Overview

URL safe.secretfindertoday.com/campaigns/lj544c8mcx357/track-url/dy806lsj7q32c/c6ed556b92f54f1ff08a6a0f70e88d4e7ec80b7e
IP65.21.197.40
ASNHetzner Online GmbH
Location Finland
Report completed2022-09-21 04:40:25 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-21 2 safe.secretfindertoday.com/campaigns/lj544c8mcx357/track-url/dy806lsj7q32c/ (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (26)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS www.vipgoldenbucks.com (21) 0 2022-07-25 14:25:40 UTC 2022-09-21 03:25:21 UTC 104.16.12.194 Unknown ranking
mnemonic passive DNS static.cloudflareinsights.com (1) 1294 2019-09-24 14:34:56 UTC 2022-09-21 04:17:48 UTC 104.18.47.230
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-20 20:31:37 UTC 143.204.55.27
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-21 04:08:37 UTC 143.204.55.25
mnemonic passive DNS ocsp.comodoca.com (2) 1696 2012-05-21 07:01:17 UTC 2022-09-20 13:19:42 UTC 172.64.155.188
mnemonic passive DNS ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2022-09-21 04:07:23 UTC 93.184.220.29
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-21 00:49:48 UTC 34.120.237.76
mnemonic passive DNS click.socialuplifted.com (1) 0 2022-07-13 01:51:20 UTC 2022-09-21 03:25:23 UTC 144.208.71.125 Unknown ranking
mnemonic passive DNS ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.39
mnemonic passive DNS use.fontawesome.com (2) 942 2017-01-30 04:43:25 UTC 2022-09-21 03:39:33 UTC 172.64.132.15
mnemonic passive DNS safe.secretfindertoday.com (1) 0 2022-06-11 17:12:36 UTC 2022-09-21 03:51:01 UTC 65.21.197.40 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-21 04:08:37 UTC 23.36.77.32
mnemonic passive DNS link.rapidpockets.com (1) 0 2022-07-23 07:24:36 UTC 2022-09-21 03:25:23 UTC 144.208.71.125 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-21 04:08:37 UTC 54.69.181.45
mnemonic passive DNS cbtb.clickbank.net (1) 103233 2015-11-12 08:51:45 UTC 2022-09-21 02:36:10 UTC 52.33.226.99
mnemonic passive DNS prod.cbstatic.net (3) 108120 2018-07-31 06:30:52 UTC 2022-09-21 02:36:11 UTC 143.204.55.53
mnemonic passive DNS fonts.googleapis.com (2) 8877 2014-07-21 13:19:55 UTC 2022-09-21 04:07:58 UTC 216.58.211.10
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-20 04:47:04 UTC 34.117.237.239
mnemonic passive DNS fonts.gstatic.com (4) 0 2014-08-29 13:43:22 UTC 2022-09-20 04:47:45 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-09-21 03:58:54 UTC 151.101.86.137
mnemonic passive DNS bam.nr-data.net (1) 630 2015-02-10 00:06:27 UTC 2022-09-21 04:17:29 UTC 162.247.241.14
mnemonic passive DNS app.clickfunnels.com (3) 34727 2015-03-12 08:40:23 UTC 2022-09-21 04:06:28 UTC 104.16.14.194
mnemonic passive DNS 5dea0ub1cz3u1m1bjfqyjcqu6o.hop.clickbank.net (1) 0 No data No data 44.240.181.170 Domain (clickbank.net) ranked at: 34186
mnemonic passive DNS ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-09-20 04:47:45 UTC 142.250.74.3
mnemonic passive DNS d2saw6je89goi1.cloudfront.net (1) 0 2021-11-29 09:10:01 UTC 2022-09-21 03:01:19 UTC 143.204.42.23 Unknown ranking
mnemonic passive DNS assets.clickfunnels.com (1) 64830 2014-10-08 20:00:20 UTC 2022-09-20 22:32:15 UTC 104.16.13.194


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 65.21.197.40

Date UQ / IDS / BL URL IP
2022-09-26 12:59:15 +0000
0 - 0 - 4 view.sparkbest.co/campaigns/cw473a7z4bdf5/tra (...) 65.21.197.40
2022-09-22 19:19:15 +0000
0 - 0 - 1 view.sparkbest.co/campaigns/cw473a7z4bdf5/tra (...) 65.21.197.40
2022-09-21 19:56:42 +0000
0 - 0 - 2 view.sparkbest.co/campaigns/gt838gog560a8/tra (...) 65.21.197.40
2022-09-21 18:57:46 +0000
0 - 0 - 2 view.sparkbest.co/campaigns/gt838gog560a8/tra (...) 65.21.197.40
2022-09-21 18:57:11 +0000
0 - 0 - 2 safe.secretfindertoday.com/campaigns/zl437rf8 (...) 65.21.197.40

Last 5 reports on ASN: Hetzner Online GmbH

Date UQ / IDS / BL URL IP
2022-12-07 16:02:56 +0000
0 - 0 - 3 best-girls.online/dHGq2Z 162.55.131.227
2022-12-07 15:49:29 +0000
0 - 0 - 1 95.217.29.31/127185588285.zip 95.217.29.31
2022-12-07 14:21:23 +0000
0 - 0 - 2 49.12.116.5/901159734174.zip 49.12.116.5
2022-12-07 14:13:04 +0000
0 - 0 - 2 49.12.116.5/675777618108.zip 49.12.116.5
2022-12-07 14:12:09 +0000
0 - 0 - 1 virtlserv.com/iuh8v/index.php 138.201.18.153

Last 5 reports on domain: secretfindertoday.com

Date UQ / IDS / BL URL IP
2022-11-11 15:23:55 +0000
0 - 0 - 15 safe.secretfindertoday.com/campaigns/wy522bqo (...) 65.108.14.84
2022-10-06 18:43:50 +0000
0 - 0 - 15 safe.secretfindertoday.com/campaigns/el687006 (...) 65.108.14.84
2022-10-05 21:12:42 +0000
0 - 0 - 15 safe.secretfindertoday.com/campaigns/el687006 (...) 65.108.14.84
2022-09-21 18:57:11 +0000
0 - 0 - 2 safe.secretfindertoday.com/campaigns/zl437rf8 (...) 65.21.197.40
2022-09-21 04:40:25 +0000
0 - 0 - 1 safe.secretfindertoday.com/campaigns/lj544c8m (...) 65.21.197.40

No other reports with similar screenshot



JavaScript

Executed Scripts (21)


Executed Evals (3)

#1 JavaScript::Eval (size: 20304, repeated: 1) - SHA256: 9c1ea695852f01d2fc6027d572b126b740a9c4634540fb0d39ea3656377eef77

                                        function $d(d) {
    return document.getElementById(d)
}
var proc = location.protocol;
if (proc != 'https:') {
    proc = 'http:'
}
var _image_path = proc + '//addthisevent.com/gfx/icon-calendar-t1.png';
var _ate_license = '';
var _ate_mouse = false;
var _ate_css = 'true';
var _ate_callback = '';
var _ate_dropdown = '';
var _ate_lbl_outlook = 'Outlook Calendar';
var _ate_lbl_google = 'Google Calendar';
var _ate_lbl_yahoo = 'Yahoo Calendar';
var _ate_lbl_hotmail = 'Hotmail Calendar';
var _ate_lbl_ical = 'iCal Calendar';
var _ate_lbl_fb_event = 'Facebook Event';
var _ate_show_outlook = true;
var _ate_show_google = true;
var _ate_show_yahoo = true;
var _ate_show_hotmail = true;
var _ate_show_ical = true;
var _ate_show_facebook = true;
var _d_rd = false;
var _ate_btn_found = false;
var _ate_btn_expo = false;
var addthisevent = function() {
    var D = false,
        dropzcx = 1,
        olddrop = '',
        dropmousetim, css1 = false,
        css2 = false;
    return {
        generate: function() {
            try {
                _image_path = _image_path
            } catch (e) {
                _image_path = proc + '//addthisevent.com/gfx/icon-calendar-t1.png'
            }
            try {
                _ate_license = _license
            } catch (e) {}
            try {
                _ate_mouse = _mouse
            } catch (e) {}
            try {
                _ate_css = _css
            } catch (e) {}
            var b = addthisevent.glicense(_ate_license);
            var c = document.getElementsByTagName('*');
            for (var d = 0; d < c.length; d += 1) {
                var f = '',
                    fbevent = false,
                    str = c[d].className,
                    htmx = '';
                if (addthisevent.hasclass(c[d], 'addthisevent')) {
                    var g = c[d].getElementsByTagName('span');
                    for (var m = 0; m < g.length; m += 1) {
                        if (addthisevent.hasclass(g[m], '_url')) {
                            g[m].style.display = 'none'
                        }
                        if (addthisevent.hasclass(g[m], '_start')) {
                            g[m].style.display = 'none';
                            f += '&dstart=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_end')) {
                            g[m].style.display = 'none';
                            f += '&dend=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_zonecode')) {
                            g[m].style.display = 'none';
                            f += '&dzone=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_summary')) {
                            g[m].style.display = 'none';
                            f += '&dsum=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_description')) {
                            g[m].style.display = 'none';
                            f += '&ddesc=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_location')) {
                            g[m].style.display = 'none';
                            f += '&dloca=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_organizer')) {
                            g[m].style.display = 'none';
                            f += '&dorga=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_organizer_email')) {
                            g[m].style.display = 'none';
                            f += '&dorgaem=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_attendees')) {
                            g[m].style.display = 'none';
                            f += '&datte=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_all_day_event')) {
                            g[m].style.display = 'none';
                            f += '&dallday=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_date_format')) {
                            g[m].style.display = 'none';
                            f += '&dateformat=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_alarm_reminder')) {
                            g[m].style.display = 'none';
                            f += '&alarm=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_recurring')) {
                            g[m].style.display = 'none';
                            f += '&drule=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_uid')) {
                            g[m].style.display = 'none';
                            f += '&uid=' + encodeURIComponent(addthisevent.htmlencode(g[m].innerHTML))
                        }
                        if (addthisevent.hasclass(g[m], '_facebook_event')) {
                            if (g[m].innerHTML != '') {
                                g[m].style.display = 'none';
                                var h = g[m].innerHTML.replace(/ /gi, "");
                                f += '&fbevent=' + encodeURIComponent(h);
                                fbevent = true
                            }
                        }
                    }
                    if (b) {
                        f += '&credits=false'
                    }
                    f = f.replace(/'/gi, "�");
                    if (_ate_dropdown != '') {
                        _ate_dropdown = _ate_dropdown + ',';
                        _ate_dropdown = _ate_dropdown.replace(/ /gi, '');
                        var i = _ate_dropdown.split(',');
                        for (var a = 0; a < i.length; a += 1) {
                            if (_ate_show_outlook && i[a] == 'outlook') {
                                htmx += '<span class="ateoutlook" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'outlook\',\'' + f + '\');">' + _ate_lbl_outlook + '</span>'
                            }
                            if (_ate_show_google && i[a] == 'google') {
                                htmx += '<span class="ategoogle" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'google\',\'' + f + '\');">' + _ate_lbl_google + '</span>'
                            }
                            if (_ate_show_yahoo && i[a] == 'yahoo') {
                                htmx += '<span class="ateyahoo" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'yahoo\',\'' + f + '\');">' + _ate_lbl_yahoo + '</span>'
                            }
                            if (_ate_show_hotmail && i[a] == 'hotmail') {
                                htmx += '<span class="atehotmail" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'hotmail\',\'' + f + '\');">' + _ate_lbl_hotmail + '</span>'
                            }
                            if (_ate_show_ical && i[a] == 'ical') {
                                htmx += '<span class="ateical" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'ical\',\'' + f + '\');">' + _ate_lbl_ical + '</span>'
                            }
                            if (fbevent && i[a] == 'facebook') {
                                if (_ate_show_facebook && i[a] == 'facebook') {
                                    htmx += '<span class="atefacebook" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'facebook\',\'' + f + '\');">' + _ate_lbl_fb_event + '</span>'
                                }
                            }
                        }
                    } else {
                        if (_ate_show_outlook) {
                            htmx += '<span class="ateoutlook" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'outlook\',\'' + f + '\');">' + _ate_lbl_outlook + '</span>'
                        }
                        if (_ate_show_google) {
                            htmx += '<span class="ategoogle" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'google\',\'' + f + '\');">' + _ate_lbl_google + '</span>'
                        }
                        if (_ate_show_yahoo) {
                            htmx += '<span class="ateyahoo" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'yahoo\',\'' + f + '\');">' + _ate_lbl_yahoo + '</span>'
                        }
                        if (_ate_show_hotmail) {
                            htmx += '<span class="atehotmail" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'hotmail\',\'' + f + '\');">' + _ate_lbl_hotmail + '</span>'
                        }
                        if (_ate_show_ical) {
                            htmx += '<span class="ateical" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'ical\',\'' + f + '\');">' + _ate_lbl_ical + '</span>'
                        }
                        if (fbevent) {
                            if (_ate_show_facebook) {
                                htmx += '<span data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'facebook\',\'' + f + '\');">' + _ate_lbl_fb_event + '</span>'
                            }
                        }
                    }
                    if (!b) {
                        htmx += '<em class="copyx"><em class="brx"></em><em class="frs" data-ref="' + dropzcx + '" onclick="addthisevent.cli(this,\'home\');">AddThisEvent</em></em>'
                    }
                    c[d].id = 'atedrop' + dropzcx;
                    c[d].className = c[d].className.replace(/addthisevent/gi, '');
                    c[d].className = c[d].className + ' addthisevent-drop';
                    c[d].title = '';
                    var j = c[d].getAttribute('data-direct');
                    if (j) {
                        c[d].setAttribute('data-url', f);
                        c[d].setAttribute('data-ref', dropzcx);
                        c[d].onclick = function() {
                            addthisevent.direct(this);
                            return false
                        }
                    } else {
                        if (_ate_mouse) {
                            c[d].onmouseover = function() {
                                clearTimeout(dropmousetim);
                                addthisevent.show(this, 'auto', 'auto', true)
                            };
                            c[d].onmouseout = function() {
                                dropmousetim = setTimeout("addthisevent.out();", 200)
                            };
                            c[d].onclick = function() {
                                return false
                            }
                        } else {
                            c[d].onclick = function() {
                                addthisevent.show(this, 'auto', 'auto');
                                return false
                            }
                        }
                    }
                    var k = c[d];
                    var l = document.createElement('span');
                    l.id = 'atedrop' + dropzcx + '-drop';
                    l.className = 'addthisevent_dropdown';
                    l.innerHTML = htmx;
                    k.appendChild(l);
                    dropzcx++;
                    _ate_btn_found = true
                }
            }
            if (_ate_css == 'false') {
                addthisevent.trycss()
            } else {
                addthisevent.applycss(b)
            }
            if (_ate_btn_found && !_ate_btn_expo) {
                _ate_btn_expo = true;
                addthisevent.track({
                    typ: 'exposure',
                    cal: ''
                })
            }
        },
        direct: function(f) {
            var a = f.getAttribute('data-url');
            var b = f.getAttribute('data-direct');
            addthisevent.cli(f, b, a)
        },
        cli: function(f, a, b) {
            var c = '',
                ref = location.href,
                nw = true,
                now = new Date();
            if (a == 'outlook') {
                c = proc + '//addthisevent.com/create/?service=OUTLOOK' + b + '&reference=' + ref;
                nw = false
            }
            if (a == 'google') {
                c = proc + '//addthisevent.com/create/?service=GOOGLE' + b + '&reference=' + ref
            }
            if (a == 'yahoo') {
                c = proc + '//addthisevent.com/create/?service=YAHOO' + b + '&reference=' + ref
            }
            if (a == 'hotmail') {
                c = proc + '//addthisevent.com/create/?service=HOTMAIL' + b + '&reference=' + ref
            }
            if (a == 'ical') {
                c = proc + '//addthisevent.com/create/?service=ICAL' + b + '&reference=' + ref;
                nw = false
            }
            if (a == 'facebook') {
                c = proc + '//addthisevent.com/create/?service=FACEBOOK' + b + '&reference=' + ref
            }
            if (a == 'home') {
                c = proc + '//addthisevent.com/'
            }
            if (c != '') {
                if (a != 'home') {
                    var d = f.getAttribute('data-ref');
                    var g = $d('atedrop' + d);
                    if (g) {
                        var h = g.getAttribute('data-track');
                        if (h != null) {
                            h = h.replace(/ate-calendar/gi, a);
                            try {
                                eval(h)
                            } catch (e) {}
                        }
                    }
                }
                if (!$d('atecllink')) {
                    var j = document.createElement("a");
                    j.id = 'atecllink';
                    j.rel = 'external';
                    j.innerHTML = '{addthisevent-ghost-link}';
                    j.style.display = 'none';
                    document.body.appendChild(j)
                }
                var k = $d('atecllink');
                if (nw) {
                    k.target = '_blank'
                } else {
                    k.target = '_self'
                }
                k.href = c;
                addthisevent.eclick('atecllink')
            }
            addthisevent.track({
                typ: 'click',
                cal: a
            });
            if (_ate_callback) {
                for (var i = 0; i < _ate_callback.length; i++) {
                    try {
                        eval(_ate_callback[i])
                    } catch (e) {
                        alert(e.description)
                    }
                }
            }
        },
        applycss: function(a) {
            if (!css2) {
                var b;
                b = '.addthisevent-drop {display:inline-block;position:relative;font-family:arial;color:#333!important;background:#f4f4f4 url(' + _image_path + ') no-repeat 9px 50%;text-decoration:none!important;border:1px solid #d9d9d9;color:#555;font-weight:bold;font-size:14px;text-decoration:none;padding:9px 12px 8px 35px;-moz-border-radius:2px;-webkit-border-radius:2px;-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;}';
                b += '.addthisevent-drop:hover {border:1px solid #aab9d4;color:#555;font-weight:bold;font-size:14px;text-decoration:none!important;}';
                b += '.addthisevent-drop:active {top:1px;}';
                b += '.addthisevent-selected {background-color:#f7f7f7;}';
                if (a) {
                    b += '.addthisevent_dropdown {width:200px;position:absolute;z-index:99999;padding:0px 0px 0px 0px;background:#fff;text-align:left;display:none;margin-top:-2px;margin-left:-1px;border-top:1px solid #c8c8c8;border-right:1px solid #bebebe;border-bottom:1px solid #a8a8a8;border-left:1px solid #bebebe;-moz-border-radius:2px;-webkit-border-radius:2px;-webkit-box-shadow:1px 3px 6px rgba(0,0,0,0.15);-moz-box-shadow:1px 3px 6px rgba(0,0,0,0.15);box-shadow:1px 3px 6px rgba(0,0,0,0.15);}'
                } else {
                    b += '.addthisevent_dropdown {width:200px;position:absolute;z-index:99999;padding:6px 0px 0px 0px;background:#fff;text-align:left;display:none;margin-top:-2px;margin-left:-1px;border-top:1px solid #c8c8c8;border-right:1px solid #bebebe;border-bottom:1px solid #a8a8a8;border-left:1px solid #bebebe;-moz-border-radius:2px;-webkit-border-radius:2px;-webkit-box-shadow:1px 3px 6px rgba(0,0,0,0.15);-moz-box-shadow:1px 3px 6px rgba(0,0,0,0.15);box-shadow:1px 3px 6px rgba(0,0,0,0.15);}'
                }
                b += '.addthisevent_dropdown span {display:block;cursor:pointer;line-height:110%;background:#fff;text-decoration:none;font-size:12px;color:#6d84b4;padding:8px 10px 9px 15px;}';
                b += '.addthisevent_dropdown span:hover {background:#f4f4f4;color:#6d84b4;text-decoration:none;font-size:12px;}';
                b += '.addthisevent span {display:none!important;}';
                b += '.addthisevent-drop ._url,.addthisevent-drop ._start,.addthisevent-drop ._end,.addthisevent-drop ._zonecode,.addthisevent-drop ._summary,.addthisevent-drop ._description,.addthisevent-drop ._location,.addthisevent-drop ._organizer,.addthisevent-drop ._organizer_email,.addthisevent-drop ._facebook_event,.addthisevent-drop ._all_day_event {display:none!important;}';
                b += '.addthisevent_dropdown .copyx {width:200px;height:21px;display:block;position:relative;cursor:default;}';
                b += '.addthisevent_dropdown .brx {width:180px;height:1px;overflow:hidden;background:#e0e0e0;position:absolute;z-index:100;left:10px;top:9px;}';
                b += '.addthisevent_dropdown .frs {position:absolute;top:5px;cursor:pointer;right:10px;padding-left:10px;font-style:normal;font-weight:normal;text-align:right;z-index:101;line-height:110%;background:#fff;text-decoration:none;font-size:9px;color:#cacaca;}';
                b += '.addthisevent_dropdown .frs:hover {color:#999!important;}';
                var c = document.createElement("style");
                c.type = "text/css";
                c.id = "ate_css";
                if (c.styleSheet) {
                    c.styleSheet.cssText = b
                } else {
                    c.appendChild(document.createTextNode(b))
                }
                document.getElementsByTagName("head")[0].appendChild(c);
                css2 = true
            }
        },
        trycss: function() {
            if (!css1) {
                try {
                    var a = '.addthisevent {visibility:hidden;}';
                    a += '.addthisevent-drop ._url,.addthisevent-drop ._start,.addthisevent-drop ._end,.addthisevent-drop ._zonecode,.addthisevent-drop ._summary,.addthisevent-drop ._description,.addthisevent-drop ._location,.addthisevent-drop ._organizer,.addthisevent-drop ._organizer_email,.addthisevent-drop ._attendees,.addthisevent-drop ._facebook_event,.addthisevent-drop ._all_day_event {display:none!important;}';
                    var b = document.createElement("style");
                    b.type = "text/css";
                    if (b.styleSheet) {
                        b.styleSheet.cssText = a
                    } else {
                        b.appendChild(document.createTextNode(a))
                    }
                    document.getElementsByTagName("head")[0].appendChild(b)
                } catch (e) {}
                css1 = true;
                addthisevent.track({
                    typ: 'jsinit',
                    cal: ''
                })
            }
        },
        removecss: function() {
            try {
                return (hdx = $d('ate_css')) ? hdx.parentNode.removeChild(hdx) : false
            } catch (e) {}
        },
        show: function(f, o, a, b) {
            var c = f.id;
            var d = $d(c);
            var g = $d(c + '-drop');
            if (d && g) {
                if (olddrop != c) {
                    addthisevent.hide(olddrop)
                }
                var h = addthisevent.getstyle(g, 'display');
                try {
                    f.blur()
                } catch (e) {};
                if (h == 'block') {
                    if (b) {} else {
                        addthisevent.hide(c)
                    }
                } else {
                    olddrop = c;
                    d.className = d.className + ' addthisevent-selected';
                    d.style.zIndex = addthisevent.topzindex();
                    g.style.left = '0px';
                    g.style.top = '0px';
                    g.style.display = 'block';
                    setTimeout("addthisevent.tim();", 350);
                    D = false;
                    var i = parseInt(d.offsetHeight);
                    var j = parseInt(d.offsetWidth);
                    var k = parseInt(g.offsetHeight);
                    var l = parseInt(g.offsetWidth);
                    var m = addthisevent.viewport();
                    var n = m.split('/');
                    var p = parseInt(n[0]);
                    var q = parseInt(n[1]);
                    var r = parseInt(n[2]);
                    var s = parseInt(n[3]);
                    var t = addthisevent.elementposition(g);
                    var u = t.split('/');
                    var v = parseInt(u[0]);
                    var w = parseInt(u[1]);
                    var x = w + k;
                    var y = q + s;
                    var z = v + l;
                    var A = p + r;
                    var B = 0,
                        dropy = 0;
                    if (o == 'down' && a == 'left') {
                        B = '0px';
                        dropy = i + 'px'
                    } else if (o == 'up' && a == 'left') {
                        B = '0px';
                        dropy = -k + 'px'
                    } else if (o == 'down' && a == 'right') {
                        B = -(l - j) + 'px';
                        dropy = i + 'px'
                    } else if (o == 'up' && a == 'right') {
                        B = -(l - j) + 'px';
                        dropy = -k + 'px'
                    } else if (o == 'auto' && a == 'left') {
                        B = '0px';
                        if (x > y) {
                            dropy = -k + 'px'
                        } else {
                            dropy = i + 'px'
                        }
                    } else if (o == 'auto' && a == 'right') {
                        B = -(l - j) + 'px';
                        if (x > y) {
                            dropy = -k + 'px'
                        } else {
                            dropy = i + 'px'
                        }
                    } else {
                        if (x > y) {
                            dropy = -k + 'px'
                        } else {
                            dropy = i + 'px'
                        }
                        if (z > A) {
                            B = -(l - j) + 'px'
                        } else {
                            B = '0px'
                        }
                    }
                    g.style.left = B;
                    g.style.top = dropy;
                    var C = 'ontouchstart' in document.documentElement ? 'touchstart' : 'click';
                    if (document.addEventListener) {
                        document.addEventListener(C, function() {
                            if (D) {
                                setTimeout(function() {
                                    addthisevent.force(c)
                                }, 300)
                            }
                        }, false)
                    } else if (document.attachEvent) {
                        document.attachEvent("on" + C, function() {
                            if (D) {
                                setTimeout(function() {
                                    addthisevent.force(c)
                                }, 300)
                            }
                        })
                    } else {
                        document.onclick = function() {
                            addthisevent.force(c)
                        }
                    }
                }
            }
        },
        force: function(f) {
            var a = $d(f);
            var b = $d(f + '-drop');
            if (a && b) {
                if (D && b.style.display == 'block') {
                    setTimeout("addthisevent.hide('" + f + "');", 350)
                }
            }
        },
        out: function() {
            addthisevent.force(olddrop)
        },
        hide: function(f) {
            var a = $d(f);
            var b = $d(f + '-drop');
            if (a && b) {
                a.className = a.className.replace(/addthisevent-selected/gi, '');
                b.style.display = 'none';
                b.style.zIndex = ''
            }
        },
        tim: function() {
            D = true
        },
        topzindex: function() {
            var a = 99999;
            var b = document.getElementsByTagName('*');
            for (var d = 0; d < b.length; d += 1) {
                if (addthisevent.hasclass(b[d], 'addthisevent-drop') || addthisevent.hasclass(b[d], 'addeventstc-drop')) {
                    var c = addthisevent.getstyle(b[d], 'z-index');
                    if (!isNaN(parseFloat(c)) && isFinite(c)) {
                        c = parseInt(c);
                        if (c > a) {
                            a = c
                        }
                    }
                }
            }
            a++;
            return a
        },
        viewport: function() {
            var w = 0,
                h = 0,
                y = 0,
                x = 0;
            if (typeof(window.innerWidth) == 'number') {
                w = window.innerWidth;
                h = window.innerHeight
            } else if (document.documentElement && (document.documentElement.clientWidth || document.documentElement.clientHeight)) {
                w = document.documentElement.clientWidth;
                h = document.documentElement.clientHeight
            } else if (document.body && (document.body.clientWidth || document.body.clientHeight)) {
                w = document.body.clientWidth;
                h = document.body.clientHeight
            }
            if (document.all) {
                x = (document.documentElement.scrollLeft) ? document.documentElement.scrollLeft : document.body.scrollLeft;
                y = (document.documentElement.scrollTop) ? document.documentElement.scrollTop : document.body.scrollTop
            } else {
                x = window.pageXOffset;
                y = window.pageYOffset
            }
            return w + '/' + h + '/' + x + '/' + y
        },
        elementposition: function(a) {
            var x = 0,
                y = 0;
            if (a.offsetParent) {
                x = a.offsetLeft;
                y = a.offsetTop;
                while (a = a.offsetParent) {
                    x += a.offsetLeft;
                    y += a.offsetTop
                }
            }
            return x + '/' + y
        },
        getstyle: function(a, b) {
            var x = a;
            var y;
            if (x.currentStyle) {
                y = x.currentStyle[b]
            } else if (window.getComputedStyle) {
                y = document.defaultView.getComputedStyle(x, null).getPropertyValue(b)
            }
            return y
        },
        glicense: function(f) {
            var b = location.href;
            var c = true;
            var d = f;
            var e = d.length;
            if (e == 20) {
                var a = d.substring(0, 1);
                var z = d.substring(9, 10);
                var m = d.substring(17, 18);
                if (a != 'a') {
                    c = false
                }
                if (z != 'z') {
                    c = false
                }
                if (m != 'm') {
                    c = false
                }
            } else {
                c = false
            }
            if (b.indexOf('addthisevent.com') == -1 && d == 'aao8iuet5zp9iqw5sm9z') {
                c = false
            }
            return c
        },
        refresh: function() {
            var a = document.getElementsByTagName('*');
            for (var d = 0; d < a.length; d += 1) {
                if (addthisevent.hasclass(a[d], 'addthisevent-drop')) {
                    a[d].className = a[d].className.replace(/addthisevent-drop/gi, '');
                    a[d].className = a[d].className.replace(/addthisevent/gi, '');
                    a[d].className = a[d].className + ' addthisevent'
                }
            }
            _ate_btn_expo = false;
            addthisevent.generate()
        },
        callcack: function(f) {
            _ate_callback = f
        },
        setlabel: function(l, t) {
            var x = l.toLowerCase();
            if (x == 'outlook') {
                _ate_lbl_outlook = t
            }
            if (x == 'google') {
                _ate_lbl_google = t
            }
            if (x == 'yahoo') {
                _ate_lbl_yahoo = t
            }
            if (x == 'ical') {
                _ate_lbl_ical = t
            }
            if (x == 'facebookevent') {
                _ate_lbl_fb_event = t
            }
        },
        settings: function(c) {
            if (c.license != undefined) {
                _ate_license = c.license
            }
            if (c.css != undefined) {
                if (c.css) {
                    _ate_css = 'true'
                } else {
                    _ate_css = 'false';
                    addthisevent.removecss()
                }
            }
            if (c.mouse != undefined) {
                _ate_mouse = c.mouse
            }
            if (c.outlook != undefined) {
                if (c.outlook.show != undefined) {
                    _ate_show_outlook = c.outlook.show
                }
            }
            if (c.google != undefined) {
                if (c.google.show != undefined) {
                    _ate_show_google = c.google.show
                }
            }
            if (c.yahoo != undefined) {
                if (c.yahoo.show != undefined) {
                    _ate_show_yahoo = c.yahoo.show
                }
            }
            if (c.hotmail != undefined) {
                if (c.hotmail.show != undefined) {
                    _ate_show_hotmail = c.hotmail.show
                }
            }
            if (c.ical != undefined) {
                if (c.ical.show != undefined) {
                    _ate_show_ical = c.ical.show
                }
            }
            if (c.facebook != undefined) {
                if (c.facebook.show != undefined) {
                    _ate_show_facebook = c.facebook.show
                }
            }
            if (c.outlook != undefined) {
                if (c.outlook.text != undefined) {
                    _ate_lbl_outlook = c.outlook.text
                }
            }
            if (c.google != undefined) {
                if (c.google.text != undefined) {
                    _ate_lbl_google = c.google.text
                }
            }
            if (c.yahoo != undefined) {
                if (c.yahoo.text != undefined) {
                    _ate_lbl_yahoo = c.yahoo.text
                }
            }
            if (c.hotmail != undefined) {
                if (c.hotmail.text != undefined) {
                    _ate_lbl_hotmail = c.hotmail.text
                }
            }
            if (c.ical != undefined) {
                if (c.ical.text != undefined) {
                    _ate_lbl_ical = c.ical.text
                }
            }
            if (c.facebook != undefined) {
                if (c.facebook.text != undefined) {
                    _ate_lbl_fb_event = c.facebook.text
                }
            }
            if (c.dropdown != undefined) {
                if (c.dropdown.order != undefined) {
                    _ate_dropdown = c.dropdown.order
                }
            }
            if (c.callback != undefined) {
                _ate_callback = c.callback
            }
        },
        hasclass: function(e, c) {
            return new RegExp('(\\s|^)' + c + '(\\s|$)').test(e.className)
        },
        htmlencode: function(a) {
            var b = a.replace(/<br\s*[\/]?>/gi, "\n");
            b = b.replace(/<(?:.|\n)*?>/gm, '');
            b = b.replace(/(^\s+|\s+$)/g, '');
            var c = document.createElement("div");
            var d = document.createTextNode(b);
            c.appendChild(d);
            return c.innerHTML
        },
        eclick: function(a) {
            var b = document.getElementById(a);
            if (b.click) {
                b.click()
            } else if (document.createEvent) {
                var c = document.createEvent('MouseEvents');
                c.initEvent('click', true, true);
                b.dispatchEvent(c)
            }
        },
        track: function(a) {
            var b = new Image(1, 1);
            var d = new Date();
            var c = d.getTime();
            var e = encodeURIComponent(window.location.href);
            b.src = proc + '//track.addevent.com/atc/?trktyp=' + a.typ + '&trkcal=' + a.cal + '&guid=' + addthisevent.getguid() + '&url=' + e + '&cache=' + c
        },
        getguid: function() {
            var a = "addevent_track_cookie=",
                coov = '';
            var b = document.cookie.split(';');
            for (var i = 0; i < b.length; i++) {
                var c = b[i];
                while (c.charAt(0) == ' ') {
                    c = c.substring(1, c.length)
                }
                if (c.indexOf(a) == 0) {
                    coov = c.substring(a.length, c.length)
                }
            }
            if (coov == '') {
                var d = (addthisevent.s4() + addthisevent.s4() + "-" + addthisevent.s4() + "-4" + addthisevent.s4().substr(0, 3) + "-" + addthisevent.s4() + "-" + addthisevent.s4() + addthisevent.s4() + addthisevent.s4()).toLowerCase();
                var e = new Date();
                e.setTime(e.getTime() + (365 * 24 * 60 * 60 * 1000));
                var f = "expires=" + e.toUTCString();
                document.cookie = "addevent_track_cookie=" + d + "; " + f;
                coov = d
            }
            return coov
        },
        s4: function() {
            return (((1 + Math.random()) * 0x10000) | 0).toString(16).substring(1)
        }
    }
}();
if (window.addEventListener) {
    window.addEventListener("DOMContentLoaded", function() {
        _d_rd = true;
        addthisevent.trycss();
        addthisevent.generate()
    }, false);
    window.addEventListener("load", function() {
        addthisevent.generate()
    }, false)
} else if (window.attachEvent) {
    window.attachEvent("onreadystatechange", function() {
        _d_rd = true;
        addthisevent.trycss();
        addthisevent.generate()
    });
    window.attachEvent("onload", function() {
        addthisevent.generate()
    })
} else {
    window.onload = function() {
        addthisevent.generate()
    }
}
if (!_d_rd) {
    setTimeout("addthisevent.trycss();addthisevent.generate();", 20)
}
                                    

#2 JavaScript::Eval (size: 79, repeated: 1) - SHA256: 7d6b0fcdd3508922088e3af5a4b10c860917b5b36387e7e9c622eab70e01666b

                                        formSubmitFunctions["cfAR"] = function() {
    SendData("cfAR", null);
    return false;
};
                                    

#3 JavaScript::Eval (size: 119, repeated: 1) - SHA256: 172740cc28f74f637d10f59f9951c0a3ab6fe47413003c7661f3aa20616265bd

                                        createCookie('is_eu', false);
createCookie('citza05gkajncymq', true, 365);
createCookie('12237165_viewed_1', '1', 365);
                                    

Executed Writes (0)



HTTP Transactions (72)


Request Response
                                        
                                            GET /campaigns/lj544c8mcx357/track-url/dy806lsj7q32c/c6ed556b92f54f1ff08a6a0f70e88d4e7ec80b7e HTTP/1.1 
Host: safe.secretfindertoday.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         65.21.197.40
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 21 Sep 2022 04:40:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Wed, 21 Sep 2022 04:40:13 GMT
Location: https://link.rapidpockets.com/go/trump


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 04:13:32 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5oL-e1hLxFQ2rmbHFWpj2p0shVup4BN6RDOE4Qrw4_B8Xwg0nTAtvw==
Age: 1601


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10733
Expires: Wed, 21 Sep 2022 07:39:06 GMT
Date: Wed, 21 Sep 2022 04:40:13 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SOpvG6Ch2EVpcHdFI6xUEan3kpnq6PU4SfBvPQC9jpBzlLmOrD88uA==
age: 300
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 21 Sep 2022 04:40:13 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 04:40:13 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 22:18:24 GMT
Expires: Tue, 27 Sep 2022 22:18:23 GMT
Etag: "8c265fe543ded05eb268acd25d894fa17e9b9588"
Cache-Control: max-age=581289,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e01f1d5fe9b50f-OSL

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 21 Sep 2022 04:03:22 GMT
Expires: Wed, 21 Sep 2022 04:37:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cHXLsrJpnPIC-Vo9sjYX7DnNIbFGGGKx3f2FoB8iPkm146u-MCohaw==
Age: 2211


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4641
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 04:40:13 GMT
Last-Modified: Wed, 21 Sep 2022 03:22:52 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /go/trump HTTP/1.1 
Host: link.rapidpockets.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         144.208.71.125
HTTP/2 301 Moved Permanently
content-type: text/html; charset=iso-8859-1
                                        
server: nginx/1.21.6
date: Wed, 21 Sep 2022 04:40:13 GMT
content-length: 249
location: https://click.socialuplifted.com/go/trump
x-proxy-cache: DISABLED
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   249
Md5:    16192d92a06c96afab57369202f44cae
Sha1:   eae3a5c7e0eb0168858fbe6dbc4bea04196c09a7
Sha256: 814a50aedd1f8cf138b353c192437d7dbb2ed77d1f934b08c9f22314be5a1b85
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1q/YPw66rleKgJMaWqfgFA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.69.181.45
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WrGrXabDLScqbtxyHqXnGSa7Q7Q=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 04:40:14 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 20:22:05 GMT
Expires: Tue, 27 Sep 2022 20:22:04 GMT
Etag: "549b7e6afd57065c6c6aed42975099d6dea02643"
Cache-Control: max-age=574309,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74e01f21fb5eb50f-OSL

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13483
Expires: Wed, 21 Sep 2022 08:24:58 GMT
Date: Wed, 21 Sep 2022 04:40:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13483
Expires: Wed, 21 Sep 2022 08:24:58 GMT
Date: Wed, 21 Sep 2022 04:40:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13483
Expires: Wed, 21 Sep 2022 08:24:58 GMT
Date: Wed, 21 Sep 2022 04:40:15 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62f1d773-46e0-4cf2-8178-3101a22f8b0c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7060
x-amzn-requestid: 69e8f4d4-2360-4124-a9e9-9cce3dd43da7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yx0NWEgmIAMFusQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a33ee-0f4861c226117d70664b8612;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:43:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kj4FQUvvo13Yrwu_bKqee64IMn6X0UXlOJQ3fh40qejOi-3dtCrEYg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:55:57 GMT
age: 24258
etag: "9d297544318ff34f839678d8b358290ab6bd62a8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7060
Md5:    c92f202bddcfee6efac41bcc25be5745
Sha1:   9d297544318ff34f839678d8b358290ab6bd62a8
Sha256: f471aaff7c08c60905cff5b1c9d4b669a3179574493d23d27e681110688af6b2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7507
x-amzn-requestid: 2a40c792-8b1b-4476-92de-1fce3df48fc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCmaHefoAMF4Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e28-6b05350006b7f3fb73d1e37a;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rq4QHCD4EubBKHyCj7jyKqpct5d7U33TvNufqj_w8mWunqQsouoh7w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:21:54 GMT
age: 22701
etag: "09bd3300d710c3212483159f8398b84cde09da26"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7507
Md5:    4d98acc059a69d51165fb5e0c7430ea3
Sha1:   09bd3300d710c3212483159f8398b84cde09da26
Sha256: 6e38bbb5c79c4f714973e10961d7bad9e7ae8711cf24d68b13a77206f474d2a6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecaa9082-610c-41c1-ae9a-e453d87828ab.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10038
x-amzn-requestid: 4cf38a70-a706-4e6a-b854-9404727c599d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1mHDCIAMF5-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-5aba5b0640221b302a19781b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: hDCOWNm2vFa9h7BffUJwcwZ6i27jM2qBuSTasH9q_wsQ9oNWhVpQCg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:47:24 GMT
etag: "54ed14436a75ba2aeb8459bad2ce70229aff4203"
age: 24771
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10038
Md5:    dab1f2cd68979d2004ba4449d759a341
Sha1:   54ed14436a75ba2aeb8459bad2ce70229aff4203
Sha256: e782fb5ede547e1b167719068c6821c62414dcb0991bf9ac38285cb3ce8894e3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febae4a05-492e-4ab9-a79b-7e3f27cfc01e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6904
x-amzn-requestid: 1c4e2685-d06f-45fc-ab93-8678905f3804
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwcI5HuLoAMFoRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329a705-099ce127249e148456270c11;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 11:41:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: sRlJblY5obOlucutG9WQ_WPl5QGdA-0XsxIkHGkShaHvezNeqwGrkw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:37:39 GMT
age: 25356
etag: "443706b089783f7a16d4b001948a141a83ace053"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6904
Md5:    2cb692de2fcf108bf060af0b9599869f
Sha1:   443706b089783f7a16d4b001948a141a83ace053
Sha256: 06bedf63121d961420176535071c3a98d39e1d4586acb734d00ad80ce2b291ce
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1002d7b2-c264-4e0d-a7db-a4c5299eda73.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4296
x-amzn-requestid: c85bf15a-42ec-48d0-a8c6-72be1c66f0af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yl7VTGWMoAMF3fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63257288-0396631418a153b5719363f6;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 07:08:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GpNFRpRcL5wLzPbd0GwW7BWYBDH9q-tEuECtoxDAD4RJmphpia8S5g==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:41:42 GMT
age: 21513
etag: "0d93de1e5f6a5c64116accbd61d003c349664483"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4296
Md5:    c523ffabe9e2288c7e6951ba0bc4c5d1
Sha1:   0d93de1e5f6a5c64116accbd61d003c349664483
Sha256: b509944b3e30e23d3983a52e30ce228c29a0d821720794555863f97286d8c70c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273857c4-a36e-4755-b3c4-1ff5fcd3d260.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11440
x-amzn-requestid: eda42fc3-bfca-4c15-856f-fae709e79c4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvZ5EcDIAMF9lQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c3f-3ae1bd425e29e23c2ee71933;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:07:43 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Y5QhJH7dOsTpV4mdGHuK_xaJJRUvV8JzDgcmBoqtvnTiLlTp38Nbug==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:47:34 GMT
age: 24761
etag: "5dfdf9835782ef3825a45bfcc7f38dfe3a754df0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11440
Md5:    a4a275a6a20ad8a21f49b3ed73098126
Sha1:   5dfdf9835782ef3825a45bfcc7f38dfe3a754df0
Sha256: 933a6d502e92d7320ad9f3204c768b0d7d757f136d4c9c130e418e74a36dde06
                                        
                                            GET /go/trump HTTP/1.1 
Host: click.socialuplifted.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         144.208.71.125
HTTP/2 307 Temporary Redirect
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.21.6
date: Wed, 21 Sep 2022 04:40:15 GMT
content-length: 0
x-robots-tag: noindex, nofollow, sponsored
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro Developer 3.2.4 http://prettylink.com
x-redirect-by: WordPress
set-cookie: prli_click_136=go%2Ftrump; expires=Fri, 21-Oct-2022 04:40:15 GMT; Max-Age=2592000; path=/ prli_visitor=632a95af127b1; expires=Thu, 21-Sep-2023 04:40:15 GMT; Max-Age=31536000; path=/
location: https://5dea0ub1cz3u1m1bjfqyjcqu6o.hop.clickbank.net
x-proxy-cache: MISS
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.39
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 04:40:16 GMT
Last-Modified: Wed, 21 Sep 2022 04:03:13 GMT
Server: ECS (dcb/7F37)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bXdL3qliF_yf7sXgrXOQ-RcIAvnnmvDQ0qWCo-Vvlj9C-8k_VDbc5g==
Age: 2223

                                        
                                            GET / HTTP/1.1 
Host: 5dea0ub1cz3u1m1bjfqyjcqu6o.hop.clickbank.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         44.240.181.170
HTTP/2 307 Temporary Redirect
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
content-length: 0
location: https://www.vipgoldenbucks.com/home?hop=73787
set-cookie: q=01.6FEEB976B526EC689B12B4734D8FC0831D671641B2460F5F7E161E4358D5127F125652A93DCC7CB73ED85573FCCC40A4DAF40293; Path=/; Domain=.clickbank.net; Max-Age=15552000; Expires=Mon, 20 Mar 2023 04:40:16 GMT p=RJLfC6B4B47KD1L3r5AcVC1i0N9vEgBoQBsN_IquDxTEDbM5xgtl2sUThQnhsvdjKd_AFRroDENn4Ekqx3i2dM9wGiWLQlhpD2miXAE0OHTiKObKTbC4koxFqZAK6XWxlIUgG0NAujmaF-6ij9H-oxEnwPs-m-NgUzbay_KDhDRuNCiFFR0jkXttwpzU3uRDP7xONg%3D%3D; Path=/; Domain=.clickbank.net; Max-Age=15552000; Expires=Mon, 20 Mar 2023 04:40:16 GMT
server-timing: traceparent;desc="00-5b6efc016d212916e649c6c7c4d11aa3-2a7d9320dc998662-01"
access-control-expose-headers: Server-Timing
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 04:40:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 04:40:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /releases/v5.9.0/css/v4-shims.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.132.15
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
x-amz-id-2: lj0FvMnfC9mptRM/Gd0lw9lT7Zj4wo+oaxaEYLcDnZaRJXq3Oc/kbTmcEwen2MxXaG9FhyIrGnI=
x-amz-request-id: 9D38DJ2PTJVFVSCR
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
etag: W/"e140a7d32f343530f016095df3cc2ae4"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 28473472
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OhHrIHW%2FIGBZBe4oMGV3mK0sltKRvSGArWZUx7GJFnPCyLb%2BhDnMA9yQ7DZLXJn5geWs4yXRWKYz80QhHR%2BPNrsvu4HlrHFaEG3PLUoJS1INLedRwEUZgYU%2B%2BTOW11kXRS4WTYPp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74e01f30fc047765-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26440)
Size:   4659
Md5:    517b469a361ec48d1d008ee765b49511
Sha1:   b60acba39ed8d8d9f8ca834a405b71cb48426125
Sha256: 69c5db51b9e57a9144ef9732acf0f67aa140a6707354938ade70856d95ec0cba
                                        
                                            GET /hosted/images/b7/4825986a3a4807a0ba0710c0873000/bill-transparent.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
content-length: 768120
cf-ray: 74e01f307d240af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "7ab292c8dde0bf79a8427e78ea492c05"
last-modified: Mon, 25 Jul 2022 14:00:05 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1819 x 768, 8-bit colormap, non-interlaced\012- data
Size:   768120
Md5:    7ab292c8dde0bf79a8427e78ea492c05
Sha1:   20f5526a140e4c32952f7404d40dc9f4c194e086
Sha256: b4872b95f922915db5ba5e33c738b5cc34c26f40a0ed771dca80f872c7767b73
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.39
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 04:40:17 GMT
Last-Modified: Wed, 21 Sep 2022 03:00:41 GMT
Server: ECS (dcb/7F3B)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8zIKhv9jljBazYZ-kaB7j_UWjPdGdCfbfwvmcaRQNxH8d3ijYGUS7A==
Age: 5976

                                        
                                            GET /?vendor=magabill HTTP/1.1 
Host: cbtb.clickbank.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.33.226.99
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
date: Wed, 21 Sep 2022 04:40:17 GMT
content-length: 938
set-cookie: AWSALB=xCqbaEAUQudluvDML7wYTV/MkIRIapfRr7ktt3r/f1ETqvmpb7XFJQYE50dGp5g+a8YmccmBjfn/WrecYQ7vICIATbW+yRnpfsEKbCg4sK5MLRGmNGMupw9XhyDL; Expires=Wed, 28 Sep 2022 04:40:17 GMT; Path=/ AWSALBCORS=xCqbaEAUQudluvDML7wYTV/MkIRIapfRr7ktt3r/f1ETqvmpb7XFJQYE50dGp5g+a8YmccmBjfn/WrecYQ7vICIATbW+yRnpfsEKbCg4sK5MLRGmNGMupw9XhyDL; Expires=Wed, 28 Sep 2022 04:40:17 GMT; Path=/; SameSite=None; Secure
server: Apache
cache-control: max-age=900
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (938), with no line terminators
Size:   938
Md5:    a512b3bf536e5feec7dd291fbd6d95b3
Sha1:   21ebc681f6abde8fff6c2cdd1b058af6ac7b9f76
Sha256: 3cc3ba395cb263c958b41891816fd2326420ba9266123c1777ae661f38b8665a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 04:40:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 04:40:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 04:40:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/fredokaone/v13/k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15596
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Sep 2022 21:54:46 GMT
expires: Fri, 15 Sep 2023 21:54:46 GMT
cache-control: public, max-age=31536000
age: 456331
last-modified: Thu, 21 Apr 2022 16:51:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15596, version 1.0\012- data
Size:   15596
Md5:    72bb194f7e275c92ecf5536060952844
Sha1:   a7419d2e8b92cbc5f89c3c03771f45c4f632964c
Sha256: e9986c62b19bce3791c4c103a4aa87c91d22d9e1c9f252f7f802ea26d3405769
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 551169
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 551169
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:32:09 GMT
expires: Thu, 14 Sep 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 551288
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size:   7884
Md5:    9212f6f9860f9fc6c69b02fedf6db8c3
Sha1:   ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
Sha256: 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
                                        
                                            GET /hosted/images/1a/ba0eaa4ffe4351be97bb5201545ee9/bg.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:17 GMT
content-length: 653605
cf-ray: 74e01f351f710af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "85594fdc68eb1fb3003ce9b958a2400f"
last-modified: Tue, 26 Jul 2022 11:36:09 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1200 x 1200, 8-bit colormap, non-interlaced\012- data
Size:   653605
Md5:    85594fdc68eb1fb3003ce9b958a2400f
Sha1:   26d388ce206c3fe833ca7cd1ce15ce313e8fd1c7
Sha256: 80ec63d0fdbc9560caaaaf25cc81ae2c46450ba4f352a0300be8bbac63baa952
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 04:40:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /uploads/digital_asset/file/1043103/vip-bucks-icon.png HTTP/1.1 
Host: d2saw6je89goi1.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.42.23
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 69175
date: Sun, 28 Aug 2022 03:39:51 GMT
last-modified: Mon, 25 Jul 2022 15:30:16 GMT
etag: "cd8f50c6763377be558d1c5fc17f5b0b"
cache-control: max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: M8VyHTG-ZkbOOUWiAppnWwpKf3R3pBO4pgnp3iqn0-QrQ992XNdwpA==
age: 2077228
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size:   69175
Md5:    cd8f50c6763377be558d1c5fc17f5b0b
Sha1:   1f2a3442000a487385819ee29d8bb2d66255e4a7
Sha256: b944880556047cc70556bdfc34d89a695efb7dad2ed1e978ad3e096c2776d2a0
                                        
                                            GET /images/closemodal.png HTTP/1.1 
Host: assets.clickfunnels.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.13.194
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 672
cf-ray: 74e01f3919fcb512-OSL
accept-ranges: bytes
access-control-allow-origin: *
age: 544260
cache-control: public, max-age=2678400
content-disposition: inline; filename="closemodal.webp"
etag: "630e9cfc-314"
expires: Sat, 22 Oct 2022 04:40:18 GMT
last-modified: Tue, 30 Aug 2022 23:27:56 GMT
strict-transport-security: max-age=0
vary: Accept, Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=788
set-cookie: __cf_bm=EMlVE.EbIwuO7LhWFWvVSl03ewe0HX5L.4rgFYt67zQ-1663735218-0-AfyeHZsCaUTqDFqfbqnzC8AHzxhm1ZWmyyklsibdUzVIQe1wyD9EKfcLGuZZXxMEtNJaBvTvMxCbgwRYbccd8PjgD+7HpyiprrrvfdEvFwRX; path=/; expires=Wed, 21-Sep-22 05:10:18 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   672
Md5:    19754ed4d508cf576c80cf36e0db8c50
Sha1:   f459beac714e5be68aa75349fa806a5642af456a
Sha256: 5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389
                                        
                                            GET /hosted/images/39/0bb22faca144b1808f25103024eb37/2.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 260104
cf-ray: 74e01f38d9a50af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "856d0093b74854ad39ac7d1b02c736c8"
last-modified: Mon, 25 Jul 2022 22:14:29 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2048 x 649, 8-bit colormap, non-interlaced\012- data
Size:   260104
Md5:    856d0093b74854ad39ac7d1b02c736c8
Sha1:   c8d9b5ac3cfe3dadef77ff78226d44a764562550
Sha256: db99a1e27ec8c5eed866b08f3248bcab361e83c77b80ed3de3ee8800412af894
                                        
                                            GET /hosted/images/93/b48ba1e75b44e59e09e529cac9e10f/1.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 181323
cf-ray: 74e01f38e9ae0af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "a92e796220f6259bd0d2a6654daf1f20"
last-modified: Tue, 26 Jul 2022 16:36:27 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2048 x 649, 8-bit colormap, non-interlaced\012- data
Size:   181323
Md5:    a92e796220f6259bd0d2a6654daf1f20
Sha1:   cdbdc8b550cbe1739beccc065f223997384dbc6f
Sha256: eb337ae6e6e6ed091d20a3db9b38d22f8933ec5f190995f1f304e6e9373fbfc4
                                        
                                            GET /hosted/images/e3/ff2b265fc94bfba15ff00e9e2b3de8/1.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 270999
cf-ray: 74e01f38d9a30af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "8e970ef2d7101f6651d5c069c193a299"
last-modified: Mon, 25 Jul 2022 22:14:04 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2048 x 649, 8-bit colormap, non-interlaced\012- data
Size:   270999
Md5:    8e970ef2d7101f6651d5c069c193a299
Sha1:   51cc890ecf9ddb0c705226f335fb81ef5e8d3fcc
Sha256: c53b93ffc3965b651f6e7f3c6b2475a27012d697ea57a56584c04329214beb65
                                        
                                            GET /hosted/images/b8/40c028036f477aa8a0591639becada/trump-selected-resize.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 213853
cf-ray: 74e01f38f9bf0af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "82c65b0d3dfe18806887ab2d18c40daf"
last-modified: Sun, 24 Jul 2022 12:54:02 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 720 x 754, 8-bit colormap, non-interlaced\012- data
Size:   213853
Md5:    82c65b0d3dfe18806887ab2d18c40daf
Sha1:   1d3cf17326010bde2807639fee58f2b6c97ebcf7
Sha256: 2a4e4b93f83380bd6763950716c979fd465ac3f621fd0730ffb14ed7c953ff44
                                        
                                            GET /hosted/images/78/12d49037cc4b479ed56e4d3d488d8a/4th-button.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 242025
cf-ray: 74e01f38f9ba0af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "40f9b11a5beff71ab942911563853d52"
last-modified: Tue, 26 Jul 2022 16:39:08 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=mxM72zo33jIdm5I8z6zEpiNSQZvb1X80g7tsHom3hYc-1663735218-0-AWOK2yLnlffnJcujK_SwoOj4eJ8u6m5Jci7fvKsEbJZc1GXOAxRWaqd0ffbIst1-CtkydoEDl0Qr3fZEBiy-l8ub3zz1V_OiOAZq0G9hqaez"}],"group":"cf-csp-endpoint","max_age":86400}
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=mxM72zo33jIdm5I8z6zEpiNSQZvb1X80g7tsHom3hYc-1663735218-0-AWOK2yLnlffnJcujK_SwoOj4eJ8u6m5Jci7fvKsEbJZc1GXOAxRWaqd0ffbIst1-CtkydoEDl0Qr3fZEBiy-l8ub3zz1V_OiOAZq0G9hqaez; report-to cf-csp-endpoint
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2048 x 649, 8-bit colormap, non-interlaced\012- data
Size:   242025
Md5:    40f9b11a5beff71ab942911563853d52
Sha1:   08db75d6f837d55a081858567dd39f37b1c05a38
Sha256: a435a0fbe36ab1dfa066e0ca77d023bfc34e45ae6d3e5e37094bdbc0d7f9606a
                                        
                                            GET /hosted/images/23/03555d779f47729204aeba34555a8e/4.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 238847
cf-ray: 74e01f38d9a80af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "4196b3278b0f3fc135635aa6ea419f89"
last-modified: Mon, 25 Jul 2022 22:15:48 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2048 x 649, 8-bit colormap, non-interlaced\012- data
Size:   238847
Md5:    4196b3278b0f3fc135635aa6ea419f89
Sha1:   804f08069c3c9be9e2a9635917dadac670823104
Sha256: 459611f66117fe6650fa2023782c99e18f245943844e1fb3c9baa122258b527f
                                        
                                            GET /hosted/images/2a/8112c669ed4eeea2a55909ace3478f/626c31b1c9511_banner-1.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 6106
cf-ray: 74e01f38f9bb0af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "196af1468598fd5033ed90ab30cde94b"
last-modified: Wed, 06 Jul 2022 15:45:52 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 600 x 67, 8-bit colormap, non-interlaced\012- data
Size:   6106
Md5:    196af1468598fd5033ed90ab30cde94b
Sha1:   058c40ece93af1da7b05c2f3ed9a48949c550eb5
Sha256: a66c5c7fc2bff83019eceaf37b816dbf9241add55471e9f1d0db77013af9e127
                                        
                                            GET /images/background.png?_unique=0.8306555679145597&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.vipgoldenbucks.com/home%3Fhop%3D73787&_title=VIP%20Golden%20Trump%20Bucks&_key=bathj3jp&_page_key=citza05gkajncymq&_fid=12237165&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.vipgoldenbucks.com/home?hop=73787&_referrer= HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
cf-ray: 74e01f38f9c00af6-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store, private
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
status: 200 OK
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: bac278421803f6e2256e9ec4ab5e25b2
x-runtime: 0.033547
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4577
Md5:    706747e90c5ea32a872a0a72fff10d7a
Sha1:   ee9567c57fbe628c9ef390ea36715ab4b5b4755b
Sha256: d2992cffd5c7a28f292e6402f7d5ba69496aebc3f71d857fdfc33fdb36d77c2a
                                        
                                            GET /hosted/images/10/1dd3c655c844bb84b64ae6a16b00e0/3.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 241483
cf-ray: 74e01f38d9a70af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "f13861893279d05f5998f0e72e6bbd20"
last-modified: Mon, 25 Jul 2022 22:15:27 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2048 x 649, 8-bit colormap, non-interlaced\012- data
Size:   241483
Md5:    f13861893279d05f5998f0e72e6bbd20
Sha1:   1857dcca724db11a2b41238974d4931489c30e5b
Sha256: 755d8ca55380250cd7d689ca2ab3f1227f601428bc114f00875d360c689d1231
                                        
                                            GET /hosted/images/ab/d4d0b23a6c434f8e3db47285c45b41/2.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 175094
cf-ray: 74e01f38f9b60af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "414b53abe8ad63c9edf0386677e4f44a"
last-modified: Tue, 26 Jul 2022 16:36:53 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2048 x 649, 8-bit colormap, non-interlaced\012- data
Size:   175094
Md5:    414b53abe8ad63c9edf0386677e4f44a
Sha1:   caa538ebf3cc99b718132a6d501fcbb861dc9a81
Sha256: 516007b2b5af019f266c9c62361faee68b1ab423465e4d0d59be76689bbf35da
                                        
                                            GET /hosted/images/b1/296b1874ae4ba68242c03978f05a6b/3.png HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 184195
cf-ray: 74e01f38f9b80af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "35f9a4da06f204a1d4636f306cfdad5c"
last-modified: Tue, 26 Jul 2022 16:37:19 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2048 x 649, 8-bit colormap, non-interlaced\012- data
Size:   184195
Md5:    35f9a4da06f204a1d4636f306cfdad5c
Sha1:   15f7b67d01ec4e5031263d3f1dcac64dbb3759af
Sha256: 594a160f68af23a12e44eb15761f2bcc2727fa5a390c5ae2459a9894bfd7cb10
                                        
                                            GET /dist/i18n/app-strings-en.json HTTP/1.1 
Host: prod.cbstatic.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.53
HTTP/2 200 OK
content-type: application/json
                                        
content-length: 9
date: Wed, 21 Sep 2022 04:40:19 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 21 Dec 2020 21:57:36 GMT
x-amz-version-id: ZlnvsWVay.azLO76UGrGFfzKmZRJT9PH
etag: "cdfca8b09e61ae7324e48f01984c9b34"
server: AmazonS3
vary: Origin
x-cache: Miss from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: d6xvPgn0dijZzVPMfyjTAR4LOG6Y0ijxvptpVRqVSzxb4Ie2N2UYcg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   9
Md5:    cdfca8b09e61ae7324e48f01984c9b34
Sha1:   874b413675711909229ca228efea613383d6a9a4
Sha256: 00c89e0cd4c41144418e06885bb87e962fdb17567bf55adccb1678a1f6beca4c
                                        
                                            GET /dist/assets/logo-header-grey-en.png HTTP/1.1 
Host: prod.cbstatic.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.53
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 3411
date: Wed, 21 Sep 2022 04:40:19 GMT
last-modified: Mon, 21 Dec 2020 21:57:34 GMT
x-amz-version-id: 71cSXUBUM9.r4kJae4cWcrwqU9syKuwh
etag: "775f725418ac88c31a677e390f465809"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5zm-rGUD4d0QaM-yL-nnht1pkjWkzdImz71JQxJIzpbL08b33TSsCg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 472 x 31, 8-bit/color RGBA, non-interlaced\012- data
Size:   3411
Md5:    775f725418ac88c31a677e390f465809
Sha1:   a98a41e9bae7569e21735d283574ae38e2d576e5
Sha256: f05b4ce7119a4a661da917ddd0871980206eaafb2cf0a0758cf8d2fd63dd979d
                                        
                                            GET /dist/assets/logo-tab-grey-en.png HTTP/1.1 
Host: prod.cbstatic.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.53
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 4237
date: Wed, 21 Sep 2022 04:40:19 GMT
last-modified: Mon, 21 Dec 2020 21:57:36 GMT
x-amz-version-id: BZcqTTzd9kulbp7_gvMzQqT0ukDU9T89
etag: "dc4af65db445b298e1227602a2e371f0"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EZA89HUgMeYUQCzNiKdMPIx3FSzlGzCP0pnpTm_XafNuhi83EzoWUQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 321 x 63, 8-bit/color RGBA, non-interlaced\012- data
Size:   4237
Md5:    dc4af65db445b298e1227602a2e371f0
Sha1:   f04e5596ad7fd00f5cd5446d625611811676417f
Sha256: cc27af050704c115cfdd6000c13cfe280912f53df2402c6a038eb34581dc17fa
                                        
                                            GET /nr-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: Vf9xsFZHH0UI6bmTnW+KeBzegICGOxvtMLIWtbljNKoJtdkUEk/MfmbYPFui+bgtiUf/4lC5dk8=
x-amz-request-id: 4AV5AVKCCR961CNG
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 21 Sep 2022 04:40:18 GMT
via: 1.1 varnish
x-served-by: cache-bma1681-BMA
x-cache: HIT
x-cache-hits: 356
x-timer: S1663735219.722287,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 14391
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32022)
Size:   14391
Md5:    b7c09cc097b2847f9edc784adba62dcb
Sha1:   5aa648623cf5e3b4b215fe5d068a7904c59f2925
Sha256: 6da450b6a3ba53bdab36f6529e987a245cdfca9a37b77790f06dfd8d5797bdaa
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4787
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 04:40:18 GMT
Last-Modified: Wed, 21 Sep 2022 03:20:31 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /1/NRJS-fc902efb332119fff33?a=367981416&v=1216.487a282&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=5849&ck=1&ref=https://www.vipgoldenbucks.com/home&ap=185&be=3742&fe=5136&dc=4882&perf=%7B%22timing%22:%7B%22of%22:1663735212915,%22n%22:0,%22f%22:3432,%22dn%22:3435,%22dne%22:3446,%22c%22:3446,%22s%22:3451,%22ce%22:3466,%22rq%22:3467,%22rp%22:3697,%22rpe%22:3698,%22dl%22:3723,%22di%22:4843,%22ds%22:4881,%22de%22:5016,%22dc%22:5136,%22l%22:5136,%22le%22:5253%7D,%22navigation%22:%7B%7D%7D&fcp=4834&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Wed, 21 Sep 2022 04:40:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74e01f3e0961b51d-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=71013ad6b417e744; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   77
Md5:    f1442f5831dbbe0210da2d7a4180d6b8
Sha1:   2ade23c6c7a001c66f0c0a9a101ec152747b434e
Sha256: c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
                                        
                                            GET /hosted/images/17/9522b3e64d4df1a6f35e48258f4bbe/trump-bucks-gif.gif HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
content-length: 7143410
cf-ray: 74e01f38e9aa0af6-OSL
accept-ranges: bytes
cache-control: max-age=31536000
etag: "d5cbe2657ae75c40e871948438330dd2-2"
last-modified: Sun, 24 Jul 2022 12:44:44 GMT
cf-cache-status: MISS
x-amz-cf-pop: SOF50-C1
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=q_4wPlSwzCick6M1n1ydyCg5MPUNx3puLGXJR8eUks4-1663735218-0-AVBQhsjeiCuoZHnStU-ra0nBCIp2uuvlbj20pu96bEo7h1IaJcTUyGG6KdlaXGFgxNUk7o5SJCseWKXn0EqbZdcmh37ivScfDF-IIeKMRg04"}],"group":"cf-csp-endpoint","max_age":86400}
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=q_4wPlSwzCick6M1n1ydyCg5MPUNx3puLGXJR8eUks4-1663735218-0-AVBQhsjeiCuoZHnStU-ra0nBCIp2uuvlbj20pu96bEo7h1IaJcTUyGG6KdlaXGFgxNUk7o5SJCseWKXn0EqbZdcmh37ivScfDF-IIeKMRg04; report-to cf-csp-endpoint
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 714 x 858\012- data
Size:   7143410
Md5:    dff90ab3e45523e4a56dcd8acd25b2ad
Sha1:   988d4a49f147e982438ab08a278e4e7764332301
Sha256: bb6e1383db4c3444ed093e16c326e0f559433865f2bde27e16561913365a2fca
                                        
                                            GET /vendor.js HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 04:40:17 GMT
cf-ray: 74e01f36e8a10af6-OSL
access-control-allow-origin: *
cache-control: max-age=900, public
etag: W/"7422e50efbaea439fda7ef3b0eb54ee1"
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
status: 200 OK
x-content-digest: 581e49c9b7bdd06dab54c00931f4256b223e620e
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: fresh
x-request-id: 438b27f006af75f51d02a67923f9c9ce
x-runtime: 0.016369
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /releases/v5.9.0/css/all.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.132.15
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
x-amz-id-2: eDALjXs4h5JwODL8ovr/4umLPbaCelCJI3+jx3FuubhJSoknTWWFmQo6HJaW+Q0JCvePiWa75nI=
x-amz-request-id: WT4YSGCQ9TAEW3HE
last-modified: Wed, 30 Jun 2021 15:48:06 GMT
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 28473473
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COrxRGqwwcWC7M4%2FBrNdJEVlIWU9xCHTYBufX0ml53jr2SkLVb8XfGwxVCL9a%2B9KLbn9u0%2FvkIfpp8I6JM57%2Fvg0LxcA4RJJOM1bqyEplTXiClH5zR8degiZqykTgvt7nXAPil0x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74e01f310c087765-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1 
Host: static.cloudflareinsights.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.47.230
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 74e01f30ff7bb503-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 21 Sep 2022 04:40:16 GMT
date: Wed, 21 Sep 2022 04:40:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /userevents/?funnel_id=eFBWZ1VQZVM1OHRsN1ZmbC8xV0RKdz09LS1DVXhsWC8rdlJ6TlN3UlF4eDVheGVBPT0%3D--dbb2c9cfee941af14c25d44eac3c048c276a87ad&page_id=Q0FHZnZkODQ2ZGg4S3lFZld6aW5hZz09LS1ibVNLdExEK0E5NDgxMjBnWEx5R3VBPT0%3D--01bbc3e1933a747863f2b8dc1f837bdfcac73340&funnel_step_id=RXNsUiswSmR5SlhaRXRWQU93eDd5UT09LS1reUc0S2QwZVFIeSt1RnFYc2hVY1JRPT0%3D--769145ea3b4bade8f4e99d2dbb00411867e2687d&user_id=S3d6R0c0VHI2c3FJT3hpbG5wdGtsQT09LS1SbitDYlcybjBzNFVCMmhYZzNsTjJRPT0%3D--9b492d566808cc640358d8e56db9b63bd65da1a2&account_id=TVI4UTl5aVVmYXkwZ3JwL3BwV0F6UT09LS1qNC9lNGY1ckxkZDlhTENtVmNXSVl3PT0%3D--3f9115794ecd38897e98ceb181b97ca072bee9e6&page_code=NTU1NjUyNzI%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniqueVisitorsCreatedSummary&nonce=8542f27b-bf6e-4065-b1fb-a7c310847073&url=https%3A%2F%2Fwww.vipgoldenbucks.com%2Fhome%3Fhop%3D73787 HTTP/1.1 
Host: app.clickfunnels.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.14.194
HTTP/2 202 Accepted
content-type: text/html
                                        
date: Wed, 21 Sep 2022 04:40:17 GMT
cf-ray: 74e01f377a9c1c06-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: efd4c8abc3facf269f1277acbbb25e7a
x-runtime: 0.030304
set-cookie: __cf_bm=1MJEJwMoMqhn14zbzn44zqUwfW5g68lqbfKYvYUxj4E-1663735217-0-AayUcbepmuaPBMdMCjRflNs2+4SDHJySk/GOyYl/SbNzI+xlP0IBFSE90A1MnkZAFA6kfiKnZkDO89pqkkYo4nQOePxIg4DawkujqfD5V4gH; path=/; expires=Wed, 21-Sep-22 05:10:17 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /home?hop=73787 HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
cf-ray: 74e01f2e4c1f0af6-OSL
access-control-allow-origin: *
cache-control: max-age=60, public, s-maxage=600, r-maxage=10
last-modified: Thu, 28 Jul 2022 17:34:24 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
status: 200 OK
x-content-digest: 9e3b0f21d35b5bfbddb0d604d23147468f25ac7d
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: stale, valid, store
x-request-id: 28ba33f02db28a05cc4092833da96272
x-runtime: 0.178332
set-cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; path=/; expires=Wed, 21-Sep-22 05:10:16 GMT; domain=.www.vipgoldenbucks.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/lander.css HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
cf-ray: 74e01f306d1b0af6-OSL
access-control-allow-origin: *
age: 148
cache-control: public, max-age=1200
etag: W/"632a4cc7-6a514"
expires: Wed, 21 Sep 2022 05:00:16 GMT
last-modified: Tue, 20 Sep 2022 23:29:11 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Fredoka+One%7CRoboto%7CFredoka+One%7CRoboto%7CFredoka+One%7CRoboto%7CFredoka+One%7CRoboto%7CFredoka+One%7CPoppins%7CFredoka+One%7C HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 21 Sep 2022 04:40:16 GMT
date: Wed, 21 Sep 2022 04:40:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /userevents/?funnel_id=eFBWZ1VQZVM1OHRsN1ZmbC8xV0RKdz09LS1DVXhsWC8rdlJ6TlN3UlF4eDVheGVBPT0%3D--dbb2c9cfee941af14c25d44eac3c048c276a87ad&page_id=Q0FHZnZkODQ2ZGg4S3lFZld6aW5hZz09LS1ibVNLdExEK0E5NDgxMjBnWEx5R3VBPT0%3D--01bbc3e1933a747863f2b8dc1f837bdfcac73340&funnel_step_id=RXNsUiswSmR5SlhaRXRWQU93eDd5UT09LS1reUc0S2QwZVFIeSt1RnFYc2hVY1JRPT0%3D--769145ea3b4bade8f4e99d2dbb00411867e2687d&user_id=S3d6R0c0VHI2c3FJT3hpbG5wdGtsQT09LS1SbitDYlcybjBzNFVCMmhYZzNsTjJRPT0%3D--9b492d566808cc640358d8e56db9b63bd65da1a2&account_id=TVI4UTl5aVVmYXkwZ3JwL3BwV0F6UT09LS1qNC9lNGY1ckxkZDlhTENtVmNXSVl3PT0%3D--3f9115794ecd38897e98ceb181b97ca072bee9e6&page_code=NTU1NjUyNzI%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::PageviewsCreatedSummary&nonce=694f44c8-62eb-47d4-af11-dada02f5aba5&url=https%3A%2F%2Fwww.vipgoldenbucks.com%2Fhome%3Fhop%3D73787 HTTP/1.1 
Host: app.clickfunnels.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.14.194
HTTP/2 202 Accepted
content-type: text/html
                                        
date: Wed, 21 Sep 2022 04:40:17 GMT
cf-ray: 74e01f376a981c06-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 7794063d13545d079b4550e95c01a749
x-runtime: 0.030957
set-cookie: __cf_bm=ZRZpG1R8tPI0cSgNyYBSTDgQ3O_ob4hLWCwFR6bRTVo-1663735217-0-ATj/Xp5Tyc7J8yyRHiBRHORefMVGYOIxyjIcus5loSZXE4WIRJ5sWvkaDvw05anB5VUaFXwZyaO8LRGSolw9WlMx7XS6cFm8aG4sLEq2BKk/; path=/; expires=Wed, 21-Sep-22 05:10:17 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/lander.js HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
cf-ray: 74e01f307d250af6-OSL
access-control-allow-origin: *
age: 148
cache-control: public, max-age=1200
etag: W/"632a4d03-238fd1"
expires: Wed, 21 Sep 2022 05:00:16 GMT
last-modified: Tue, 20 Sep 2022 23:30:11 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/userevents/application.js HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
cf-ray: 74e01f307d220af6-OSL
access-control-allow-origin: *
age: 148
cache-control: public, max-age=1200
etag: W/"632a4cc7-1353"
expires: Wed, 21 Sep 2022 05:00:16 GMT
last-modified: Tue, 20 Sep 2022 23:29:11 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/pushcrew.js HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Wed, 21 Sep 2022 04:40:16 GMT
cf-ray: 74e01f307d260af6-OSL
access-control-allow-origin: *
age: 148
cache-control: public, max-age=1200
etag: W/"632a4cc6-27d"
expires: Wed, 21 Sep 2022 05:00:16 GMT
last-modified: Tue, 20 Sep 2022 23:29:10 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /userevents/?funnel_id=eFBWZ1VQZVM1OHRsN1ZmbC8xV0RKdz09LS1DVXhsWC8rdlJ6TlN3UlF4eDVheGVBPT0%3D--dbb2c9cfee941af14c25d44eac3c048c276a87ad&page_id=Q0FHZnZkODQ2ZGg4S3lFZld6aW5hZz09LS1ibVNLdExEK0E5NDgxMjBnWEx5R3VBPT0%3D--01bbc3e1933a747863f2b8dc1f837bdfcac73340&funnel_step_id=RXNsUiswSmR5SlhaRXRWQU93eDd5UT09LS1reUc0S2QwZVFIeSt1RnFYc2hVY1JRPT0%3D--769145ea3b4bade8f4e99d2dbb00411867e2687d&user_id=S3d6R0c0VHI2c3FJT3hpbG5wdGtsQT09LS1SbitDYlcybjBzNFVCMmhYZzNsTjJRPT0%3D--9b492d566808cc640358d8e56db9b63bd65da1a2&account_id=TVI4UTl5aVVmYXkwZ3JwL3BwV0F6UT09LS1qNC9lNGY1ckxkZDlhTENtVmNXSVl3PT0%3D--3f9115794ecd38897e98ceb181b97ca072bee9e6&page_code=NTU1NjUyNzI%3D&mode_id=1&time_zone=UTC&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1268&type=Userevents::UniquePageviewsCreatedSummary&nonce=b7d582a9-ed53-46d8-a2c0-c45612edf3b8&url=https%3A%2F%2Fwww.vipgoldenbucks.com%2Fhome%3Fhop%3D73787 HTTP/1.1 
Host: app.clickfunnels.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.14.194
HTTP/2 202 Accepted
content-type: text/html
                                        
date: Wed, 21 Sep 2022 04:40:17 GMT
cf-ray: 74e01f377aa01c06-OSL
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
pragma: no-cache
status: 202 Accepted
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 254107f6514577e10f22a17cecd18c54
x-runtime: 0.032394
set-cookie: __cf_bm=lAyPqmI1UlbW7cfQdLUthdafm5r1p9ZbiKU8ncGoSsY-1663735217-0-AXYECZqOpnTygm5lj7KqHxdBDfqZGRupPaDqB1dkFLwLLl8xZd/N4QmflPaQQdhIWyvEM2mnSMXvurwqgDhj/9dP4aECYNlu6PimNNX5n7df; path=/; expires=Wed, 21-Sep-22 05:10:17 GMT; domain=.clickfunnels.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /cdn-cgi/rum? HTTP/1.1 
Host: www.vipgoldenbucks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 7617
Origin: https://www.vipgoldenbucks.com
Connection: keep-alive
Referer: https://www.vipgoldenbucks.com/home?hop=73787
Cookie: __cf_bm=NpOQp_INsBtLZMCoYgczWz9XhcVwLFKauW9rc0JRqIk-1663735216-0-AfnguuvbVJgvgYn5EBbXz8eciwn7UZhXu2rbd9TfPUsJMaclGUPmU/ifLTKHv8QNw3O+7kHM47F+ZeaVw9sND6vi6wbUwlRWRjlvIU5sB0dC; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:NTU1NjUyNzI=:visited=true; cf:visitor_id=6d921952-a6cc-48fc-aac6-e645cae2c334; hop=73787; addevent_track_cookie=ce68a6d7-e9a3-4370-5acc-d2aeb0853466
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.16.12.194
HTTP/2 200 OK
content-type: text/plain
                                        
date: Wed, 21 Sep 2022 04:40:18 GMT
access-control-allow-origin: https://www.vipgoldenbucks.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 74e01f399a0f0af6-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---