petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
54.230.111.125200 OK 30 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
IP 54.230.111.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3561)
Hash a774396d409048f438bb7f4e60efa40f
1ed88fce7891815be868a0524e50a4685476226f
c927921b991884bc96cf6cbc00d14dbeafa9000415c8b58f23110eb53033e4e9
Analyzer Verdict Alert fortinet Phishing
GET /n/27/4/z-nrg/nz/index.html HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 09:04:03 GMT
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9ojPIWdJNPYgZbvoH8I3jtMmK5ANkIXoOnyufcVWs561UB3CeSDb1w==
Age: 68979
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5493
Expires: Sat, 05 Nov 2022 05:45:15 GMT
Date: Sat, 05 Nov 2022 04:13:42 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5511
Cache-Control: max-age=110954
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:42 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 11:02:56 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5511
Cache-Control: max-age=110954
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:42 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 11:02:56 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4846
Expires: Sat, 05 Nov 2022 05:34:28 GMT
Date: Sat, 05 Nov 2022 04:13:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7msppYyAzcArMTAnkJGnytS56BzEvnMi3Je0veNz3Ackt2sQISxfWpmhF6/B/rtDNGS2599794U=
x-amz-request-id: E8MVE59KPSJXPHPW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 05 Nov 2022 03:47:02 GMT
age: 1600
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 04:13:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
petrol.clientoffer.site/ssi/elements/base/comments/fbcom.js
54.230.111.125200 OK 362 B URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/fbcom.js
IP 54.230.111.125:0
Hash d91c65ab07c7b659532f735bc3266d35
e04379a0f107ef0639cfb9bb85448e091d4242b4
36bec173b109104f5817846a3d09bcdb07bf1c0c85c8ad6be8577861258a0b90
Analyzer Verdict Alert fortinet Phishing
GET /ssi/elements/base/comments/fbcom.js HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 11:02:17 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: W/"6363fce2-4de"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cbUTQ0Be1iveqa2CazvAwEaRqi-oNfpPIa_4Kdp7usjtY8pQWtqvIg==
Age: 61885
petrol.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
54.230.111.125200 OK 828 B URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
IP 54.230.111.125:0
Hash ee995f01cddcc3b3c717067caec705c3
088cec3db9935a70070a50b5db5e41eccff6520c
e75f19dace54b1fd8e08a5743d9ee3413be9aadc8b9df423e6db0875075487b1
GET /ssi/elements/base/comments/fbcoms.min.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 828
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 11:02:17 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-33c"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EsCPMDDIXvpgxLerwlzwZtWi3LqefYetQoq3428f-4Qjj9EcvRGu2A==
Age: 61885
petrol.clientoffer.site/ssi/elements/base/comments/style.css
54.230.111.125200 OK 1.7 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/style.css
IP 54.230.111.125:0
Hash 0b47857fc0393ac1d7658317c7aedeaf
7c8a9bc67c9c908f56696dd814ec492153bafa02
c91e25ec9e83a6d9fb4e12ea55a487e932cf814af38db29c618a8fb2da8bbdc6
GET /ssi/elements/base/comments/style.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 11:02:17 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: W/"6363fce2-14cc"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: b-leThky29-qMFhj2gP5LCIY19mOYI8x4MGKIOO_UybBFqIeUXpsDA==
Age: 61885
petrol.clientoffer.site/n/27/4/z-nrg/nz/js/teaser_nojquery.js
54.230.111.125200 OK 1.1 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/js/teaser_nojquery.js
IP 54.230.111.125:0
Hash be8845f6cd4994346b36310e846f440b
4b6eb0b79011ba7d1cca4e98b76f03188c6be95f
dc0a512985fdcc1f54538f50708c0c53b082b13d7a7480058fce8bff21c34d53
Analyzer Verdict Alert fortinet Phishing
GET /n/27/4/z-nrg/nz/js/teaser_nojquery.js HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:42 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: W/"6363fcdb-e9c"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Mri42qM76I3MwmLlAja4xGDX6DsayP4tVIQy2ausTvSMca6b5_WV-A==
petrol.clientoffer.site/n/27/4/z-nrg/nz/css/main.css
54.230.111.125200 OK 6.1 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/css/main.css
IP 54.230.111.125:0
Hash f06c2cbaf79b1d9466a894896d126f58
65ef3ced0d3b4e65ebf2067695ec8dac8feaa027
f9968eb9b92b9fd23d63e6d07f3e098caf8468ae0ede03e37825473048445e87
GET /n/27/4/z-nrg/nz/css/main.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:42 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: W/"6363fcdb-898b"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uedtnHFkOjzn_SxoVAbCm9U9stW4taHbUmd9LQciGu9ZGoiUVFC-Hw==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2f6c296003d839bdee766ef4082e376
013ae64b10cb1355ae9b6ba38dcfa79f71a9b505
703d6582ab3344d6e4a0d5b7e0c9983b8f7e8179d73dd6584c37bbccc8c84308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
petrol.clientoffer.site/n/27/assets/css/fonts.css
54.230.111.125200 OK 315 B URL HTTP/1.1 petrol.clientoffer.site/n/27/assets/css/fonts.css
IP 54.230.111.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bf204738cc45ba40ddbc1833f7e3fd08
c1cd4d940ed2679bf940e09e5048c914d224cf52
f5e322bbdb5b74a13a08dbe967d05a3554e3547d48aa1789663d677056921ad8
GET /n/27/assets/css/fonts.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:42 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: AQ2JlmzH7eLWZ194489xPuOdil6a-oQBOmVny4oW_d8GzY_SD83cIQ==
petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
54.230.111.125200 OK 2.8 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
IP 54.230.111.125:0
Hash 6eea207b78ac8b41d47ef73b240ac838
f181dfbf7273bd6c59b88eb8d93c4d6b78d3177c
8d8612957a4cd1f9d668849d7340ab25ec5e2a47b9d1485dc09c6786bb2a51f5
GET /n/27/4/z-nrg/nz/css/style.min.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:42 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: W/"6363fcdb-34a2"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: nHGRPr7l5WXHst-vt54VPOVcFyJiwJ00LSb3gDQouoPba_KafsYJpQ==
petrol.clientoffer.site/n/27/4/z-nrg/nz/css/normalize.css
54.230.111.125200 OK 897 B URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/css/normalize.css
IP 54.230.111.125:0
File type ASCII text, with very long lines (1880)
Hash 8ca792972dc5202bd0a1ffd73769645f
d24a12992541a21bd6552ef17184ff6951c6e9cf
e7507a2706c28513cc4fc8a05c85ae7eea9e2a5937c2fcfd7a2e75b59390d605
GET /n/27/4/z-nrg/nz/css/normalize.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:42 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: W/"6363fcdb-75b"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MV43x2a9r91Bhpp1VvkoKsCyNDhlcQHy24OBSuAl2kCqb5S5OmKg8w==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2f6c296003d839bdee766ef4082e376
013ae64b10cb1355ae9b6ba38dcfa79f71a9b505
703d6582ab3344d6e4a0d5b7e0c9983b8f7e8179d73dd6584c37bbccc8c84308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/header-wap.png
54.230.111.125200 OK 9.8 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/header-wap.png
IP 54.230.111.125:0
File type PNG image data, 760 x 150, 8-bit colormap, non-interlaced\012- data
Hash df3c81f55d34d489ab9fa5d39ff769ef
918eec50fae0e32aab3f46ca97265c2d655ed204
c78fd29b18025b93264c63e858dc316ddefd580f93f5c14c9e251640ed0701b0
GET /n/27/4/z-nrg/nz/images/header-wap.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 9783
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: "6363fcdb-2637"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: iUmwgncHSskkrRLeZnJj8fWz1wBlcuyox2iegGooP_gakqtGiWuLYg==
petrol.clientoffer.site/ssi/elements/base/comments/girl5.jpg
54.230.111.125200 OK 1.4 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/girl5.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b3aba087230e9009ab500a2c3cd32f67
180ba2ba0f3a41dc96c3d4266db37d96adc0b248
e9e064bbaab7738127c4966595fb2dadfe872941f64e0c04e60914c074e66f82
GET /ssi/elements/base/comments/girl5.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1412
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-584"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: eZeOYiDSivvH-cLJXJMpi3c9FIUGny-WdC8034kB2GMhynjPwrj15w==
petrol.clientoffer.site/ssi/elements/base/comments/comment4.jpg
54.230.111.125200 OK 1.3 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment4.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash d1f670b5035713dd517347062a64512e
d5981f937557e33953188bfb65399cf2c2385e5f
5ebcec7153928cb12479835071596036b6bf204d5f015f58b7f0687a1e806b97
GET /ssi/elements/base/comments/comment4.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1307
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-51b"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GnsuCSttU-zvbYKBlyi7BtE0Kj8tJKscX6CI79NRCLyKMeixNu3RWA==
petrol.clientoffer.site/ssi/elements/base/comments/comment7.jpg
54.230.111.125200 OK 1.5 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment7.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 13e3863ddf9ec66e74794a43955a82aa
176abd806ea55961d5f035d0589861864752eaa5
a98374e6ddf8e424cf2e60899912358531a04e42f74943f717730dc8349fe096
GET /ssi/elements/base/comments/comment7.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1461
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-5b5"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: G86V9ngSqWrjCcW40uWxYmf5fTDwlftGL-uqRWXQ2Eqc9SkQvo_K3g==
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/header.png
54.230.111.125200 OK 13 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/header.png
IP 54.230.111.125:0
File type PNG image data, 1068 x 178, 8-bit colormap, non-interlaced\012- data
Hash ec0b67242eed8bf79b31d028e3f0174c
b7e6c512255c731195c438ade832be4d4c90b6c1
48f16603213ce18c16841925bcfca4a3e9b8554120baec72e613bef6b316513b
GET /n/27/4/z-nrg/nz/images/header.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12989
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: "6363fcdb-32bd"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 18L1EhM-Gw9-4Gf63uQHyDwa08t74Cem8OGfWLI2uZNVvdW4dCvZUA==
petrol.clientoffer.site/ssi/elements/base/comments/guy4.jpg
54.230.111.125200 OK 1.7 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/guy4.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b5170ef71e82c3b9dd3cb0de6b06d36d
c36c6365a983ce3e211817f3edb0260e500b87af
207761ada2128a5b781713077cf76116149b47ba3222c3b6cf88e99dd58857ec
GET /ssi/elements/base/comments/guy4.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1728
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-6c0"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2P7GbcKKxXqB5zcrhGOwFovYlEYInZqthIsT-bBlX27QsYpB7O-1hA==
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 793c25cae5ec3206a21ab53a242d7896
a22eb3670cdcef410bddd97f885839509027be3d
aa6bd2df2b722e89ed592adc5799fb489e1f4d254ab24d48c92d64376dcc6123
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=152968
Date: Sat, 05 Nov 2022 04:13:43 GMT
Etag: "6365957f-1d7"
Expires: Sun, 06 Nov 2022 22:43:11 GMT
Last-Modified: Fri, 04 Nov 2022 22:43:11 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9Ygepe45vkVH3LZKyzzxF6z1Le-SsMA-tpqZr3iGyORR8px7bhBD7Q==
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 793c25cae5ec3206a21ab53a242d7896
a22eb3670cdcef410bddd97f885839509027be3d
aa6bd2df2b722e89ed592adc5799fb489e1f4d254ab24d48c92d64376dcc6123
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=152968
Date: Sat, 05 Nov 2022 04:13:43 GMT
Etag: "6365957f-1d7"
Expires: Sun, 06 Nov 2022 22:43:11 GMT
Last-Modified: Fri, 04 Nov 2022 22:43:11 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ljCqxLg5v1x8rrtZUaPTnQps2jmArB1oBxM7I_bv-UUiujJDZ0_4Cg==
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18ac6b4bfcfd39ead329117a6263d37e
84128e4292502138c73dd54389a5dc9a2f80d614
bc86a59c6ba4b4dc78efb83d48cfab8dc3a10bcf67229a96e1bb9b3384f6c682
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC86A59C6BA4B4DC78EFB83D48CFAB8DC3A10BCF67229A96E1BB9B3384F6C682"
Last-Modified: Wed, 02 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21587
Expires: Sat, 05 Nov 2022 10:13:30 GMT
Date: Sat, 05 Nov 2022 04:13:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18ac6b4bfcfd39ead329117a6263d37e
84128e4292502138c73dd54389a5dc9a2f80d614
bc86a59c6ba4b4dc78efb83d48cfab8dc3a10bcf67229a96e1bb9b3384f6c682
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC86A59C6BA4B4DC78EFB83D48CFAB8DC3A10BCF67229A96E1BB9B3384F6C682"
Last-Modified: Wed, 02 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 05 Nov 2022 10:13:43 GMT
Date: Sat, 05 Nov 2022 04:13:43 GMT
Connection: keep-alive
st.formulead.com/assets/img/spinner/double-ring.gif
54.230.111.106200 OK 93 kB URL HTTP/2 st.formulead.com/assets/img/spinner/double-ring.gif
IP 54.230.111.106:0
File type GIF image data, version 89a, 256 x 256\012- data
Hash 2f2ad9512c7ad4ea794d3a5d6adbd69e
76c48ce3db2dca18e28b2648ef34e7735f294772
7d77afe35414413c958c359b06daa7dad9c2a385d116e5870aafb772261cdd98
GET /assets/img/spinner/double-ring.gif HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 92622
server: nginx/1.19.0
date: Sat, 05 Nov 2022 04:13:43 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-169ce"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hKiGLjTsTR6c2avwyr08cIUQH_dfBGxhiDG7QGpxkM7mADBLuZ9xTA==
X-Firefox-Spdy: h2
cdn.formulead.com/css/main.min.css
34.78.252.25200 OK 94 kB URL HTTP/1.1 cdn.formulead.com/css/main.min.css
IP 34.78.252.25:0
File type ASCII text, with very long lines (65518)
Hash 5ae2d40550531f853c155a93f5d7d0e0
43b97546ec76da1e9a6ead8c75c8028612aed54d
b753dfbd6eb7e304765465c553e697f1ab438b7a5a4e28c5ba0d432957611e56
GET /css/main.min.css HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Thu, 03 Nov 2022 13:18:05 GMT
ETag: W/"b20df-1843da43ec8"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/v/country
34.78.252.25200 OK 51 B URL HTTP/1.1 cdn.formulead.com/v/country
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 91440c116c92d75cfc02cd72bd060a82
591d3adc1d1d80e012b0dd0214df1f0438ae37f5
1b35c679adcfb2f8fbf92afcaf9f7a741f3c6273503a54b6c55448e1b2807c80
GET /v/country HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 51
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"33-WR063B0dgOASsN0CFN8fBDiuN/U"
set-cookie: qst.sid=s%3ASscBDh1ZyqkgSgWJyJD7AWaWJH7ZBYNG.xbdSDtdSJybBCUhCSsxSmvYvEOw1tlMS2aztlu9Wc4Y; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/p.js
34.78.252.25200 OK 427 kB URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/p.js
IP 34.78.252.25:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 427 kB (426888 bytes)
Hash 29b6e1df7c5260a49d3a62cfa88d052f
28f1187f0d0a448a40e6aee2b41ddd6766ce4b90
72f20079f132daae8769c9b703c68e6b0592abb4dc6f56e8df422908b7733867
GET /p/5bbb0ba263dcf80100a2e07f/p.js HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
set-cookie: lid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
plc=5bbb0ba263dcf80100a2e07f; Path=/; Expires=Mon, 04 Nov 2024 04:13:43 GMT; Secure; SameSite=None
qst.sid=s%3ANVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-.zuBQESDXOFHltCUVwWaAW5IwzIAtEGGGeLFKwerhwQk; Path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/prize.png
54.230.111.125200 OK 40 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/prize.png
IP 54.230.111.125:0
File type PNG image data, 580 x 467, 8-bit colormap, non-interlaced\012- data
Hash f2b6d454f92f248528d54a971ea87da4
04cf3e461b51f0741d3107d70c6777ac1333179d
7327772edf543458a21a64e0e274a440a446e0286b8f18ce3d9026f222d61370
GET /n/27/4/z-nrg/nz/images/prize.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 39753
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: "6363fcdb-9b49"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NcRjQbo-qFCYM_OAkRl_JD7pT9eiCBxclNkWKRDzAAbKLkg2DVYZ-g==
petrol.clientoffer.site/assets/img/logo/qzt_white.png
54.230.111.125200 OK 5.2 kB URL HTTP/1.1 petrol.clientoffer.site/assets/img/logo/qzt_white.png
IP 54.230.111.125:0
File type PNG image data, 132 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash bb16bbfca8cdaa042353a79845eeba47
d9bd97b057f4434ecf041129ab978ecf2bec51ce
1639d12a6a23397077fe402a82cad1f71e15e811d621bc235f60a65960d38869
GET /assets/img/logo/qzt_white.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5187
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:38:25 GMT
ETag: "6363fc91-1443"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: amOSVAOHoIs40Sdm_Qr9A1VpcFYNq9TU1K36T-HpDO_AvkHNo--6bg==
petrol.clientoffer.site/ssi/elements/base/comments/like.png
54.230.111.125200 OK 532 B URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/like.png
IP 54.230.111.125:0
File type PNG image data, 15 x 14, 8-bit colormap, non-interlaced\012- data
Hash ff41d4d4197e3de85a1e23a8e0052229
ae524f976c87dff8e73869f1b41cbf49836f56ef
8759cc524e5fc84eed43ac2b300f9c9af83629f464a6eac33805e1bf1866cd6d
GET /ssi/elements/base/comments/like.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 532
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-214"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: C1MaqGTX5MhsVir6ufK7HR5PHrgTxnuVmuon2hvpTP4uBQ6nPuFJ9A==
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/background.jpg
54.230.111.125200 OK 55 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/background.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1917x1281, components 3\012- data
Hash 8dabef81a4a058c58a9ff386f49eb94e
0f1b35a1cbdd705723326ec27d1f073455679b06
e3fea1416be38ef2f551365401ee86538463b99438c98ae09ec44f0be8f737ec
GET /n/27/4/z-nrg/nz/images/background.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 55300
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: "6363fcdb-d804"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uEqyywh1JBca4_TTUkjft4mIsmAfw0FGfa1sSe8BYmK3CCiE8q4oSA==
petrol.clientoffer.site/ssi/elements/base/comments/guyiphone.jpg
54.230.111.125200 OK 137 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/guyiphone.jpg
IP 54.230.111.125:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=720, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], progressive, precision 8, 960x720, components 3\012- data
Size 137 kB (136915 bytes)
Hash dd8774375e394460704d201cc9183468
9b17b330fae8a45162e594f1e6e20668079f75f6
7537819dfcae5087f73030b210f9ecb6e9561593e656162973c214af01bbf492
GET /ssi/elements/base/comments/guyiphone.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 136915
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-216d3"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NOIjGpb3G434QQF_w_duR-xDIzYqUsqWU2D3Clp4Cnlz9D5noxQ8Kw==
petrol.clientoffer.site/ssi/elements/base/comments/comment1.jpg
54.230.111.125200 OK 1.4 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment1.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 8a7c43a73eddd2e9ece5f84986c8d38a
4ee82a68568735d8d55cd23573a02a27e250766a
701f4a6b59464cd1c4d3d5a4a3a03b7b325e9e05e5c40b895857e9a53b24172f
GET /ssi/elements/base/comments/comment1.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-57d"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rbe1c1CUjSF2r1QB45BJaG7TLhBrJzvytP_ZLL6_d88LMEcWoqKfGw==
petrol.clientoffer.site/ssi/elements/base/comments/comment6.jpg
54.230.111.125200 OK 1.6 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment6.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 1547bb14a090e26493220e1ac226c956
1f6a7c79b3b167810acf4cf0ee291b08ec9f019b
3f39d61ca486889335b7d2327da4d0c5fa5f5631899a7f020ff7992b40eed55f
GET /ssi/elements/base/comments/comment6.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1631
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-65f"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hJRAQirDFJF6ce19N5I2QHpI3DIv3mJ__uKwrYSOsGRePemAW0h5ew==
petrol.clientoffer.site/ssi/elements/base/comments/comment5.jpg
54.230.111.125200 OK 1.6 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment5.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash e1e1c4d1673d0daca69e4d04bcffe826
22a7bafb65fc73960b19cbaa172d76a2c72892cf
de8bfe8399e33d61c93d69aa93632a5bbfc49600d8b9a9a970278141bcaf11b2
GET /ssi/elements/base/comments/comment5.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1589
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-635"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: n068vlRA-fxKH5ZTB2I_elst3s00N3kdlckYB89iqfMxr_JMlz02zg==
petrol.clientoffer.site/ssi/elements/base/comments/comment10.jpg
54.230.111.125200 OK 1.4 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment10.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 733b1af1054c6b374e7a2e283c0488c3
1f98a33203a064b43b101966e5b5c439d65b1d18
48771158b0cefed12d509da968dc6ad98fed75d6317982854f012d68bb6b7755
GET /ssi/elements/base/comments/comment10.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1383
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-567"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NXFPm5zrjpJBqDNv0rzccrt8PJknanf8iS1yBMlbDjKjyGa4RE1Z8A==
petrol.clientoffer.site/ssi/elements/base/comments/comment8.jpg
54.230.111.125200 OK 1.2 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment8.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 4bc4bb8a43aea3578af4a4cffc1ea983
276c96f4d6d1bdf03381d33c92323ca71e795aae
490adcb33271e416d05908764cad72e1f8b6571d0d8b77998633e675c975e344
GET /ssi/elements/base/comments/comment8.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1160
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-488"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cLtUEV6ndziFLHoIbQv7dHOZNjcyY3Qm1EZI6B9R68wphJ-gvlVFaA==
petrol.clientoffer.site/ssi/elements/base/check.png
54.230.111.125200 OK 348 B URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/check.png
IP 54.230.111.125:0
File type PNG image data, 35 x 35, 8-bit colormap, non-interlaced\012- data
Hash 1aecb247e31cfe8ecdf4c1a30fd32799
8ca486751ab6c31c1acaa7868ee26f7d5dd98f83
9f15d5a161e11ec46c3474002d4ae27144633b19413b3ad8608ce11eefb810ad
GET /ssi/elements/base/check.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 348
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-15c"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VmKRVNfJekAanPDqD3acghmn91p-RH5oGPnHId1BcyVumgbpYYYYEQ==
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/prizemob.png
54.230.111.125200 OK 35 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/prizemob.png
IP 54.230.111.125:0
File type PNG image data, 550 x 332, 8-bit colormap, non-interlaced\012- data
Hash a839b323a69826aeee7b1fe51648523e
965614880dd22b1d67553be114119e34e51ee00d
8c43f8327a942bac45f5c6796d45862b358ba348baeee2550ed43271afc75cb8
GET /n/27/4/z-nrg/nz/images/prizemob.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 34930
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: "6363fcdb-8872"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QkNEcXelLFv-afAoNc-PJsBXRd8oR9LxK4gdEeQshBTUO6xvptgRmg==
petrol.clientoffer.site/ssi/elements/base/comments/rev1-a.jpg
54.230.111.125200 OK 1.7 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/rev1-a.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash db2bd208a83dd1e61d8c5eb29d17fc5e
e0bd1558f696d871213fb6e7366bb737c9a7dfdf
247aa5d457438d0701a6985631b571826d33a719e0c1b38535ea1e9c023f91e9
GET /ssi/elements/base/comments/rev1-a.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1683
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-693"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: llrAypj7oCSpVckgDJvn957TyR9q01qyB3q1TWyzR-l-9M8zYIQ7jA==
cdn.formulead.com/fonts/Roboto-Regular.ttf
34.78.252.25200 OK 171 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Regular.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Size 171 kB (171272 bytes)
Hash 11eabca2251325cfc5589c9c6fb57b46
096c9245b6a192d1403a82848e104a65f578a8ec
017c0be9aaa6d0359737e1fa762ad304c0e0107927faff5a6c1f415c7f5244ed
GET /fonts/Roboto-Regular.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Content-Type: font/ttf
Content-Length: 171272
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Thu, 03 Nov 2022 13:18:05 GMT
ETag: W/"29d08-1843da43ec8"
cdn.formulead.com/fonts/Roboto-Bold.ttf
34.78.252.25200 OK 170 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Bold.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size 170 kB (170348 bytes)
Hash e07df86cef2e721115583d61d1fb68a6
3dd713113ff2d79b94d2df343e2e28fa8e7279cf
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a
GET /fonts/Roboto-Bold.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Content-Type: font/ttf
Content-Length: 170348
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Thu, 03 Nov 2022 13:18:05 GMT
ETag: W/"2996c-1843da43ec8"
petrol.clientoffer.site/favicon.ico
54.230.111.125200 OK 1.2 kB URL HTTP/1.1 petrol.clientoffer.site/favicon.ico
IP 54.230.111.125:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 2b41416e68dcc31606e749cc9da0e7e4
7801b077f31134407e429aa5d3cfd65ed2197e59
934e627d59f1a7b1d98df885aa0d09603b4027b25d29e5ddeaadd15fdd318c6b
GET /favicon.ico HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/x-icon
Content-Length: 1150
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:43 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:03 GMT
ETag: "6363fcb7-47e"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7ef86uSmG05blSNLyx6KNSbXZUf4auETCLNul0ZfuS13ZF40CQHtvw==
push.services.mozilla.com/
35.162.217.251101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.217.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Rw/ZCrv96TpyY3gqPEAzgA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CkcgQmXo4wRt3gqMHRCKCKpH3Cg=
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:44 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5de5a7ee16d3f3164758282fbecef0a3
82fb2ac7d306e1f9724adc0ba2ef9e549baa9100
ad55f91c5fb1f872310a5f5777a65b79a338138d241a674449da2e0edde1f2ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
142.250.74.164200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash a395f26be008f0828ae86952d0f66715
71e5f5c0a61726fc51e5e80f4badd5790e70eec3
a8ec269434da058fd730782cccf6d52aab61c4f01667261928e79d4de026fa5e
GET /recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu- HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 05 Nov 2022 04:13:44 GMT
date: Sat, 05 Nov 2022 04:13:44 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial
34.78.252.25200 OK 4.4 kB URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (18304), with no line terminators
Hash 9e729a622313b9b9570d695de7cef91a
a2366593847e00abe39cf126d7c0aabf16231e3b
03c6271a9e6988f0dda045fa259b937923ee633dc418da8b94942e91ed126349
GET /p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-.zuBQESDXOFHltCUVwWaAW5IwzIAtEGGGeLFKwerhwQk
X-Request-Id: aa68fc49aaf29305ff5d6012
X-iivmxswc: 24b4f0743ad4f0d243334e92821ef61f311c1bc29220bf59705443c009077033
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:44 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: stp=1; Path=/; Expires=Mon, 04 Nov 2024 04:13:44 GMT; Secure; SameSite=None
ck_tsp=2022-11-05T04%3A13%3A44.051Z; Path=/; Expires=Mon, 04 Nov 2024 04:13:44 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Mon, 04 Nov 2024 04:13:44 GMT; Secure; SameSite=None
ETag: W/"4848-LeorE2b1nqLJe+Fh4bMiuOZSumg"
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4a9066e8faeec7f06d9a7e91bef8ff52
699ce1c29412a4c3f9018f4deceb3db399ddcd29
46461d19bf1ea06f23d89c4179135eaca9d7c8753a91e913b3adaf2615bee36f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:44 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: aa68fc49aaf29305ff5d6012
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2022-11-05T04%3A13%3A44.051Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:44 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
set-cookie: qst.sid=s%3AOaQNX4-iok30VLcNdCdf5O5syBX2q3y3.DukNBGUcmg31zYn0gaJl4an%2BdgIpnCdcTlMBLQ6epPM; Path=/; HttpOnly
Vary: Accept-Encoding
petrol.clientoffer.site/n/assets/fonts/myriad-pro/MyriadPro-Regular.woff
54.230.111.125200 OK 52 kB URL HTTP/1.1 petrol.clientoffer.site/n/assets/fonts/myriad-pro/MyriadPro-Regular.woff
IP 54.230.111.125:0
File type Web Open Font Format, CFF, length 51572, version 0.0\012- data
Hash 6a324f29ef3efabd2176f8b697ad71ed
dd696f0c713eb491c6e16bec9fda63f3f23999ba
6d64c461708b8f11e06451c96779d22fc2b8de582214c77493ecc57c32ede06e
Analyzer Verdict Alert fortinet Phishing
GET /n/assets/fonts/myriad-pro/MyriadPro-Regular.woff HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 51572
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 16:19:33 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:40 GMT
ETag: "6363fcdc-c974"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XFPfwLkap2v4NB0SYtQiQGWOKjPcUt3hsw3zsGu8LAjcO0EdCiPi5w==
Age: 42851
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=full
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=full
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:44 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash facc4a84760455e7b08ce8e52a4c418c
8ee89772aa2de0d82244ff6ce6eaa3413bc629e3
92e1577a60d84eaa346c12e40e1f1e8440abb635fe340a7c417c124903c53382
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=130980
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:44 GMT
Etag: "63653f9c-117"
Expires: Sun, 06 Nov 2022 16:36:44 GMT
Last-Modified: Fri, 04 Nov 2022 16:36:44 GMT
Server: nginx
Content-Length: 279
cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:45 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7392
Expires: Sat, 05 Nov 2022 06:16:57 GMT
Date: Sat, 05 Nov 2022 04:13:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7392
Expires: Sat, 05 Nov 2022 06:16:57 GMT
Date: Sat, 05 Nov 2022 04:13:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7392
Expires: Sat, 05 Nov 2022 06:16:57 GMT
Date: Sat, 05 Nov 2022 04:13:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7392
Expires: Sat, 05 Nov 2022 06:16:57 GMT
Date: Sat, 05 Nov 2022 04:13:45 GMT
Connection: keep-alive
cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: aa68fc49aaf29305ff5d6012
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2022-11-05T04%3A13%3A44.051Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
set-cookie: qst.sid=s%3AVJffh4F3Z0cfsJkpYK30Nql87Q0ev3B0.wWmMb8uQiIbS7WK0Jlg29Tj2XvPfGpNQzJYW6pOpwmE; Path=/; HttpOnly
Vary: Accept-Encoding
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F005dcb42-4824-4232-94cb-b73713f73375.jpeg
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F005dcb42-4824-4232-94cb-b73713f73375.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c1182def5cf59cf834fc33853c55d15
15ac708f7d9fdf2136c980afcd844e8fff6fb7aa
2e0b597618655aa5649787b034e18e8d7a47e03404233a516a68ee6e98a8ad43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F005dcb42-4824-4232-94cb-b73713f73375.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3921
x-amzn-requestid: 7b68d999-a1c6-4889-bf79-e1f0abfc1d1d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apTueHLRoAMFjyw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359fff6-679b214454c013587af76689;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:50:14 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lEDQvyTIRNKTT7J-oz-Rb2PcayFmw0ybRFFrvjMKXJYLwy45Oaun_g==
via: 1.1 c07670802688417c8b871124c547eb0a.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 14:39:29 GMT
age: 48856
etag: "15ac708f7d9fdf2136c980afcd844e8fff6fb7aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ba524bd-ef85-4f86-8f19-39ca866c6ef3.jpeg
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ba524bd-ef85-4f86-8f19-39ca866c6ef3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6627701fe981336792076df0c21937b
39da4f78058b565bfcaad4ced6f1b59a2bf6a421
aad9c8d5dbf34cbfc79bd5a69eb84e83880991f6765b955195b8ab515cab076b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ba524bd-ef85-4f86-8f19-39ca866c6ef3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3898
x-amzn-requestid: aa30ce03-5fea-431d-a8ba-f1f1f6a7313d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a5se8GMjIAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63608df9-5f607dee71fc5ea4688e10ad;Sampled=0
x-amzn-remapped-date: Tue, 01 Nov 2022 03:09:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: M117Djj2kKvQjSBxg_-Wjy9wr6gS-B8nZg-DW6-mduh-Py4fpw_0hg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 23:55:48 GMT
age: 15477
etag: "39da4f78058b565bfcaad4ced6f1b59a2bf6a421"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bd006407a4ea0fbeec2f1351a71f30bc
d1625420cdc79643e759247b0e9ac89dadfbe956
fd461665ee463fad26300630684a11e3c520485e3b001c2f08439d50589ddbb7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10527
x-amzn-requestid: 1b709c25-8424-49d8-bc0e-dac3fbc154ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apNEzH5ZoAMFWdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359f551-3fb0703f27b571cf7f85e59e;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9A2gds6rdrlTJCrN3m05Yl3azoOYGCEaCd2OBH8qq21wHR8WgqI3CA==
via: 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 02:50:14 GMT
age: 5011
etag: "d1625420cdc79643e759247b0e9ac89dadfbe956"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 308da46611df43543d31ca502986bea2
0bf4de356c3a64785fe116161cb931b3b2476f5d
63996962e2763dcf2e0ae5e43aa12dfd8f8677082bb1cdf63528dfd00404f3e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7619
x-amzn-requestid: 67308248-e660-4294-aafe-5f178970f822
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGHlcHHfIAMFyGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63658622-5b1ee875554a05eb1e8a6f16;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 21:37:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Qn6QTO-5bR2vT6wtmHT2zVZX556_FUz6ImAWK3O8hc8xSJ9XmNM96w==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:48:46 GMT
age: 23099
etag: "0bf4de356c3a64785fe116161cb931b3b2476f5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ee7867-cfc1-4e91-8bfe-c86e9e0369d8.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ee7867-cfc1-4e91-8bfe-c86e9e0369d8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1799c94891598120fab550073379516
ed51b7d2c443aec199c1605b5ebe2e1e25f287a3
5f3f2ffdc992d917d8d3b5890c0ad9810b9699c38e932c0d4d32625346eb87a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9ee7867-cfc1-4e91-8bfe-c86e9e0369d8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6228
x-amzn-requestid: 788a9f03-5b3f-446c-a02c-844fe2f07221
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ameKPFJAoAMFy1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358dd74-15bffc073dae60355b484cbb;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 07:10:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YN9fqqZ0ZqpXcYQZbi5MXAL2e_jd5aW3qdbsqLUGR7Rhj5-QvP1VxA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 22:20:14 GMT
age: 21211
etag: "ed51b7d2c443aec199c1605b5ebe2e1e25f287a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F311de4fa-2622-4405-a8aa-ba6253adca1e.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F311de4fa-2622-4405-a8aa-ba6253adca1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3f58211ba5351479df022215cd16ecd2
f54589d1eb5771befaef24a6299a6719c4353e97
8feccd5bce6e772e178ccdd2a1d084407d65bb82474d943b01efc0d5b660bdec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F311de4fa-2622-4405-a8aa-ba6253adca1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4812
x-amzn-requestid: e2bfc209-f109-4c05-a7ad-52b5bd138610
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a2ZK9HBWoAMFqPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635f3bdf-6ac70df57b5a16d66e16dcdd;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 03:07:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ijMKexnSRyvAI_u4x56CBbuuOQguAxBcON4y44o0l2gChDLoboitXw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 11:19:00 GMT
age: 60885
etag: "f54589d1eb5771befaef24a6299a6719c4353e97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash facc4a84760455e7b08ce8e52a4c418c
8ee89772aa2de0d82244ff6ce6eaa3413bc629e3
92e1577a60d84eaa346c12e40e1f1e8440abb635fe340a7c417c124903c53382
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=130980
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:45 GMT
Etag: "63653f9c-117"
Expires: Sun, 06 Nov 2022 16:36:45 GMT
Last-Modified: Fri, 04 Nov 2022 16:36:44 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
cdn.formulead.com/t/errors
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/t/errors
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/errors HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:45 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/errors
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/t/errors
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/errors HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-.zuBQESDXOFHltCUVwWaAW5IwzIAtEGGGeLFKwerhwQk
Content-Type: application/json
Content-Length: 153
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
event.trk-consulatu.com/register/event_log/zqd2ojv4ek
172.64.169.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zqd2ojv4ek
IP 172.64.169.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/zqd2ojv4ek HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 04:13:45 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: http://petrol.clientoffer.site
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hb4c0n1JmvhUkn0pr0ITtRcv4RhPh7D%2BcU81UmOkc43Z07e%2BhGG2PqCvPjqwJnWzYu4XbltDiDrYVK05%2B8CnEKQJOpVwCB3meiwLEYWQpWNL6mXI%2F2dfx0JiJkLJZLpnUS4vNknB1dKkMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7652c2356ea87308-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/zqd2ojv4ek
172.64.169.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zqd2ojv4ek
IP 172.64.169.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/zqd2ojv4ek HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://petrol.clientoffer.site/
Content-type: application/json
Origin: http://petrol.clientoffer.site
Content-Length: 103
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 04:13:45 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: http://petrol.clientoffer.site
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=874Oii0hTdMHk4%2B7AZwTr%2FX8qBduC3MR7AlmidGm4BGxv6jmLjlr9wA%2F7xpNrpNDE%2FKvAbKA%2FxZbirgomLbq1WGFqf71CA%2BLgJKhVeChfLb3KaTYXA4SzWFatKtNdl68y0M3ruUrSF14qw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7652c2361f2e7308-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js
142.250.74.163200 OK 162 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (590)
Size 162 kB (162282 bytes)
Hash 05e06c50dab6f3d7f8bfde22301888db
64b3c20c788d298a672fabf9627eac914d95ed08
95176711feca1110e764a31e36764d5b331b033ed56fb372b42250329b33e1d6
GET /recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162282
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Nov 2022 22:23:25 GMT
expires: Sat, 04 Nov 2023 22:23:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 31 Oct 2022 04:02:45 GMT
content-type: text/javascript
age: 21020
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 04:13:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 21:46:16 GMT
expires: Fri, 03 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 109649
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Oct 2022 12:31:58 GMT
expires: Sun, 29 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 574907
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.formulead.com/t/page
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:46 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/validator
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/t/validator
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/validator HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-ofvuinwk,x-session-id,x-zqhkygow
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:46 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/validator
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/t/validator
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/validator HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-.zuBQESDXOFHltCUVwWaAW5IwzIAtEGGGeLFKwerhwQk
Content-Type: application/json
x-zqhkygow: aea095746b412c304b1e8a6705197b520a6c7e7252cffb4fdf171bc20ff2b2b5
x-ofvuinwk: 138c15d4bfd494d0b26799e48dfa58904bb2eb4ca63c6101c0b6ac3b79b8bd25
Content-Length: 1855
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:46 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
cdn.formulead.com/v/recaptcha3?token=03AEkXODCkP8fmUwc6F0tS36FXy4woT3NTni4cT2GHDr58fPAF4xHxTOtS8zVzjiKxaq1tSkW1zDqvDX-ynFItDyVYi3vDLO_w9qBYduAvZ9WlgOVpAjxxnQKPe-nxx1snYHP1zne0C454xFGQ8pNnZXoL14DGTmdJb_X6Gss8AgImKXBupcvxauhN3kYkddnLukEcLyKYFHEH4BpF05uorAWKcUx6XjH3_Y3x945E7tNmvXqFoRkycVrX5KtfB95_ALsahqWc1bciXB_ceUL0rpSp_9X4G7m70Ex1X1rQatIr5-WIcNyNhX8Tmw63dA7HiUPUpwg5jVBaOCyXqPT_y7vPcItq4Z8jToz4tHNVkYhP95jKWIkqgsiXEXOk62PJ0Ap54aAnWvYmwOjT_xaRWBFRjLQa2iq_oQrLJepUWCo7oJx_73RhaVbsl1vTb2-XwrCcGrcrmDANr_qJ3Iw5VmqHNeEU7A66SFH85Ze6M_-wyhphm7cRiOE1pQw7ntc4O3pKBISZWPoKX0WnQb9cRg-Ixour-tVchg&step=1
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/recaptcha3?token=03AEkXODCkP8fmUwc6F0tS36FXy4woT3NTni4cT2GHDr58fPAF4xHxTOtS8zVzjiKxaq1tSkW1zDqvDX-ynFItDyVYi3vDLO_w9qBYduAvZ9WlgOVpAjxxnQKPe-nxx1snYHP1zne0C454xFGQ8pNnZXoL14DGTmdJb_X6Gss8AgImKXBupcvxauhN3kYkddnLukEcLyKYFHEH4BpF05uorAWKcUx6XjH3_Y3x945E7tNmvXqFoRkycVrX5KtfB95_ALsahqWc1bciXB_ceUL0rpSp_9X4G7m70Ex1X1rQatIr5-WIcNyNhX8Tmw63dA7HiUPUpwg5jVBaOCyXqPT_y7vPcItq4Z8jToz4tHNVkYhP95jKWIkqgsiXEXOk62PJ0Ap54aAnWvYmwOjT_xaRWBFRjLQa2iq_oQrLJepUWCo7oJx_73RhaVbsl1vTb2-XwrCcGrcrmDANr_qJ3Iw5VmqHNeEU7A66SFH85Ze6M_-wyhphm7cRiOE1pQw7ntc4O3pKBISZWPoKX0WnQb9cRg-Ixour-tVchg&step=1
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/recaptcha3?token=03AEkXODCkP8fmUwc6F0tS36FXy4woT3NTni4cT2GHDr58fPAF4xHxTOtS8zVzjiKxaq1tSkW1zDqvDX-ynFItDyVYi3vDLO_w9qBYduAvZ9WlgOVpAjxxnQKPe-nxx1snYHP1zne0C454xFGQ8pNnZXoL14DGTmdJb_X6Gss8AgImKXBupcvxauhN3kYkddnLukEcLyKYFHEH4BpF05uorAWKcUx6XjH3_Y3x945E7tNmvXqFoRkycVrX5KtfB95_ALsahqWc1bciXB_ceUL0rpSp_9X4G7m70Ex1X1rQatIr5-WIcNyNhX8Tmw63dA7HiUPUpwg5jVBaOCyXqPT_y7vPcItq4Z8jToz4tHNVkYhP95jKWIkqgsiXEXOk62PJ0Ap54aAnWvYmwOjT_xaRWBFRjLQa2iq_oQrLJepUWCo7oJx_73RhaVbsl1vTb2-XwrCcGrcrmDANr_qJ3Iw5VmqHNeEU7A66SFH85Ze6M_-wyhphm7cRiOE1pQw7ntc4O3pKBISZWPoKX0WnQb9cRg-Ixour-tVchg&step=1 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:46 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/recaptcha3?token=03AEkXODCkP8fmUwc6F0tS36FXy4woT3NTni4cT2GHDr58fPAF4xHxTOtS8zVzjiKxaq1tSkW1zDqvDX-ynFItDyVYi3vDLO_w9qBYduAvZ9WlgOVpAjxxnQKPe-nxx1snYHP1zne0C454xFGQ8pNnZXoL14DGTmdJb_X6Gss8AgImKXBupcvxauhN3kYkddnLukEcLyKYFHEH4BpF05uorAWKcUx6XjH3_Y3x945E7tNmvXqFoRkycVrX5KtfB95_ALsahqWc1bciXB_ceUL0rpSp_9X4G7m70Ex1X1rQatIr5-WIcNyNhX8Tmw63dA7HiUPUpwg5jVBaOCyXqPT_y7vPcItq4Z8jToz4tHNVkYhP95jKWIkqgsiXEXOk62PJ0Ap54aAnWvYmwOjT_xaRWBFRjLQa2iq_oQrLJepUWCo7oJx_73RhaVbsl1vTb2-XwrCcGrcrmDANr_qJ3Iw5VmqHNeEU7A66SFH85Ze6M_-wyhphm7cRiOE1pQw7ntc4O3pKBISZWPoKX0WnQb9cRg-Ixour-tVchg&step=1
34.78.252.25200 OK 170 B URL HTTP/1.1 cdn.formulead.com/v/recaptcha3?token=03AEkXODCkP8fmUwc6F0tS36FXy4woT3NTni4cT2GHDr58fPAF4xHxTOtS8zVzjiKxaq1tSkW1zDqvDX-ynFItDyVYi3vDLO_w9qBYduAvZ9WlgOVpAjxxnQKPe-nxx1snYHP1zne0C454xFGQ8pNnZXoL14DGTmdJb_X6Gss8AgImKXBupcvxauhN3kYkddnLukEcLyKYFHEH4BpF05uorAWKcUx6XjH3_Y3x945E7tNmvXqFoRkycVrX5KtfB95_ALsahqWc1bciXB_ceUL0rpSp_9X4G7m70Ex1X1rQatIr5-WIcNyNhX8Tmw63dA7HiUPUpwg5jVBaOCyXqPT_y7vPcItq4Z8jToz4tHNVkYhP95jKWIkqgsiXEXOk62PJ0Ap54aAnWvYmwOjT_xaRWBFRjLQa2iq_oQrLJepUWCo7oJx_73RhaVbsl1vTb2-XwrCcGrcrmDANr_qJ3Iw5VmqHNeEU7A66SFH85Ze6M_-wyhphm7cRiOE1pQw7ntc4O3pKBISZWPoKX0WnQb9cRg-Ixour-tVchg&step=1
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 444a70e688fc33013a26400a3e1d4315
c35fb84d3a987e27a922df3eb8bc54c169cedf68
46b7cdf212a0ee9c151e87711b08690957583b4965d05ce3261a4187a2083319
GET /v/recaptcha3?token=03AEkXODCkP8fmUwc6F0tS36FXy4woT3NTni4cT2GHDr58fPAF4xHxTOtS8zVzjiKxaq1tSkW1zDqvDX-ynFItDyVYi3vDLO_w9qBYduAvZ9WlgOVpAjxxnQKPe-nxx1snYHP1zne0C454xFGQ8pNnZXoL14DGTmdJb_X6Gss8AgImKXBupcvxauhN3kYkddnLukEcLyKYFHEH4BpF05uorAWKcUx6XjH3_Y3x945E7tNmvXqFoRkycVrX5KtfB95_ALsahqWc1bciXB_ceUL0rpSp_9X4G7m70Ex1X1rQatIr5-WIcNyNhX8Tmw63dA7HiUPUpwg5jVBaOCyXqPT_y7vPcItq4Z8jToz4tHNVkYhP95jKWIkqgsiXEXOk62PJ0Ap54aAnWvYmwOjT_xaRWBFRjLQa2iq_oQrLJepUWCo7oJx_73RhaVbsl1vTb2-XwrCcGrcrmDANr_qJ3Iw5VmqHNeEU7A66SFH85Ze6M_-wyhphm7cRiOE1pQw7ntc4O3pKBISZWPoKX0WnQb9cRg-Ixour-tVchg&step=1 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: aa68fc49aaf29305ff5d6012
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2022-11-05T04%3A13%3A44.051Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:46 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 170
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"aa-w1+4TTqYfiepIt8+uLxUwWnO32g"
set-cookie: qst.sid=s%3AZM8c8WdUKJLwZHHz8GS5B3bj0goizVzw.Y%2BI%2BW3qZVZj15djoCVkRFhco%2BTyPPtVRhImzwq2d4bA; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=full
34.78.252.25200 OK 12 kB URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=full
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65327), with no line terminators
Hash a3fc409057a00e3d762ceefa4163c1c6
23868dcff0ebdb0769a393c586731a21bcf9e6dc
4a6c468e5b3ad4457dc7676d15d4221d0c9a7fd571d554bdeec7c68f3210f658
GET /p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-.zuBQESDXOFHltCUVwWaAW5IwzIAtEGGGeLFKwerhwQk
X-Request-Id: aa68fc49aaf29305ff5d6012
X-iivmxswc: 24b4f0743ad4f0d243334e92821ef61f311c1bc29220bf59705443c009077033
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2022-11-05T04%3A13%3A44.051Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:46 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: stp=1; Path=/; Expires=Mon, 04 Nov 2024 04:13:45 GMT; Secure; SameSite=None
ck_tsp=2022-11-05T04%3A13%3A45.005Z; Path=/; Expires=Mon, 04 Nov 2024 04:13:45 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Mon, 04 Nov 2024 04:13:45 GMT; Secure; SameSite=None
ETag: W/"12fc2-zzrb9VAEoXfCT67B8ct4pcjFDD4"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/t/page
34.78.252.25200 OK 16 B IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:NVFNQVYb6tHyCt5qQ1Tv8kbck50-ISq-.zuBQESDXOFHltCUVwWaAW5IwzIAtEGGGeLFKwerhwQk
Content-Type: application/json
Content-Length: 113
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 05 Nov 2022 04:13:49 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=petrol.clientoffer.site
172.64.169.3200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=petrol.clientoffer.site
IP 172.64.169.3:0
GET /scripts/push/script/z75dnkdk4q?url=petrol.clientoffer.site HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 04:13:45 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8WKGiVOBPd0BUOs%2BkQZcEFd1ryfgP1aHrW1YsOe5U64GIDqvugxSOpPOqb9%2FO%2F0aFyYJ3MLUXJriwbJiHDsu1Ix3vu5mSVvdhgW4y2GW5coc3HHRP%2FVsjkJO0he5%2BXJyyW1g6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7652c2342dec71d4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700
IP 142.250.74.10:0
GET /css?family=Montserrat:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 05 Nov 2022 04:13:42 GMT
date: Sat, 05 Nov 2022 04:13:42 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
st.formulead.com/assets/js/helpers.js
54.230.111.106200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/helpers.js
IP 54.230.111.106:0
GET /assets/js/helpers.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 04 Nov 2022 17:29:49 GMT
etag: W/"6329dbed-fefc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JI9k45dwU51iGwCJ1Il9rAIcnIbuOJOUDaCz8mEcZH5Q_Qxj5QgvjQ==
age: 38634
X-Firefox-Spdy: h2
st.formulead.com/assets/js/bioep.min.js
54.230.111.106200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/bioep.min.js
IP 54.230.111.106:0
GET /assets/js/bioep.min.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 04 Nov 2022 17:29:49 GMT
etag: W/"6329dbed-14c4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Lsnw3vgIG8NpJ_CzdDXXcZwo2NyjXv-CCOvyK2FQLPt7ucg1nRzkOQ==
age: 38634
X-Firefox-Spdy: h2
st.formulead.com/assets/js/dl_modified.js
54.230.111.106200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/dl_modified.js
IP 54.230.111.106:0
GET /assets/js/dl_modified.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 05 Nov 2022 04:13:44 GMT
etag: W/"6329dbed-132f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cB1NDsSIEI1WuF_F1ldMIlqJ_QmK0wxg8R8Vz31BGbIzsZyKRjkCLQ==
age: 419
X-Firefox-Spdy: h2