newsmartphoneoffer.com/en_uk/SS22_uk_s
185.128.34.116302 Found 169 B URL HTTP/1.1 newsmartphoneoffer.com/en_uk/SS22_uk_s
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 3a924587a03eb36516ba715c384e5267
a05c222768c2b7049ea9d8a745c582438b748ea3
7b1c95f117802a1767416994cc254fdfd7d2a105b58f25de5f9bd3f4660718cc
Analyzer Verdict Alert fortinet Phishing
GET /en_uk/SS22_uk_s HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Connection: close
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Content-Length: 169
firefox.settings.services.mozilla.com/v1/
54.230.111.118200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 08 Oct 2022 20:47:23 GMT
Expires: Sat, 08 Oct 2022 21:23:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jL4QSU7nXitHjML5jPSONx7pVUMfbzbIgyUHoB_Xwn_9TDV6TTUgnA==
Age: 1344
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf768e41672570b0a4a9fe86045915fc
2249064a86b2ba11e28208b9fba1c9f1db4f3e9e
a049499f78078df12f4d1c5180f1f36715a5c99db4f31c18ee06bcf0b6382b30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A049499F78078DF12F4D1C5180F1F36715A5C99DB4F31C18EE06BCF0B6382B30"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17159
Expires: Sun, 09 Oct 2022 01:55:46 GMT
Date: Sat, 08 Oct 2022 21:09:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7cba6aada5c0a04c1c0644769c09f64e
ed02f174a9b718951911343af8ec181c6d205b1d
ba863e734d5d38ed160758ab0b09d1b0f44fc795dcbcee4199329b011fcd1bd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA863E734D5D38ED160758AB0B09D1B0F44FC795DCBCEE4199329B011FCD1BD1"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13003
Expires: Sun, 09 Oct 2022 00:46:30 GMT
Date: Sat, 08 Oct 2022 21:09:47 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PAqynWvFJLFdYWlJJ8q6KKol1vuC8CmxxsI28Fi8XQxAJcwotsoGpEHP7vgM5T3IyUOD2psaYCQ=
x-amz-request-id: S7Y72V9E9HZ7WSK6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 08 Oct 2022 20:59:45 GMT
age: 602
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 21:09:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6b7eab7bec9f8973505f1f4bd557e4bc
9cd2e4c61c039e02a53ab7f5d32646a090e5956c
54851ba71ac0e4c3e05bd9da8ed50f8756b302dc7a55b4b19bc6aa0d13e3160a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54851BA71AC0E4C3E05BD9DA8ED50F8756B302DC7A55B4B19BC6AA0D13E3160A"
Last-Modified: Thu, 06 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21552
Expires: Sun, 09 Oct 2022 03:08:59 GMT
Date: Sat, 08 Oct 2022 21:09:47 GMT
Connection: keep-alive
newsmartphoneoffer.com/en_uk/SS22_uk_s
185.128.34.116200 OK 27 kB URL HTTP/1.1 newsmartphoneoffer.com/en_uk/SS22_uk_s
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13779)
Hash 94886913b08c41ba3e5a14e11bd57104
a3889e7d6ac385287786323e143faef4bf453c1f
cdf049c52beaa13176c07c7dccd9cb82f0f1a071c2ee0630f1378dc506c271b3
Analyzer Verdict Alert fortinet Phishing
GET /en_uk/SS22_uk_s HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Sat, 08 Oct 2022 21:09:47 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; expires=Sat, 08-Oct-2022 22:09:47 GMT; Max-Age=3600; path=/
cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D; expires=Sat, 08-Oct-2022 22:09:47 GMT; Max-Age=3600; path=/; httponly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/styles/main.min.css
185.128.34.116200 OK 1.5 kB URL HTTP/1.1 newsmartphoneoffer.com/styles/main.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (7292)
Hash 7e976ab25ce0cdba109ccf316add43f2
451128b9768b2b3356afdbc7b92b9ec7b4a79dc8
2b9d6fe51d6f1b50e777301cba99b4646860726140c4945cbb17ac314c9ae87e
GET /styles/main.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: text/css
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e925d-1c7d"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/landing-layouts/s/styles/main.min.css
185.128.34.116200 OK 24 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/styles/main.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (65536), with no line terminators
Hash 33dc9c02a2d0c1bb6ffe9e0cad5c5a84
ea1d721070847347b6c2aa4ab3d9840f28ae38a5
58225137dbec3b52057afe3d02acdff56bdc0da6c39a7224c926dfda91089510
GET /landing-layouts/s/styles/main.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: text/css
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e925d-3ca9e"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
code.jquery.com/jquery-3.3.1.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-3.3.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65451)
Hash d549b312f7a7d228b4ec229a6547dfdc
0766794582ad530ec0f8c2595f741086afffa312
f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:48 GMT
content-encoding: gzip
content-length: 30288
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1538f"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1665263388.dop066.sk1.t,1665263388.cds066.sk1.hn,1665263388.cds072.sk1.c
X-Firefox-Spdy: h2
djjcyqvteia9v.cloudfront.net/EHawkTalon.js
54.230.245.27200 OK 44 kB URL HTTP/2 djjcyqvteia9v.cloudfront.net/EHawkTalon.js
IP 54.230.245.27:0
File type Unicode text, UTF-8 text, with very long lines (31985)
Hash 94e7b422e861ef1c968c81a21965c22d
148f6107b034ea6275f48c8512b5387d183779db
54234f4ebe24f0a0058c5a4301ba3356fa0e138d3adfa12cac7b144667da104d
GET /EHawkTalon.js HTTP/1.1
Host: djjcyqvteia9v.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 44465
date: Tue, 04 Oct 2022 12:27:24 GMT
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Wed, 29 Jul 2020 14:14:29 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 03 Nov 2022 12:27:24 GMT
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uSMJ9L36b2r-MVq5zTOrHpugquv_XnBaqwnPfSDfSbPPt-BnG8dF3w==
age: 376944
X-Firefox-Spdy: h2
newsmartphoneoffer.com/vendor/select2/select2.min.css
185.128.34.116200 OK 2.2 kB URL HTTP/1.1 newsmartphoneoffer.com/vendor/select2/select2.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (16263)
Hash bd3ea59ca12635e32402ec20cb196249
b1bfdaba4a00c2932245ff9eabea38016f9c9069
b99f8f79de257275fdbf6a8e0eb4652b0d69429552234b1f444c08ae85000341
GET /vendor/select2/select2.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: text/css
Last-Modified: Thu, 06 Oct 2022 08:35:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e9344-3f88"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/landing-layouts/s/scripts/script.min.js
185.128.34.116200 OK 8.1 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/scripts/script.min.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (343)
Hash 520d196e2e2943a9ae0a92e31a74edc5
d28ee656c956ef4997eb2102ce7cc52b56c5282f
23f22134f948270bf57cc144d9113cf46c02e27333095cde292491b8e9800a05
Analyzer Verdict Alert fortinet Phishing
GET /landing-layouts/s/scripts/script.min.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e925d-a0d8"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
www.googletagmanager.com/gtag/js?id=UA-129693020-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-129693020-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash 9b056093bee9d21b2f89dba37c16ccb1
7f1dd4d5d8d059c8c4cc993c4756df9c35797c31
bbc63321708af967da99edc3879fa94b00f1033ae07a4634a7b1c848a0869967
GET /gtag/js?id=UA-129693020-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 08 Oct 2022 21:09:48 GMT
expires: Sat, 08 Oct 2022 21:09:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42419
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ee96d771e1664e3afe56cf32bfe45eee
3ab9109d6f7a952cf2f7071ecb5ee186f9eebf6a
df7a23267a1a0bddc477d2b3f4c870b6a6ab7b4dca5fc38164d814ccae2b2fdd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b9f0247fb5bf6e6458f14094551436e1
0ac483f7caef89a55829041189790c8fc7eb8cd7
1b157a9bf613ddbf329225759780db82a249f8502b1b7cb6742907224b4c775e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.118200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 08 Oct 2022 20:29:42 GMT
Cache-Control: max-age=3600
Expires: Sat, 08 Oct 2022 21:23:34 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qFVr8XgmUkHYsI6qZ4PyK0F7i4Xcar4B_w714A4ZpCPln2wNEmdQMA==
Age: 2407
newsmartphoneoffer.com/images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png
185.128.34.116200 OK 6.1 kB URL HTTP/1.1 newsmartphoneoffer.com/images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 240 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 331f6ba1ae14bb60185d9d2626b3acd5
6b7a5e169052686e441d4909d4a98d60dc157db6
d4769dc58bfeadce09cb4e7e6c0958d6602423d020b36ff0be54b60359689b90
GET /images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: image/png
Content-Length: 6146
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Connection: keep-alive
ETag: "633e925d-1802"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/landing-layouts/s/images/privacy_img.png
185.128.34.116200 OK 6.6 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/images/privacy_img.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 130 x 130, 8-bit colormap, non-interlaced\012- data
Hash 18d7bc31d40e63b3dd7c886c8bc1f5c2
419d4868455728ae20149170066c6b707de0df5a
13f9001dbfe4dfc8be808e3c382c47172604b1eb540db94e9221a13b7841272f
GET /landing-layouts/s/images/privacy_img.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: image/png
Content-Length: 6553
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Connection: keep-alive
ETag: "633e925d-1999"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/js/app.js
185.128.34.116200 OK 221 kB URL HTTP/1.1 newsmartphoneoffer.com/js/app.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type Unicode text, UTF-8 text, with very long lines (65473)
Size 221 kB (220768 bytes)
Hash d235fc7e88ed8c8a2db5715cb7159ce4
555b116319d2b7d6d63579262c1ce11368fe7c30
47fb993345484b91f7e07adadf7bf2095e4d9e6e6740321c4d4947beba1219cf
Analyzer Verdict Alert fortinet Phishing
GET /js/app.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 06 Oct 2022 08:35:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e9344-edd28"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ee96d771e1664e3afe56cf32bfe45eee
3ab9109d6f7a952cf2f7071ecb5ee186f9eebf6a
df7a23267a1a0bddc477d2b3f4c870b6a6ab7b4dca5fc38164d814ccae2b2fdd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newsmartphoneoffer.com/landings/11853/image_2021_08_30T11_15_22_327Z.png
185.128.34.116200 OK 168 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/11853/image_2021_08_30T11_15_22_327Z.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 168 kB (167867 bytes)
Hash 943c78e009dd22669a9a8aa2bf211267
8ef55205aae8eb76c13976f29b5330a62dfc6042
585bdd6db05a82ae25f787dfa56e53c18ef0d703f6802589f5781b2cbad483d4
GET /landings/11853/image_2021_08_30T11_15_22_327Z.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: image/png
Content-Length: 167867
Last-Modified: Thu, 10 Mar 2022 10:13:53 GMT
Connection: keep-alive
ETag: "6229cf61-28fbb"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/landings/11860/s22.png
185.128.34.116200 OK 161 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/11860/s22.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 543 x 390, 8-bit/color RGBA, non-interlaced\012- data
Size 161 kB (161014 bytes)
Hash 2693250fdaef9e24ce07685b77e26d1c
75581b1da498fb2e44d05e13929d47aa3816cf34
e0a6a8e953ae5085d2c3baa8e21fc09c887103526d21c7a2988a5e3c5f40d0bd
GET /landings/11860/s22.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: image/png
Content-Length: 161014
Last-Modified: Thu, 10 Mar 2022 10:26:10 GMT
Connection: keep-alive
ETag: "6229d242-274f6"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/landings/11861/s22.png
185.128.34.116200 OK 161 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/11861/s22.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 543 x 390, 8-bit/color RGBA, non-interlaced\012- data
Size 161 kB (161014 bytes)
Hash 2693250fdaef9e24ce07685b77e26d1c
75581b1da498fb2e44d05e13929d47aa3816cf34
e0a6a8e953ae5085d2c3baa8e21fc09c887103526d21c7a2988a5e3c5f40d0bd
GET /landings/11861/s22.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: image/png
Content-Length: 161014
Last-Modified: Thu, 10 Mar 2022 10:26:10 GMT
Connection: keep-alive
ETag: "6229d242-274f6"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/fonts/Oswald-Heavy/Oswald-Heavy.woff2
185.128.34.116200 OK 31 kB URL HTTP/1.1 newsmartphoneoffer.com/fonts/Oswald-Heavy/Oswald-Heavy.woff2
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash e3c37af374909525ba2e3462bc05540f
127ea8601da9fb256c39c30b3b726f4e37e2df52
33405d243b1d6b59763f933848f7d90ac96b0f820f560ca5f4e37e5dd7bfd261
Analyzer Verdict Alert fortinet Phishing
GET /fonts/Oswald-Heavy/Oswald-Heavy.woff2 HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: application/octet-stream
Content-Length: 30928
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Connection: keep-alive
ETag: "633e925d-78d0"
Expires: Sat, 15 Oct 2022 21:09:48 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8a2449aeb44e755b2e6897d30993dda0
16cd83b0e0975ebf09e7035c26bbda168af42ac8
fd80527f810be13b70107c447b6f6f226c6145fbcc3b5446f9c834bca2f1597b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8a2449aeb44e755b2e6897d30993dda0
16cd83b0e0975ebf09e7035c26bbda168af42ac8
fd80527f810be13b70107c447b6f6f226c6145fbcc3b5446f9c834bca2f1597b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 05:42:51 GMT
expires: Fri, 06 Oct 2023 05:42:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 228417
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
newsmartphoneoffer.com/en_uk/images/icons/favicon.ico
185.128.34.116404 Not Found 2.1 kB URL HTTP/1.1 newsmartphoneoffer.com/en_uk/images/icons/favicon.ico
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Hash e881f8e66a93d0960ba6fad410094769
7f1bd10fd60815735fad95387ecaed0cfaf3b287
b43a9db67408b4398f147b571163d5b272af8c46eb4dca9f1bc2be44a6ded26d
GET /en_uk/images/icons/favicon.ico HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
date: Sat, 08 Oct 2022 21:09:48 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8a2449aeb44e755b2e6897d30993dda0
16cd83b0e0975ebf09e7035c26bbda168af42ac8
fd80527f810be13b70107c447b6f6f226c6145fbcc3b5446f9c834bca2f1597b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5479444ef227af03029fbb9d154f0107
0563678ec07ab3707b716ca4c638ece4c8ad7de4
4850d49786a140003b90ae108104ffbfe80a6e0d9f584656a09f0fff11dc9d0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:48 GMT
Last-Modified: Sat, 08 Oct 2022 20:04:44 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.238.202.79101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.202.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: x9RdvteoYu9Bi+27bH5P+Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wIhraSPNMi9c9+pRmCvjsWp7ecI=
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 08 Oct 2022 20:41:09 GMT
expires: Sat, 08 Oct 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 1720
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e734845d4476b683a4a38bdadcedcde7
2a3b7be7d9133715f1eb5d443ead0dfb938fd7da
043d503dfe8cf5e7ea9d922d8898cfc9bb3522913870b5ec6611deaebc4009b6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "043D503DFE8CF5E7EA9D922D8898CFC9BB3522913870B5EC6611DEAEBC4009B6"
Last-Modified: Sat, 08 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 09 Oct 2022 03:09:49 GMT
Date: Sat, 08 Oct 2022 21:09:49 GMT
Connection: keep-alive
productsgiveaway-uk-342.com/en_uk/tr_SS22_uk_s?affid=preview
185.128.34.117200 OK 28 kB URL HTTP/1.1 productsgiveaway-uk-342.com/en_uk/tr_SS22_uk_s?affid=preview
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10300)
Hash c10e76970aa00e533e1e38ab108b7a45
4f18b5aa34f48ae8eed173b1e045cf5011ec66df
5e691dc450dde5f9c63ab9619eb62e27a57c24616779d914b8ef9aa1d5e5bbb7
Analyzer Verdict Alert fortinet Phishing
GET /en_uk/tr_SS22_uk_s?affid=preview HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: https://newsmartphoneoffer.com
Set-Cookie: advanced-frontend=7apgnfn4oh45go06j7hsfh0nbt; path=/; HttpOnly
visitId=9b922b2d1f0b41fd47901866072f5910cf4b4f20f99b000d59c960fc3c292019a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22visitId%22%3Bi%3A1%3Bs%3A32%3A%22cdf760f970e06f953c355ef728e36fae%22%3B%7D; expires=Mon, 07-Nov-2022 21:09:49 GMT; Max-Age=2592000; path=/; HttpOnly
_csrf-frontend=8796c092c55fb1a90e558bd855ecbf30cb2c58a291a761f0cd3cdc104bdf34cba%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22g8k8U3D8ILU7o-MHSYWj8OUjsR3btvhH%22%3B%7D; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
productsgiveaway-uk-342.com/sponsor?externalId=cdf760f970e06f953c355ef728e36fae
185.128.34.117200 OK 4.6 kB URL HTTP/1.1 productsgiveaway-uk-342.com/sponsor?externalId=cdf760f970e06f953c355ef728e36fae
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type JSON data\012- HTML document, ASCII text, with very long lines (28389), with no line terminators
Hash fdc3205eb45c88b6adb0f47fc635d070
28a3ecf47481c32e6dd0a0dfa05e13b7939a43a5
a643700d19235ca281cbe11294901ef0bb49ea7bbdb27a731746028fe142130b
GET /sponsor?externalId=cdf760f970e06f953c355ef728e36fae HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:49 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: https://newsmartphoneoffer.com
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
productsgiveaway-uk-342.com/images/placeholder.png
185.128.34.117200 OK 30 kB URL HTTP/1.1 productsgiveaway-uk-342.com/images/placeholder.png
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 2400 x 2400, 8-bit grayscale, non-interlaced\012- data
Hash efecd9d40367ec0d16517eccd2131f51
f62fb8a662c331a24c8f6ad67bdd9c80501b3ea5
93453aeb09ee83e223ec77a93aab60cbcf79be3436401817b49bf11093e6adc1
GET /images/placeholder.png HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:49 GMT
Content-Type: image/png
Content-Length: 30255
Last-Modified: Tue, 04 Oct 2022 08:52:49 GMT
Connection: keep-alive
ETag: "633bf461-762f"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash f69ae32dfa39a437ca68861d84da34e6
7cdf9057077e7167e0c9dd9cb0c1363098359344
498b75d96cb4b8626cead91a0d09271c296d0f224dc9f7aa476fdeabdac04083
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 08 Oct 2022 21:09:49 GMT
Last-Modified: Sat, 08 Oct 2022 20:07:57 GMT
Server: ECS (dcb/7FA3)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KE9Jq6dU4NkcWz6WB3TpOGRgaxKgznUyqZmrf_oVP0BPK4_SnaW6Fg==
Age: 3712
newsmartphoneoffer.com/service-worker.js
185.128.34.116200 OK 170 B URL HTTP/1.1 newsmartphoneoffer.com/service-worker.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
Hash 6dc9aad8c0a0f0f17a0dd110ab15af19
3f8b295142373a5170b66a6b77f276e9b3e3f9e1
20095487f19c6e5482093159c3f020846dd7f3878ee426b11772ef7cf5a03be5
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D; _ga=GA1.2.1414471268.1665263389; _gid=GA1.2.932288258.1665263389; _gat_gtag_UA_129693020_1=1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:49 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 06 Oct 2022 08:31:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633e925d-10c"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 19c1d44f1bfb327b95c58c3c47a761eb
27e9b04ffa908f7a8dad1ee2f86a07dcac3e9774
0a0666d04d13fc6af85ce31d055c69801a285e9526726e9496ec5383055136fd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 08 Oct 2022 21:09:49 GMT
Last-Modified: Sat, 08 Oct 2022 20:06:13 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ko4C7aFuckenMv3WTWB_adWcXfX7OS89el_y7wBtG5Mmsr0DRYP5xA==
Age: 3816
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 19c1d44f1bfb327b95c58c3c47a761eb
27e9b04ffa908f7a8dad1ee2f86a07dcac3e9774
0a0666d04d13fc6af85ce31d055c69801a285e9526726e9496ec5383055136fd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 08 Oct 2022 21:09:49 GMT
Last-Modified: Sat, 08 Oct 2022 20:38:33 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1lj7klMjOiKmWGkyVNYxv3Hup_3PfBQYOPwQ4GR1zRuAfroNAOygEw==
Age: 1877
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 19c1d44f1bfb327b95c58c3c47a761eb
27e9b04ffa908f7a8dad1ee2f86a07dcac3e9774
0a0666d04d13fc6af85ce31d055c69801a285e9526726e9496ec5383055136fd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 08 Oct 2022 21:09:49 GMT
Last-Modified: Sat, 08 Oct 2022 20:38:32 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jeN9sKD7AMLObPJuoU2IodaYUuKPjhbqRxnaRsR93L1wPMEOQyJl3Q==
Age: 1877
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 58d06623ac265a1f3bc42629706e2397
231c24362f18bdd224c02ad797fb11d11e040784
16af2d12d4fdbafde87f426df621f8d42dcda0c1061a352530e6e6faf1352cf7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16AF2D12D4FDBAFDE87F426DF621F8D42DCDA0C1061A352530E6E6FAF1352CF7"
Last-Modified: Sat, 08 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9478
Expires: Sat, 08 Oct 2022 23:47:47 GMT
Date: Sat, 08 Oct 2022 21:09:49 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 19c1d44f1bfb327b95c58c3c47a761eb
27e9b04ffa908f7a8dad1ee2f86a07dcac3e9774
0a0666d04d13fc6af85ce31d055c69801a285e9526726e9496ec5383055136fd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 08 Oct 2022 21:09:49 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mSkeIvxg0H5f3N4TYnak7t73V0ch5c1cxctlWqQs3u_AlwF1q-LL3A==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 3.9 kB IP 142.250.74.3:0
Hash 3bc0b1be1a621c60688a7e3e290a4671
2282ce68f8e4315b8310570e458c3627ae2260d5
8d72cedba745dca887315b427d1bdfc7388be6b883879b4f99d18bb604a3d756
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129693020-1&cid=1414471268.1665263389&jid=314037032&gjid=1073634196&_gid=932288258.1665263389&_u=aGBAAUACQAAAACAAI~&z=408302923
173.194.73.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129693020-1&cid=1414471268.1665263389&jid=314037032&gjid=1073634196&_gid=932288258.1665263389&_u=aGBAAUACQAAAACAAI~&z=408302923
IP 173.194.73.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129693020-1&cid=1414471268.1665263389&jid=314037032&gjid=1073634196&_gid=932288258.1665263389&_u=aGBAAUACQAAAACAAI~&z=408302923 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://newsmartphoneoffer.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 08 Oct 2022 21:09:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0aca7edf23f6d8fb3c0b5a89400d3118
67e4a61460cb43d6882f3378d0455835d323c63f
acf66c6d19fa651d5a9a59b67b3e4c116485a2f60a5dd4d753afa411811019e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 21:09:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://newsmartphoneoffer.com/
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:50 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FeYUQHaeDeFUWhulzWYtrqEJ1SeADyQ%2FMIM%2BiyifZ9wXulazqpcA64kI0DmBYquvqJWVjuOu7vZVYmQ6OzaoiSf33963wUX1c65PJ6Bu2a%2BcWpZoLMvDO1TNbdAihJIPF9Q71J1mBNXDTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7571dc1b282476a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 19c1d44f1bfb327b95c58c3c47a761eb
27e9b04ffa908f7a8dad1ee2f86a07dcac3e9774
0a0666d04d13fc6af85ce31d055c69801a285e9526726e9496ec5383055136fd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 08 Oct 2022 21:09:49 GMT
Server: ECS (dcb/7F5D)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _C49DPKJeKIIbrweT7h_Uy_RG-lY4OZfmOtqIue6YKWpXjMzvYz8_A==
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://newsmartphoneoffer.com/
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:50 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmZFUTpunQa92iM92H59L7OTF09NToMiksffbMGfHKvEkgvVpszCnmo%2FinyYd38Soga1ynNfyV%2BR4AZdqAZY78bixiN6MeabcTbBowhgBwlMTtpMK8wBeA0909iaY8vcIw5fzRR7ghA2SQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7571dc1b282f76a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://newsmartphoneoffer.com
Content-Length: 109
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:50 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g6BjqwYE11zFbD9fwr4J53oAcJ4VIXIeXh0xLGLq9LUZhJpy67%2F5p7UnlG%2Fh7UlNdbCMFmG4Ojb7LWFag6%2FLzZVuRPSq9xrp3CNu6WjrK6UPIQT15XKNC5X4QUNYof8%2BTk6zWhMKAVysAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7571dc1bd94876a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://newsmartphoneoffer.com
Content-Length: 148
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:50 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hBBQ6945kUXPC36XVan8DzCwwqrZVtRGQ%2B0ZYS2ShlJHPARnY58PVN6btOC4CdLS4XCek5J1WaT3pwDEET%2B3GOGqcd6aRhlmPRbzgfqvGSj6rBKQrCDs%2BPI9bbwC%2Fn40NQYMbM%2BgW%2B%2FxEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7571dc1bd95a76a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5cf0255a785469b033344c2ec0ed394
a4a700c1c250cb10f175e67b4b11f2c94afb2bdb
191e75d8e785c03eb558af6f3efe0d557669b65b94d17b42a1b9b7f623947c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "191E75D8E785C03EB558AF6F3EFE0D557669B65B94D17B42A1B9B7F623947C6F"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10327
Expires: Sun, 09 Oct 2022 00:01:57 GMT
Date: Sat, 08 Oct 2022 21:09:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5cf0255a785469b033344c2ec0ed394
a4a700c1c250cb10f175e67b4b11f2c94afb2bdb
191e75d8e785c03eb558af6f3efe0d557669b65b94d17b42a1b9b7f623947c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "191E75D8E785C03EB558AF6F3EFE0D557669B65B94D17B42A1B9B7F623947C6F"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10327
Expires: Sun, 09 Oct 2022 00:01:57 GMT
Date: Sat, 08 Oct 2022 21:09:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5cf0255a785469b033344c2ec0ed394
a4a700c1c250cb10f175e67b4b11f2c94afb2bdb
191e75d8e785c03eb558af6f3efe0d557669b65b94d17b42a1b9b7f623947c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "191E75D8E785C03EB558AF6F3EFE0D557669B65B94D17B42A1B9B7F623947C6F"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10327
Expires: Sun, 09 Oct 2022 00:01:57 GMT
Date: Sat, 08 Oct 2022 21:09:50 GMT
Connection: keep-alive
cdn.cloudcnt.com/content/image/5c1cfaf6a3c67.png?size=300
54.230.111.76200 OK 5.1 kB URL HTTP/2 cdn.cloudcnt.com/content/image/5c1cfaf6a3c67.png?size=300
IP 54.230.111.76:0
File type PNG image data, 236 x 92, 8-bit colormap, non-interlaced\012- data
Hash 3167f262cc6d7e37766c62a94bce1fbe
8cd42f142fd39991332170fb0ee5f34f21697902
cab6d8b5423398ed958029d9522faf3d356325b3276468b49162ca6dda8af9d3
GET /content/image/5c1cfaf6a3c67.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Sat, 08 Oct 2022 04:28:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ryuzyeiRYAhFr6a0_4v4P8CKUUnexchWwP1GFNE77HNa9pza2c8W-g==
age: 60057
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5cf0255a785469b033344c2ec0ed394
a4a700c1c250cb10f175e67b4b11f2c94afb2bdb
191e75d8e785c03eb558af6f3efe0d557669b65b94d17b42a1b9b7f623947c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "191E75D8E785C03EB558AF6F3EFE0D557669B65B94D17B42A1B9B7F623947C6F"
Last-Modified: Fri, 07 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10327
Expires: Sun, 09 Oct 2022 00:01:57 GMT
Date: Sat, 08 Oct 2022 21:09:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e9e3511-179a-47a1-a41a-7b5f6ecbf14f.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e9e3511-179a-47a1-a41a-7b5f6ecbf14f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6207431ae268d805fb92237925c8fc0
075b576b0d47e0f6cbbb9dc85f87e8ca4e8eca87
bb8966bd5b80f1ba6c974925df0610e0a219759ab92df062e135baae02fa0071
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e9e3511-179a-47a1-a41a-7b5f6ecbf14f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5440
x-amzn-requestid: c9408e3c-29f6-4a53-b09d-0c3f49e99287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp3AzFQ3oAMF_Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409ed1-1da6e8c500879b080c66fdfe;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:49:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: bpAfspjZlm1y-CxYtXbhfwPHzcNxLJGVh_j685Z-TvTV-kdRttBjhg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 22:11:50 GMT
etag: "075b576b0d47e0f6cbbb9dc85f87e8ca4e8eca87"
content-type: image/jpeg
age: 82680
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e30ca5022768294665070cafc9d489c
c6ebf53c21206cfcf8e70279d3ae43f0170ade3a
6b834cdae692318a114c0d82ebff4fa8f4e65526983758e08ffb130d4d86020f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9046
x-amzn-requestid: d560c8ba-6e81-46f7-a451-30c40fbfce6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_F7qIAMFkQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-012e65d675558ec8544a1f30;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Y_VpleudG3M2sQd7mFGVhPvfULiNQl3YY8xuhiTnTE5VIC64O8vqMA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:44:19 GMT
age: 84331
etag: "c6ebf53c21206cfcf8e70279d3ae43f0170ade3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9bc50d1380ae8fc980ae1cc38f2371c7
be79aecfd7eefa89c409ed743402a292ff0ce6c0
43e015802ba453d4cd79984b53efa8a529ece62760f6693f9daeb2388179201f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6366
x-amzn-requestid: ddcd915d-2606-4243-969e-19fb02b5b6d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1EJGoSIAMFcSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb3-1c7bd17a2dcdd25e4da6d346;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Cm4uaStVKEsemoOHrc04J9qNysQJoMB7-R8LEzmlRXt47mpXi2NRPA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:12 GMT
age: 83978
etag: "be79aecfd7eefa89c409ed743402a292ff0ce6c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5c4757ceb6dce32d0f9d26d5b3df038
d8209d82f61c7a09e00756e5dd32c99bc61af4a8
6aa007279ba4cdea3f772e0601e4082d40ee947ef8cc1201ce0009fb42ca9885
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3c3ff89f-8a8c-44ae-981a-0e9adaf7d959
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zj_dSEs8IAMFqFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e45ee-6c97b82d137c2f1951270b82;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6wWlD3C6HI9oxa0VAYA6N5afAcUDTQXdO8X31eZUglfdC6jSQo_gew==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 08 Oct 2022 03:29:14 GMT
age: 63636
etag: "d8209d82f61c7a09e00756e5dd32c99bc61af4a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7dcf23b32642f7a82a0a7d734a631bca
9dc8bd1a00dcb896fade6d3112ef53439ecb8fe7
add9aab4427819610f8d693758a752910cf314346e974b7636a82381ab9daa4d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4252
x-amzn-requestid: 8d6a225c-6389-4f20-9b90-494841f47c99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1R4GjCIAMFX-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409c0b-4076dc933185d9fd6b68e802;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:37:15 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Wb1JAlWtR9sSEi_KuYZivvMivSxZjo92LGpWgFppol5zgapK6eQ-dg==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:37:16 GMT
etag: "9dc8bd1a00dcb896fade6d3112ef53439ecb8fe7"
content-type: image/jpeg
age: 84754
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/ext/script/48epx4xd5x?url=newsmartphoneoffer.com
172.64.168.3200 OK 13 kB URL HTTP/2 trk-consulatu.com/scripts/ext/script/48epx4xd5x?url=newsmartphoneoffer.com
IP 172.64.168.3:0
File type ASCII text, with very long lines (7145)
Hash 0ae20a92ac34a116f0c3265775dce6d8
69a94d64e18c6049153a876ce6bfce9a22bf16cd
f6a77d71901a1db455061b5f699b45bd7421bde123dad6e731b323cad663c9b5
GET /scripts/ext/script/48epx4xd5x?url=newsmartphoneoffer.com HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:49 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F%2F%2B8dzWPam81iTPccZZoJRzyHwBzhQ8d0oWmf%2BT5xPJZyTeP8GesTqTdzAS1setta0v%2BrcUPH1ekjPOkzD8XFtzUr%2FHWM7Dytbay0VhBIZbi1b%2BSJMF2dL0oS%2B5v6FlDMktyZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7571dc18aa387753-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:48 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 722, 617
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 2021-03-10 20:26:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 121d365db7a9aba3915641185d93b963
cdn-cache: HIT
cf-cache-status: HIT
age: 14574195
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7571dc100f15b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900
IP 142.250.74.10:0
GET /css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 08 Oct 2022 21:09:48 GMT
date: Sat, 08 Oct 2022 21:09:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fstrk.net/api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js
54.230.111.46200 OK 0 B URL HTTP/2 fstrk.net/api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js
IP 54.230.111.46:0
GET /api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js HTTP/1.1
Host: fstrk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Sun, 11 Sep 2022 08:56:10 GMT
last-modified: Thu, 01 Apr 2021 12:27:02 GMT
etag: W/"9abf9e75ee4858e2302cc352a93a131f"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iug6ELn4nJLRY3mCU7vKxxeNbw9eDPMBPDCbpG7KAKjRN9SeEi9zZA==
age: 2376820
X-Firefox-Spdy: h2
newsmartphoneoffer.com/landings/11862/s22.png
185.128.34.116200 OK 0 B URL HTTP/1.1 newsmartphoneoffer.com/landings/11862/s22.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
GET /landings/11862/s22.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/SS22_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImxJK0gwNUtLaEpjOC8wdTBiTitNdEE9PSIsInZhbHVlIjoieWFid2VjWFJrSk9kdGtSemhnVy9UcWxKS2V3Y2gzUW1pMk5XUlVlSEVZK0hJa1QvdUVMSkwydCtGYkJZTTh3bzVsTUtPVVJwdFhpMFlPU1lsQ2VYblYveDJNSEZVVUxJa3U3TmNjZTBmSXF5cjV2SllmT0tUNWhaZWJncW9mZlciLCJtYWMiOiI0MGIwZTlmZmQ5NDE5N2U1ODU2NzlhNTI1MWI0NTMwMGEzZWU4NzdlZTk4YTdlMDhlNGZhMWVjMTNhNjM0OTg1IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IjdKZ0RVdkVsanF2SjFCQXVyNFBxc3c9PSIsInZhbHVlIjoiUnpreWgvNWhzclJvSFVWL0pRNldEYUlUa2JHRG5Mc21IQTFEWm9aZFloN2Nla1JSU1NIQXV3N2pCd2pVcE16NFJQTUMzNUdRWE1IUWhJZmI4aGR4NUwrVlRQdHVsd0lEcjBFNGd0eXdsT3BaSkZSRlk1U1N4VjJMaThkVDNmVjYiLCJtYWMiOiIyNTg4MmQ0NDYwNTI4MmFmNDA4Nzc5OWVhZjEyZmI0NGQ3NTk5OTg2YmFiYWY3NDRlNmEyNWU2ZTliZWY1N2M5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 21:09:48 GMT
Content-Type: image/png
Content-Length: 161014
Last-Modified: Thu, 10 Mar 2022 10:26:10 GMT
Connection: keep-alive
ETag: "6229d242-274f6"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
cdn.cloudcnt.com/content/image/5b753b0f22993.jpg?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5b753b0f22993.jpg?size=300
IP 54.230.111.76:0
GET /content/image/5b753b0f22993.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Thu, 06 Oct 2022 05:15:29 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JMjdQCTHEhXYQTMt9geloaVfWmvuXRvOOlKSaWMiLjvMyukcLLMFTg==
age: 230060
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5d8dd415ec4fa.png?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5d8dd415ec4fa.png?size=300
IP 54.230.111.76:0
GET /content/image/5d8dd415ec4fa.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Fri, 07 Oct 2022 03:58:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZwdhkUpuyfFZz8_GvVxKBY93HuQh7XlSRkphpxGm5zuE7O8YYCsLkQ==
age: 148291
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/605d9d6a66c60.png?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/605d9d6a66c60.png?size=300
IP 54.230.111.76:0
GET /content/image/605d9d6a66c60.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Sat, 08 Oct 2022 04:28:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ffzy5xCiOKoD5UTbEvaiVxZG-0MovFWuRjYzNsYIW7pVWwV-erAGww==
age: 60057
X-Firefox-Spdy: h2
click.fstrk.net/a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=SS22_uk_s&fs_sub_id=null&fs_transaction_id=cdf760f970e06f953c355ef728e36fae&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1665264221682
35.190.210.193200 OK 0 B URL HTTP/2 click.fstrk.net/a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=SS22_uk_s&fs_sub_id=null&fs_transaction_id=cdf760f970e06f953c355ef728e36fae&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1665264221682
IP 35.190.210.193:0
GET /a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=SS22_uk_s&fs_sub_id=null&fs_transaction_id=cdf760f970e06f953c355ef728e36fae&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1665264221682 HTTP/1.1
Host: click.fstrk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.1
date: Sat, 08 Oct 2022 21:09:49 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
set-cookie: fs_cr=1665263389000; Path=/; Domain=fstrk.net
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com
172.64.168.3200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com
IP 172.64.168.3:0
GET /scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:49 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8l%2FJrDPSzgZgRl7qMPk1j252zQbPNiHJ4Nlipj1hjJ4eh3S5msMPGQDC%2BElGOMYr%2Fc2%2FF%2B3JVzhrVODy7AMmBhq5W8xwa3Dysct3m6sTpCc%2FGBg27YECVUYUlffmBCsJqM8cDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7571dc171ecd7753-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/602bc70b48ff9.jpg?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/602bc70b48ff9.jpg?size=300
IP 54.230.111.76:0
GET /content/image/602bc70b48ff9.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Fri, 07 Oct 2022 03:58:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: AUxnBmVSYdFUrYE26_fuqU6N-igOF817j05O1_cpwldRmastbAaeIA==
age: 148292
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:48 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 13373725
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7571dc0feee1b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 08 Oct 2022 21:09:48 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 05/12/2022 03:05:27
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 863
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 8995e66ba49ec2453930854af59429fe
cdn-cache: HIT
cf-cache-status: HIT
age: 9237712
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7571dc102f34b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5b4f416ee10b3.jpg?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5b4f416ee10b3.jpg?size=300
IP 54.230.111.76:0
GET /content/image/5b4f416ee10b3.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Fri, 07 Oct 2022 03:58:17 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SQSOaqOxah-xltYC3EiLvCSMosAkD-I8yilprjsWCofFHaKj_SVUKg==
age: 148292
X-Firefox-Spdy: h2