483.novitrk1.com/smartlink?mongo_id=6332d01d3d23e25dd7001635&mongo_grouped_id=6332c9a8b7a82b5991578f28&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
188.240.52.20302 Found 718 B URL HTTP/1.1 483.novitrk1.com/smartlink?mongo_id=6332d01d3d23e25dd7001635&mongo_grouped_id=6332c9a8b7a82b5991578f28&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
IP 188.240.52.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ec59fc8acb452cba432c76ec825f0748
10ff7ae42afd6650db85bdd6fd78f22fb7c5c000
e98f413fad5916cf09f6df088850d294b9a321182ddab68baf280472b5dacd6b
GET /smartlink?mongo_id=6332d01d3d23e25dd7001635&mongo_grouped_id=6332c9a8b7a82b5991578f28&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript HTTP/1.1
Host: 483.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 10:27:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
Location: https://483.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjB4M0ZjRElmSVBwL1hOUGtkWVlkWGc9PSIsInZhbHVlIjoiUkhyUEo0STBCQmFnMFdLSktUWE9yS0piWlNCVEtsM3pJeXA5L1NXZnlyajA5TGxnSVU5bTZjdThTRFVOd0h4bVZCU0YyVTNiTFJyWDRWUjREdEtIMytJWXdveUlTUWM4NWhzUzdVd1pTWWtPUENZR2xZMGkvZ2RNUFJxeGlDTFoiLCJtYWMiOiI0Y2NmMzNkOWNlNjdkNjA5MjFhMDRkMzQ3MjBkZTNjMzg0MDg3MTg3NDdlYTVmOWZmZWVlMWFiYzc5NzMwZGE1IiwidGFnIjoiIn0%3D; expires=Tue, 27-Sep-2022 12:27:55 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlFSejdVdy9pcE9zVDFaRGlMN1gva1E9PSIsInZhbHVlIjoiUjB5eDNrYWU1ajhUOWpEZ20wZC9mVERXeHpZdnlxTHRmUFpZYWwxdzdPajZQdWlhYU95TnpuQTcxSkprd1doT0lVbGRxRElJNFlKaFlLZThuTFBDRElVWmt3RWJxaW1yUWNQbFhDNnlrZHFJVEE0Y2EzeGRSZHFDUVRmYWlPdjEiLCJtYWMiOiJjYTNjMzY5OTExZDM1NWFkYzgyNjNkN2IwYjg3M2M1YWEyMTgyYWM5NjkzYmM5ZWFkM2Q0ODhlODA2Y2M1MjIyIiwidGFnIjoiIn0%3D; expires=Tue, 27-Sep-2022 12:27:55 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 10:05:05 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3nkwXtarNQqyPePjnIXw-6ngk_N9U25mAGd-39IuLWonE-fM8H5ptg==
Age: 1370
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2238
Expires: Tue, 27 Sep 2022 11:05:13 GMT
Date: Tue, 27 Sep 2022 10:27:55 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dwV_u9aUhaR9ay9aseoMlulWhx7r8MwLq63hz4Ri8cKkQeNavs1dAA==
age: 3822
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:27:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 10:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 11:02:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jdgecTyv9g7iEYNE6ngxbB9_MHedT8kg8OzCCyoCf1mc9EIL6xOhxg==
Age: 1030
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6567
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:27:56 GMT
Last-Modified: Tue, 27 Sep 2022 08:38:29 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
483.novitrk1.com/smartlink-css/6332d02be8b081446843f7b8
188.240.52.20200 OK 3.8 kB URL HTTP/2 483.novitrk1.com/smartlink-css/6332d02be8b081446843f7b8
IP 188.240.52.20:0
File type ASCII text, with very long lines (3802), with no line terminators
Hash 97dd10fb747db54c467b23137cb7cd9b
59b0364cd1814daf8f1b1b6f8d3a12a8c0294246
9b3af398b381f6d8468dd65166755d065b136fe48d13d9020488a5d5323e1ff2
GET /smartlink-css/6332d02be8b081446843f7b8 HTTP/1.1
Host: 483.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://483.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
Cookie: XSRF-TOKEN=eyJpdiI6IjYwakV2QnM0L3NOeHVwbDdjN09SeUE9PSIsInZhbHVlIjoiY29YSjFXMlljUGFYVXV0S0UxSWx5YWlXRW9LUHczeStJMWJhZ0I5WVh1b0tUNG9iaFZBTVA3L1hPejBVSlhUZjZYaDlObmptT1dGY2o4ZGpQc203d0lZaEJUdDRNYWJEMXB4NDFaR3dsWDFTdDJwY25LYWpDSDBRZTc3dUxwOUMiLCJtYWMiOiI1ODRhNzI5ZTA4M2M2ZTU3NmIzYTBjMWJjYzA5ZDYxNDBiNzE0YjRmNDdmY2UyMWI2MmUxM2RmMjI1NWI0ZjNiIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IkhUbi8raGdpSW9uV1ljc3oxelVvcHc9PSIsInZhbHVlIjoiK3lyM3NaYU5CSFhuMWR2alBXNUhZN2VRaWQrUHcwMHFjWmFMbzZmU043dEVmOExJNTdiSmNpN1ZKQy9scUt0aFhpSnJxN2ppMUZXY1l4ZFJGTDZ0Ky80RUdFb3U1RnVSeE43Skc0c2JRNjlqZDJreHRySWg3ZjNrazM4c0RUbEUiLCJtYWMiOiJlYzlhYzc4YzFlZThhMThjN2VmOTA4ZTQzMWZjODZlMDg1YWIxZDVmMTJiNzIyODljZmJmNjVmMWVmYjQ5MDhmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Tue, 27 Sep 2022 10:27:56 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IlBMb3pmY29Fc1RIWSt1bXdDelcxOEE9PSIsInZhbHVlIjoiRThGcTdQSVE1RVMvOCtQWHFyNWNjcElkT0R5Sk9zckxwNXNHbG8rOU5QQjZNWnh0YzgyZi9UaEpiTW9aakxBUTBqM1hobStpY3pxQ28wWk5lK1hFUGRYcDBRMjZJenNXQjFTdWdFZFFmcWQ3S0puSk9DNTJucVBaZk1zNm56Uk4iLCJtYWMiOiIwYmRkYzIxZTExMDYwNWUwMzUwY2VmYWZmYTRjZWU2N2MwOTk3ZjRjNTRiOWFjZmMyMzNjMjg3YWM0MGQ2MzNkIiwidGFnIjoiIn0%3D; expires=Tue, 27-Sep-2022 12:27:56 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ijl0QkFGa3FGTGkwUERlV1FkQThzaFE9PSIsInZhbHVlIjoiY1hNQkIrTHRIdWFlbWxMb3dwb2RkL21xQU4wakowMllxSjZsQ3lKOEx0cUJ5T1hncXE4MHBSWWJ0bDl5bERUdkY3N0hLcHg0ejNuU083enZCaFlyTmw2dFM4YUpralFpalQwMDRZSzlGb0JKdXZRUHJraGM4SUNWaFpJMm8rZ1UiLCJtYWMiOiIxOGM0YTM5YjZkODhiOTIxZWUzMDkzYzMzMTZhYWZkMDQxN2E3YTYxZmE3NGY1NDM5MjNiOWQzMzMyYTRkZjc1IiwidGFnIjoiIn0%3D; expires=Tue, 27-Sep-2022 12:27:56 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
m.news-page.net/?utm_term=7148004446004314195&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
99.198.108.195200 OK 3.0 kB URL HTTP/2 m.news-page.net/?utm_term=7148004446004314195&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
IP 99.198.108.195:0
Hash 46925d4bf88dd2fafa37bfa40d05e15b
7056282641f015e5a5de6ea53fcda5a2231c9206
9e879c21365c3d0ba342e7d6fc72bacd43f6621da86fc800872e9162fcd87bc7
GET /?utm_term=7148004446004314195&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=906584915&np=1
Cookie: u=68f0da1726cd958f81543138abcc102e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:27:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13337
Expires: Tue, 27 Sep 2022 14:10:15 GMT
Date: Tue, 27 Sep 2022 10:27:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13337
Expires: Tue, 27 Sep 2022 14:10:15 GMT
Date: Tue, 27 Sep 2022 10:27:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13337
Expires: Tue, 27 Sep 2022 14:10:15 GMT
Date: Tue, 27 Sep 2022 10:27:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13337
Expires: Tue, 27 Sep 2022 14:10:15 GMT
Date: Tue, 27 Sep 2022 10:27:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13337
Expires: Tue, 27 Sep 2022 14:10:15 GMT
Date: Tue, 27 Sep 2022 10:27:58 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:42:47 GMT
age: 45911
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d478b7bea64d1a5998967c0a665e6be
b078452d30703ea98ad4a7f7fd411b3e2a42ee71
24158d741732109ae2be7314205ac35f4c8b29785876f2785e8bb0ea906762b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6628
x-amzn-requestid: 1f0e95f2-d860-422f-80ad-96c6e7c941c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1vvHIaoAMFV4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296997-5746c99d78e025945cfdd238;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:19:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9-6jF5OoUb2I2HBasyNXBZC-L6rF1VINmgoBFZMuJ9eNelzkS-8BDQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:08:24 GMT
age: 44374
etag: "b078452d30703ea98ad4a7f7fd411b3e2a42ee71"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5274e770cb5a704916c8965659709f4a
1a26007f761e439db575fb80fb403031260aecf4
e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vx-yM_jeJvOaa1UizK5OoDJFkvKnajg2ezLF2l2qnN_OhdTE6I4taQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:05:55 GMT
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
age: 33723
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash efaaa002eb6251769ea6dbf306ced3a1
9f99fa947a603fd6b10ff149e379cd04ad83d27a
238e0ca1aa29223416c34ef2dfcc6570c00e27a98991d91efc16e9bc4083c197
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4573
x-amzn-requestid: ff35a66a-caf2-4ff4-b850-01a584fc2aa0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1B8FzLIAMFSPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296872-5b4a410a2827baf5598d58e7;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:14:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NFjYOqhUeb3yyjMNWpoBNq_xcsX3wXvc3-rqJt4cGbJXY9Sxr5KpDA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 15:29:19 GMT
age: 68319
etag: "9f99fa947a603fd6b10ff149e379cd04ad83d27a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lf6qqokEw32egp3ofmJGtUTAt3RD2f9rVq5gskbhrk_VFGweeo0oCQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:49:18 GMT
age: 45520
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a90590f26bae9ad9e95ffdfbfb7dd21d
cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3
33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10318
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhFNAIAMFmBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:02:24 GMT
age: 48334
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
51.68.85.158200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
IP 51.68.85.158:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3760)
Hash 451ccb2baebf63dfbc80866742567cb0
1548df7979a184b5795fc376d89b23a4c722d748
f4964fb091f962b809a3c7e2ca6ccdd32266229043fa385f044c9cd90526df74
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 10:28:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=8f2b2dbbf831ef62490868467469bda9&eyer=0.6151686616466314&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=8f2b2dbbf831ef62490868467469bda9&eyer=0.6151686616466314&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=8f2b2dbbf831ef62490868467469bda9&eyer=0.6151686616466314&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 27 Sep 2022 10:28:01 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.6151686616466314&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.6151686616466314&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.6151686616466314&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.6151686616466314&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 27 Sep 2022 10:28:01 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230004a9c44ada6d8baf4fad8276e96f014880927-202209-flb*5467509-4538f*M7148004446004314195*sl_5467509-4538f*636828f3b406842103ab4264affb2f9286c7fb92*4472-bfdf314f-6f01772b*4472
www.wewillserv.com/favicon.ico
51.68.85.158204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Tue, 27 Sep 2022 10:28:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 05165e08e42d050a557fb63de5507a67
ff193b5c8b4381b94ee6a266588c73f1893f33d2
03a86b47fa0c156ff1a0e9a70459108095b80db1cb202cb4adc6da96ebc29347
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2076
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:28:01 GMT
Last-Modified: Tue, 27 Sep 2022 09:53:25 GMT
Server: ECS (amb/6BB3)
X-Cache: HIT
Content-Length: 312
harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230004a9c44ada6d8baf4fad8276e96f014880927-202209-flb*5467509-4538f*M7148004446004314195*sl_5467509-4538f*636828f3b406842103ab4264affb2f9286c7fb92*4472-bfdf314f-6f01772b*4472
34.91.234.242302 Found 0 B URL HTTP/2 harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230004a9c44ada6d8baf4fad8276e96f014880927-202209-flb*5467509-4538f*M7148004446004314195*sl_5467509-4538f*636828f3b406842103ab4264affb2f9286c7fb92*4472-bfdf314f-6f01772b*4472
IP 34.91.234.242:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5db1a4743bf47917e8f252cf&pid=228&sub2=132435&sub1=230004a9c44ada6d8baf4fad8276e96f014880927-202209-flb*5467509-4538f*M7148004446004314195*sl_5467509-4538f*636828f3b406842103ab4264affb2f9286c7fb92*4472-bfdf314f-6f01772b*4472 HTTP/1.1
Host: harrenmedia.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 27 Sep 2022 10:28:01 GMT
content-length: 0
location: https://offers.quisaque.com/click?pid=150&offer_id=5809&sub1=6332d031070c420001bdef7d&sub2=228
referer:
referrer-policy: no-referrer
set-cookie: afclick=6332d031070c420001bdef7d; expires=Wed, 27 Sep 2023 10:28:01 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash bff939bb91ed9a77cc6072ce6cbc00f7
d95b34cb4e5e4cf3c81791a73af6bb7fc2a9266f
9d3cb0f7cd39b88ead63a2a5f90436a14b187a095ef9226510977fe23f26a379
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 10:28:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 01 Oct 2022 10:28:00 GMT
ETag: "d95b34cb4e5e4cf3c81791a73af6bb7fc2a9266f"
Last-Modified: Tue, 27 Sep 2022 10:28:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75138cd758fab51d-OSL
offers.quisaque.com/click?pid=150&offer_id=5809&sub1=6332d031070c420001bdef7d&sub2=228
34.91.27.112302 Found 0 B URL HTTP/2 offers.quisaque.com/click?pid=150&offer_id=5809&sub1=6332d031070c420001bdef7d&sub2=228
IP 34.91.27.112:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=150&offer_id=5809&sub1=6332d031070c420001bdef7d&sub2=228 HTTP/1.1
Host: offers.quisaque.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 27 Sep 2022 10:28:02 GMT
content-length: 0
location: https://admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5809&sub5=150
referer:
referrer-policy: no-referrer
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 98917b3482df1fb9b63778a65d8de247
49b873c2bff6f2eba87397c2ba244b04b3c317eb
0d8438abd1a634d426bf658f2a5f383cfdbab8b6b12a37885895166d8328c7da
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 27 Sep 2022 10:28:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 23:43:15 GMT
Expires: Tue, 27 Sep 2022 23:43:15 GMT
ETag: "49b873c2bff6f2eba87397c2ba244b04b3c317eb"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5809&sub5=150
34.91.27.112302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5809&sub5=150
IP 34.91.27.112:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5809&sub5=150 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6332a06a8c96390001e8d588
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 27 Sep 2022 10:28:02 GMT
content-length: 0
location: https://admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5122&sub5=49
access-control-allow-origin: *
X-Firefox-Spdy: h2
admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5122&sub5=49
34.91.27.112302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5122&sub5=49
IP 34.91.27.112:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5122&sub5=49 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6332a06a8c96390001e8d588
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 27 Sep 2022 10:28:02 GMT
content-length: 0
location: https://admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5093&sub5=49
access-control-allow-origin: *
X-Firefox-Spdy: h2
admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5093&sub5=49
34.91.27.112302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5093&sub5=49
IP 34.91.27.112:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5093&sub5=49 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6332a06a8c96390001e8d588
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 27 Sep 2022 10:28:02 GMT
content-length: 0
location: https://admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5122&sub5=49
access-control-allow-origin: *
X-Firefox-Spdy: h2
admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5122&sub5=49
34.91.27.112302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5122&sub5=49
IP 34.91.27.112:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=59a8401d13943b96038b456a&pid=49&sub1=6332d031070c420001bdef7d&sub2=228&sub3=&sub4=5122&sub5=49 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6332a06a8c96390001e8d588
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 27 Sep 2022 10:28:02 GMT
content-length: 0
location: https://myofferplus.com/rc/a91581ead4?affclick=6332d032af91a700014cbb05&pubid=49
set-cookie: afclick=6332d032af91a700014cbb05; expires=Wed, 27 Sep 2023 10:28:02 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
myofferplus.com/rc/a91581ead4?affclick=6332d032af91a700014cbb05&pubid=49
172.67.217.200200 OK 978 B URL HTTP/2 myofferplus.com/rc/a91581ead4?affclick=6332d032af91a700014cbb05&pubid=49
IP 172.67.217.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9d7cfd2fcb0265f096b39d69c9f9a821
bbf32144eec0ad28b6bfda281b2fb276c87afc70
f2b4caed4240827e690db01250b229f66092ec1fb60bf1ce343027e97983ad37
GET /rc/a91581ead4?affclick=6332d032af91a700014cbb05&pubid=49 HTTP/1.1
Host: myofferplus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: AWSALB=A7zqehKGKZvIQB0GZptwAzMGTKwgpUYJBVHSoLuYzQgoGHgSjmLkHS2nlTUn+s3jnmboo9ZNz1fNTeyoIvsf34g2FxjBD7T4F3qpN1/FfDPSDKvfMwKlvCSf/Tmo
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 10:28:03 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=E6ridZcrXaN3Dsf6CIm2rvUrwaSL08DhLDkfZzDYbyK8uQ6R7JDKES27eLoX/K7lINX8zYVxhYvEb5nnfA+IGgv/PwKuQIc3Iq+jmPc//sfJm65ytmVN0K3NttL4; Expires=Tue, 04 Oct 2022 10:28:02 GMT; Path=/
AWSALBCORS=E6ridZcrXaN3Dsf6CIm2rvUrwaSL08DhLDkfZzDYbyK8uQ6R7JDKES27eLoX/K7lINX8zYVxhYvEb5nnfA+IGgv/PwKuQIc3Iq+jmPc//sfJm65ytmVN0K3NttL4; Expires=Tue, 04 Oct 2022 10:28:02 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BMqew0rQPu%2BFxO91t4kkbjlmdTYhMox7kaSbcBqH%2B5q8a6qVIvBW6ivW7IkTwhWGwhfakxJTaEwwuBJ%2B66CspzPMAQsuBs4g58U7SvptinTunoMsLgIUQww1b5IOgF2O8a4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75138cddea6c0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubc380a7d108564bb4bcacee043eebc7cb&sub2=ba8315b2_49
34.91.234.242302 Found 0 B URL HTTP/2 track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubc380a7d108564bb4bcacee043eebc7cb&sub2=ba8315b2_49
IP 34.91.234.242:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubc380a7d108564bb4bcacee043eebc7cb&sub2=ba8315b2_49 HTTP/1.1
Host: track.gositego.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myofferplus.com/
Cookie: afclick=6332a06b28c80600018c29a2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 27 Sep 2022 10:28:03 GMT
content-length: 0
location: https://ad.marootrack.co/?utm_medium=1ec04c8c1c16eafe4df342fbccbedd268747cb4c&utm_campaign=Mainstream&1=930_ba8315b2_49&cid=6332d033b9e50c0001d9d9ca
set-cookie: afclick=6332d033b9e50c0001d9d9ca; expires=Wed, 27 Sep 2023 10:28:03 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ad.marootrack.co/sw.js?v=1654466343142
65.60.58.179200 OK 775 B URL HTTP/2 ad.marootrack.co/sw.js?v=1654466343142
IP 65.60.58.179:0
Hash de06f24ba6d6b0c514015a9847dace54
c9662e4339d4f72af3526b21d4d6d68df21b0ba9
70d55f6e4bab19ae4b3cc61642e88a78a599b060c72d10c15c5f937e34305ee9
Analyzer Verdict Alert fortinet Malware
GET /sw.js?v=1654466343142 HTTP/1.1
Host: ad.marootrack.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:28:04 GMT
content-type: application/javascript
content-length: 775
last-modified: Fri, 23 Sep 2022 11:12:42 GMT
vary: Accept-Encoding
etag: "632d94aa-307"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
483.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
188.240.52.20200 OK 0 B URL HTTP/2 483.novitrk1.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
IP 188.240.52.20:0
GET /smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source= HTTP/1.1
Host: 483.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Tue, 27 Sep 2022 10:27:55 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IjYwakV2QnM0L3NOeHVwbDdjN09SeUE9PSIsInZhbHVlIjoiY29YSjFXMlljUGFYVXV0S0UxSWx5YWlXRW9LUHczeStJMWJhZ0I5WVh1b0tUNG9iaFZBTVA3L1hPejBVSlhUZjZYaDlObmptT1dGY2o4ZGpQc203d0lZaEJUdDRNYWJEMXB4NDFaR3dsWDFTdDJwY25LYWpDSDBRZTc3dUxwOUMiLCJtYWMiOiI1ODRhNzI5ZTA4M2M2ZTU3NmIzYTBjMWJjYzA5ZDYxNDBiNzE0YjRmNDdmY2UyMWI2MmUxM2RmMjI1NWI0ZjNiIiwidGFnIjoiIn0%3D; expires=Tue, 27-Sep-2022 12:27:55 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkhUbi8raGdpSW9uV1ljc3oxelVvcHc9PSIsInZhbHVlIjoiK3lyM3NaYU5CSFhuMWR2alBXNUhZN2VRaWQrUHcwMHFjWmFMbzZmU043dEVmOExJNTdiSmNpN1ZKQy9scUt0aFhpSnJxN2ppMUZXY1l4ZFJGTDZ0Ky80RUdFb3U1RnVSeE43Skc0c2JRNjlqZDJreHRySWg3ZjNrazM4c0RUbEUiLCJtYWMiOiJlYzlhYzc4YzFlZThhMThjN2VmOTA4ZTQzMWZjODZlMDg1YWIxZDVmMTJiNzIyODljZmJmNjVmMWVmYjQ5MDhmIiwidGFnIjoiIn0%3D; expires=Tue, 27-Sep-2022 12:27:55 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
m.news-page.net/proc.php?24d58f50cc90a180a8ffea517f9425e1d5c09700
99.198.108.195200 OK 0 B URL HTTP/2 m.news-page.net/proc.php?24d58f50cc90a180a8ffea517f9425e1d5c09700
IP 99.198.108.195:0
GET /proc.php?24d58f50cc90a180a8ffea517f9425e1d5c09700 HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_term=7148004446004314195&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
Cookie: u=68f0da1726cd958f81543138abcc102e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:28:01 GMT
content-type: text/html; charset=UTF-8
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7148004446004314195&website=4472-bfdf314f-6f01772b&placement=4472
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
483.novitrk1.com/smartlink?mongo_id=6332d02be8b081446843f7b8&mongo_grouped_id=6332d02be8b081446843f7b9&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D906584915%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6OTc3LCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjM1fQ==&js=1
188.240.52.20302 Found 0 B URL HTTP/2 483.novitrk1.com/smartlink?mongo_id=6332d02be8b081446843f7b8&mongo_grouped_id=6332d02be8b081446843f7b9&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D906584915%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6OTc3LCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjM1fQ==&js=1
IP 188.240.52.20:0
GET /smartlink?mongo_id=6332d02be8b081446843f7b8&mongo_grouped_id=6332d02be8b081446843f7b9&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D906584915%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6OTc3LCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjM1fQ==&js=1 HTTP/1.1
Host: 483.novitrk1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlBMb3pmY29Fc1RIWSt1bXdDelcxOEE9PSIsInZhbHVlIjoiRThGcTdQSVE1RVMvOCtQWHFyNWNjcElkT0R5Sk9zckxwNXNHbG8rOU5QQjZNWnh0YzgyZi9UaEpiTW9aakxBUTBqM1hobStpY3pxQ28wWk5lK1hFUGRYcDBRMjZJenNXQjFTdWdFZFFmcWQ3S0puSk9DNTJucVBaZk1zNm56Uk4iLCJtYWMiOiIwYmRkYzIxZTExMDYwNWUwMzUwY2VmYWZmYTRjZWU2N2MwOTk3ZjRjNTRiOWFjZmMyMzNjMjg3YWM0MGQ2MzNkIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ijl0QkFGa3FGTGkwUERlV1FkQThzaFE9PSIsInZhbHVlIjoiY1hNQkIrTHRIdWFlbWxMb3dwb2RkL21xQU4wakowMllxSjZsQ3lKOEx0cUJ5T1hncXE4MHBSWWJ0bDl5bERUdkY3N0hLcHg0ejNuU083enZCaFlyTmw2dFM4YUpralFpalQwMDRZSzlGb0JKdXZRUHJraGM4SUNWaFpJMm8rZ1UiLCJtYWMiOiIxOGM0YTM5YjZkODhiOTIxZWUzMDkzYzMzMTZhYWZkMDQxN2E3YTYxZmE3NGY1NDM5MjNiOWQzMzMyYTRkZjc1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.10
date: Tue, 27 Sep 2022 10:27:56 GMT
content-type: text/html; charset=UTF-8
location: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=906584915&np=1
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlR6UGtJVzlPaUU2NTlUV2srcGV2VlE9PSIsInZhbHVlIjoiTFNGeFQwRi91Uko3WlZvYTNuNGpxNG9nUjgxYVNmRS9yVWtxUFVqSmlxUmROU1U2aEhDUnZKcjRIdElmLzdpTFpPMTQ0VkJ5ZWFCTVFQa3Z1Ty9NMjVVaS9EMHByWWRWOTkrWGY0ZHo4aHc0UzlpS3R5OGpqZVhnSHpxcGV3MVkiLCJtYWMiOiI3YzhjMDY1ZjViOGQ3MjAwYWYwZWI1Nzg2ODk4NWEwOTUxYjRmYzgyMDgwOWVlNTdkNWQxMmRhYjI1MDMxMzA0IiwidGFnIjoiIn0%3D; expires=Tue, 27-Sep-2022 12:27:56 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Inp5NHBaeVF6amlPcG5iZUR6VUIrUVE9PSIsInZhbHVlIjoia2dOTFhZbWh4QXZuM0hJcnBzVWwxeTFsZkdCK21DR2FzcCtrcDFDejgyTkhabWIzZk5YMTJ0YjBSelJyVWtCWkFQWFFSYnlJbTZDcmhnWjFiaWV6RWhnMnBlWEVjUlZ1bEtialY0TGpsWWJ4YzRBc3orOEJNS09SRldsd1N6NG8iLCJtYWMiOiJkY2JiMWE4OGFlNTNhNGI3NGFlZTY2MTI5ZjQxZGNmZTkzMWE0MDA4NDZjZDliNWQ1MDllNzYxYzBlMWEzMTA1IiwidGFnIjoiIn0%3D; expires=Tue, 27-Sep-2022 12:27:56 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
172.67.191.221200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 172.67.191.221:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://myofferplus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 10:28:03 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 6148
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tci%2F7JtaBstBSrY5uGkYBB9DhEUv2FlEn2DiyZCXG70KoN9SVdfkxxD1mKPuXeqMnHHcmJ2klOcL%2B2DobgAGZQfblQSa%2BgZRzao5x%2BioB%2BlFkxi4ejeafgyIOsIpt2jrmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75138cdf2bc6b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2