0.016483
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.saveday-inc.net/assets/userevents/application.js
104.16.16.194200 OK 0 B URL HTTP/2 www.saveday-inc.net/assets/userevents/application.js
IP 104.16.16.194:0
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/userevents/application.js HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:02 GMT
content-type: application/x-javascript
cf-ray: 743d976ce8f1b529-OSL
access-control-allow-origin: *
age: 858
cache-control: public, max-age=1200
etag: W/"630e9cfc-1353"
expires: Thu, 01 Sep 2022 11:36:02 GMT
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=XRaHgq_h9ghv1i.nkqkVT8VM0y_GE3AxNxAJ43yB11M-1662030962-0-ARpkby0gmHANq2l5PMx5B-apnKt-yVBfTnS4EiZO2vA7SSxon52y8Xm-V9eXGOyzVVFb6qLq0bSfOaj9jirtp4luH1iSDD7D3mdKPBFA72FS"}],"group":"cf-csp-endpoint","max_age":86400}
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=XRaHgq_h9ghv1i.nkqkVT8VM0y_GE3AxNxAJ43yB11M-1662030962-0-ARpkby0gmHANq2l5PMx5B-apnKt-yVBfTnS4EiZO2vA7SSxon52y8Xm-V9eXGOyzVVFb6qLq0bSfOaj9jirtp4luH1iSDD7D3mdKPBFA72FS; report-to cf-csp-endpoint
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.saveday-inc.net/favicon.ico
104.16.16.194200 OK 0 B URL HTTP/2 www.saveday-inc.net/favicon.ico
IP 104.16.16.194:0
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.saveday-inc.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.saveday-inc.net/optin1638821352637
Cookie: __cf_bm=YLJZ3i9vh3W32lAo54yZZ5SyYrCkbMpu.LYvoZvth20-1662030962-0-AaxCifhlBnI1MoWCeCgDMwKze+/Cxq9/tuPf22I/LNNZ3VQn882og+0nZnqToDB8eFlW/g9+pjleSfPoTGLKm2Pz5byyuoRbrTiWz81CPLJi; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTIwOTg4ODA=:visited=true; cf:visitor_id=431bda82-6c56-4f1f-aedf-2f6826dfdc91; addevent_track_cookie=d4b7c6fb-5459-44a8-4031-327a3ab66bf0; _gcl_au=1.1.2078061120.1662030963
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Sep 2022 11:16:03 GMT
content-type: image/x-icon
cf-ray: 743d9772b928b529-OSL
access-control-allow-origin: *
etag: W/"630e9cfc-3aee"
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: EXPIRED
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2