newsmartphoneoffer.com/mrs_uk_s
185.128.34.116302 Found 169 B URL HTTP/1.1 newsmartphoneoffer.com/mrs_uk_s
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 3a924587a03eb36516ba715c384e5267
a05c222768c2b7049ea9d8a745c582438b748ea3
7b1c95f117802a1767416994cc254fdfd7d2a105b58f25de5f9bd3f4660718cc
Analyzer Verdict Alert fortinet Phishing
GET /mrs_uk_s HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Connection: close
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: https://newsmartphoneoffer.com/mrs_uk_s
Content-Length: 169
firefox.settings.services.mozilla.com/v1/
54.230.111.118200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 3f17af4e8a1739eda4a518039f4892f9
c3feba08ae7e8f57e0fe9bcd2ebedea6bda67cbb
c485b09cad08b5233fe8753682faf59219fe0d18fcc34d90dc88fb0971295f5f
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 09 Oct 2022 21:48:07 GMT
Expires: Sun, 09 Oct 2022 22:25:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TSqN6mqlprws7nrwJmVoxZLDaux-o6JMACZLkfki271T8iq284CAhA==
Age: 3496
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf768e41672570b0a4a9fe86045915fc
2249064a86b2ba11e28208b9fba1c9f1db4f3e9e
a049499f78078df12f4d1c5180f1f36715a5c99db4f31c18ee06bcf0b6382b30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A049499F78078DF12F4D1C5180F1F36715A5C99DB4F31C18EE06BCF0B6382B30"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4117
Expires: Sun, 09 Oct 2022 23:55:00 GMT
Date: Sun, 09 Oct 2022 22:46:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d0ffae9abfdf558a6286013a0201c8b
2dc8ea0000a1b0c0f849611fdd73429bca51bfad
8e19eab9b6d16819f9ef3920971542cbcf5dd18280617e2de1a3827f0c149398
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E19EAB9B6D16819F9EF3920971542CBCF5DD18280617E2DE1A3827F0C149398"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15186
Expires: Mon, 10 Oct 2022 02:59:30 GMT
Date: Sun, 09 Oct 2022 22:46:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Fi2vd5P7spPVhQMw5TNG+WSlqkgYiQlOKuNgdzs22Du3pJMiK1zMAd4FbewXsc5yvXEQazNlC9c=
x-amz-request-id: QDJ9NPVE183EKYDW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 09 Oct 2022 22:32:14 GMT
age: 850
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 09 Oct 2022 22:46:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6ddcc2b9b647ec4b6c1c59fcc3892e30
3c1665b2efe433f0cbb9005a306fea2bbf13e334
345858f8938609a656bd549a74554d9d84a561d1760186566313292346b3278a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "345858F8938609A656BD549A74554D9D84A561D1760186566313292346B3278A"
Last-Modified: Sun, 09 Oct 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21550
Expires: Mon, 10 Oct 2022 04:45:34 GMT
Date: Sun, 09 Oct 2022 22:46:24 GMT
Connection: keep-alive
newsmartphoneoffer.com/mrs_uk_s
185.128.34.116200 OK 22 kB URL HTTP/1.1 newsmartphoneoffer.com/mrs_uk_s
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (27136)
Hash 1aeccf56413f2e14f5af6a712f44dfe3
42b82ad5d56d52b5903df693144fc926cc8331e2
af3ac6d10a8fad0711d298e0419aea45cd3063760a67071dbab95934b532f565
Analyzer Verdict Alert fortinet Phishing
GET /mrs_uk_s HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Sun, 09 Oct 2022 22:46:24 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; expires=Sun, 09-Oct-2022 23:46:24 GMT; Max-Age=3600; path=/
cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D; expires=Sun, 09-Oct-2022 23:46:24 GMT; Max-Age=3600; path=/; httponly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/styles/main.min.css
185.128.34.116200 OK 1.5 kB URL HTTP/1.1 newsmartphoneoffer.com/styles/main.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (7292)
Hash 7e976ab25ce0cdba109ccf316add43f2
451128b9768b2b3356afdbc7b92b9ec7b4a79dc8
2b9d6fe51d6f1b50e777301cba99b4646860726140c4945cbb17ac314c9ae87e
GET /styles/main.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: text/css
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e925d-1c7d"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/templates/supermarket/blocks-optin/styles/main.min.css
185.128.34.116200 OK 13 kB URL HTTP/1.1 newsmartphoneoffer.com/templates/supermarket/blocks-optin/styles/main.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (65536), with no line terminators
Hash aff624de9922529cbde2d5be450a3089
1fdd4c78a44671245d0da9872d5153295ad0f751
63acec51dbd3677d2c6c178cc67a9afefbec184fe536f1e2ff546e2f30ec7a83
GET /templates/supermarket/blocks-optin/styles/main.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: text/css
Last-Modified: Thu, 03 Jun 2021 07:45:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60b88888-1c36e"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
code.jquery.com/jquery-3.3.1.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-3.3.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65451)
Hash d549b312f7a7d228b4ec229a6547dfdc
0766794582ad530ec0f8c2595f741086afffa312
f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:24 GMT
content-encoding: gzip
content-length: 30288
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1538f"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1665355584.dop015.sk1.t,1665355584.cds253.sk1.hn,1665355584.cds072.sk1.c
X-Firefox-Spdy: h2
newsmartphoneoffer.com/campaigns/945/scripts/script.min.js
185.128.34.116200 OK 50 B URL HTTP/1.1 newsmartphoneoffer.com/campaigns/945/scripts/script.min.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with no line terminators
Hash dca7db85e2838778c781ee8af1cb27fb
ea2f207634986e06ba811b8ec999c1a7e5209589
13f2a229574f5a2b0ede0f796cf180d9a1babaae1f043cafbcc52b03e4f3f2b6
Analyzer Verdict Alert fortinet Phishing
GET /campaigns/945/scripts/script.min.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 03 Jun 2021 07:42:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60b887ff-20"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.118200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 09 Oct 2022 22:29:41 GMT
Expires: Sun, 09 Oct 2022 23:29:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NMvRWwul5S8tQ6lGtNif_HtYj6LDvV_VPQQ6qD1AdX12bv-BQc_kEw==
Age: 1003
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 43141c37657b2dc617dc65bfe97a865c
df200056afa06387a505aac1d8098c6675356ba9
e9e99ad50877b82025b812718da985f84e52654af4b62244ca3a162c2da17cc4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
djjcyqvteia9v.cloudfront.net/EHawkTalon.js
54.230.245.77200 OK 44 kB URL HTTP/2 djjcyqvteia9v.cloudfront.net/EHawkTalon.js
IP 54.230.245.77:0
File type Unicode text, UTF-8 text, with very long lines (31985)
Hash 94e7b422e861ef1c968c81a21965c22d
148f6107b034ea6275f48c8512b5387d183779db
54234f4ebe24f0a0058c5a4301ba3356fa0e138d3adfa12cac7b144667da104d
GET /EHawkTalon.js HTTP/1.1
Host: djjcyqvteia9v.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 44465
date: Tue, 04 Oct 2022 12:27:24 GMT
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Wed, 29 Jul 2020 14:14:29 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 03 Nov 2022 12:27:24 GMT
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Skx-ZJmrqvzGzDWUf7iQhgLRfjN8uLMBb3Bqi6QOwGgGoN_sdeb7jg==
age: 469140
X-Firefox-Spdy: h2
newsmartphoneoffer.com/vendor/select2/select2.min.css
185.128.34.116200 OK 2.2 kB URL HTTP/1.1 newsmartphoneoffer.com/vendor/select2/select2.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (16263)
Hash bd3ea59ca12635e32402ec20cb196249
b1bfdaba4a00c2932245ff9eabea38016f9c9069
b99f8f79de257275fdbf6a8e0eb4652b0d69429552234b1f444c08ae85000341
GET /vendor/select2/select2.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: text/css
Last-Modified: Thu, 06 Oct 2022 08:35:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e9344-3f88"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/templates/supermarket/blocks-optin/scripts/script.min.js
185.128.34.116200 OK 4.4 kB URL HTTP/1.1 newsmartphoneoffer.com/templates/supermarket/blocks-optin/scripts/script.min.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (17270), with no line terminators
Hash c87b1269b8fa25f155cd417e9b0b0bd6
e7f8a90a60f968d928ae1cf52bbbd7e18a1a982f
c4aac95525f575884cb240f6ec1361ef6bb3a9eeb02863bd8b7ce2f45e6a048d
Analyzer Verdict Alert fortinet Phishing
GET /templates/supermarket/blocks-optin/scripts/script.min.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 03 Jun 2021 07:45:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60b88888-4376"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/campaigns/945/styles/campaign.min.css
185.128.34.116200 OK 4.3 kB URL HTTP/1.1 newsmartphoneoffer.com/campaigns/945/styles/campaign.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (41367)
Hash e822065c5e4056390283aef9bf185a8e
12f740ee2c264cc3a859650ae5d4d16f520a341e
f331c67e473ac1edbacefb124c7b475a510ddcdf34c029f338f9076a140fe938
GET /campaigns/945/styles/campaign.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: text/css
Last-Modified: Thu, 03 Jun 2021 07:42:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60b887ff-a198"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b80398e65c98d84250756256d31eed2d
3cc23d1d91745ddd04ee676f51762f37c0bcdbd3
f2cb6fda3fdbd8f04d380e7841875d322353864124bb5b25ce36fb327a2bfded
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-129693020-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-129693020-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash 881e6e9e6e9cc3f21e01181655d9df62
58626bfe5193e058bb7907fa849b6a4c1966a4c4
03af7f1ffbad2274dbd49dba9cb67c4831f20a5665dce41ed78484c630b089aa
GET /gtag/js?id=UA-129693020-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 09 Oct 2022 22:46:24 GMT
expires: Sun, 09 Oct 2022 22:46:24 GMT
cache-control: private, max-age=900
last-modified: Sun, 09 Oct 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42350
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 43141c37657b2dc617dc65bfe97a865c
df200056afa06387a505aac1d8098c6675356ba9
e9e99ad50877b82025b812718da985f84e52654af4b62244ca3a162c2da17cc4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newsmartphoneoffer.com/campaigns/945/images/info.png
185.128.34.116200 OK 190 B URL HTTP/1.1 newsmartphoneoffer.com/campaigns/945/images/info.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash a6fcca3a44b2c2f3c08267e2b3888cd3
3d65be60a6e83b33eacdbfa204fab326daa86e1d
4a799725b5c11a9f800721bd0b7307adb52e2adce219c69c66c69a0d6327d383
GET /campaigns/945/images/info.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: image/png
Content-Length: 190
Last-Modified: Thu, 03 Jun 2021 07:42:55 GMT
Connection: keep-alive
ETag: "60b887ff-be"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/templates/supermarket/blocks-optin/images/privacy_img.png
185.128.34.116200 OK 6.6 kB URL HTTP/1.1 newsmartphoneoffer.com/templates/supermarket/blocks-optin/images/privacy_img.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 130 x 130, 8-bit colormap, non-interlaced\012- data
Hash 18d7bc31d40e63b3dd7c886c8bc1f5c2
419d4868455728ae20149170066c6b707de0df5a
13f9001dbfe4dfc8be808e3c382c47172604b1eb540db94e9221a13b7841272f
GET /templates/supermarket/blocks-optin/images/privacy_img.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: image/png
Content-Length: 6553
Last-Modified: Thu, 03 Jun 2021 07:45:12 GMT
Connection: keep-alive
ETag: "60b88888-1999"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b80398e65c98d84250756256d31eed2d
3cc23d1d91745ddd04ee676f51762f37c0bcdbd3
f2cb6fda3fdbd8f04d380e7841875d322353864124bb5b25ce36fb327a2bfded
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newsmartphoneoffer.com/campaigns/945/images/logo_img.png
185.128.34.116200 OK 46 kB URL HTTP/1.1 newsmartphoneoffer.com/campaigns/945/images/logo_img.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced\012- data
Hash 924d1be72ee0d065651e45925651ceda
f17057625c7bc61849c03d29d53e2961251ba76a
5770f7c14928fe939bda3d201aa765265483dff1168e925322ded4ce900fd15a
GET /campaigns/945/images/logo_img.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: image/png
Content-Length: 45790
Last-Modified: Thu, 03 Jun 2021 07:42:55 GMT
Connection: keep-alive
ETag: "60b887ff-b2de"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png
185.128.34.116200 OK 6.1 kB URL HTTP/1.1 newsmartphoneoffer.com/images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 240 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 331f6ba1ae14bb60185d9d2626b3acd5
6b7a5e169052686e441d4909d4a98d60dc157db6
d4769dc58bfeadce09cb4e7e6c0958d6602423d020b36ff0be54b60359689b90
GET /images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: image/png
Content-Length: 6146
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Connection: keep-alive
ETag: "633e925d-1802"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/js/app.js
185.128.34.116200 OK 221 kB URL HTTP/1.1 newsmartphoneoffer.com/js/app.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type Unicode text, UTF-8 text, with very long lines (65473)
Size 221 kB (220768 bytes)
Hash d235fc7e88ed8c8a2db5715cb7159ce4
555b116319d2b7d6d63579262c1ce11368fe7c30
47fb993345484b91f7e07adadf7bf2095e4d9e6e6740321c4d4947beba1219cf
Analyzer Verdict Alert fortinet Phishing
GET /js/app.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 06 Oct 2022 08:35:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e9344-edd28"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/campaigns/945/images/background.jpg
185.128.34.116200 OK 38 kB URL HTTP/1.1 newsmartphoneoffer.com/campaigns/945/images/background.jpg
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3\012- data
Hash 2aade5aca5b2f915c48db9ca69beccf5
03d5218bbd2ba03f00d7b673afa5c5ff58c1558e
d2f53b8d168668e8451f77b78e4a5082f01734597c076ac2ad3dc00af225fd87
GET /campaigns/945/images/background.jpg HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/campaigns/945/styles/campaign.min.css
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: image/jpeg
Content-Length: 38548
Last-Modified: Thu, 03 Jun 2021 07:42:55 GMT
Connection: keep-alive
ETag: "60b887ff-9694"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0e2d9e91637474eeaf391312eed441bd
5d29603c731b75308f7d1f584b3ac4c263c96a9e
7da864345088083e1a6fec2d95e07186ef8dbcef8505570e547844c556dfe3be
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3688
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:24 GMT
Last-Modified: Sun, 09 Oct 2022 21:44:56 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
newsmartphoneoffer.com/fonts/Oswald-Heavy/Oswald-Heavy.woff2
185.128.34.116200 OK 31 kB URL HTTP/1.1 newsmartphoneoffer.com/fonts/Oswald-Heavy/Oswald-Heavy.woff2
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash e3c37af374909525ba2e3462bc05540f
127ea8601da9fb256c39c30b3b726f4e37e2df52
33405d243b1d6b59763f933848f7d90ac96b0f820f560ca5f4e37e5dd7bfd261
Analyzer Verdict Alert fortinet Phishing
GET /fonts/Oswald-Heavy/Oswald-Heavy.woff2 HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://newsmartphoneoffer.com/campaigns/945/styles/campaign.min.css
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: application/octet-stream
Content-Length: 30928
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Connection: keep-alive
ETag: "633e925d-78d0"
Expires: Sun, 16 Oct 2022 22:46:24 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
newsmartphoneoffer.com/campaigns/945/images/hero-mob.png
185.128.34.116200 OK 401 kB URL HTTP/1.1 newsmartphoneoffer.com/campaigns/945/images/hero-mob.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 680 x 502, 8-bit/color RGBA, non-interlaced\012- data
Size 401 kB (400888 bytes)
Hash 833cbffdd1597a9e15d69c472e9dcc71
08416b156c221fbe19398a5a805dedea6dee8bb2
d2c81012efa09305345f06a000973a7f60ee1edd059375a4c9e556d4fb680f84
GET /campaigns/945/images/hero-mob.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: image/png
Content-Length: 400888
Last-Modified: Thu, 03 Jun 2021 07:42:55 GMT
Connection: keep-alive
ETag: "60b887ff-61df8"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/campaigns/945/images/hero.png
185.128.34.116200 OK 294 kB URL HTTP/1.1 newsmartphoneoffer.com/campaigns/945/images/hero.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 720 x 390, 8-bit/color RGBA, non-interlaced\012- data
Size 294 kB (294039 bytes)
Hash 36a7a24b28023224f4a7cd4438084a93
68beb4b1cbea4f5bc973e663978aad6bbd313dc8
513fd354e10dfdfc7aae9d101d14f5a96d7f56c87e6549b5b3400b48d80e7e20
GET /campaigns/945/images/hero.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: image/png
Content-Length: 294039
Last-Modified: Thu, 03 Jun 2021 07:42:55 GMT
Connection: keep-alive
ETag: "60b887ff-47c97"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 05:42:51 GMT
expires: Fri, 06 Oct 2023 05:42:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 320613
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newsmartphoneoffer.com/images/icons/favicon.ico
185.128.34.116200 OK 370 kB URL HTTP/1.1 newsmartphoneoffer.com/images/icons/favicon.ico
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, 16x16, 32 bits/pixel\012- data
Size 370 kB (370070 bytes)
Hash 66bce83c4ac77e50c0afcad5ee7bf433
e75c22fb7385351553ab866f1bde6063a4e39f3b
c10c2adcf4e9b085d5825e98bc9a13f651bf596192178055a4c4daff2555a875
GET /images/icons/favicon.ico HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/mrs_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:24 GMT
Content-Type: image/x-icon
Content-Length: 370070
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Connection: keep-alive
ETag: "633e925d-5a596"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
push.services.mozilla.com/
52.42.148.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.148.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LE+WJMYtpI+7mRS2QEfoJA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yqzXhIKpLUjJEO+C0PSgbXwGHzA=
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 09 Oct 2022 22:41:09 GMT
expires: Mon, 10 Oct 2022 00:41:09 GMT
cache-control: public, max-age=7200
age: 316
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cbe9c7ccf1de70dc6cf919f1c914f18b
daeb0b5f43b5076570b7e7f4c24ff24b06cf6d8f
4e6f63f8e2da6cec4d46c1544b4946e2490eeaf6756f7329d3798f69ef101df7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E6F63F8E2DA6CEC4D46C1544B4946E2490EEAF6756F7329D3798F69EF101DF7"
Last-Modified: Sun, 09 Oct 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 10 Oct 2022 04:46:25 GMT
Date: Sun, 09 Oct 2022 22:46:25 GMT
Connection: keep-alive
productsgiveaway-uk-342.com/en_uk/tr_mrs_uk_s?affid=preview
185.128.34.117200 OK 30 kB URL HTTP/1.1 productsgiveaway-uk-342.com/en_uk/tr_mrs_uk_s?affid=preview
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (10300)
Hash 02788be66585a6eb29c5c83d69b26a01
89eeff3e80650ca5fc3474e9c042545b54c3b2b9
e95cdb635808faf93bab8bb76dc3be7947417c2283f47d322cfb30312458e0d6
GET /en_uk/tr_mrs_uk_s?affid=preview HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: https://newsmartphoneoffer.com
Set-Cookie: advanced-frontend=7vjvc4ee7otks80rtsqu7adpij; path=/; HttpOnly
visitId=835217e76f1716c04263dcf37605b09bcc8f4f260936b5cf5437b6c95f5adf60a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22visitId%22%3Bi%3A1%3Bs%3A32%3A%22fbf18e515e85dfec60ca8378dce1ef4b%22%3B%7D; expires=Tue, 08-Nov-2022 22:46:25 GMT; Max-Age=2592000; path=/; HttpOnly
_csrf-frontend=72d06c3cb554c57870dfd2b851c7b0842148de81caef35b8d730b1bdec074132a%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22H_MWo6Zl1OMpNd1zlZ2jdM4Ngs3B4Udv%22%3B%7D; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
productsgiveaway-uk-342.com/sponsor?externalId=fbf18e515e85dfec60ca8378dce1ef4b
185.128.34.117200 OK 4.6 kB URL HTTP/1.1 productsgiveaway-uk-342.com/sponsor?externalId=fbf18e515e85dfec60ca8378dce1ef4b
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type JSON data\012- HTML document, ASCII text, with very long lines (28389), with no line terminators
Hash fdc3205eb45c88b6adb0f47fc635d070
28a3ecf47481c32e6dd0a0dfa05e13b7939a43a5
a643700d19235ca281cbe11294901ef0bb49ea7bbdb27a731746028fe142130b
GET /sponsor?externalId=fbf18e515e85dfec60ca8378dce1ef4b HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:25 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: https://newsmartphoneoffer.com
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
productsgiveaway-uk-342.com/images/placeholder.png
185.128.34.117200 OK 30 kB URL HTTP/1.1 productsgiveaway-uk-342.com/images/placeholder.png
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 2400 x 2400, 8-bit grayscale, non-interlaced\012- data
Hash efecd9d40367ec0d16517eccd2131f51
f62fb8a662c331a24c8f6ad67bdd9c80501b3ea5
93453aeb09ee83e223ec77a93aab60cbcf79be3436401817b49bf11093e6adc1
GET /images/placeholder.png HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:25 GMT
Content-Type: image/png
Content-Length: 30255
Last-Modified: Tue, 04 Oct 2022 08:52:49 GMT
Connection: keep-alive
ETag: "633bf461-762f"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash c626e4378e829c93728f21136b3b39f4
4b3cab9cec41662544065e08f69d6f17a528e84d
7447e76c30e8783b1e1018b82ecffcff300a68130ffd83a0fa7a96b01a076d94
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 09 Oct 2022 22:46:25 GMT
Last-Modified: Sun, 09 Oct 2022 21:43:44 GMT
Server: ECS (dcb/7F84)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hlIUPnjpXhH1arZbVce688--rwqvAUgj-J08GMXW3bKaV8A1CP6RkQ==
Age: 3761
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 3379bc366ddfccdfabe2c6bdc42a0731
cc4f298a86dd0f3a78f867608d3ec4efbeca3ee3
dbd41dd119e6aeccafb5adb09ca5a2b23e480148e8c8e890121c2ddf5e7a91c8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 09 Oct 2022 22:46:25 GMT
Last-Modified: Sun, 09 Oct 2022 21:18:08 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HKWSpj2tDEgyl4yxpA92x7lbBYVV555U6B9NoVzTWerHPQIqFcMuGg==
Age: 5297
newsmartphoneoffer.com/service-worker.js
185.128.34.116200 OK 170 B URL HTTP/1.1 newsmartphoneoffer.com/service-worker.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
Hash 6dc9aad8c0a0f0f17a0dd110ab15af19
3f8b295142373a5170b66a6b77f276e9b3e3f9e1
20095487f19c6e5482093159c3f020846dd7f3878ee426b11772ef7cf5a03be5
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWL2dJQWM2TXEyK1p5bkRZay9zUEE9PSIsInZhbHVlIjoiSlE2UlAzdm16SnpGM3o1eWlCNmNud09QR2JmS3NIOXFJdStnd2dEVlIwb2R4cjRlZi9nOWFOQWx0WGEvVEJtVkxKa3FrdTZ6SktQRVRtNE1qQ3hsMGVkdTZyRXVvNGsrOFJzMEpEQ3ZIS3cwaGJ1alNFM0g5VlUwekpUYWU4TXYiLCJtYWMiOiI4ZjQ5NzgyMjM0NmYwMjI4YmYxNmE5OWM3M2RiZTZlODAyN2UyNGEwMWJkN2ViNGUzMTA1Njk1ODYxM2UxNDZlIiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IithemFMZ0gwYUZxRDROcWxkZnBZUGc9PSIsInZhbHVlIjoiZVl2bG9PZVY1eU5sNkVnUzFiSHNncDloV1hHRUFVaUlNOGJEY2RncWNhWGw3QXZkYklidUNxZUJqOGpiQXFvN0NIb0ZjQkVVdGNtWGNMYTZpMTdRQ2UzWFh2Vzk1N25GMVRrekkwWE84WEJxRkZuZmhmUVRuNEdUaTV2VEhKcFYiLCJtYWMiOiIwNGFiYmI2Njc5MWJmODY5ZDlhMjk3NjU4ODI0NzY4MjcyZWQ1MWY3ZjJjMWIxYTVjYmUxOTk0MTFhNWI4Y2Q2IiwidGFnIjoiIn0%3D; 6bdfac53cbfb648b7ebe7a1fe1b93f4d=%7B%22v%22%3A%225.8%22%2C%22a%22%3A367918801%2C%22b%22%3A%222573f1bdff824e9ebc9572cdf2dc2ee5%22%2C%22c%22%3A1665355585228%2C%22d%22%3A%22f8e487a36822b54f3e8924d567c5ea7f%22%2C%22e%22%3A%22%22%7D; _ga=GA1.2.28423922.1665355585; _gid=GA1.2.1789210989.1665355585; _gat_gtag_UA_129693020_1=1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Oct 2022 22:46:25 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e925d-10c"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 3379bc366ddfccdfabe2c6bdc42a0731
cc4f298a86dd0f3a78f867608d3ec4efbeca3ee3
dbd41dd119e6aeccafb5adb09ca5a2b23e480148e8c8e890121c2ddf5e7a91c8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 09 Oct 2022 22:46:25 GMT
Server: ECS (dcb/7F38)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: P7my_PMe0NujkAOqrdr76DFpT974R6AqPzVu0eVCrmrQV0RhlCO3cg==
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 3379bc366ddfccdfabe2c6bdc42a0731
cc4f298a86dd0f3a78f867608d3ec4efbeca3ee3
dbd41dd119e6aeccafb5adb09ca5a2b23e480148e8c8e890121c2ddf5e7a91c8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 09 Oct 2022 22:46:25 GMT
Server: ECS (dcb/7F3A)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Zpxz7IvhRBEwpjVbvmpuSI4S3Ww4bLRqwdC3DMS5ejB-YHmGn7-KVw==
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 3379bc366ddfccdfabe2c6bdc42a0731
cc4f298a86dd0f3a78f867608d3ec4efbeca3ee3
dbd41dd119e6aeccafb5adb09ca5a2b23e480148e8c8e890121c2ddf5e7a91c8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 09 Oct 2022 22:46:25 GMT
Server: ECS (dcb/7EA4)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gy97rhs1Rb8r4dJIU4bUOwpOSLZvQkTk6v8f2A5hxr-nnXYo-PuxIg==
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 58d06623ac265a1f3bc42629706e2397
231c24362f18bdd224c02ad797fb11d11e040784
16af2d12d4fdbafde87f426df621f8d42dcda0c1061a352530e6e6faf1352cf7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16AF2D12D4FDBAFDE87F426DF621F8D42DCDA0C1061A352530E6E6FAF1352CF7"
Last-Modified: Sat, 08 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10457
Expires: Mon, 10 Oct 2022 01:40:42 GMT
Date: Sun, 09 Oct 2022 22:46:25 GMT
Connection: keep-alive
cdn.cloudcnt.com/uploads/entityLogos/5caf02536774b.png
54.230.111.76200 OK 3.4 kB URL HTTP/2 cdn.cloudcnt.com/uploads/entityLogos/5caf02536774b.png
IP 54.230.111.76:0
File type PNG image data, 250 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash dd959c5ae15fad067ce968c40f72516e
b8eba12734999e5e219b800a5754b17d37becfb1
bfe854925ea083ffd5d883a565d6deb7104539a443f0a7367975962ca706003a
GET /uploads/entityLogos/5caf02536774b.png HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 3423
server: nginx
last-modified: Thu, 11 Apr 2019 09:01:07 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
accept-ranges: bytes
date: Sun, 09 Oct 2022 22:46:25 GMT
etag: "5caf0253-d5f"
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eMtCo9ILDoiJA8mQPgMsLjRo2JHkUNFTIRvdTQs2hCiPIFKbXtCeNg==
age: 64612
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 3379bc366ddfccdfabe2c6bdc42a0731
cc4f298a86dd0f3a78f867608d3ec4efbeca3ee3
dbd41dd119e6aeccafb5adb09ca5a2b23e480148e8c8e890121c2ddf5e7a91c8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 09 Oct 2022 22:46:25 GMT
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: z4YzO4oJBzidGJ7N7Lfz3GKz0sr8UP3YORGpwIqjharpy83CkBuRGw==
cdn.cloudcnt.com/content/image/5d8dd415ec4fa.png?size=300
54.230.111.76200 OK 7.7 kB URL HTTP/2 cdn.cloudcnt.com/content/image/5d8dd415ec4fa.png?size=300
IP 54.230.111.76:0
File type PNG image data, 225 x 37, 8-bit/color RGBA, non-interlaced\012- data
Hash 394e2dc65baa9ed82693bcbe7b40b7f5
5ab5a772e815352d9a47ae2f5a7279aaac424181
375a113e7dcc6695ea630cd9c887eeb3d4a26e669497e6f9524d74a6e29dca9b
GET /content/image/5d8dd415ec4fa.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Fri, 07 Oct 2022 03:58:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Xuke2RaS4BKDyHfC2kWPWLX7TRknJpYPPQI2jo9B8AA3IUSGgsSuSA==
age: 240487
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 29b850f78eff032c2e6d30896fa615c3
9be0f4fe829e9395573cfb0753bbe4853d9a4dc4
bdd66f2c7e5e0addf04ca580557703349bb24477dd39e7df9d213a6aca350ea3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
click.fstrk.net/a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=mrs_uk_s&fs_sub_id=null&fs_transaction_id=fbf18e515e85dfec60ca8378dce1ef4b&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1665355691185
35.190.210.193200 OK 506 B URL HTTP/2 click.fstrk.net/a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=mrs_uk_s&fs_sub_id=null&fs_transaction_id=fbf18e515e85dfec60ca8378dce1ef4b&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1665355691185
IP 35.190.210.193:0
Hash 8ad04cdb5e866c660d7f42d7c93f2930
a752bdecb674f11f496f5c8901748ba3ee755bfd
5d4740a6ab0a54cb5030f41e251a8e20ad1785c0b9d30780b43baa67ccc8603b
GET /a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=mrs_uk_s&fs_sub_id=null&fs_transaction_id=fbf18e515e85dfec60ca8378dce1ef4b&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1665355691185 HTTP/1.1
Host: click.fstrk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.1
date: Sun, 09 Oct 2022 22:46:25 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
set-cookie: fs_cr=1665355585000; Path=/; Domain=fstrk.net
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 29b850f78eff032c2e6d30896fa615c3
9be0f4fe829e9395573cfb0753bbe4853d9a4dc4
bdd66f2c7e5e0addf04ca580557703349bb24477dd39e7df9d213a6aca350ea3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Oct 2022 22:46:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5cf0255a785469b033344c2ec0ed394
a4a700c1c250cb10f175e67b4b11f2c94afb2bdb
191e75d8e785c03eb558af6f3efe0d557669b65b94d17b42a1b9b7f623947c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "191E75D8E785C03EB558AF6F3EFE0D557669B65B94D17B42A1B9B7F623947C6F"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2572
Expires: Sun, 09 Oct 2022 23:29:18 GMT
Date: Sun, 09 Oct 2022 22:46:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5cf0255a785469b033344c2ec0ed394
a4a700c1c250cb10f175e67b4b11f2c94afb2bdb
191e75d8e785c03eb558af6f3efe0d557669b65b94d17b42a1b9b7f623947c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "191E75D8E785C03EB558AF6F3EFE0D557669B65B94D17B42A1B9B7F623947C6F"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2572
Expires: Sun, 09 Oct 2022 23:29:18 GMT
Date: Sun, 09 Oct 2022 22:46:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b5cf0255a785469b033344c2ec0ed394
a4a700c1c250cb10f175e67b4b11f2c94afb2bdb
191e75d8e785c03eb558af6f3efe0d557669b65b94d17b42a1b9b7f623947c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "191E75D8E785C03EB558AF6F3EFE0D557669B65B94D17B42A1B9B7F623947C6F"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2572
Expires: Sun, 09 Oct 2022 23:29:18 GMT
Date: Sun, 09 Oct 2022 22:46:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d3fa05a-2c1d-4a1d-9d91-bc70cb4e4ee5.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d3fa05a-2c1d-4a1d-9d91-bc70cb4e4ee5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a09bd7160451852652bccbcbcdcbd527
f42137372ab3b592977b1b736c1b12fc5ed81bf6
568b1c7cbe260d05919ff7232855441f70bf048c32380d8c0b848aa80a1696c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d3fa05a-2c1d-4a1d-9d91-bc70cb4e4ee5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6923
x-amzn-requestid: 507e5591-c06e-4ee8-b567-a11b6c95024e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwalRGFcoAMFslw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e21-5e5bf5026b2121931e035270;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EgQIb89afJS1uPY9ZUyDS_E7C_JQT8Scm3EC3K5OZKB2nE7wMx8PIw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:12:34 GMT
age: 2032
etag: "f42137372ab3b592977b1b736c1b12fc5ed81bf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F059f1333-7652-4d36-91e8-2428e0c6e8c9.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F059f1333-7652-4d36-91e8-2428e0c6e8c9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26be18960a13f9de290240fd8dd059cb
4f8966b10660d957522dce20e9e1f350d9205e69
5e0769b3269b5db973cb98dd38af22e5cea49ce861470ad25f2e7aa5ab532efc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F059f1333-7652-4d36-91e8-2428e0c6e8c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9705
x-amzn-requestid: dcef898d-7ef2-4a2c-bd33-fbc28cfb49b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zwau5HlcoAMF6pQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e5f-6995b8a716fa9d1574dec991;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SdpUKfaiiGk1bLrv5deQQVkD7e1vv27Y94oRVH7R_9a-fK_ePw6sZw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:14:29 GMT
age: 1917
etag: "4f8966b10660d957522dce20e9e1f350d9205e69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cefb9479bc2fe5087f9d2b89ef3cec2b
aa219f193812c6a2d0313316ce13fe74f1d468d0
a806ef995ed2285bd9f0d553df49aa28924e640805e1f50284baad1c0aec06bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10113
x-amzn-requestid: 7a9800c5-81ed-4a23-bbe0-0041ab682856
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwalQEPPoAMF3yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e21-5a9bedb10c4f8c2c60ab3769;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MROeeTPtb6DfMHkig6fHcYuYiv1-udvJVfB1jygcDYLy4LuZmgRE_Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:24:52 GMT
age: 1294
etag: "aa219f193812c6a2d0313316ce13fe74f1d468d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e9aa9808428e5fd81ac9d61d6f7c708
3a8d76badce50dd98938885082dcb6e30363ae88
d8f7c48a1cbe04af2f7e0455d1ef7af9b63506b9ae343ebf14ece8689bb06bf6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11800
x-amzn-requestid: 5f2ce4dd-0df8-4df7-a12d-e6fffd622752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZnTQHGADIAMFXfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f98cd-5044665325e5d64975c1ff0c;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 03:11:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LhwkinWopo6RX-yo5_35HWL9S2dGpdi7rAiwVWLxUicaHfHW3VF7DQ==
via: 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:22:12 GMT
age: 1454
etag: "3a8d76badce50dd98938885082dcb6e30363ae88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/605d9d6a66c60.png?size=300
54.230.111.76200 OK 28 kB URL HTTP/2 cdn.cloudcnt.com/content/image/605d9d6a66c60.png?size=300
IP 54.230.111.76:0
File type PNG image data, 300 x 156, 8-bit/color RGBA, non-interlaced\012- data
Hash e2e407612024e6b2ea60150bbfb9316d
ddfe0d17a4caba58bf4b0356afbbbf84473bd6f3
d53a863c73065d254b056d2c6753f53e11bdca34d994dfd802c0a21748769562
GET /content/image/605d9d6a66c60.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Sat, 08 Oct 2022 04:28:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uZ8oz01HMLJ_U_-GsF1ZZJyh1tkvlgccl-8VakkBW--ZRbkA5lcyrg==
age: 152253
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb08ba1b9-62ad-4e65-96b6-b22981ce3635.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb08ba1b9-62ad-4e65-96b6-b22981ce3635.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e748e58f80c6b771f918c1633817aa3
59e4de3cb5a18090fa3fef06f4dabf9f7f9928a9
bd357a97c0ca7f25e8d30250bf07c5497bc54d3b042aa5db79cab0fb5e63a2a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb08ba1b9-62ad-4e65-96b6-b22981ce3635.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7288
x-amzn-requestid: 38f93e67-dfd2-4324-bc0f-24e36a1c9b7f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwatLHd3IAMFWdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e54-4ac21e2b2f55935d2df721ee;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:12 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RUFNhUlBYC05WxBkwLVQt0wpsFAxSrYL95RSJKmidxn3D72DdSGSeA==
via: 1.1 fc9b6e8f934a073c1a1983c7599b93ba.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 21:50:33 GMT
etag: "59e4de3cb5a18090fa3fef06f4dabf9f7f9928a9"
content-type: image/jpeg
age: 3353
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://newsmartphoneoffer.com/
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:26 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZ6nzs23onA6IMvbNqvmp%2FOzIcYYQEQ4kxX%2FlAGyV5qcqlmpNWtH2s63LEFKYAOBHo9EvbJQkimlM1mAq%2BCbRlHP5nigIZnozdgN0TsAo97oM0APjWXcomRiwS9k9OVDBjBWzhIMN8WxNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 757aa6fdfcc388af-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://newsmartphoneoffer.com/
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:26 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xAWtnBo59CA3F1s81PisZ%2FFb48Q6x%2FuZEbEXEEFL%2FeWfiEb1AT0JdjYZ0NOMzm6IlpubV00iKUHQlg34R5LhGG0h3as%2BOPHPJDIk82JJPvoufP1DWEb4j8PIk6wSYq%2BUkUWYYQ4bjZCv5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 757aa6fe1cf388af-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://newsmartphoneoffer.com
Content-Length: 109
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:26 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6N%2Fi6HRMDWxeWvsqGDUuWvvDehfR31wpJnNMjClhvE0eUxaAnLnE0ZCDMBFV3fWMAiVdgarEWuA9BWEcAM9vAo3gqnhPwF0uNSJ2m05lE86UPfCifEHZoUj9%2BPRPT7UPqVlltAunmVGJVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 757aa6feadc388af-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://newsmartphoneoffer.com
Content-Length: 148
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:26 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NXnV2VCYSzgJCOyF%2B2QcZr7AQtqWyUs4Unv6bpmc3HLnD%2BiRysJpT3gqeZcnvYl9JCgeLV4lWkPNhjCpDDhRFdPbg7z6c81wYA3cericoJwVYJ5xANFRxXjia5UbKQDVM8lbH9tbKQ43A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 757aa6fecdf288af-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fstrk.net/api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js
54.230.111.84200 OK 0 B URL HTTP/2 fstrk.net/api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js
IP 54.230.111.84:0
GET /api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js HTTP/1.1
Host: fstrk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Sun, 11 Sep 2022 08:56:10 GMT
last-modified: Thu, 01 Apr 2021 12:27:02 GMT
etag: W/"9abf9e75ee4858e2302cc352a93a131f"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: z--BH_2ukv7o61mb5lQid0fDhkNV_4V-NeHy9ruQdd4sywL6m2rQ5g==
age: 2469016
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/602bc70b48ff9.jpg?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/602bc70b48ff9.jpg?size=300
IP 54.230.111.76:0
GET /content/image/602bc70b48ff9.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Fri, 07 Oct 2022 03:58:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YISMi0RQt61o1PnvkwYq76vvb9ngkXyvryHicFdhR23q5m1gzFfHng==
age: 240487
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5b753b0f22993.jpg?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5b753b0f22993.jpg?size=300
IP 54.230.111.76:0
GET /content/image/5b753b0f22993.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Sun, 09 Oct 2022 05:21:17 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pKFKVV7V_NTwc5yvgsZWsWhctyGswIDEjt8mGoi-tCWXYsHGcRdBYg==
age: 62708
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5b4f416ee10b3.jpg?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5b4f416ee10b3.jpg?size=300
IP 54.230.111.76:0
GET /content/image/5b4f416ee10b3.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Fri, 07 Oct 2022 03:58:17 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: k76hbHYY0-LdFH9psHhPfsRDyWAKNg2ar6AH37YOy4pW1-wAfvahPA==
age: 240488
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5c1cfaf6a3c67.png?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5c1cfaf6a3c67.png?size=300
IP 54.230.111.76:0
GET /content/image/5c1cfaf6a3c67.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Sat, 08 Oct 2022 04:28:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0FcGnXAruHG6U0Ty4W1RidVwff-G_Y_g7I8udnVhv-1x3_JVDGvi8A==
age: 152253
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:24 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 722, 617
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 2021-03-10 20:26:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 121d365db7a9aba3915641185d93b963
cdn-cache: HIT
cf-cache-status: HIT
age: 14666391
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 757aa6f2cad6fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:24 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 13465921
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 757aa6f2cad5fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:24 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 05/12/2022 03:05:27
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 863
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 8995e66ba49ec2453930854af59429fe
cdn-cache: HIT
cf-cache-status: HIT
age: 9329908
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 757aa6f2fd400af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com
172.64.169.3200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com
IP 172.64.169.3:0
GET /scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 09 Oct 2022 22:46:25 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ghf8jd0kb6vIFKRcgHGPmQHm9UsO40pCZRobPDtBhkBe%2F01m9Kvcgmn%2Bf4jBTMuQMz41DSzLbHv0%2FgGVDem0rcn5HDCgGR09mxFaRVfeQUhN4EyimAQkY8Y2%2BJ1j%2F%2F%2B9KRZ40Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 757aa6fa0c50f3f7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700
IP 142.250.74.10:0
GET /css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 09 Oct 2022 22:46:24 GMT
date: Sun, 09 Oct 2022 22:46:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2