zebra.wthelpdesk.com/4ydOw54o-/Q.htm
37.48.65.151200 OK 496 B URL HTTP/1.1 zebra.wthelpdesk.com/4ydOw54o-/Q.htm
IP 37.48.65.151:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (496), with no line terminators
Hash 03b3cedccdbf57c788f9ef01a9b1c727
64a74e7672005a9194e28f0d49e044c61f2e23c6
dee4679c6ba6ba8dfef1cddafc25163060e29bb376814818e2ba3ec0d89c1d5b
Analyzer Verdict Alert fortinet Malware
GET /4ydOw54o-/Q.htm HTTP/1.1
Host: zebra.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 496
content-type: text/html; charset=utf-8
date: Mon, 13 Mar 2023 08:06:16 GMT
server: nginx
set-cookie: sid=ee2558ea-c175-11ed-bf70-eb96527ec56c; path=/; domain=.wthelpdesk.com; expires=Sat, 31 Mar 2091 11:20:23 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7642
Expires: Mon, 13 Mar 2023 10:13:39 GMT
Date: Mon, 13 Mar 2023 08:06:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 405abd45d42535567c1ecb518f4bdb04
0505c27fe2921bfa89657173fb77ca7280f04772
bdef4e5edfe0bf3fefb4dc5625e41f3faeb23a0afd24c4e6255f40f757568c35
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDEF4E5EDFE0BF3FEFB4DC5625E41F3FAEB23A0AFD24C4E6255F40F757568C35"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13052
Expires: Mon, 13 Mar 2023 11:43:49 GMT
Date: Mon, 13 Mar 2023 08:06:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 13 Mar 2023 07:09:19 GMT
content-type: application/json
age: 3418
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae4d7bec26e013433e638f87260aa632
62384e39bc90d0b2ab92895220f0383e678669f4
b704031d560770485c9552dcf56b911b7b5ad45d8a3f73acd17dbbbeeff294f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B704031D560770485C9552DCF56B911B7B5AD45D8A3F73ACD17DBBBEEFF294F4"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9277
Expires: Mon, 13 Mar 2023 10:40:54 GMT
Date: Mon, 13 Mar 2023 08:06:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 0qF3Kny11SqmIkBkQwYJvZOL4ejAukW9kWy+vtKcuou/rJd6WIKLDMawpPsAs1DrVLEO61+D5kFR7t7nWRCIfQ==
x-amz-request-id: WG0VR09JD4ZP5HW7
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 13 Mar 2023 07:46:17 GMT
age: 1200
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 08:06:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
zebra.wthelpdesk.com/favicon.ico
37.48.65.151404 Not Found 9 B URL HTTP/1.1 zebra.wthelpdesk.com/favicon.ico
IP 37.48.65.151:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: zebra.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://zebra.wthelpdesk.com/4ydOw54o-/Q.htm
Cookie: sid=ee2558ea-c175-11ed-bf70-eb96527ec56c
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Mon, 13 Mar 2023 08:06:16 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 13 Mar 2023 07:06:47 GMT
age: 3570
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash db27ecc2f481e8871b2e99584e751660
e671ecb839d53e296f4ec303208ddb713c72aecc
5c910268b5c4f0244540c5570056673f8cbe4a0979f301363cb56dc359c147df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C910268B5C4F0244540C5570056673F8CBE4A0979F301363CB56DC359C147DF"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10433
Expires: Mon, 13 Mar 2023 11:00:10 GMT
Date: Mon, 13 Mar 2023 08:06:17 GMT
Connection: keep-alive
push.services.mozilla.com/
44.238.223.58101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.223.58:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: a9GTF0nunFXXEkfcL7ScXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8RVPRlMefn/cce/gpeH+QTQ6zpk=
zebra.wthelpdesk.com/4ydOw54o-/Q.htm?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODcwMTk3NiwiaWF0IjoxNjc4Njk0Nzc2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDV1bzBiOGZkNGU5bTJwbmsxa2hoY2IiLCJuYmYiOjE2Nzg2OTQ3NzYsInRzIjoxNjc4Njk0Nzc2OTE3NTc4fQ.h5xaTP9vLIJ8SN63uTrLdmxBifQzFjHzjHQrX3lCWKk&sid=ee2558ea-c175-11ed-bf70-eb96527ec56c
37.48.65.151302 Found 11 B URL HTTP/1.1 zebra.wthelpdesk.com/4ydOw54o-/Q.htm?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODcwMTk3NiwiaWF0IjoxNjc4Njk0Nzc2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDV1bzBiOGZkNGU5bTJwbmsxa2hoY2IiLCJuYmYiOjE2Nzg2OTQ3NzYsInRzIjoxNjc4Njk0Nzc2OTE3NTc4fQ.h5xaTP9vLIJ8SN63uTrLdmxBifQzFjHzjHQrX3lCWKk&sid=ee2558ea-c175-11ed-bf70-eb96527ec56c
IP 37.48.65.151:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /4ydOw54o-/Q.htm?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODcwMTk3NiwiaWF0IjoxNjc4Njk0Nzc2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDV1bzBiOGZkNGU5bTJwbmsxa2hoY2IiLCJuYmYiOjE2Nzg2OTQ3NzYsInRzIjoxNjc4Njk0Nzc2OTE3NTc4fQ.h5xaTP9vLIJ8SN63uTrLdmxBifQzFjHzjHQrX3lCWKk&sid=ee2558ea-c175-11ed-bf70-eb96527ec56c HTTP/1.1
Host: zebra.wthelpdesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://zebra.wthelpdesk.com/4ydOw54o-/Q.htm
Cookie: sid=ee2558ea-c175-11ed-bf70-eb96527ec56c
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 13 Mar 2023 08:06:17 GMT
location: http://cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97
server: nginx
set-cookie: sid=ee2558ea-c175-11ed-bf70-eb96527ec56c; path=/; domain=.wthelpdesk.com; expires=Sat, 31 Mar 2091 11:20:25 GMT; max-age=2147483647; HttpOnly
cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97
54.237.193.255200 1.1 kB URL HTTP/1.1 cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b54cd9e7f464075c523ad383f1c6000d
f68827a0a2409cf05dd5a67463ce0d9c6bfd1c9b
178b2e4d1ce9dc9a7e08e80b8ddeea9641511f69b1fad05e0ed374bc046d8b92
GET /zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97 HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://zebra.wthelpdesk.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 13 Mar 2023 08:06:18 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: guExrQoO
cynes-gwf.com/zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
54.237.193.255200 822 B URL HTTP/1.1 cynes-gwf.com/zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (368)
Hash 459ba7dde2469a6952837ce0ccc6e72a
1ca3caa5611ccdf3a8416b99648e43691616aa79
7bbfd25c3510413be1dae9583c2580bb4866a32290e3aa8732b4d966073f7cee
GET /zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cynes-gwf.com/zcvisitor/ee5f22a3-c175-11ed-af10-12b5ddd17dc9/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0ae13540-5f05-11ed-9380-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 13 Mar 2023 08:06:18 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: TUhzVJWb
cynes-gwf.com/favicon.ico
54.237.193.255404 653 B URL HTTP/1.1 cynes-gwf.com/favicon.ico
IP 54.237.193.255:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: cynes-gwf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cynes-gwf.com/zcredirect?visitid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Mon, 13 Mar 2023 08:06:18 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: VfkonvKW
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9268
Expires: Mon, 13 Mar 2023 10:40:47 GMT
Date: Mon, 13 Mar 2023 08:06:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9268
Expires: Mon, 13 Mar 2023 10:40:47 GMT
Date: Mon, 13 Mar 2023 08:06:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9268
Expires: Mon, 13 Mar 2023 10:40:47 GMT
Date: Mon, 13 Mar 2023 08:06:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9268
Expires: Mon, 13 Mar 2023 10:40:47 GMT
Date: Mon, 13 Mar 2023 08:06:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02306d2b-eeaa-457b-818c-f89161dee633.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02306d2b-eeaa-457b-818c-f89161dee633.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c020f73e193d39695b2a327b7f823044
293ecfa11699509057daa07b3c103ae57dfc600b
47d1130ec2fc517545f18557e61b4a78a45b9303dfcb9f4db8683da8160205d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02306d2b-eeaa-457b-818c-f89161dee633.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4592
x-amzn-requestid: 3925b113-7d29-4400-bbab-b64767943c34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_jDEi9IAMF4SA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e4613-2bbddae45dbbbe8f6a62f300;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:37:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gbtUv0bNfiCz-HwX-L5HGitjTWaezaRQwiukewdVA25WzSEYrpxYqA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:55:43 GMT
age: 36636
etag: "293ecfa11699509057daa07b3c103ae57dfc600b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bbfef97312a1bc4792615717a63a48ba
1008882db3829f830b0f58c9c5b09792e844a31b
2b096364b450b4845252b7a22a9f9aadadf220e7a6a4134558647d308529d2a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5853
x-amzn-requestid: c8b1593f-4bd9-452d-a904-87b58194d599
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WlHEwoAMFyqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c3-461a986e5a5544cf574899e4;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C6xTwOtJHWOoB4SIZ7qDzhmjdyRpZtrJEQ4iSWw5SHWVIKSxfirSCw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:57:44 GMT
age: 36515
etag: "1008882db3829f830b0f58c9c5b09792e844a31b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:42:57 GMT
age: 37402
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a23db98-37c4-4464-877f-84e567d782c0.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a23db98-37c4-4464-877f-84e567d782c0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a786f27e9ef9e709e65be146e2642cd
ddba0c9cf7e27eab796068b3da048d0815c83c76
aed13ee830dc1940673a820e40dfa9948a97c57e0fcbacae6280937fa6f15f25
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a23db98-37c4-4464-877f-84e567d782c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9252
x-amzn-requestid: fd61a972-3530-4c86-8ce5-8c2beb9a02fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WaGIRIAMFzDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c2-68cce2b50e5b88cb2b6c5494;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7E0kX0a54vl3ynwkAob1VIAt5L0hQnBMBAWRlY8L5VlMVm-fASS1Tw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:57:32 GMT
age: 36527
etag: "ddba0c9cf7e27eab796068b3da048d0815c83c76"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F041d108b-a02d-463a-b8bc-16a820bcaec7.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F041d108b-a02d-463a-b8bc-16a820bcaec7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5f530c45a5cd68b455ef2198ed86ad3f
eb4e56764e88672f9efd7a15ffe16b50e26a0248
cc594af89a6db9aafed4451e84c68d47e4f602ca53eef170d94889aabdbd03ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F041d108b-a02d-463a-b8bc-16a820bcaec7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6311
x-amzn-requestid: 2b7244ec-0beb-4755-a295-5c925d4e5e78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_kfG8xIAMF5pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e461c-6ed1bdff68e8988a141e86d9;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bC0qKmaWkNBo6MQN9tmsMSBLFaog0JowDxyASwb0v3QHSocitnbVhw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:55:43 GMT
age: 36636
etag: "eb4e56764e88672f9efd7a15ffe16b50e26a0248"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08428b5a-994c-4f3f-b311-ee36987a7d0a.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08428b5a-994c-4f3f-b311-ee36987a7d0a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fde9c0f2bc62f215ced01cc6b28daba1
aa4240202d28c4367e5f87eca3021f17e9cc3fcc
7bfa4962c7218e0026bdfe00ac86b24b85073a50f84a92e7d83df3ae2cbdc548
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08428b5a-994c-4f3f-b311-ee36987a7d0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10186
x-amzn-requestid: 3da51dbd-ac7e-46e0-9a6f-7501e5b37e90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_VoFN0oAMF9rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45bd-4ad6474110a577f96c485465;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:35:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TalNp1x1HyTF18a4kOJKkQ_3vbBvZD_JNNGvQczEXyOKaK6Lib7yxg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:07:02 GMT
etag: "aa4240202d28c4367e5f87eca3021f17e9cc3fcc"
content-type: image/jpeg
age: 35957
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cartining-specute.com/zp-redirect?target=https%3A%2F%2Finspxtrc.com%2F%3Fa%3D12209%26c%3D39658%26s2%3Dwi3084kf3eci0g8niadv19ag%26s3%3D719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag&caid=091e92cc-6b33-4257-b441-21c89c9e6ad6&zpid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&cid=wi3084kf3eci0g8niadv19ag&rt=R
18.197.36.77302 Found 0 B URL HTTP/2 cartining-specute.com/zp-redirect?target=https%3A%2F%2Finspxtrc.com%2F%3Fa%3D12209%26c%3D39658%26s2%3Dwi3084kf3eci0g8niadv19ag%26s3%3D719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag&caid=091e92cc-6b33-4257-b441-21c89c9e6ad6&zpid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&cid=wi3084kf3eci0g8niadv19ag&rt=R
IP 18.197.36.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Finspxtrc.com%2F%3Fa%3D12209%26c%3D39658%26s2%3Dwi3084kf3eci0g8niadv19ag%26s3%3D719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag&caid=091e92cc-6b33-4257-b441-21c89c9e6ad6&zpid=ee5f22a3-c175-11ed-af10-12b5ddd17dc9&cid=wi3084kf3eci0g8niadv19ag&rt=R HTTP/1.1
Host: cartining-specute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cynes-gwf.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 13 Mar 2023 08:06:19 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://inspxtrc.com/?a=12209&c=39658&s2=wi3084kf3eci0g8niadv19ag&s3=719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag
pragma: no-cache
set-cookie: cc-v4=71Ev9QRs4F%2BufRbDnEnYikev%2BFcTnnZpGI%2B%2FDMxNqld5tOerX00i3hZA5gYsGSuDrh4JpE4fwNqRsR6ZZfoGpvRz6Z8GF4d945dxTZ4Z7rxYuX4uDcQD9wJlTYLEcfAESqJUWa23kpx4TBt5RVdRDA%3D%3D; Max-Age=31536000; Expires=Tue, 12-Mar-2024 08:06:19 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash a6e350ddf4abc28e86569ac453821872
cdbb7c44aec76b82fad1d59af0d5a5194370593b
c791f834bb5ff3e8fa411bc816e308961eeb798e6cac0f5433fedb8f4d64e6b4
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 13 Mar 2023 08:06:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 17 Mar 2023 05:44:49 GMT
ETag: "cdbb7c44aec76b82fad1d59af0d5a5194370593b"
Last-Modified: Mon, 13 Mar 2023 05:44:50 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 570
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a72c6e359201bfa-OSL
inspxtrc.com/?a=12209&c=39658&s2=wi3084kf3eci0g8niadv19ag&s3=719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag
34.240.89.109302 Found 337 B URL HTTP/1.1 inspxtrc.com/?a=12209&c=39658&s2=wi3084kf3eci0g8niadv19ag&s3=719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag
IP 34.240.89.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash a3d57ca24cbf45ab85fb2659c58aa13b
feb605d0849957c0d43c34517fb63ea0f97d97f0
08ffe3bd00d15e472765d6d953fec11a701643151c17a4156ee9b4f79f336e7f
GET /?a=12209&c=39658&s2=wi3084kf3eci0g8niadv19ag&s3=719fbd40-273d-47b8-882f-683d1074b172wi3084kf3eci0g8niadv19ag HTTP/1.1
Host: inspxtrc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cynes-gwf.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 337
Content-Type: text/html; charset=utf-8
Date: Mon, 13 Mar 2023 08:06:19 GMT
Location: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=NMSTiDzYE6+NQZDPorJos5BBmftCeeEG7zHQSQnxQUfR66wL/WYT6g==; domain=.inspxtrc.com; path=/; SameSite=None; secure; HttpOnly
trk=mHQDa5dzIrRtjoWv5rebVpBBmftCeeEG7zHQSQnxQUfR66wL/WYT6g==; domain=.inspxtrc.com; expires=Thu, 13-Mar-2025 08:06:19 GMT; path=/; SameSite=None; secure; HttpOnly
c14267=NMSTiDzYE69nWThNROm64oey8CzNfBfVXWcy8STdnHoju18+aFrywQ==; domain=.inspxtrc.com; expires=Wed, 12-Apr-2023 08:06:19 GMT; path=/; SameSite=None; secure; HttpOnly
Connection: close
www.40-dating.no/oms/storage/badges/d40/badgesecure_83x73_no_2x.png
104.17.166.216200 OK 5.6 kB URL HTTP/2 www.40-dating.no/oms/storage/badges/d40/badgesecure_83x73_no_2x.png
IP 104.17.166.216:0
File type PNG image data, 166 x 146, 8-bit colormap, non-interlaced\012- data
Hash 82297bd45be168a906260ae8c9509865
9ba906cfd8cf030458bdf34d4df1e9178795e0aa
db9ce319f068351035aeb0f253e3c035f07e8c3c3b618a53a5d0f7712830f5a1
GET /oms/storage/badges/d40/badgesecure_83x73_no_2x.png HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/png
content-length: 5553
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2559
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e64fa80b59-OSL
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/assets/d40/tpl-lp/images/warning-symbol.png
104.17.166.216200 OK 558 B URL HTTP/2 www.40-dating.no/oms/storage/assets/d40/tpl-lp/images/warning-symbol.png
IP 104.17.166.216:0
File type PNG image data, 60 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 99f815f554a49ab92ba2bc4be9468dc3
adc7111c516bcd6031a3575448fc8bc08c6d610b
daa1c7ab3003176e8094cb0de660351410571cf196835230c55ce32def863bd8
GET /oms/storage/assets/d40/tpl-lp/images/warning-symbol.png HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/png
content-length: 558
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2560
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e63f990b59-OSL
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/assets/components/luxembourg-overlay/images/background.png
104.17.166.216200 OK 34 kB URL HTTP/2 www.40-dating.no/oms/storage/assets/components/luxembourg-overlay/images/background.png
IP 104.17.166.216:0
File type PNG image data, 580 x 100, 8-bit gray+alpha, non-interlaced\012- data
Hash 908d3735254cf9981af6076358241e01
471ccdf7892052f91c6c0884c216abe20091e685
b7bd850eeb029f3fe34c9b5d9730f76cf63a828ee28b7f004dca8f4dc79a36cd
GET /oms/storage/assets/components/luxembourg-overlay/images/background.png HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/png
content-length: 34375
cf-bgj: imgq:100,h2pri
cf-polished: origSize=47620
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2559
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e64fb00b59-OSL
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/81475.jpg
104.17.166.216200 OK 320 kB URL HTTP/2 www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/81475.jpg
IP 104.17.166.216:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 2000x1100, components 3\012- data
Size 320 kB (319834 bytes)
Hash 00f0f554c0989f91cbecfa3ff26410fb
0a385739df7939ca74663086247f8efa5316f6af
37efd572fbe7c69441df4ad6af93f9cff6ef4c6c9ddb7c970c160dee5605a5ac
GET /oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/81475.jpg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/jpeg
content-length: 319834
cf-bgj: imgq:100,h2pri
cf-polished: origSize=328110
last-modified: Fri, 10 Mar 2023 13:52:31 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3294
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e64fa50b59-OSL
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/assets/components/luxembourg-overlay/images/flag-lu.jpg
104.17.166.216200 OK 1.4 kB URL HTTP/2 www.40-dating.no/oms/storage/assets/components/luxembourg-overlay/images/flag-lu.jpg
IP 104.17.166.216:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 278x167, components 3\012- data
Hash 2cdee573e13d0bcf7ebfa831a4a0103c
45cac7385334587b2c2cd2413e1989ecaf7f9dba
6e114d9d6bfb883fa77c7022ee7778108c1c2cde5941aac60007102968c31fd2
GET /oms/storage/assets/components/luxembourg-overlay/images/flag-lu.jpg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/jpeg
content-length: 1354
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2842
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2559
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e64fb20b59-OSL
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/logos/d40/D40_Logo_pos_RGB-no.svg
104.17.166.216200 OK 6.8 kB URL HTTP/2 www.40-dating.no/oms/storage/logos/d40/D40_Logo_pos_RGB-no.svg
IP 104.17.166.216:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5703), with no line terminators
Hash 1d6cfd149e765406a5937692937d5dc9
d5af69536837eefbe53c20e4ba20d74817906625
c2912d3c3cfe168737ce4340e13eedc4fe40ffc81b7db8c99a55109c8a7ccab2
GET /oms/storage/logos/d40/D40_Logo_pos_RGB-no.svg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/svg+xml
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: HIT
age: 2559
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e63f9e0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/favicons/d40_x16.png
104.17.166.216200 OK 419 B URL HTTP/2 www.40-dating.no/oms/storage/favicons/d40_x16.png
IP 104.17.166.216:0
File type PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced\012- data
Hash cc4f1c79d499c29e5bd280bc089a9b71
35ec0235166acf069bd0ca4f930f8c11131f968f
b42b7f134e4d869ade97bf861cb88d7be565c885037114767b05e2ca33568a33
GET /oms/storage/favicons/d40_x16.png HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/png
content-length: 419
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2556
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e6d8290b59-OSL
X-Firefox-Spdy: h2
www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
104.17.166.216200 OK 19 kB URL HTTP/2 www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
IP 104.17.166.216:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3123)
Hash 96f65b27aab39b1092728e7f4c453ef6
518e6d117c403c7b2022180bc2dd01ec7bd77d56
57f5b617f740675ceb83925fbaa0111835e8ff8f59b3ea4060e87592c04f1b0e
GET /dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707 HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cynes-gwf.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
content-security-policy-report-only: default-src 'self' https://app.40sdating.com *.40-dating.no https://www.google.com *.google-analytics.com https://stats.g.doubleclick.net; child-src *; script-src 'self' https://app.40sdating.com *.40-dating.no 'nonce-94c72003b543d3fd9dd79580d8bb7d66b7d31827b1fe234b8b886793f17fff55' 'unsafe-eval' https://www.google.com *.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net; style-src 'self' https://app.40sdating.com *.40-dating.no 'unsafe-inline'; img-src 'self' data: https://app.40sdating.com *.40-dating.no https:; media-src 'self' data: https://app.40sdating.com *.40-dating.no; report-uri https://www.40-dating.no/oms/api/v1/ack/csp;
reporting-endpoints: epcsp='https://www.40-dating.no/oms/api/v1/ack/csp'
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM; path=/; expires=Mon, 13-Mar-23 08:36:19 GMT; domain=.www.40-dating.no; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a72c6e4ce180b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/fonts/dating-social-media-icons/social_media_icons.ttf?adj6um
104.17.166.216200 OK 9.6 kB URL HTTP/2 www.40-dating.no/oms/storage/fonts/dating-social-media-icons/social_media_icons.ttf?adj6um
IP 104.17.166.216:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash 5af36cbf8e08ffcb53ac6d7edaad669b
a3667c7ca0cb15ae251e492a988e747e74a0620c
92bd2696605459001eb85abc88ffe6bcb062687fd09194adab3fa3e519394855
GET /oms/storage/fonts/dating-social-media-icons/social_media_icons.ttf?adj6um HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: font/ttf
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: HIT
age: 1735
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e65fb90b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/assets/d40/tpl-lp/images/user-login.svg
104.17.166.216200 OK 0 B URL HTTP/2 www.40-dating.no/oms/storage/assets/d40/tpl-lp/images/user-login.svg
IP 104.17.166.216:0
GET /oms/storage/assets/d40/tpl-lp/images/user-login.svg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/svg+xml
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: HIT
age: 2560
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e63f940b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/449d4e125d05433c17a2e33d7bd82143.js
104.17.166.216200 OK 0 B URL HTTP/2 www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/449d4e125d05433c17a2e33d7bd82143.js
IP 104.17.166.216:0
GET /oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/449d4e125d05433c17a2e33d7bd82143.js HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: application/javascript
cf-bgj: minify
last-modified: Fri, 10 Mar 2023 13:52:31 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3294
server: cloudflare
cf-ray: 7a72c6e63f9f0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/b311637a0553760a6c1f330339ba9d7d.css
104.17.166.216200 OK 0 B URL HTTP/2 www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/b311637a0553760a6c1f330339ba9d7d.css
IP 104.17.166.216:0
GET /oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/b311637a0553760a6c1f330339ba9d7d.css HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=29412
last-modified: Fri, 10 Mar 2023 13:52:31 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3294
server: cloudflare
cf-ray: 7a72c6e68fec0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
app.40sdating.com/api/v1/events/pre-registration
104.17.166.216200 OK 0 B URL HTTP/2 app.40sdating.com/api/v1/events/pre-registration
IP 104.17.166.216:0
POST /api/v1/events/pre-registration HTTP/1.1
Host: app.40sdating.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/
Content-Type: application/json
Origin: https://www.40-dating.no
Content-Length: 384
Connection: keep-alive
Cookie: __cf_bm=zWEU_rCjEQuZRNpA17V1r37b1svfq6.kes88U7DgdjM-1678694780-0-AV2A4jrtj+xHOqIC0E3fTtjicHDAczJnoT5nxZTjweGvNwKw6CU6BC6CllkLaTzGoflrTB1r+ALKf5Z55uafTalvbqtt9wgpk5wBO+THFqjf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:20 GMT
content-type: application/json;charset=UTF-8
cf-ray: 7a72c6e94c7b0b41-OSL
access-control-allow-origin: https://www.40-dating.no
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform, max-age=0, private
content-encoding: gzip
expires: 0
set-cookie: irouted=.biz27; path=/; Secure; HttpOnly
strict-transport-security: max-age=15552000; includeSubDomains
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
content-security-policy:
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/2044923bc02fd2633ddd1df32503709f.js
104.17.166.216200 OK 0 B URL HTTP/2 www.40-dating.no/oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/2044923bc02fd2633ddd1df32503709f.js
IP 104.17.166.216:0
GET /oms/storage/nodes/ZDQwX19uYl9fMjIxOTMx/2044923bc02fd2633ddd1df32503709f.js HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: application/javascript
cf-bgj: minify
last-modified: Fri, 10 Mar 2023 13:52:31 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3294
server: cloudflare
cf-ray: 7a72c6e63f8f0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.40-dating.no/oms/storage/logos/d40/D40_Logo_neg_RGB-no.svg
104.17.166.216200 OK 0 B URL HTTP/2 www.40-dating.no/oms/storage/logos/d40/D40_Logo_neg_RGB-no.svg
IP 104.17.166.216:0
GET /oms/storage/logos/d40/D40_Logo_neg_RGB-no.svg HTTP/1.1
Host: www.40-dating.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.40-dating.no/dlpm/aff-40d-no-0722-pinboard-couples-1.html?CID=08NOb_284_227189_1&linkid=12209__wi3084kf3eci0g8niadv19ag&accid=12209&subid1=&subid2=wi3084kf3eci0g8niadv19ag&visid=1768852707
Connection: keep-alive
Cookie: __cf_bm=7jvQIA.Vse0Nq6A0VjpLFE7_GXHtsytrSQdlaLpL6NI-1678694779-0-Af89A+np9ThQ1TkIIEloYblTknURRLWrNf8DK4RDS2jBHy6mTIkp18M+50tI9dEDettVjaTYMuCfbH33dmc42fuCtt2rtltQbpIVRKSKTlzM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 13 Mar 2023 08:06:19 GMT
content-type: image/svg+xml
last-modified: Mon, 06 Mar 2023 21:24:19 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: HIT
age: 2560
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a72c6e63f920b59-OSL
content-encoding: br
X-Firefox-Spdy: h2