Overview

URL exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
IP172.67.155.44
ASNCLOUDFLARENET
Location United States
Report completed2022-11-24 14:03:18 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-24 2 ouhastay.net Sinkholed
2022-11-24 2 datatechone.com Sinkholed
2022-11-24 2 ouhastay.net Sinkholed


Files

No files detected



Passive DNS (31)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS my.rtmark.net (5) 9054 2017-08-22 14:11:49 UTC 2022-11-24 08:54:46 UTC 139.45.195.8
mnemonic passive DNS e1.o.lencr.org (1) 6159 No data No data 23.36.76.226
mnemonic passive DNS europe-west2-tech-microservices-production.cloudfunctions.net (1) 0 2019-10-08 09:29:41 UTC 2022-11-23 12:13:58 UTC 216.239.36.54 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (15) 344 No data No data 23.36.76.226
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-24 05:36:55 UTC 34.102.187.140
mnemonic passive DNS redrotou.net (1) 145989 2021-03-16 05:03:50 UTC 2022-11-23 16:15:03 UTC 139.45.197.251
mnemonic passive DNS www.googleoptimize.com (1) 1604 2019-07-23 08:23:32 UTC 2022-11-24 09:15:39 UTC 142.250.74.46
mnemonic passive DNS datatechone.com (1) 0 2015-06-17 13:52:19 UTC 2022-11-23 15:15:09 UTC 37.48.68.71 Unknown ranking
mnemonic passive DNS region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-24 06:15:58 UTC 216.239.34.36 Domain (google-analytics.com) ranked at: 8401
mnemonic passive DNS exceptionalphonesecurity.xyz (2) 364991 2021-12-15 11:52:10 UTC 2022-11-23 10:57:47 UTC 172.67.155.44
mnemonic passive DNS ocsp.digicert.com (6) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-24 05:30:55 UTC 34.117.237.239
mnemonic passive DNS ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.158
mnemonic passive DNS app1-smartsecurity-etl.herokuapp.com (3) 115431 2021-11-12 17:04:25 UTC 2022-11-23 13:45:53 UTC 54.208.186.182
mnemonic passive DNS ocsp.pki.goog (5) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.3
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-11-24 10:18:11 UTC 142.250.74.174
mnemonic passive DNS ouhastay.net (2) 117137 2021-09-10 09:52:42 UTC 2022-11-23 04:43:03 UTC 139.45.197.239
mnemonic passive DNS player.vimeo.com (1) 1858 2013-09-26 03:16:08 UTC 2020-01-28 05:29:01 UTC 162.159.128.61
mnemonic passive DNS unpkg.com (1) 11693 2016-01-07 23:26:01 UTC 2022-11-24 08:16:14 UTC 104.16.125.175
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-24 11:11:51 UTC 142.250.74.10
mnemonic passive DNS track.profitableredirect.com (1) 124496 No data No data 18.192.108.151
mnemonic passive DNS broker-systems.com (18) 0 2020-12-15 12:26:55 UTC 2022-11-24 08:10:27 UTC 172.67.146.119 Unknown ranking
mnemonic passive DNS vod-progressive.akamaized.net (1) 19176 No data No data 23.36.76.123
mnemonic passive DNS exceptionalphonesecurity.xyz (2) 364991 2021-12-15 11:52:10 UTC 2022-11-23 10:57:47 UTC 104.21.6.184
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.38.227.80
mnemonic passive DNS overalltrack.com (3) 112756 2018-12-01 03:47:10 UTC 2022-11-23 13:45:53 UTC 204.48.29.15
mnemonic passive DNS analytics.tiktok.com (3) 1182 No data No data 23.36.79.34
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
mnemonic passive DNS flagicons.lipis.dev (1) 527996 No data No data 185.199.110.153
mnemonic passive DNS ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.155.44

Date UQ / IDS / BL URL IP
2022-11-26 14:01:12 +0000
0 - 0 - 2 exceptionalphonesecurity.xyz/smart-security-0 (...) 172.67.155.44
2022-11-26 05:00:14 +0000
0 - 0 - 3 exceptionalphonesecurity.xyz/smart-security-0 (...) 172.67.155.44
2022-11-24 14:03:18 +0000
0 - 0 - 3 exceptionalphonesecurity.xyz/smart-security-0 (...) 172.67.155.44
2022-11-21 08:02:24 +0000
0 - 0 - 2 exceptionalphonesecurity.xyz/smart-security-0 (...) 172.67.155.44
2022-11-19 20:01:15 +0000
0 - 0 - 2 exceptionalphonesecurity.xyz/smart-security-0 (...) 172.67.155.44

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-26 15:10:09 +0000
0 - 0 - 1 terciatofinfires.tk/page/48119/ 104.21.59.127
2022-11-26 15:10:04 +0000
18 - 0 - 0 urchin-app-z4erf.ondigitalocean.app/ 104.16.243.78
2022-11-26 15:09:19 +0000
0 - 0 - 1 lexajtk.cn/pilandinaxh/tb.php?jr=rv1669474600036 172.67.202.18
2022-11-26 15:05:56 +0000
0 - 0 - 2 sognisogni.net/nowyou5c1x0339/ 104.21.49.204
2022-11-26 15:05:56 +0000
0 - 0 - 2 newsworld.cloud/ad-mx-poten-hirurg-koleso/ 172.67.148.132

Last 5 reports on domain: exceptionalphonesecurity.xyz

Date UQ / IDS / BL URL IP
2022-11-26 14:01:12 +0000
0 - 0 - 2 exceptionalphonesecurity.xyz/smart-security-0 (...) 172.67.155.44
2022-11-26 05:00:14 +0000
0 - 0 - 3 exceptionalphonesecurity.xyz/smart-security-0 (...) 172.67.155.44
2022-11-25 05:02:14 +0000
0 - 0 - 2 exceptionalphonesecurity.xyz/smart-security-0 (...) 104.21.6.184
2022-11-24 14:03:18 +0000
0 - 0 - 3 exceptionalphonesecurity.xyz/smart-security-0 (...) 172.67.155.44
2022-11-22 23:03:14 +0000
0 - 0 - 3 exceptionalphonesecurity.xyz/smart-security-0 (...) 104.21.6.184

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-25 13:58:15 +0000
0 - 0 - 3 senecaphoneupdate.top/smart-security-0/index. (...) 172.67.133.55
2022-11-25 13:50:54 +0000
0 - 0 - 4 senecaphoneupdate.top/smart-security-0/index. (...) 172.67.133.55
2022-11-25 12:00:53 +0000
0 - 0 - 4 telewww.site/m/th/ppt3/ 79.98.28.128
2022-11-25 10:43:01 +0000
0 - 0 - 3 respectphonesecurity.xyz/smart-security-0/ind (...) 172.67.184.64
2022-11-25 10:21:26 +0000
0 - 0 - 4 teleo.site/m/br/s4/ 79.98.29.8


JavaScript

Executed Scripts (54)


Executed Evals (1)

#1 JavaScript::Eval (size: 5, repeated: 1) - SHA256: 35e6366764c85ff27d4eaa8798d75814c7c25d9aa684fc270eac4d8056341083

                                        enSet
                                    

Executed Writes (14)

#1 JavaScript::Write (size: 112, repeated: 1) - SHA256: 4448b50a0446877c729032fc7d2ac04b985f7838bfc700b779e132afa7c2803c

                                        Your phone Android Android can work faster, we released a Cleaner update, and it is recommended
for every phone.
                                    

#2 JavaScript::Write (size: 325, repeated: 1) - SHA256: f314cf68eb2c6243189977825589b96c96de54439a74a94b15cf6d7265b7b833

                                        < a class = "button exitpoint right cancel"
id = "cancel-button"
href = "https://play.google.com/store/apps/details?id=com.smartsecurityxzt&referrer=publisher%3D{trafficsource.name}%26clickid%3D{clickid}%26utm_source%3Dvar1%26utm_medium%3Drestart_push_{offer.name}%26utm_campaign%3D{trafficsource.name}%26timestamp%3D1669298586564" >
                                    

#3 JavaScript::Write (size: 6, repeated: 1) - SHA256: 19766ed6ccb2f4a32778eed80d1928d2c87a18d7c275ccb163ec6709d3eb2e27

                                        Cancel
                                    

#4 JavaScript::Write (size: 4, repeated: 1) - SHA256: ecd5b806462c7dfdf078ac76c549060a06660422d00e55bd5823be6747361085

                                        < /a>
                                    

#5 JavaScript::Write (size: 68, repeated: 1) - SHA256: 3d616b12fbe8aa4b171323dc696cebb002be86551f35cc23fe0bc2756abc58e7

                                        < a class = "button"
id = "center-button"
href = "smartsecurityxzt://open" >
                                    

#6 JavaScript::Write (size: 8, repeated: 1) - SHA256: 31fbef162594de01bab0cd525c51f74de7bcb15063029fa1a54b2cf5944c80d8

                                        Continue
                                    

#7 JavaScript::Write (size: 53, repeated: 1) - SHA256: 6ce64525848d677d6f619f970e996c47cc6a82bf85d40bb2acd64474d3a3046e

                                        Click < strong > Allow < /strong> To Continue Using Chrome
                                    

#8 JavaScript::Write (size: 2, repeated: 1) - SHA256: 1d97c9fec35ad3ba402a8bb3548546924ce958f8f4b8a65b0f39c9c6171bdf34

                                        Ad
                                    

#9 JavaScript::Write (size: 50, repeated: 1) - SHA256: be434f49ec21e26b619e4186cce641233e60036505ac9cf6de704ebeb72b0e6d

                                        Cleaner Update
for Android Android is Recommended!
                                    

#10 JavaScript::Write (size: 336, repeated: 1) - SHA256: 23a2188ea7a4535e7c37edc5947169781920e1f01bdcf56fd4b5a1411476045c

                                        < a class = "close exitpoint"
style = "display: none"
id = "close-button"
href = "https://play.google.com/store/apps/details?id=com.smartsecurityxzt&referrer=publisher%3D{trafficsource.name}%26clickid%3D{clickid}%26utm_source%3Dvar1%26utm_medium%3Drestart_push_{offer.name}%26utm_campaign%3D{trafficsource.name}%26timestamp%3D1669298586564" > < /a>
                                    

#11 JavaScript::Write (size: 89, repeated: 1) - SHA256: 6c19434f8282294efc05f0fd70015529942972352a6b00984ac14d444f61db9b

                                        Update now
for < strong > FREE < /strong> to clean and boost your Android Android immediately!
                                    

#12 JavaScript::Write (size: 321, repeated: 1) - SHA256: 7587af67a88c0e48f4b70caaeb2db8fc4b235859ec3aa0ba2fa65a7529204add

                                        < a class = "button exitpoint install"
id = "install-button"
href = "https://play.google.com/store/apps/details?id=com.smartsecurityxzt&referrer=publisher%3D{trafficsource.name}%26clickid%3D{clickid}%26utm_source%3Dvar1%26utm_medium%3Drestart_push_{offer.name}%26utm_campaign%3D{trafficsource.name}%26timestamp%3D1669298586564" >
                                    

#13 JavaScript::Write (size: 10, repeated: 1) - SHA256: f96f4d46e788614ae69e039ae032229de03f08cfe7f84c7f405ba021e50d3eca

                                        Update Now
                                    

#14 JavaScript::Write (size: 156, repeated: 1) - SHA256: 949398833ecb71dace0d6a15f4166af32a8e0c16be1f945f93297956925b8f51

                                        < img src = 'https://overalltrack.com/api/v3.0/clickapi/img?aid=1&clickId={clickid}'
style = 'position:absolute;width:1px;height:1px;left:0;bottom:0;opacity:0;' >
                                    


HTTP Transactions (89)


Request Response
                                        
                                            GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1 
Host: exceptionalphonesecurity.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.155.44
HTTP/1.1 301 Moved Permanently
                                        
Date: Thu, 24 Nov 2022 14:03:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 24 Nov 2022 15:03:05 GMT
Location: https://exceptionalphonesecurity.xyz/smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lopzmou1kbAND2FAotv0Wf3%2BQ7DEJOv1bVQjjMaM4G7%2Fk5ZeRlWi1dZs7HdloCSuEHL%2Bwfupm9n5yJe1mXQvSMRXmoBb%2F%2B1Y3C2oNv8uYlBOGMhWytvBpHqbGI%2FuzNkVAHGd7SyhTT6h7GcFn9ET"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f2afa008acb4f1-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2649
Expires: Thu, 24 Nov 2022 14:47:14 GMT
Date: Thu, 24 Nov 2022 14:03:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2965
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 14:03:05 GMT
Last-Modified: Thu, 24 Nov 2022 13:13:40 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14110
Expires: Thu, 24 Nov 2022 17:58:15 GMT
Date: Thu, 24 Nov 2022 14:03:05 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 13:18:58 GMT
cache-control: public,max-age=3600
age: 2647
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: gf91++sfGqZgd92JaRraFdcgRkh4G8WQWQcGGQ2bOOHDV960DxSRq9YPa/F4+Jp5LfrOf4OiDwM=
x-amz-request-id: F0F7GM8MV8GH0XPE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 13:40:25 GMT
age: 1360
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=157543
Date: Thu, 24 Nov 2022 14:03:05 GMT
Etag: "637f3e00-117"
Expires: Sat, 26 Nov 2022 09:48:48 GMT
Last-Modified: Thu, 24 Nov 2022 09:48:48 GMT
Server: nginx
Content-Length: 279

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:05 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 13:08:53 GMT
cache-control: public,max-age=3600
age: 3253
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /smart-security-0/index.html?clickid={clickid}&utm_source={var1}&utm_medium=restart_push_{offer.name}&publisher={trafficsource.name}&utm_campaign={trafficsource.name} HTTP/1.1 
Host: exceptionalphonesecurity.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.21.6.184
HTTP/2 200 OK
content-type: text/html
                                        
date: Thu, 24 Nov 2022 14:03:06 GMT
last-modified: Mon, 13 Jun 2022 09:09:10 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrZB3HO9mxRcOzJ6XfO7uj0KdmBIbr7cdFL77WyyAMtMRCEUTt%2FdKdhVLh2SD39eEnygxe2NeVXVkb2fOqOUyJLU4fuUXlG3w7QdnnLfzkd81sSu1t7IALSiXnM3uWsPEUoIj7oquyO5L6rA%2BkiJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afa1c874b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1627)
Size:   3589
Md5:    71ad3591210c6e7f31f046b278a08188
Sha1:   8fbcbb1ede2077bfa3091a6eb0a78ac4d8239625
Sha256: 5fbcffd57b8f47a9a910afbe4f6f687bf2143b0c99c2dedecfaec633cdac1a7a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1099
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 14:03:06 GMT
Last-Modified: Thu, 24 Nov 2022 13:44:47 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   7348
Md5:    da3ed1ffbf9e213f215ef651ae463c6c
Sha1:   59edf703a516161ac7ceaa5b68b832384bfa7afe
Sha256: 7fc352e68d06c676612fef37b08dec56ef7e6f3da0900cd4d7f020c598dc7d70
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "43BBB48A1A37A33C18036773457C75408E907C1FD7297A42152AEE29F396066E"
Last-Modified: Thu, 24 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7922
Expires: Thu, 24 Nov 2022 16:15:08 GMT
Date: Thu, 24 Nov 2022 14:03:06 GMT
Connection: keep-alive

                                        
                                            GET /p.js?f=sync&lr=1&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:06 GMT
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   697
Md5:    7e1da03b7d5254f7b1d93874c8f85ce4
Sha1:   c1ff6bec84dd9b2bf2bbcd11bb8791444f04b2d7
Sha256: ff9366f794284e39381efd6b8ae4b6273469134c741ca7c3d6a1e1248e1a98d4
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tIo1+Q1aFt671mpm+Cxuvg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.38.227.80
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Bbuizeoa9Q6nSHGVIEEeSc7OEto=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "79742D4996B0A2C5F0ED24C1177403F252E59451DC6CEAA543FE54FCC4A89221"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13517
Expires: Thu, 24 Nov 2022 17:48:24 GMT
Date: Thu, 24 Nov 2022 14:03:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7C94B028C0B8FB32AD71EA06826145AE1690323CCB995AECD5A5CE785ED5B9FB"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21391
Expires: Thu, 24 Nov 2022 19:59:38 GMT
Date: Thu, 24 Nov 2022 14:03:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "FDA5317036E3CD836ABD4A201E0A1EF1D3C6E6D2A187D7CA7C0F073BDD16E392"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19524
Expires: Thu, 24 Nov 2022 19:28:31 GMT
Date: Thu, 24 Nov 2022 14:03:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "FEFDE4361104C271016557D5A47A023C1FD836228A6B5E7279F94BF11EB6B0ED"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21287
Expires: Thu, 24 Nov 2022 19:57:54 GMT
Date: Thu, 24 Nov 2022 14:03:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 14:03:07 GMT
Last-Modified: Thu, 24 Nov 2022 13:08:04 GMT
Server: ECS (dcb/7F5B)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UGTsXKD7Yuoxuo_Y447xaek0HghkR6YwsKJLYScCSRXkr3mjapVlow==
Age: 3303

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=110384
Date: Thu, 24 Nov 2022 14:03:07 GMT
Etag: "637e7a75-1d7"
Expires: Fri, 25 Nov 2022 20:42:51 GMT
Last-Modified: Wed, 23 Nov 2022 19:54:29 GMT
Server: ECS (dcb/7F39)
X-Cache: Miss from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Pdg0Bg29a3qhrgFiJzdtTRv5BUW244oe-KCuaKkjnUnYVeS3KDyDng==
Age: 2902

                                        
                                            GET /api/v3.0/clickapi/img?aid=1&clickId={clickid} HTTP/1.1 
Host: overalltrack.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         204.48.29.15
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 24 Nov 2022 14:03:07 GMT
Content-Length: 43
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Set-Cookie: currentClickid=%7B%221%22%3A%22%7Bclickid%7D%22%7D; Max-Age=31536000; Path=/; Expires=Fri, 24 Nov 2023 14:03:07 GMT; Secure; SameSite=None


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            OPTIONS /device_by_model?model=x64 HTTP/1.1 
Host: app1-smartsecurity-etl.herokuapp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.208.186.182
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Connection: keep-alive
Server: gunicorn
Date: Thu, 24 Nov 2022 14:03:07 GMT
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur

                                        
                                            OPTIONS /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_push_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1 
Host: overalltrack.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://exceptionalphonesecurity.xyz/
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         204.48.29.15
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 24 Nov 2022 14:03:07 GMT
Content-Length: 8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Allow: GET,HEAD


--- Additional Info ---
Magic:  data
Size:   1722
Md5:    0b7d250af8de2db0ad6ebd2c08559634
Sha1:   53d281f1e94583b1f5c980508341f07c596f0462
Sha256: dd6f47e4a683c36c1492d054496b34d9c79c24d692d88db894ebe36542564a8c
                                        
                                            GET /i18n/pixel/config.js?sdkid=C8SQEGFV9S6N3MLDFVTG&hostname=exceptionalphonesecurity.xyz HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.36.79.34
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
x-tt-logid: 202211241403078D1E6A9E7CFC0C527A8A
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf6041e204a8ac7307ec2c5bff817c2a568ee134a11548db4c268d9117910b7c461027e52b6251243a56f79c00142e5b21996dd9009bf5510a5ce223cddaf706baff
content-encoding: gzip
expires: Thu, 24 Nov 2022 14:03:07 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 24 Nov 2022 14:03:07 GMT
x-cache: TCP_MISS from a23-36-79-30.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
set-cookie: _ttp=2Hzr7mEDDfMibxVXSdkdGAHtuAR; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=100
x-origin-response-time: 100,23.36.79.30
x-akamai-request-id: 49be73cd
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  C source, Unicode text, UTF-8 text, with very long lines (58149)
Size:   19727
Md5:    292d0677cd175e177845147dfeeab99f
Sha1:   f4797ceb8c37547247b0eaa4f8d0c14492f6e04d
Sha256: a6845e209a8bcef9a5ab3ede25d71a294c50c04391dc0d94cd2696aa7f5835fc
                                        
                                            GET /img.gif?f=sync&partner=4d524b7a70f9429d3f354097c0083db80c0150ac1699f4b97f6029051cf877c8&ttl=&rurl=https%3A%2F%2Fexceptionalphonesecurity.xyz%2Fsmart-security-0%2Findex.html%3Fclickid%3D%7Bclickid%7D%26utm_source%3D%7Bvar1%7D%26utm_medium%3Drestart_push_%7Boffer.name%7D%26publisher%3D%7Btrafficsource.name%7D%26utm_campaign%3D%7Btrafficsource.name%7D%23 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:07 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9908119e996841eaa9a3e2bc8ec39e91; expires=Fri, 24 Nov 2023 14:03:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET /api/v3.0/clickapi/otherInstall?clickId={clickid}&aid=1&checkOld=1&medium=restart_push_{offer.name}&source=var1&campaign={trafficsource.name}&publisher={trafficsource.name}&checkUninstall=1 HTTP/1.1 
Host: overalltrack.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         204.48.29.15
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 24 Nov 2022 14:03:07 GMT
Content-Length: 126
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   126
Md5:    c8f85db18fe8f89306f6c0819c67036d
Sha1:   7b5c44e4a9fd70e664aa4fe54fc0bd7bb3963a31
Sha256: a71ab24977d03d440189548647bee7fdbdf0d6dee44478d1f6b44f17699a75ee
                                        
                                            GET /device_by_model?model=x64 HTTP/1.1 
Host: app1-smartsecurity-etl.herokuapp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Basic bGFuZDptb2RlbGJyYW5k
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.208.186.182
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Connection: keep-alive
Server: gunicorn
Date: Thu, 24 Nov 2022 14:03:07 GMT
Location: /device_by_model/?model=x64
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Vary: Origin
Access-Control-Allow-Origin: *
Content-Length: 0
Via: 1.1 vegur

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D97219C69F58415604880670A5086DE0CCF19EDEF7AEF8374188AAFEA5B6A001"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8404
Expires: Thu, 24 Nov 2022 16:23:11 GMT
Date: Thu, 24 Nov 2022 14:03:07 GMT
Connection: keep-alive

                                        
                                            OPTIONS /device_by_model/?model=x64 HTTP/1.1 
Host: app1-smartsecurity-etl.herokuapp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://exceptionalphonesecurity.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.208.186.182
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Connection: keep-alive
Server: gunicorn
Date: Thu, 24 Nov 2022 14:03:07 GMT
Vary: Origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Max-Age: 86400
Content-Length: 0
Via: 1.1 vegur

                                        
                                            GET /pfe/current/micro.tag.min.js?z=4826947&sw=/sw-check-permissions-8b114.js HTTP/1.1 
Host: redrotou.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.251
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:07 GMT
last-modified: Wed, 23 Nov 2022 09:28:54 GMT
etag: W/"637de7d6-12fca"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   27936
Md5:    682f70341374d1b78cb641f77baa1501
Sha1:   66ea1100f051e368920aaccb21af9098ea6cf052
Sha256: 7be5c25bdec033215eb8382e100087d6510286613d2c04bfde1e07d63a4d33a6
                                        
                                            GET /redirect?target=BASE64aHR0cHM6Ly9vdWhhc3RheS5uZXQvYWZ1LnBocD96b25laWQ9MzY0NzY3Ng&ts=1669298587863&hash=QSzxc3jj5yvCFJR5ZTRxKknI0sdYQLuQioACVUdiADA&rm=DJ HTTP/1.1 
Host: track.profitableredirect.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: e69b0e43-f199-496b-87cc-2daa322bb681-v4=4M8Cm9VYTRilHedAAG0AS0Dzjb0sM1utxYSLrDVqxdM; cc-v4=iMQiNpmuUmy3eewJEmY88VdaQ8o31mMPuUDx68QJRfk6xXMAd5iqetBjf0l9YeE0d9vA%2FM7AG8ldH7JQ%2BctXq7l4hDDjoGdBAiC%2Bw%2FA5MDVobitbtMKiMOddNHJXEhuZe6ljkIbokOOE6TfZArXItQ%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.192.108.151
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:07 GMT
content-length: 424
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (424), with no line terminators
Size:   424
Md5:    03ab185b43632ca143ad0a05b5ad7c76
Sha1:   d650a7441bef0d8c04f8aaaa2de6be743d757460
Sha256: 72235612e73b145c28b49ac3d247f41c942f81be00a5de5d6ecfb985787e2a4d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17419
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:03:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17419
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:03:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17419
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:03:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17419
Expires: Thu, 24 Nov 2022 18:53:27 GMT
Date: Thu, 24 Nov 2022 14:03:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7DA78EBD8BCAF5EF515175B33F53336E8A6776F05ED9E6DAD6A839C6D358F7B9"
Last-Modified: Tue, 22 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21110
Expires: Thu, 24 Nov 2022 19:54:58 GMT
Date: Thu, 24 Nov 2022 14:03:08 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YJuHCuUgkLuFFiQUlrPWgv9grHznufMTU08hi4ZMpQTBmou6BGWrhQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:52 GMT
age: 58516
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:08:16 GMT
age: 57292
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7462
Md5:    b4157f2c5c3c77ce699324ecb08f47c7
Sha1:   a7d9135f9d01ba13c3cdaf8b038c70212f159297
Sha256: 2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:10:24 GMT
age: 24764
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6789
Md5:    d9d93b2a6875d446c3467eb49767eef5
Sha1:   303c571b13b05fcf27ee1159d8fdf6369aaef0a2
Sha256: 2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:04:28 GMT
age: 32320
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    841a4b110022a99ddea6f7bf66df0fa1
Sha1:   126771b86638108050cf57c0d12faa27f80f0edb
Sha256: 240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F65d6aa89-922d-4c2b-9601-956358f8ac22.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11969
x-amzn-requestid: e7ab6bb2-9bc5-4862-901b-32f18322db46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwBJFkUoAMFRFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e93a0-56d902c0481eef0932dad57c;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:41:52 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zluh8EkvyvbxVT_lmb1uh3eLph9eMUrsuLlwPYAOmP9-sWAhGyxeMw==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:45:09 GMT
age: 58679
etag: "6bd60504d4450a090e6f82d15f2f28b371e4dfcc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11969
Md5:    1234c13159d1531a698ece38a3bd7ff6
Sha1:   6bd60504d4450a090e6f82d15f2f28b371e4dfcc
Sha256: 488a827d4d2074371860dd556b3611c56a19502d3348e0a7d35c4f7556f63b3a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rrs7G6Wto6iY0rT6KsKwKAOPJjehXqD0jHZrR_eaiqpepQILFr7Dtw==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:07 GMT
age: 58441
etag: "89accd230fba95fe0049678070817b36ead015fa"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5070
Md5:    0856fdb55f19f03a1bec38b3d6e0ac77
Sha1:   89accd230fba95fe0049678070817b36ead015fa
Sha256: 17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=148919
Date: Thu, 24 Nov 2022 14:03:08 GMT
Etag: "637f1c53-118"
Expires: Sat, 26 Nov 2022 07:25:07 GMT
Last-Modified: Thu, 24 Nov 2022 07:25:07 GMT
Server: nginx
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "43BBB48A1A37A33C18036773457C75408E907C1FD7297A42152AEE29F396066E"
Last-Modified: Thu, 24 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7920
Expires: Thu, 24 Nov 2022 16:15:08 GMT
Date: Thu, 24 Nov 2022 14:03:08 GMT
Connection: keep-alive

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ouhastay.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: OAID=0e89bceaf0454bb98932abe4b5eeacbe; oaidts=1669298588
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 204 No Content
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:08 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /img.gif?f=merge&userId=0e89bceaf0454bb98932abe4b5eeacbe HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:08 GMT
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0e89bceaf0454bb98932abe4b5eeacbe; expires=Fri, 24 Nov 2023 14:03:08 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 868
Cache-Control: max-age=90381
Date: Thu, 24 Nov 2022 14:03:08 GMT
Etag: "637e3445-118"
Expires: Fri, 25 Nov 2022 15:09:29 GMT
Last-Modified: Wed, 23 Nov 2022 14:55:01 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 24 Nov 2022 14:03:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/img/2021/06/23/1627034872559-2caa23ff-eecf-4033-b355-8c1f5da0ec76.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGhiURUnNv%2FYxYlpZH60nO5xrwjv4YqHvYd6VkRa3WZlPT%2FbU6sfztWNt%2FiaNQ0v6f6CNKw3B2PFyfzb%2B4UQ0jQuNMUBbRgvWRHPBlkA%2FhXQpcMFwf3DWsFXVD9L%2BM6Heq0mIS8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb38debfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 108, 8-bit/color RGBA, non-interlaced\012- data
Size:   20511
Md5:    cebca8fbb4df474c48b8f890d6fb312c
Sha1:   0d18abf86b8f683181068929c1cda7e651fe57e6
Sha256: f7678657b54c63e3acb418ecad26fd6790e6f1765c5be27c023a2da434840622
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "CEA985973CFF7103745B7B76AE33A2016860A0E833EA33A9159788FD765FDD6D"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5509
Expires: Thu, 24 Nov 2022 15:34:57 GMT
Date: Thu, 24 Nov 2022 14:03:08 GMT
Connection: keep-alive

                                        
                                            GET /assets/img/2021/07/03/1627994280359-a8930d1d-c68c-48c1-9109-f4c3e8036b91.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvFDpiBQeOSrI7zsZict9gn30Kz5bK3Wfol%2BWcerOgDqqsJmCUuU7%2BocXBZlBIRTjpwp92HCAJ3mX%2Fxa0Vh7wEtJXM46ApIhxo05FOS%2BZASP7KTxDDisdsjX73MDCB%2FIO26jGpk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb38deefab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 119 x 113, 8-bit colormap, non-interlaced\012- data
Size:   2242
Md5:    34282a18b0ee581a8b6ac020569cc770
Sha1:   479a58482402d46905b4cd8ffa7518825ddf9791
Sha256: d786a0f31428822dfa1b12ce65f961c570383b1aabef6a0fc8b9eaf581335ca3
                                        
                                            GET /assets/img/2021/07/03/1627983967543-9619d850-d57a-4851-807a-02068b4f5e17.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2FWcF7WAM2%2BSJKcir9R0dkXWFid7pXCw0fyETnlYcIwNlL7vpNLNHUpuYNDFcIl%2BEE2j9fiPpn6jp%2BHffNG2R2Fed%2BWzL5wNJdqhCIqUe52KxxRzbZHHAjj2hSoikFKBjYq4c9E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb37dd9fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 200 x 82, 8-bit/color RGBA, non-interlaced\012- data
Size:   62369
Md5:    284033456f04a76694645e427ff1b9c7
Sha1:   2910cefd066e779cfaee28e160806286c563afd1
Sha256: 53900e371d7a7a31ea01da4fe3901c04849ddb810fea617939dd62bda92e6f5b
                                        
                                            GET /assets/img/2021/07/03/1627994332152-c4584953-f3aa-4b49-b0fb-e9b64e9d2a97.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPIq7IN2jc4%2BCGB9itdMcbLJOy8pHe8b70sWceT98ZQNtzQaWeHb44HFNkaUgIhLQMnpr5cERxq4sIzSCAJKNUWjbJHZt%2FEl7CkgAusBAjxOiCvjb6KvgZRdfBu55ut2M4x%2BfDQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb39df4fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 124 x 112, 8-bit colormap, non-interlaced\012- data
Size:   1546
Md5:    7a41e173981b4a0e5cca07dc1e181900
Sha1:   caea2d2f2c12b079dd6dfa6052f47451c31b5044
Sha256: 2330ab241f4c0a2b0ddf5ce8a3b0ce591ad186afd60649c35d56843a3c96d816
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 24 Nov 2022 14:03:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/img/2022/02/04/1646413684488-18ea1365-fd52-4a50-b07f-2ba9046efb59.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=isuAzGe7Kuz%2F%2BjkDTMXLYS%2B9Q37zNDWuNNnxiwfqZ1zXcKH3rAtH1fZo2ASdT3eiJjpNx2nvMB7n8X4d5R0jmgf%2FKmQL8GTT%2ByY%2FnZN9OCHsW7741e1cqOv8KevwrOIYc4zge74%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb37dd6fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 513 x 68, 8-bit/color RGBA, non-interlaced\012- data
Size:   15819
Md5:    b4d926e6937ef2c0059e1e301a917867
Sha1:   49ac7e9755005057478fac9a73dd6c2a5cc11fad
Sha256: ec7683c4650f6b9935419a241a86682e1200b14178800e53566b749b0dc574cb
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 24 Nov 2022 14:03:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/img/2021/07/03/1627983981297-09ae9196-87ef-4a69-938e-8ca455880a42.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MO0XPfhJG11s63Wb9nfMfe4jtkeOwmjcOkq%2F09vGV8dKOfSYErEwc8PV45WzqEpPVeQFhZT7kS4RKlADEctsgJ8WgnIyZa1Jk7IZYo%2BCh3jSF6Hz7HNU2fFNUVigqlfFfqwNWaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb38de3fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 66, 8-bit/color RGBA, non-interlaced\012- data
Size:   147025
Md5:    32f996314adcb88c5b98ac502278bcf3
Sha1:   aa1a9b0c7da1c98d694e788c1230db0263aa6c76
Sha256: e0c95c16f1949efb9a431fb1992d5e6cddf1e1a5250f19a692465ffa36b1b154
                                        
                                            GET /assets/img/2021/06/28/1627484050645-40cd862c-e826-4da3-b020-592c98bb1d11.jpg HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EOc9weZBNuTnfN0YDF6dD2AmcxCiURMaDU7oF4%2FRtL4H0joav7YDhfptgmnWApPWN7oaa%2B6BVb6%2B6D9eNuQt%2FCHVNPlgTvpUBI%2F9q%2BQW%2FapHNOSipJkkfFb8RojZX68NxfmSwWo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb47ea1fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 426x149, components 3\012- data
Size:   2555
Md5:    222e24b62833c2b62b459cdd078727ff
Sha1:   5d67fc2a1fd05e8caeaadf15c82c45709650b1ad
Sha256: 2d639ccc44c819e847db48d12509be521e1fd20a28ae5b2807c6ca7d435f3f87
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5582
Cache-Control: max-age=100873
Date: Thu, 24 Nov 2022 14:03:09 GMT
Etag: "637e4ad8-118"
Expires: Fri, 25 Nov 2022 18:04:22 GMT
Last-Modified: Wed, 23 Nov 2022 16:31:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /optimize.js?id=OPT-TLN47DR HTTP/1.1 
Host: www.googleoptimize.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.46
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 24 Nov 2022 14:03:09 GMT
expires: Thu, 24 Nov 2022 14:03:09 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44245
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   44245
Md5:    10a6a911b92d237df9a8ee31e53badc2
Sha1:   419b83b876c4786c30888182eb4ece976521c518
Sha256: 2a39dff47f1609cff58c9fd99eb89691c3a3fe79cfb5e1bc3376b1b55dc8d8e0
                                        
                                            GET /external/465726082.hd.mp4?s=e5c3d3024ed8e02293307a9d67b5e6f9b16e59e8&profile_id=174 HTTP/1.1 
Host: player.vimeo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.159.128.61
HTTP/1.1 302 Found
                                        
Date: Thu, 24 Nov 2022 14:03:09 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Security-Policy: default-src 'self'; script-src 'self' https://f.vimeocdn.com; style-src 'self' https://f.vimeocdn.com; img-src 'self' https://f.vimeocdn.com https://i.vimeocdn.com
Expires: Fri, 15 Dec 1985 19:30:00 GMT
Location: https://vod-progressive.akamaized.net/exp=1669312989~acl=%2Fvimeo-transcode-storage-prod-us-west1-h264-720p%2F01%2F3145%2F18%2F465726082%2F2066354506.mp4~hmac=df765a76304b7a96c5224cc428ae4e774500d6398f3227a9b5aaec00bf678294/vimeo-transcode-storage-prod-us-west1-h264-720p/01/3145/18/465726082/2066354506.mp4
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Host: player-backend-5ff8dcb846-w282d
X-Player-Backend: g
X-Xss-Protection: 1; mode=block
Via: 1.1 google, 1.1 varnish
Accept-Ranges: bytes
Age: 0
X-Served-By: cache-cph2320051-CPH
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1669298589.300836,VS0,VE144
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=uKt2Vz.XjphDlCDnAEB7_2.ITuH7ySQAH5yZD0AiWNs-1669298589-0-AXTlPZFN5yUy5OXsRgQKQN0ZmMTrWCWFHsSTFwvqh8MCsbzTSRfGPYxe35scANOYHozxpAGmYIxoT68aEWmcco0=; path=/; expires=Thu, 24-Nov-22 14:33:09 GMT; domain=.vimeo.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 76f2afb70d0c0b61-OSL

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "43BBB48A1A37A33C18036773457C75408E907C1FD7297A42152AEE29F396066E"
Last-Modified: Thu, 24 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7919
Expires: Thu, 24 Nov 2022 16:15:08 GMT
Date: Thu, 24 Nov 2022 14:03:09 GMT
Connection: keep-alive

                                        
                                            GET /flags/4x3/no.svg HTTP/1.1 
Host: flagicons.lipis.dev
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.199.110.153
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: GitHub.com
x-origin-cache: HIT
last-modified: Wed, 19 Oct 2022 08:52:22 GMT
access-control-allow-origin: *
etag: W/"634fbac6-13e"
expires: Sun, 20 Nov 2022 06:21:53 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: ECA6:9356:1523F66:1CD8CDC:6379C529
accept-ranges: bytes
date: Thu, 24 Nov 2022 14:03:09 GMT
via: 1.1 varnish
age: 160
x-served-by: cache-bma1646-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669298589.468406,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: e759e1f145955263c4d677ff09648fcb6d5bd1aa
content-length: 188
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text
Size:   188
Md5:    f916e66fd4723d7b98979d330bdab4d4
Sha1:   b30df178bab8c3751c9e593dc19999823d98c6a7
Sha256: 9c4ce2506adbbb63dda2139fb698e6ec80134b41862e8206d431ba3607cd4148
                                        
                                            GET /p.js?f=sync&lr=1&partner=eab99f1fc1f1a842a80c0c1f9eaf61c227df092b0e93a22ef50a18b65955d84a HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/
Cookie: ID=24ba23bdde224919bdef6ec023d7e600
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:09 GMT
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   697
Md5:    109d9d0f284658da4525b3d1c0ead2ec
Sha1:   3fc4214c1bef95a85db5eaa84c262d6d85275b6e
Sha256: 73657615b5abe9d595c5dcb7faa33dd526743bc03168c7fd72de56d573c5cc7c
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 24 Nov 2022 14:03:09 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 04:52:37 GMT
Expires: Mon, 28 Nov 2022 04:52:36 GMT
Etag: "77a508ce53a271b7407c6f50af3dc2ed88618c09"
Cache-Control: max-age=311966,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f2afb79b67b50b-OSL

                                        
                                            POST /log/add?cid=0146f596-44d1-40c0-b3b5-74fcad621e75 HTTP/1.1 
Host: datatechone.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1122
Origin: https://broker-systems.com
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         37.48.68.71
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Thu, 24 Nov 2022 14:03:09 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://broker-systems.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /services/offers/register?language=no&includesConsent=false&includesMinimumAge=true HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Content-Type: application/json
Connection: keep-alive
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
                                        
date: Thu, 24 Nov 2022 14:03:09 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 14:03:09 GMT
cf-cache-status: DYNAMIC
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1%2FSbdlD3JI0rMd5kRT1SXpKv2VG8Qst8eZYZhrslkvscZxYwQMkGm8AA31egVYFi6LkXTl9VARpaKqlMK3J7b8RIuIaKuSWQ87Qf9LUvAbpQlTOnk3LBRQxXZfP5XcKVeO6r5k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb50f08fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- data
Size:   24343
Md5:    32bbe4b87a2ae85cd8389fa25395cd6e
Sha1:   9d8b3ccfc347384a76abff5b45b55f8a296155ca
Sha256: a7c6796b82053688b6bcbcc2e9f4f82104bfb7d32eb3a7e7485696a46452c275
                                        
                                            POST /j/collect?v=1&_v=j98&a=2132997881&t=pageview&_s=1&dl=https%3A%2F%2Fbroker-systems.com%2Fcompare-r%2F%3Fadgroupname%3DBS-NO-NO-Robots-DC%26propelleradsid%3D619645791849685389%26country%3DNO%26campaignid%3D6340333%26cost%3D0.006792%26offerType%3Drts%26utm_source%3Dpropellerads%26utm_term%3D3647676%26utm_campaign%3DBS-NO-NO-Robots-DC%26rdk%3Drk1&ul=en-us&de=UTF-8&dt=broker-systems.com&sd=24-bit&sr=1280x1024&vp=1268x927&je=0&_u=QACAAAABQAAAAC~&jid=2129474241&gjid=2089775111&cid=540807293.1669291827&tid=UA-123565908-17&_gid=1983780601.1669291828&_r=1&gtm=2wgb90MLX3JTP&z=1613646430 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://broker-systems.com
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://broker-systems.com
date: Thu, 24 Nov 2022 14:03:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /exp=1669312989~acl=%2Fvimeo-transcode-storage-prod-us-west1-h264-720p%2F01%2F3145%2F18%2F465726082%2F2066354506.mp4~hmac=df765a76304b7a96c5224cc428ae4e774500d6398f3227a9b5aaec00bf678294/vimeo-transcode-storage-prod-us-west1-h264-720p/01/3145/18/465726082/2066354506.mp4 HTTP/1.1 
Host: vod-progressive.akamaized.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-
Referer: https://broker-systems.com/
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.36.76.123
HTTP/1.1 206 Partial Content
Content-Type: video/mp4
                                        
X-GUploader-UploadID: ADPycdvFALOJgFC8lHRE0XZtj_vOO8NMw94V883uDWMJyDi0Z5tzcMZ5sJ_cbHrMp_W3I5t9ZIwCFXUG4i7oN_MZINQBq6BT75Ie
x-goog-generation: 1661020573365224
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 11965965
x-amz-meta-x-goog-reserved-source-generation: 1602068348320686
x-goog-hash: crc32c=hqujiA==, md5=DBrrzNDq44InOGp42cFLAQ==
x-goog-storage-class: COLDLINE
Accept-Ranges: bytes
Server: UploadServer
Aka-c-hit: cache-hit
Last-Modified: Sat, 20 Aug 2022 18:36:13 GMT
ETag: "0c1aebccd0eae38227386a78d9c14b01"
Cache-Control: private, max-age=25918649
Expires: Wed, 20 Sep 2023 13:40:38 GMT
Date: Thu, 24 Nov 2022 14:03:09 GMT
Content-Range: bytes 0-11965964/11965965
Content-Length: 11965965
Connection: keep-alive
AK-REFERENCE-ID: 0.774c2417.1669298589.2f5b905
Akamai-Mon-Iucid-Del: 875210
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Timing-Allow-Origin: *
X-VIM-CACHEBC: EP:H11,E:h
Access-Control-Expose-Headers: Akamai-Edge-IP, X-VIM-CACHEBC, AK-REFERENCE-ID
Akamai-Edge-IP: 23.36.76.123


--- Additional Info ---
Magic:  ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size:   11965965
Md5:    0c1aebccd0eae38227386a78d9c14b01
Sha1:   f05673ace82e6c754989e36334a939d66fadf3c8
Sha256: d945e04c74f6b88360ee453d3183015ed971b3dd55c89de0d36e11e117c0137d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 24 Nov 2022 14:03:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /img.gif?f=sync&partner=eab99f1fc1f1a842a80c0c1f9eaf61c227df092b0e93a22ef50a18b65955d84a&ttl=&rurl=https%3A%2F%2Fbroker-systems.com%2Fcompare-r%2F%3Fadgroupname%3DBS-NO-NO-Robots-DC%26propelleradsid%3D619645791849685389%26country%3DNO%26campaignid%3D6340333%26cost%3D0.006792%26offerType%3Drts%26utm_source%3Dpropellerads%26utm_term%3D3647676%26utm_campaign%3DBS-NO-NO-Robots-DC%26rdk%3Drk1 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/
Cookie: ID=24ba23bdde224919bdef6ec023d7e600
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:10 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=24ba23bdde224919bdef6ec023d7e600; expires=Fri, 24 Nov 2023 14:03:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST /g/collect?v=2&tid=G-Y5BMFENDVB&gtm=2oeb90&_p=2132997881&cid=540807293.1669291827&ul=en-us&sr=1280x1024&_s=1&sid=1669298589&sct=2&seg=0&dl=https%3A%2F%2Fbroker-systems.com%2Fcompare-r%2F%3Fadgroupname%3DBS-NO-NO-Robots-DC%26propelleradsid%3D619645791849685389%26country%3DNO%26campaignid%3D6340333%26cost%3D0.006792%26offerType%3Drts%26utm_source%3Dpropellerads%26utm_term%3D3647676%26utm_campaign%3DBS-NO-NO-Robots-DC%26rdk%3Drk1&dt=broker-systems.com&en=page_view&_ss=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://broker-systems.com
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         216.239.34.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://broker-systems.com
date: Thu, 24 Nov 2022 14:03:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /batch-event-collector HTTP/1.1 
Host: europe-west2-tech-microservices-production.cloudfunctions.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1170
Origin: https://broker-systems.com
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.239.36.54
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
access-control-allow-origin: *
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
function-execution-id: w6i4i8ngan0y
x-powered-by: Express
x-cloud-trace-context: a38c1253a8571ef92d3d18cf107dd973
content-encoding: gzip
date: Thu, 24 Nov 2022 14:03:10 GMT
server: Google Frontend
cache-control: private
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   22
Md5:    7ed7900fc45647ddd2f5e4799f6e3f4e
Sha1:   c599a3e8d0cf90430834cda9a07a4b52dd609a7c
Sha256: a0ce47d8f99c7c1b5988ae1c07711bb0aed25484d8ce3563c3a589f2d7216c2f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 24 Nov 2022 14:03:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /afu.php?zoneid=3647676 HTTP/1.1 
Host: ouhastay.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: text/html; charset=utf8
                                        
server: nginx
date: Thu, 24 Nov 2022 14:03:08 GMT
x-trace-id: a63dbea44a44e4122b6262555983c57e
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://broker-systems.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0e89bceaf0454bb98932abe4b5eeacbe; expires=Fri, 24 Nov 2023 14:03:08 GMT; path=/; secure; SameSite=None oaidts=1669298588; expires=Fri, 24 Nov 2023 14:03:08 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /assets/reg/v2/registration-form.js HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
vary: Accept-Encoding
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8LL%2F9TcNM0GgqIL1CLPhyJJuX4mRNqEXln6Q3wo366HdMe%2FgdzEs0r%2Bx5nS1mu2vvz%2FNSP1Q70DIBUDIlF5xDCSWsAo%2Fc3adGG3D4t5616hqjsdTt9wTeEET7ZkhYIBCz7QPcQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb36dd0fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/2021/06/23/1627034952535-217e2eaa-ce12-41ea-92b9-82e94483661c.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DK4yawxFRvNHG02oB7gGZAkfRPyKp1Sn8Yx6KXo%2BiDATPejzaB0nSataBhrYa2rVwCNuQrQ0eO%2FKnziGsaGLVainlkdRbAjEeevfPeB3om7beX03z6%2Bal2jvJFkEr%2BdbEh7mQ7g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb37ddafab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /i18n/pixel/events.js?sdkid=C8SQEGFV9S6N3MLDFVTG&lib=ttq HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.36.79.34
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
x-tt-logid: 202211241403074A000A02E9737C6D12A6
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf607cba078d74d52c16f2699f9250c555ac2cb770684a0e111c35bd8f81c48ade77a0b477d8c252855f17050d0d5c006af2b39eae8423060d258c34c2f9a9e137c0d633ba3419795b319d62d988465de04a
content-encoding: gzip
x-origin-response-time: 8,104.96.220.68
x-akamai-request-id: 126b569e.49be70e8
expires: Thu, 24 Nov 2022 14:03:07 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 24 Nov 2022 14:03:07 GMT
x-cache: TCP_MISS from a23-36-79-30.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a104-96-220-68.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=103, origin; dur=8, inner; dur=3
x-parent-response-time: 111,23.36.79.30
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/2021/06/26/1627297013883-7dbc897f-02ca-4586-9259-4c23ea49acb5.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1gY3TQq%2F4kFSoX%2FouDrAAdMJAxi4m0nl4hsMFCFZRefuwWKnvxcax%2BL6%2FTGTTzhWoafP%2Fvx9%2FW8%2FO3Ng5LFLBU9t%2BIEMboXpiMdkyayz8AXMQ3j0BM05na0Vaz%2F%2BFRwkWvpobJw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb38dedfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/2021/07/03/1627979101733-6f5c97a5-241b-4c75-a8ad-48f67971041f.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8TbaFn8upUXG93wp64TcKZ%2F6NwbFNYQrnylivo0LultmqKI%2BXEo3HcJSln8ddGS6tlPpaCPX%2BEkWzQgKqtqHfmZYEKYvf7HwuJkDTsNri5GDf%2B%2FwtV972Pkn7vQdVFwHeL59X%2FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb39df5fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /vue@2.6.14/dist/vue.min.js HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.16.125.175
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"16fc7-2o16WfTmzFXqWKvsM++c67m6Z8E"
via: 1.1 fly.io
fly-request-id: 01F7JYERAAW5E3031G1EAGDR8T
cf-cache-status: HIT
age: 14702757
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76f2afb3cf3ab4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/2021/08/08/1631094157993-71e6734e-0583-460e-ad85-f2e9c96f6f65.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:09 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 10:03:40 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 7142
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CU6TunnsdCcGa9tTTX3m7ePNcYrJpArGX5cdK1lnZuwr%2BJJ8%2BVlLNaoYFdsYyOqbFnS%2BRL6EASlXXqOuWBxviMCpd%2F7aYPFjOvAKMIzlaR5xYDgP2XueyJmFCjEJx2Txh0E3DKQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb6e898fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /i18n/pixel/identify.js HTTP/1.1 
Host: analytics.tiktok.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exceptionalphonesecurity.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.36.79.34
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
x-tt-logid: 2022112414030779CD940CDE3C6F572829
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60d4185a6b346662e953db6f9c31425dd9dfa7e1cca8ecb9eabad4de7e0c2f090e349b6728696a50bc4e0c412795cdc75ea52c26fb10ab327bc6845be31323979114e82cf709eb0e6c7bf2919cdfdce67c
content-encoding: gzip
x-origin-response-time: 9,104.112.235.148
x-akamai-request-id: 193ac8f5.49be73a0
expires: Thu, 24 Nov 2022 14:03:07 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 24 Nov 2022 14:03:07 GMT
x-cache: TCP_MISS from a23-36-79-30.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a104-112-235-148.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=102, origin; dur=9, inner; dur=2
x-parent-response-time: 111,23.36.79.30
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/reg/v2/registration.js HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
vary: Accept-Encoding
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:57:31 GMT
cf-cache-status: HIT
age: 333
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z8Q2%2BFSxBoPUe3MdcJ9Z7qCXlvVU9qhlydWR36ksND4Z5Cp4ayYGGQxPa7NajSSW4tEOfoTxbCYNXMYPxOh0K%2FovcPY4ITtDdZJvbz24veQqVQGy6QMsPpNAL%2BffrJmxSxk%2BAr8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb36dcffab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/at/v5/tracking.js HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
vary: Accept-Encoding
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:57:31 GMT
cf-cache-status: HIT
age: 333
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JKTCmLkPvvV5Cr%2BSiDwHui8ytCwSltZyrgMFjeZRJIYgY4l%2B8DdElXUTrUGcOJuLQEilHx4SvZmlz5BePMpqDQJ4gf%2FQeHFn9RcyWlDdKVmL%2FfbSeOFDqty48Kzx7xZeDIvaO1A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb36dd1fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css2?family=Cabin:wght@400;700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 14:03:08 GMT
date: Thu, 24 Nov 2022 14:03:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/2021/06/28/1627484559621-a2880a7f-56da-4ccf-98eb-f1448814c9da.jpg HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:37:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1519
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIcq7e73o%2FHzqHoDuE4pK2KEQdigl1yKnKd%2BYN%2BgYPO3rbP342M3Kotge%2FgcXd3M7us4cBQ%2FDG3MkYr6iVXxkb1EhdEyQNpRh6fQzSpXrhMrgFwEWS1zo2kqH9Oi2mQoTIC5E%2FY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb47e9dfab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1 HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
vary: Accept-Encoding
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
cache-control: private
x-do-orig-status: 200
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=urWwtPXWCwh4q8%2BhRKuzpFBHK2cr2tElVzHnlX0ponoBSScwZ%2ByqvJuNcKortb9x1folmlGsswh7JR0SEITXkg5DRH6Fv4GgfxZ7cwAGqFy47hrfA1unSy1LXyygXxvpymjmZmY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb0fc2cfab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/img/2021/07/03/1627994300561-5bf0b534-f69d-4dab-ba2c-ade842022f0f.png HTTP/1.1 
Host: broker-systems.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://broker-systems.com/compare-r/?adgroupname=BS-NO-NO-Robots-DC&propelleradsid=619645791849685389&country=NO&campaignid=6340333&cost=0.006792&offerType=rts&utm_source=propellerads&utm_term=3647676&utm_campaign=BS-NO-NO-Robots-DC&rdk=rk1
Cookie: _ga_Y5BMFENDVB=GS1.1.1669291827.1.0.1669291834.0.0.0; _ga=GA1.2.540807293.1669291827; _gid=GA1.2.1983780601.1669291828
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.146.119
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 24 Nov 2022 14:03:08 GMT
x-powered-by: Express
access-control-allow-origin: *
x-robots-tag: noindex
cache-control: public, max-age=14400
x-do-app-origin: 5f355662-e6ae-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
last-modified: Thu, 24 Nov 2022 11:57:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ti72Ce5kaoDkDTYnn%2FrDSnw45EO32OGFjlWcpicp%2FaP56TvphAqnVIbn6utFCCerMuff8KM5lMgwqzH7ByEZLtYlRTzK5EZ7li2otZRrRpyRLQclsizioHcZpli1NJp4Y20B04M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f2afb38df0fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---