firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 10 Sep 2022 19:06:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4Gw70LzPUvGeTujGWC-6fEbFIUqHQPhsoOiweXw8_P-B3Rpr3oSpKw==
Age: 2446
petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
54.230.111.111200 OK 30 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
IP 54.230.111.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3561)
Hash a774396d409048f438bb7f4e60efa40f
1ed88fce7891815be868a0524e50a4685476226f
c927921b991884bc96cf6cbc00d14dbeafa9000415c8b58f23110eb53033e4e9
Analyzer Verdict Alert fortinet Phishing
GET /n/27/4/z-nrg/nz/index.html HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:36 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DKf2ayADBGgsGKQkePUIxiBvh2lZZNEd81R8MN_UN3VtHSxvEp-jrA==
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15916
Expires: Sun, 11 Sep 2022 00:12:52 GMT
Date: Sat, 10 Sep 2022 19:47:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3OFkWAj0hrnmXcQg0Rc1uXbk3EC9zy7NWCXswsW7HQ_EC_DV2bJKmQ==
age: 45024
X-Firefox-Spdy: h2
petrol.clientoffer.site/n/27/assets/css/fonts.css
54.230.111.111200 OK 315 B URL HTTP/1.1 petrol.clientoffer.site/n/27/assets/css/fonts.css
IP 54.230.111.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bf204738cc45ba40ddbc1833f7e3fd08
c1cd4d940ed2679bf940e09e5048c914d224cf52
f5e322bbdb5b74a13a08dbe967d05a3554e3547d48aa1789663d677056921ad8
GET /n/27/assets/css/fonts.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RYn3kPNsnzWLc15IDSDFTC56cA4TJwXcPMvekXzuMafAHMb4JkdhLg==
Age: 7103
petrol.clientoffer.site/n/27/4/z-nrg/nz/js/teaser_nojquery.js
54.230.111.111200 OK 1.0 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/js/teaser_nojquery.js
IP 54.230.111.111:0
Hash d4965532d96c2523a7153f3c1fefc466
2ae12831b5515dd10bfb7796f05228ef926d0d55
bc28164cfaffb986af6d84738442b09e72460c7fdd664bad4998f138202e7d99
Analyzer Verdict Alert fortinet Phishing
GET /n/27/4/z-nrg/nz/js/teaser_nojquery.js HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:36 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: W/"6319fc5a-e9c"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TTpHLZXLJVWca-pAjV9WDnvGfeE4i6S4NELkeykQVtPBdPChkyPvuA==
petrol.clientoffer.site/ssi/elements/base/comments/fbcom.js
54.230.111.111200 OK 362 B URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/fbcom.js
IP 54.230.111.111:0
Hash d91c65ab07c7b659532f735bc3266d35
e04379a0f107ef0639cfb9bb85448e091d4242b4
36bec173b109104f5817846a3d09bcdb07bf1c0c85c8ad6be8577861258a0b90
Analyzer Verdict Alert fortinet Phishing
GET /ssi/elements/base/comments/fbcom.js HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 09:11:43 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: W/"6319fc60-4de"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: v9p0CBkjqw9vfBt0Ti_0wprEwceKNptNY6s4m4d2ovhvyyMMbuhMjg==
Age: 38153
petrol.clientoffer.site/ssi/elements/base/comments/style.css
54.230.111.111200 OK 1.7 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/style.css
IP 54.230.111.111:0
Hash 1f14b0dc783b90b3a4672ba45c020c57
49bd8230d2047d677dc7b746695efffd23bcdd43
9f168782e37ac234116d557ef63adfce470784b9349459e7e8fd6e8929e11b28
GET /ssi/elements/base/comments/style.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: W/"6319fc60-14cc"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jM87vBeFdkzPQm9gXmzjlBTajJ18jdklQkI6gtL213baKYydmqYbTQ==
Age: 7103
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 19:47:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
petrol.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
54.230.111.111200 OK 828 B URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
IP 54.230.111.111:0
Hash ee995f01cddcc3b3c717067caec705c3
088cec3db9935a70070a50b5db5e41eccff6520c
e75f19dace54b1fd8e08a5743d9ee3413be9aadc8b9df423e6db0875075487b1
GET /ssi/elements/base/comments/fbcoms.min.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 828
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-33c"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8NL7Xn-PrLF09XBGi1X8Amb8NLE5eKJZAtzja-qu5bvSLGSAoSj6Ig==
Age: 7103
petrol.clientoffer.site/n/27/4/z-nrg/nz/css/main.css
54.230.111.111200 OK 6.1 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/css/main.css
IP 54.230.111.111:0
Hash 8f819033e7daaba5a798e4e86c2373fb
b7bd509587d8501091ef2e0174cab9b757ed8e40
d5bb017dfff71ba112b67f7ad928da0e7132f3d74cb03487c32b1dda080abc22
GET /n/27/4/z-nrg/nz/css/main.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:36 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: W/"6319fc5a-898b"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1hCHBglF8SvRbX62xDKmiXOCGr-cNgm-Zxm6TzhXSC7zfIcYElG7zA==
petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
54.230.111.111200 OK 2.8 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
IP 54.230.111.111:0
Hash afd6e51a05094d6370f2040125c3ac71
853c8a9dfff2114cdb27f739a99a91317b3a7969
7d812ee50b3250e3e30040f81ab97983be4f46d21ce722e19a770cb9d7453368
GET /n/27/4/z-nrg/nz/css/style.min.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:36 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: W/"6319fc5a-34a2"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UwbmZhd9ebv1koXbdvp4BMopdw3-ErHwtcGGUCs7LK8Vr4G7MldWWQ==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65deebab57142db522e6c874673bdd9f
bfd022181afaec5035f868ccd05fac58113f81dc
7470143c8bd79f00190a3766ebaa9c632d0aa47693fc4c146f097873865da327
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:47:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
petrol.clientoffer.site/n/27/4/z-nrg/nz/css/normalize.css
54.230.111.111200 OK 897 B URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/css/normalize.css
IP 54.230.111.111:0
File type ASCII text, with very long lines (1880)
Hash 8ca792972dc5202bd0a1ffd73769645f
d24a12992541a21bd6552ef17184ff6951c6e9cf
e7507a2706c28513cc4fc8a05c85ae7eea9e2a5937c2fcfd7a2e75b59390d605
GET /n/27/4/z-nrg/nz/css/normalize.css HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: W/"6319fc5a-75b"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -t5yEY9c1lUkEqnI8JOW-msJt1hr7oXCJCJMiSMvXnhRgXBRL13qNQ==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f1fa8224847ea7d9b4dc8e598fae4142
cb703a2944e58d97dd48a7e56ee9f4510ced78b4
920094aad2886535e2ba9e38d4731f63fbde93038d92b38f0030b0a0f47c2ac8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:47:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
petrol.clientoffer.site/ssi/elements/base/check.png
54.230.111.111200 OK 348 B URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/check.png
IP 54.230.111.111:0
File type PNG image data, 35 x 35, 8-bit colormap, non-interlaced\012- data
Hash 1aecb247e31cfe8ecdf4c1a30fd32799
8ca486751ab6c31c1acaa7868ee26f7d5dd98f83
9f15d5a161e11ec46c3474002d4ae27144633b19413b3ad8608ce11eefb810ad
GET /ssi/elements/base/check.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 348
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 00:35:37 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-15c"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Fohh1aMwpO_8kXV9_AXPHMF9uU7eEuiNg6SQjuCez2ifACkRmPeM8Q==
Age: 69120
petrol.clientoffer.site/ssi/elements/base/comments/guyiphone.jpg
54.230.111.111200 OK 137 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/guyiphone.jpg
IP 54.230.111.111:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=720, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], progressive, precision 8, 960x720, components 3\012- data
Size 137 kB (136915 bytes)
Hash dd8774375e394460704d201cc9183468
9b17b330fae8a45162e594f1e6e20668079f75f6
7537819dfcae5087f73030b210f9ecb6e9561593e656162973c214af01bbf492
GET /ssi/elements/base/comments/guyiphone.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 136915
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-216d3"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: P8df2YX8_Hahubyc-iKR1hhSw5x9nZIPqxMlaKyLKCrSFErIpSRFBQ==
Age: 7104
petrol.clientoffer.site/assets/img/logo/qzt_white.png
54.230.111.111200 OK 5.2 kB URL HTTP/1.1 petrol.clientoffer.site/assets/img/logo/qzt_white.png
IP 54.230.111.111:0
File type PNG image data, 132 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash bb16bbfca8cdaa042353a79845eeba47
d9bd97b057f4434ecf041129ab978ecf2bec51ce
1639d12a6a23397077fe402a82cad1f71e15e811d621bc235f60a65960d38869
GET /assets/img/logo/qzt_white.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5187
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:07 GMT
ETag: "6319fc33-1443"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MtM1IsnQRX_QsXFio5HZnXJyyVJ_jmE8vT8Z87efoVlGp7AS5_bW6g==
Age: 7104
petrol.clientoffer.site/ssi/elements/base/comments/comment5.jpg
54.230.111.111200 OK 1.6 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment5.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash e1e1c4d1673d0daca69e4d04bcffe826
22a7bafb65fc73960b19cbaa172d76a2c72892cf
de8bfe8399e33d61c93d69aa93632a5bbfc49600d8b9a9a970278141bcaf11b2
GET /ssi/elements/base/comments/comment5.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1589
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-635"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rooxBcdGb86ad7QU2Q55oOl7UufYsCf_6BsW3PyevupMhSreFDYJ3w==
Age: 7104
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/prize.png
54.230.111.111200 OK 40 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/prize.png
IP 54.230.111.111:0
File type PNG image data, 580 x 467, 8-bit colormap, non-interlaced\012- data
Hash f2b6d454f92f248528d54a971ea87da4
04cf3e461b51f0741d3107d70c6777ac1333179d
7327772edf543458a21a64e0e274a440a446e0286b8f18ce3d9026f222d61370
GET /n/27/4/z-nrg/nz/images/prize.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 39753
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: "6319fc5a-9b49"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: P_P42XFfyTr9_HFrmEMybkrUZJ4HD-fDRGGGXDTB9oSEuvuOhw_OCA==
petrol.clientoffer.site/ssi/elements/base/comments/comment1.jpg
54.230.111.111200 OK 1.4 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment1.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 8a7c43a73eddd2e9ece5f84986c8d38a
4ee82a68568735d8d55cd23573a02a27e250766a
701f4a6b59464cd1c4d3d5a4a3a03b7b325e9e05e5c40b895857e9a53b24172f
GET /ssi/elements/base/comments/comment1.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-57d"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aef5eYxpD4EZ6Arqqf7YfgQJ9yIl3U_jM3RktoTCbHMM_1dpM_k_8Q==
Age: 7104
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 27a57201d42e04192c5eedc979790ab0
8e26ba73cb4a33a31811a59670071c4f0208dfc1
1de67f175d7f8e3e1bef358be58b5255544d3566f6b17528d23109009a0e60c9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 10 Sep 2022 19:47:37 GMT
Server: ECS (dcb/7F38)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aUab6KFd98VzdAMp73-1lJ8LeE4bpUCy8xZUjUOBTLrDXO7TsweQGA==
st.formulead.com/assets/img/spinner/double-ring.gif
54.230.111.9200 OK 93 kB URL HTTP/2 st.formulead.com/assets/img/spinner/double-ring.gif
IP 54.230.111.9:0
File type GIF image data, version 89a, 256 x 256\012- data
Hash 2f2ad9512c7ad4ea794d3a5d6adbd69e
76c48ce3db2dca18e28b2648ef34e7735f294772
7d77afe35414413c958c359b06daa7dad9c2a385d116e5870aafb772261cdd98
GET /assets/img/spinner/double-ring.gif HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 92622
server: nginx/1.19.0
date: Sat, 10 Sep 2022 02:44:34 GMT
last-modified: Tue, 06 Sep 2022 10:21:18 GMT
etag: "63171f1e-169ce"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bLoq8KJAnQNMg5asIHrkvx7PrEcY5cF4PxsLjTrzr-SSBVYRALCwYQ==
age: 61383
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a288c679d8c14008a2534241a97c2216
1a95d09aa0e4b01321fbcaacae29f469fb313e5c
1e74e164230174674009983363fc950dce492aad271c3cf220002cb1f58fbe8c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E74E164230174674009983363FC950DCE492AAD271C3CF220002CB1F58FBE8C"
Last-Modified: Thu, 08 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3081
Expires: Sat, 10 Sep 2022 20:38:58 GMT
Date: Sat, 10 Sep 2022 19:47:37 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 27a57201d42e04192c5eedc979790ab0
8e26ba73cb4a33a31811a59670071c4f0208dfc1
1de67f175d7f8e3e1bef358be58b5255544d3566f6b17528d23109009a0e60c9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 10 Sep 2022 19:47:37 GMT
Server: ECS (dcb/7F3A)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: smxZYn8MjSuxFFeyKBeNbL20vVkp9VTot4d3MBGXiVlYb-LZcJLsiw==
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 10 Sep 2022 18:56:07 GMT
Cache-Control: max-age=3600
Expires: Sat, 10 Sep 2022 19:10:55 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dTpCHROUPMmKjbAk0uo-tlUqWkKq_tX6HLsogT26fWNkFVBwK96S4g==
Age: 3090
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a288c679d8c14008a2534241a97c2216
1a95d09aa0e4b01321fbcaacae29f469fb313e5c
1e74e164230174674009983363fc950dce492aad271c3cf220002cb1f58fbe8c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E74E164230174674009983363FC950DCE492AAD271C3CF220002CB1F58FBE8C"
Last-Modified: Thu, 08 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15693
Expires: Sun, 11 Sep 2022 00:09:10 GMT
Date: Sat, 10 Sep 2022 19:47:37 GMT
Connection: keep-alive
cdn.formulead.com/v/country
34.78.252.25200 OK 51 B URL HTTP/1.1 cdn.formulead.com/v/country
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 91440c116c92d75cfc02cd72bd060a82
591d3adc1d1d80e012b0dd0214df1f0438ae37f5
1b35c679adcfb2f8fbf92afcaf9f7a741f3c6273503a54b6c55448e1b2807c80
GET /v/country HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 51
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"33-WR063B0dgOASsN0CFN8fBDiuN/U"
set-cookie: qst.sid=s%3A6CVHrLKZ8vkt6RLfwrZdkjB3fMTCxZJj.vwf4N4jWH6bJBy3cu0T0uimy10FKG8GfnSIlZAi8IL0; Path=/; HttpOnly
Vary: Accept-Encoding
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 36fe04277220227ba5ecfe7d2ff1d9d9
2eb9f6560336248cc45c1cd66d87505b5ebdf5d4
94f8f2f8f3b67db18825ea48740ff0ce218d7156fe851d6b023ef43b6bee4f7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3639
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:47:37 GMT
Last-Modified: Sat, 10 Sep 2022 18:46:58 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
cdn.formulead.com/css/main.min.css
34.78.252.25200 OK 94 kB URL HTTP/1.1 cdn.formulead.com/css/main.min.css
IP 34.78.252.25:0
File type ASCII text, with very long lines (65518)
Hash 696d60deadf94d2655e0849094fab2fb
c38ea3c192a0ade3cd5999e9ffe846524ea0c383
b37ed1d3763b12d7f7282c0e4034715d8016d206a498d70f1a377e56e02bee02
GET /css/main.min.css HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Wed, 07 Sep 2022 12:37:11 GMT
ETag: W/"b15a1-18317f450d8"
Vary: Accept-Encoding
Content-Encoding: gzip
petrol.clientoffer.site/ssi/elements/base/comments/guy4.jpg
54.230.111.111200 OK 1.7 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/guy4.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b5170ef71e82c3b9dd3cb0de6b06d36d
c36c6365a983ce3e211817f3edb0260e500b87af
207761ada2128a5b781713077cf76116149b47ba3222c3b6cf88e99dd58857ec
GET /ssi/elements/base/comments/guy4.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1728
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-6c0"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IC-fc9eT3ROMCF78qFII0r8AXpFKECayuzOkJHply08FU-4X5luskw==
Age: 7104
petrol.clientoffer.site/ssi/elements/base/comments/like.png
54.230.111.111200 OK 532 B URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/like.png
IP 54.230.111.111:0
File type PNG image data, 15 x 14, 8-bit colormap, non-interlaced\012- data
Hash ff41d4d4197e3de85a1e23a8e0052229
ae524f976c87dff8e73869f1b41cbf49836f56ef
8759cc524e5fc84eed43ac2b300f9c9af83629f464a6eac33805e1bf1866cd6d
GET /ssi/elements/base/comments/like.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 532
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-214"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jqn6uCP9jnRjB-I5M6dtYT4W3RV5CQhs2pZzzU4WohhbyWAWNDFHeA==
Age: 7104
petrol.clientoffer.site/ssi/elements/base/comments/girl5.jpg
54.230.111.111200 OK 1.4 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/girl5.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b3aba087230e9009ab500a2c3cd32f67
180ba2ba0f3a41dc96c3d4266db37d96adc0b248
e9e064bbaab7738127c4966595fb2dadfe872941f64e0c04e60914c074e66f82
GET /ssi/elements/base/comments/girl5.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1412
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-584"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OCkdNfA1S5HVa8ykwEEGM_zu6MCTUp7OrAwEaHrYabAPaT_z-zJ5og==
Age: 7104
petrol.clientoffer.site/ssi/elements/base/comments/comment6.jpg
54.230.111.111200 OK 1.6 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment6.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 1547bb14a090e26493220e1ac226c956
1f6a7c79b3b167810acf4cf0ee291b08ec9f019b
3f39d61ca486889335b7d2327da4d0c5fa5f5631899a7f020ff7992b40eed55f
GET /ssi/elements/base/comments/comment6.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1631
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-65f"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bh7vIfOCfq3QdigZWXC0MbFI-oOjubVJZ5bHDLa6mhzGlB7rzs3sbw==
Age: 7104
petrol.clientoffer.site/ssi/elements/base/comments/comment4.jpg
54.230.111.111200 OK 1.3 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment4.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash d1f670b5035713dd517347062a64512e
d5981f937557e33953188bfb65399cf2c2385e5f
5ebcec7153928cb12479835071596036b6bf204d5f015f58b7f0687a1e806b97
GET /ssi/elements/base/comments/comment4.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1307
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-51b"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: T_BcpGWWM4cl26LCFGcIt69l1Nm5lV17idjfhqCn2DxQwf_-N3YyUQ==
Age: 7104
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/header-wap.png
54.230.111.111200 OK 9.8 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/header-wap.png
IP 54.230.111.111:0
File type PNG image data, 760 x 150, 8-bit colormap, non-interlaced\012- data
Hash df3c81f55d34d489ab9fa5d39ff769ef
918eec50fae0e32aab3f46ca97265c2d655ed204
c78fd29b18025b93264c63e858dc316ddefd580f93f5c14c9e251640ed0701b0
GET /n/27/4/z-nrg/nz/images/header-wap.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 9783
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: "6319fc5a-2637"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GyDjfOb5WTdM5mckogtXb82cAd_vQNb7gAer_iNonhwHoEuGoLiHZg==
petrol.clientoffer.site/ssi/elements/base/comments/rev1-a.jpg
54.230.111.111200 OK 1.7 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/rev1-a.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash db2bd208a83dd1e61d8c5eb29d17fc5e
e0bd1558f696d871213fb6e7366bb737c9a7dfdf
247aa5d457438d0701a6985631b571826d33a719e0c1b38535ea1e9c023f91e9
GET /ssi/elements/base/comments/rev1-a.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1683
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-693"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: K5OPnfaZfY6CMXzIaPY957OUg2TPD6201Xt7XsjS9WaOxa4_m1v9sw==
Age: 7104
petrol.clientoffer.site/ssi/elements/base/comments/comment8.jpg
54.230.111.111200 OK 1.2 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment8.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 4bc4bb8a43aea3578af4a4cffc1ea983
276c96f4d6d1bdf03381d33c92323ca71e795aae
490adcb33271e416d05908764cad72e1f8b6571d0d8b77998633e675c975e344
GET /ssi/elements/base/comments/comment8.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1160
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-488"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fS6kSKVV9F4p2FNs_O1nhMiOOisjlfyftHH8iXj_22GiFNQqZ3FtNQ==
Age: 7104
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/header.png
54.230.111.111200 OK 13 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/header.png
IP 54.230.111.111:0
File type PNG image data, 1068 x 178, 8-bit colormap, non-interlaced\012- data
Hash ec0b67242eed8bf79b31d028e3f0174c
b7e6c512255c731195c438ade832be4d4c90b6c1
48f16603213ce18c16841925bcfca4a3e9b8554120baec72e613bef6b316513b
GET /n/27/4/z-nrg/nz/images/header.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12989
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: "6319fc5a-32bd"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rzay9vn4T8nRYppp7Q14S1odgaP68Q-4d2Ti4FQKDtmVvhjHtoBrog==
petrol.clientoffer.site/ssi/elements/base/comments/comment10.jpg
54.230.111.111200 OK 1.4 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment10.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 733b1af1054c6b374e7a2e283c0488c3
1f98a33203a064b43b101966e5b5c439d65b1d18
48771158b0cefed12d509da968dc6ad98fed75d6317982854f012d68bb6b7755
GET /ssi/elements/base/comments/comment10.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1383
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-567"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dW2JmXzoRCUcbIgNSd9Ll8RribWu1QrLb8BW7dpY8QZdpQZsjtDAEg==
Age: 7104
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/prizemob.png
54.230.111.111200 OK 35 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/prizemob.png
IP 54.230.111.111:0
File type PNG image data, 550 x 332, 8-bit colormap, non-interlaced\012- data
Hash a839b323a69826aeee7b1fe51648523e
965614880dd22b1d67553be114119e34e51ee00d
8c43f8327a942bac45f5c6796d45862b358ba348baeee2550ed43271afc75cb8
GET /n/27/4/z-nrg/nz/images/prizemob.png HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 34930
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: "6319fc5a-8872"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1c416ZaHJ2nj_uCw00NM7Cz-RdVu3XsAUQRW1DF5wnSe0KIQLGLZJQ==
petrol.clientoffer.site/ssi/elements/base/comments/comment7.jpg
54.230.111.111200 OK 1.5 kB URL HTTP/1.1 petrol.clientoffer.site/ssi/elements/base/comments/comment7.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 13e3863ddf9ec66e74794a43955a82aa
176abd806ea55961d5f035d0589861864752eaa5
a98374e6ddf8e424cf2e60899912358531a04e42f74943f717730dc8349fe096
GET /ssi/elements/base/comments/comment7.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1461
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 17:49:13 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:52 GMT
ETag: "6319fc60-5b5"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aboaVmn66_FGjr33dmJ3l4XDu2mwnNtgdqLsfrqgM1xlVXLVs9hpPQ==
Age: 7104
petrol.clientoffer.site/n/27/4/z-nrg/nz/images/background.jpg
54.230.111.111200 OK 55 kB URL HTTP/1.1 petrol.clientoffer.site/n/27/4/z-nrg/nz/images/background.jpg
IP 54.230.111.111:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1917x1281, components 3\012- data
Hash 8dabef81a4a058c58a9ff386f49eb94e
0f1b35a1cbdd705723326ec27d1f073455679b06
e3fea1416be38ef2f551365401ee86538463b99438c98ae09ec44f0be8f737ec
GET /n/27/4/z-nrg/nz/images/background.jpg HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 55300
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:46 GMT
ETag: "6319fc5a-d804"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5fu4w9ViSnio4jo5QVMXAfADFaloHrVnnAbIeA9jYx7CyhYntJ3DkQ==
push.services.mozilla.com/
54.148.17.90101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.17.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9beQMuZt30iZjR6cnEBhcQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: l26EYwoGCh2aW3NHZcWTU55FBwU=
cdn.formulead.com/fonts/Roboto-Bold.ttf
34.78.252.25200 OK 170 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Bold.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size 170 kB (170348 bytes)
Hash e07df86cef2e721115583d61d1fb68a6
3dd713113ff2d79b94d2df343e2e28fa8e7279cf
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a
GET /fonts/Roboto-Bold.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Content-Type: font/ttf
Content-Length: 170348
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Wed, 07 Sep 2022 12:37:11 GMT
ETag: W/"2996c-18317f450d8"
cdn.formulead.com/fonts/Roboto-Regular.ttf
34.78.252.25200 OK 171 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Regular.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Size 171 kB (171272 bytes)
Hash 11eabca2251325cfc5589c9c6fb57b46
096c9245b6a192d1403a82848e104a65f578a8ec
017c0be9aaa6d0359737e1fa762ad304c0e0107927faff5a6c1f415c7f5244ed
GET /fonts/Roboto-Regular.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:37 GMT
Content-Type: font/ttf
Content-Length: 171272
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Wed, 07 Sep 2022 12:37:11 GMT
ETag: W/"29d08-18317f450d8"
petrol.clientoffer.site/favicon.ico
54.230.111.111200 OK 1.2 kB URL HTTP/1.1 petrol.clientoffer.site/favicon.ico
IP 54.230.111.111:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 2b41416e68dcc31606e749cc9da0e7e4
7801b077f31134407e429aa5d3cfd65ed2197e59
934e627d59f1a7b1d98df885aa0d09603b4027b25d29e5ddeaadd15fdd318c6b
GET /favicon.ico HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/index.html
HTTP/1.1 200 OK
Content-Type: image/x-icon
Content-Length: 1150
Connection: keep-alive
Server: nginx/1.19.0
Last-Modified: Thu, 08 Sep 2022 14:29:18 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Date: Sat, 10 Sep 2022 14:28:51 GMT
ETag: "6319fc3e-47e"
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RyOh4Lco8JQg03jGYcuKt9Nl6Lav94Fu_UOzbiNbMEphk24eFW9XIQ==
Age: 19127
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10719
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:47:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10719
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:47:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10719
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:47:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10719
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:47:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10719
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:47:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e8f11aeba65478b039cfb4100aa23435
88db17a82ea0207ccb4826c2961875c5106b427a
6f6ec5922ec54d824e7f933de87608c5a763da119ae9461d99c6525649b1a9af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8676
x-amzn-requestid: 64a58aa8-8321-4c91-98fe-dbf97996c513
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNiuZEjnIAMFRFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb18f-77b635593b202d7d3cd0ac84;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: VWwNSpFvcDq3nrn91QvYjrJX5hLjp96vrKgZzR-pOdrdHx7MlcagGQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d1d67b07408bba8c682597d8303642e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:13:43 GMT
age: 77636
etag: "88db17a82ea0207ccb4826c2961875c5106b427a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d21a3e07583d9fad4104b6457f7915e7
fdc9453562f993e2545ca99731a7741e748b6082
8ea38264c82c6b544447079cc92eae70d0968a070ba39022af0e18c498916338
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8266
x-amzn-requestid: 3411ec4b-ac18-4b4e-8876-c99b94d3a4a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNitWEjhIAMFWpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb188-4d9e496e7ff141b46748d850;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: vyV1_onImxuLNGp4UI1W5grcuVW3LHJFJjvmO0VXU-OYorF6RVcoDw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:50:11 GMT
age: 79048
etag: "fdc9453562f993e2545ca99731a7741e748b6082"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15249f3dafdd1690bc87ebb4fa6d518d
f930fcb22325e28592bc39b0b1974f5197c19afd
a0b9e88c78e85a037363e0b0e4e03478718f8715fe69e72bfd159922eca28301
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6c7c5434-1873-4130-a7ce-78209ce54bf0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10950
x-amzn-requestid: 435fc2f4-fbcb-4eec-81d8-a23154dcec61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YFUwZEfvIAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63186802-2348a4000430702d4e9ea132;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 09:44:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ORlM8dFTc_iThvJghFakY86D3ToJ5TCmP8Ip2PcvXCCkSKKHpWQ0Zw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:12:29 GMT
age: 77710
etag: "f930fcb22325e28592bc39b0b1974f5197c19afd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ade70e6dbcfb3ca1765f95112671e69
3768753be084c0e0fc268be5b192d02d769114b6
9670a3bf2476ba193cfeb3153c1254bdcfc980a28503dda0d9b398a3a59f53f4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: 720a4111-91de-4672-88c8-f40db517c07d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHsjRE13oAMFbCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63195ae1-288f1f5456bf4d146dcf774c;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 03:00:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HwwG0Hjf8uZn1AtbLU_wKs3w9lict3tRP31XQY6tIxDz9KDNaBMAqw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 04:00:05 GMT
age: 56854
etag: "3768753be084c0e0fc268be5b192d02d769114b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 71bafbee3867c04c3712ff98a123d52c
ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf
58ff1700e0b125caefb73719e2b3d734b2fbcc5ed1aabe5a11bb73b43edab831
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4477
x-amzn-requestid: bbdca46e-5628-4faf-a0fe-ea1b5b39ac2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjzaHrIoAMF-iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb348-567e946e7cf77f2e11c17c97;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:42:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: a0AyKhmYA7WPwciU2nTXwyChZV_riw1QsqI_giBIcdZhi3Nz4jM0Sw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:59:11 GMT
age: 78508
etag: "ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4e8861b-4d5e-4f2e-8b1c-e85d23f02c52.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4e8861b-4d5e-4f2e-8b1c-e85d23f02c52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2b83fa95ed30533299bc754adaced672
27eda8377e1c00c53fb66b4e2fa4f0dd6c7020af
bc59e5ba6abafd8e7b10d6f8ae2269cbf739a4b28f9cbbf3adfc29a9195e6985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4e8861b-4d5e-4f2e-8b1c-e85d23f02c52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8626
x-amzn-requestid: af5e61ab-4f7b-4b03-8413-5d750b17e0df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLj9TH7vIAMFVMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ae6bb-309144fb6e02564c4fcdb966;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 07:09:47 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 3gzR4efCGz9QsLoxAMuTUgBAwEc5WdyHBhw_wRPGmfnS9SWm-0vE7w==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 07:27:32 GMT
age: 44407
etag: "27eda8377e1c00c53fb66b4e2fa4f0dd6c7020af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/p.js
34.78.252.25200 OK 426 kB URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/p.js
IP 34.78.252.25:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 426 kB (426090 bytes)
Hash b320f6d5b324e5fb9021612750ec2ae9
bdb4a0960f2dfd8a610990678b3535bcb183a6ce
632df31e644f9eb7a2260ce80cabb4b951f3dfe22a79ea60d461dfd41bdaeecc
GET /p/5bbb0ba263dcf80100a2e07f/p.js HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:38 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
set-cookie: lid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
plc=5bbb0ba263dcf80100a2e07f; Path=/; Expires=Mon, 09 Sep 2024 19:47:37 GMT; Secure; SameSite=None
qst.sid=s%3AKvcsoFQZosNfCiZywn8Q5p92gsKsyNzd.kySRhjUlc6xB1YzEZKkuuOtB%2B7LiFlxd1p9sD3BBZBo; Path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e66743a6c60c1181d7f47c7f748ddfa3
97e333fac41fce213aeda4a42c79b0c5077e26c0
498cbdcbc5fed75df7e4974b21f3be66580dd169b8c82e76c69a823567e27ab6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:47:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:41 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
142.250.74.164200 OK 587 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 7bb8b9e9206d72fb867af3a8dcbb59ca
d87ebdddcfa24b6a4c6d9e3a16381a88d831b23e
003e1cc0026f95188cdda4cb979c7f5eccad006a909900514bda7f45812301dc
GET /recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu- HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 10 Sep 2022 19:47:41 GMT
date: Sat, 10 Sep 2022 19:47:41 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 587
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 90af7f9fc306540e02535db3d00dca64
9e05b003b35ed57277b6b295adde93add7c41b0b
64abd990305ef3f25ffb3fb2ccae04b76e178375752ecb2020411df8f7974fcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:47:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial
34.78.252.25200 OK 4.3 kB URL HTTP/1.1 cdn.formulead.com/p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (18304), with no line terminators
Hash b36c725f7b9295248f3e0b8d8d98cf7b
942b643e5c371736b4af198f01960c899a129afc
335d74191b30442e2ebc5447a12ebbab9cef5720a1d484eb8dcb41a5c30accb9
GET /p/5bbb0ba263dcf80100a2e07f/feed?sc_domain=petrol.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=5bbb0ba263dcf80100a2e07f&qb_offer_id=5e1f1fd6db04380100ede242&qb_flow_id=5e1f1fd6db04380100ede242&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NZ&ql_session_id=KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&sc_campaign_page=index.html&sc_campaign_path=%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2F&sc_campaign_domain=http%3A%2F%2Fpetrol.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd.kySRhjUlc6xB1YzEZKkuuOtB+7LiFlxd1p9sD3BBZBo
X-Request-Id: a21a1cd434d5d28de81e47e2
X-iivmxswc: 7090ea3cb34e38094bab27ab5a64ce28d4a1890ca75a44bc7f414fa7cd7c31bc
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:41 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: stp=1; Path=/; Expires=Mon, 09 Sep 2024 19:47:41 GMT; Secure; SameSite=None
ck_tsp=2022-09-10T19%3A47%3A41.326Z; Path=/; Expires=Mon, 09 Sep 2024 19:47:41 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Mon, 09 Sep 2024 19:47:41 GMT; Secure; SameSite=None
ETag: W/"4848-Rbo29EAVmEMQSeXdLb37U4FZCk0"
Vary: Accept-Encoding
Content-Encoding: gzip
petrol.clientoffer.site/n/assets/fonts/myriad-pro/MyriadPro-Regular.woff
54.230.111.111200 OK 52 kB URL HTTP/1.1 petrol.clientoffer.site/n/assets/fonts/myriad-pro/MyriadPro-Regular.woff
IP 54.230.111.111:0
File type Web Open Font Format, CFF, length 51572, version 0.0\012- data
Hash 6a324f29ef3efabd2176f8b697ad71ed
dd696f0c713eb491c6e16bec9fda63f3f23999ba
6d64c461708b8f11e06451c96779d22fc2b8de582214c77493ecc57c32ede06e
Analyzer Verdict Alert fortinet Phishing
GET /n/assets/fonts/myriad-pro/MyriadPro-Regular.woff HTTP/1.1
Host: petrol.clientoffer.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://petrol.clientoffer.site/n/27/4/z-nrg/nz/css/style.min.css
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 51572
Connection: keep-alive
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:41 GMT
Last-Modified: Thu, 08 Sep 2022 14:29:47 GMT
ETag: "6319fc5b-c974"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: eAAR-HkVU6kGqiBqs8Sb4Ep8ESX48lZ40ON5pltEHNvz2Xpc0_69HQ==
st.formulead.com/assets/js/dl_modified.js
54.230.111.9200 OK 1.2 kB URL HTTP/2 st.formulead.com/assets/js/dl_modified.js
IP 54.230.111.9:0
Hash bc9d4fc6c0a4f587ba38b6a06db4af6f
179a73375a2c4932381962b9726b9bf7a0feb684
ec3130e52a3a61af08c551eee2b99b236296436ff36a3577d41187a34f993434
GET /assets/js/dl_modified.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Tue, 06 Sep 2022 10:21:18 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 09 Sep 2022 23:27:52 GMT
etag: W/"63171f1e-132f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pqeSL8YtcI8k7QJKcsI27jDRvRTSSRoFy9rKnnu3TIqE3zSVsmeOWQ==
age: 73189
X-Firefox-Spdy: h2
cdn.formulead.com/vl/ql/?qb_country=NZ&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&aff_offer_id=1&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/vl/ql/?qb_country=NZ&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&aff_offer_id=1&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /vl/ql/?qb_country=NZ&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&aff_offer_id=1&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-flow-id,x-lead-id,x-offer-id,x-ofvuinwk,x-placement-id,x-session-id,x-zqhkygow
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:41 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 88 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 9e040edd17bb2e1b8595c5bca9c3781a
cb57e3f304d455c0b252e6a05bc0e55814c8c553
56c21491b74b93d01b73e9f45bde0ad2c392e0b4afbe710b7c324c7c090178e0
GET /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2022-09-10T19%3A47%3A41.326Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:41 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 88
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"58-y1fj8wTUVcCyUuagW8DlWBTIxVM"
set-cookie: qst.sid=s%3AFMA9P8d6o9ky9u4JmI3f367-E17hUj5j.o69jti3lfvEbdFxcBCu4qsjGbBpxPh4zW0nE%2FudLnWw; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/t/errors
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/t/errors
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/errors HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:42 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/fingerprint-cache?vl_fp=293c4ae45796181754e835201e3b50fc&vl_fp_cljs=803716228
34.78.252.25200 OK 110 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=293c4ae45796181754e835201e3b50fc&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash bad7f8dd7c7e0222df76f8164f37d7f0
e6f37c1e21f83b5e26660d2beee029c5fdfdf447
c167a02d8d16558f88713a894be5587558e1876b822e73e1a9eef21815bd233f
GET /v/fingerprint-cache?vl_fp=293c4ae45796181754e835201e3b50fc&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2022-09-10T19%3A47%3A41.326Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 110
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"6e-5vN8HiH4O14mZg0r7uApxf399Ec"
set-cookie: qst.sid=s%3ArxAzZSekEljMb4u-wD5OIlWuUd6Xj_FD.J997aEuN83lJ%2BNHZUiUzDzy7mrffQklBq5xhB421kz0; Path=/; HttpOnly
Vary: Accept-Encoding
trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=petrol.clientoffer.site
104.21.23.37200 OK 2.2 kB URL HTTP/2 trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=petrol.clientoffer.site
IP 104.21.23.37:0
File type ASCII text, with very long lines (6943)
Hash 97c5c54048da8e94195b23dc5d05c8b8
9a74271a65e25e9410aa1a117c4faf36a19b7099
aa01a5b5631b5bc9c7e2a0881a6117b752ba35cb8774969d5f9f9ba21d4f6f1b
GET /scripts/push/script/z75dnkdk4q?url=petrol.clientoffer.site HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:47:42 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=daP9idozi7i01gQP4mAbgJHW29tn3Ca0zeXF%2BuNKffLLPb0w3Ce7pUCytpHd4Xe7SXiv4EMywe93u52WLESGD65dzgMv5ZaD4IMeUH3aGM5DBBHtWmJLP1mdj0OGee6OWxlf1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748aad4a3d82b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.formulead.com/t/errors
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/t/errors
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/errors HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd.kySRhjUlc6xB1YzEZKkuuOtB+7LiFlxd1p9sD3BBZBo
Content-Type: application/json
Content-Length: 153
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
event.trk-consulatu.com/register/event_log/zqd2ojv4ek
104.21.23.37200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/zqd2ojv4ek
IP 104.21.23.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/zqd2ojv4ek HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://petrol.clientoffer.site/
Content-type: application/json
Origin: http://petrol.clientoffer.site
Content-Length: 103
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:47:42 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: http://petrol.clientoffer.site
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qxn5osqAJ2PrrEFR4T1L7NV9RQuzDAQvA3Dzizb12IFlc1cU73razYLNi4YE368ey6FtFjhYRlaZLyqgJE7QqWGNXasF9IzNidN%2FUkcVXG8BCGwOa94SSHJETRc4p93RRQQjXuL1JAjfKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 748aad4cb973fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ebc205cf750164c31d1fce2318d1636b
9309949107d69193b1c5156d45fbcc91e20a0fe4
4ab7f53d17c5d642e17a3e78aa93dc133c4713e44ccccb849f04fdcca62be8b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:47:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
142.250.74.163200 OK 157 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (539)
Size 157 kB (157166 bytes)
Hash 026df0dfed2314af108e700900288961
51c2a55bca7d65c549ef138d1294cac2aa98dd96
24eefc59f5d298ce40bdd33c8157ad14631984159fca8e5980037366c44c2b34
GET /recaptcha/releases/g8G8cw32bNQPGUVoDvt680GA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157166
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:23:20 GMT
expires: Wed, 06 Sep 2023 17:23:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Sep 2022 00:04:24 GMT
content-type: text/javascript
age: 354262
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:47:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/t/page
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://petrol.clientoffer.site/
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:42 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 12:31:58 GMT
expires: Sun, 10 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 26144
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Sep 2022 00:48:31 GMT
expires: Sat, 09 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 154751
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.formulead.com/v/recaptcha3?token=03ANYolqv9QGvCM-mOspeVg2y2d6pq8ZHH1INgpN1PHvSlnjdJHPgBKF6DcTrBJwQkm1-qY7sJzVVJcXgMxMWry3_mzTHIdSSZel60CuPQAKM6CJJqmfu-nI98RBy2ky8nL_YmIP5JQ8xGPMkKas_zBaypo-1d8I_FnRChD1io7softHCq2wICMrhAF63GYqndmd__WF6FEPafrVy94lVAisbALqcVUrVU5-GAuAbDeGy5Q9RopesG6Quksj202M5I56rCydEQIZ-oSFm0dO3WViBPBPW0NuY3kKtagwgJfQGWPr2VFtSAmmyIU18yoGoqKLM_9q9e1xPR6dqG56qFoU9s6mQv2_o2w-R5WLRpezOBGMOBO3Zf6pw5edmvmp2GzT4VGiNSPoCqBPpvlNg-v3JFPcGEZH0kiqqJ6VS1-_axx7RqN5nWpIsNBWKEf87g1DPXJr5HSaXw1d8V0GrFCvRh0fLmatfGpJVUtH_ImzrJFRep5yvIlxNhoJArveSoaFCrqDjTe5gi5XZifn64VArc7e_nT_Jmyw&step=1
34.78.252.25200 OK 170 B URL HTTP/1.1 cdn.formulead.com/v/recaptcha3?token=03ANYolqv9QGvCM-mOspeVg2y2d6pq8ZHH1INgpN1PHvSlnjdJHPgBKF6DcTrBJwQkm1-qY7sJzVVJcXgMxMWry3_mzTHIdSSZel60CuPQAKM6CJJqmfu-nI98RBy2ky8nL_YmIP5JQ8xGPMkKas_zBaypo-1d8I_FnRChD1io7softHCq2wICMrhAF63GYqndmd__WF6FEPafrVy94lVAisbALqcVUrVU5-GAuAbDeGy5Q9RopesG6Quksj202M5I56rCydEQIZ-oSFm0dO3WViBPBPW0NuY3kKtagwgJfQGWPr2VFtSAmmyIU18yoGoqKLM_9q9e1xPR6dqG56qFoU9s6mQv2_o2w-R5WLRpezOBGMOBO3Zf6pw5edmvmp2GzT4VGiNSPoCqBPpvlNg-v3JFPcGEZH0kiqqJ6VS1-_axx7RqN5nWpIsNBWKEf87g1DPXJr5HSaXw1d8V0GrFCvRh0fLmatfGpJVUtH_ImzrJFRep5yvIlxNhoJArveSoaFCrqDjTe5gi5XZifn64VArc7e_nT_Jmyw&step=1
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8a7735bcc9764959e85cb07f7df91cf9
e837b483b01a4461f420b139b60c5e871f6dcc04
a7c6dd0b79078a00a0259ccf473775a0028c05a6516ab9948a9b8883a29c2bb1
GET /v/recaptcha3?token=03ANYolqv9QGvCM-mOspeVg2y2d6pq8ZHH1INgpN1PHvSlnjdJHPgBKF6DcTrBJwQkm1-qY7sJzVVJcXgMxMWry3_mzTHIdSSZel60CuPQAKM6CJJqmfu-nI98RBy2ky8nL_YmIP5JQ8xGPMkKas_zBaypo-1d8I_FnRChD1io7softHCq2wICMrhAF63GYqndmd__WF6FEPafrVy94lVAisbALqcVUrVU5-GAuAbDeGy5Q9RopesG6Quksj202M5I56rCydEQIZ-oSFm0dO3WViBPBPW0NuY3kKtagwgJfQGWPr2VFtSAmmyIU18yoGoqKLM_9q9e1xPR6dqG56qFoU9s6mQv2_o2w-R5WLRpezOBGMOBO3Zf6pw5edmvmp2GzT4VGiNSPoCqBPpvlNg-v3JFPcGEZH0kiqqJ6VS1-_axx7RqN5nWpIsNBWKEf87g1DPXJr5HSaXw1d8V0GrFCvRh0fLmatfGpJVUtH_ImzrJFRep5yvIlxNhoJArveSoaFCrqDjTe5gi5XZifn64VArc7e_nT_Jmyw&step=1 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Cookie: plc=5bbb0ba263dcf80100a2e07f; stp=1; ck_tsp=2022-09-10T19%3A47%3A41.326Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 170
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"aa-6De0g7AaRGH0ILE5tgxehx9tzAQ"
set-cookie: qst.sid=s%3AWnv8o1lmdtCmLGDIfIc3By2wELX8TCLE.OzVh2K5%2BZs0Ik4k6cWmEsTIZjPGsqfoVmPnYNqE92Rs; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/vl/ql/?qb_country=NZ&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&aff_offer_id=1&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html
34.78.252.25200 OK 481 B URL HTTP/1.1 cdn.formulead.com/vl/ql/?qb_country=NZ&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&aff_offer_id=1&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with very long lines (481), with no line terminators
Hash 8f6852c4c1ce09338a2b94402982ac16
388c69fe80087bbbfee8d118188abf2527b1613e
89360f60528ec275a455b16fae5ef2ec37f291aa481640edae78ad6b92f79f43
GET /vl/ql/?qb_country=NZ&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&aff_offer_id=1&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&sc_url=http%3A%2F%2Fpetrol.clientoffer.site%2Fn%2F27%2F4%2Fz-nrg%2Fnz%2Findex.html HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:KvcsoFQZosNfCiZywn8Q5p92gsKsyNzd.kySRhjUlc6xB1YzEZKkuuOtB+7LiFlxd1p9sD3BBZBo
X-Offer-Id: 5e1f1fd6db04380100ede242
X-Flow-Id: 5e1f1fd6db04380100ede242
X-Placement-Id: 5bbb0ba263dcf80100a2e07f
x-zqhkygow: 587846c60dbbc2fa1d5d141d2589920ed36424438b742486c97029ce63c98764
x-ofvuinwk: 131ae5bb38dd57ab8b0ad75a189374f8467e4d539e8fbdb82a8d09c1562e4ba2
X-Lead-Id: a21a1cd434d5d28de81e47e2
Origin: http://petrol.clientoffer.site
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Sep 2022 19:47:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://petrol.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Vary: Accept-Encoding
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a798806-4378-4646-89ee-e50837809910.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a798806-4378-4646-89ee-e50837809910.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1abac18a85802f38f08561ac64020b55
afbc7666fa0b2093ef0c5d9a955d54d139c09b30
eae7f28dd178293939ecd81082ab68ae6098bb3cb1f1fe9411c38314ddb0f944
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a798806-4378-4646-89ee-e50837809910.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9610
x-amzn-requestid: 34102145-abda-4987-a68d-9069496366ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNj0oF7loAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb350-52aee64214c814812c03262e;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:42:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 91AsC8-zVFCOPHFb2qnlTev2aXzdCEDYtc68JtYYsQSKS7OFF4QzgQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:59:50 GMT
age: 78475
etag: "afbc7666fa0b2093ef0c5d9a955d54d139c09b30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700
IP 142.250.74.10:0
GET /css?family=Montserrat:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 10 Sep 2022 19:47:37 GMT
date: Sat, 10 Sep 2022 19:47:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
st.formulead.com/assets/js/helpers.js
54.230.111.9200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/helpers.js
IP 54.230.111.9:0
GET /assets/js/helpers.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
date: Sat, 10 Sep 2022 05:48:06 GMT
last-modified: Tue, 06 Sep 2022 10:21:18 GMT
etag: W/"63171f1e-fefc"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qPQLrlbpLKoqYa1oSMbQbH0IZjCmPQMypHI3gTzQVhmTRgz9e9hqtg==
age: 50371
X-Firefox-Spdy: h2
st.formulead.com/assets/js/bioep.min.js
54.230.111.9200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/bioep.min.js
IP 54.230.111.9:0
GET /assets/js/bioep.min.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://petrol.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Tue, 06 Sep 2022 10:21:18 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 09 Sep 2022 21:48:26 GMT
etag: W/"63171f1e-14c4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8HicQvwtBqIsOrcyh5B6ZB4EY0UwLKWz1vidjBD6WP8nvNJ1hl2sxw==
age: 79151
X-Firefox-Spdy: h2