firefox.settings.services.mozilla.com/v1/
18.165.201.83200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.165.201.83:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 13:05:41 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1a6cd18714da9809fa8cb07ad66fd4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 7R9thvuGUx9DvXkxXMFknoz6DJJHDZ7rk6ufQJjkg4KdXPnJskBlzw==
Age: 2328
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10112
Expires: Sat, 24 Sep 2022 16:33:01 GMT
Date: Sat, 24 Sep 2022 13:44:29 GMT
Connection: keep-alive
forgefolder.com/show.php?l=0&u=760790&id=46191&tracking_id=
172.67.173.45200 OK 351 B URL HTTP/1.1 forgefolder.com/show.php?l=0&u=760790&id=46191&tracking_id=
IP 172.67.173.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d2deaf89921b916559f781606d851dd4
14aca229d93310d30a115c1a0d6aca0ce12bc82a
c3dc1b7986477212b2852eb9bbc83b50e8ca14a477b5c2866c68e0f418e07b95
GET /show.php?l=0&u=760790&id=46191&tracking_id= HTTP/1.1
Host: forgefolder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=herB0pwG5PmqkahRabUzDmx9Zmx6j85wZGCKpGsNLARnOl8%2Bc1jtVdqIwh%2By9BUGvKoMHT%2FP5WuRZXfeD4ygaBDOVc1Zkv7i9rpMB%2FaqtdWiFZ8txekLrcG%2FBCoQwBYQ874%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74fbf47ecd1db4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.39200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.39:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 ed393405ff603a61a1e63909cf1c1a44.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: rzyqPL0xeqQznyrIjW8x2U8nZeB9mxzwrXZ9ktMYTZs42tDILCN1oQ==
age: 34286
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 13:44:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.165.201.83200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.165.201.83:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 24 Sep 2022 13:20:46 GMT
Expires: Sat, 24 Sep 2022 13:51:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 133321d9ca8be95a19f574700824c0e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: rNCw7xyQD5Htyi4KfIKqjZ0yT6zPhOGtAW1EtYLrp-RvhRBANiB0TA==
Age: 1423
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b33d018bd46ec9e533f327f19f3e6cc2
c7b946f3de7fd98104bf036128d3b5666c9b8b09
af45a0b46b72c0aefddcdcf8c4514305a7b7c4e3c384e9382775245a0e925904
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:29 GMT
Server: ECS (amb/6B98)
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b33d018bd46ec9e533f327f19f3e6cc2
c7b946f3de7fd98104bf036128d3b5666c9b8b09
af45a0b46b72c0aefddcdcf8c4514305a7b7c4e3c384e9382775245a0e925904
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:30 GMT
Last-Modified: Sat, 24 Sep 2022 13:44:30 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6217
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:30 GMT
Last-Modified: Sat, 24 Sep 2022 12:00:53 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.160.97.225101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.97.225:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: M0BLLD134LsB6lF0RP6Hdw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yiTnrHs2tQkACP/vNvKCN0ZF7RQ=
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b80e0187de12734f3af1a095f9c3b29a
3d532faee06aab2107c0e498414a2dcd6b7e6a58
2583110a224382fdcab96057bf3e97634e0d6e0fa8ed6a6b0bd8a1f62c72c868
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 14:56:43 GMT
Expires: Thu, 29 Sep 2022 14:56:42 GMT
Etag: "3d532faee06aab2107c0e498414a2dcd6b7e6a58"
Cache-Control: max-age=435730,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fbf48bdec9b4fd-OSL
cold.dailynox.com/625fcab5e79ecf00014334d4?pubid=60338f6279fcbe00012195b3&ref_id=20092411_37_28_5_6b2392_135_160_632f09bf_5b5a2a9a_651171_0_0_64_64_0_2_2_0_0&source=5:651171
85.17.54.17302 Found 391 B URL HTTP/1.1 cold.dailynox.com/625fcab5e79ecf00014334d4?pubid=60338f6279fcbe00012195b3&ref_id=20092411_37_28_5_6b2392_135_160_632f09bf_5b5a2a9a_651171_0_0_64_64_0_2_2_0_0&source=5:651171
IP 85.17.54.17:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with very long lines (389)
Hash e5ff06096e908ad565e6e7678da2b7c5
85e4f697b2ac20cd2c38d8d29c1eb4ecd4758f6f
193796907a93cf8a7c8863d0ba9f4afc8ee7ba4acbd66de695f077d599d040de
GET /625fcab5e79ecf00014334d4?pubid=60338f6279fcbe00012195b3&ref_id=20092411_37_28_5_6b2392_135_160_632f09bf_5b5a2a9a_651171_0_0_64_64_0_2_2_0_0&source=5:651171 HTTP/1.1
Host: cold.dailynox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wwads.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Sat, 24 Sep 2022 13:44:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 391
Connection: keep-alive
Location: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Set-Cookie: redhash=NjMyZjA5YmY1YjU0NzEwMDAxNGQxYzc1fDB8NjI1ZmNhYjVlNzllY2YwMDAxNDMzNGQ0fHxjYjI3ZDJlOS04ODI2LTRiYzUtYTVkMy1jMWJhZWE4YjQ2YjZ8MTY2NDAyNzA3MQ==; Path=/; Domain=cold.dailynox.com; Expires=Sun, 24 Sep 2023 13:44:31 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13342
Expires: Sat, 24 Sep 2022 17:26:53 GMT
Date: Sat, 24 Sep 2022 13:44:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13342
Expires: Sat, 24 Sep 2022 17:26:53 GMT
Date: Sat, 24 Sep 2022 13:44:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13342
Expires: Sat, 24 Sep 2022 17:26:53 GMT
Date: Sat, 24 Sep 2022 13:44:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: N7TwxCLUL8qnvm3YuZ6CGyJquVerc266VvZ1g8j5RxGpQXoUJwhULg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:51:16 GMT
age: 57195
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:58:23 GMT
age: 56768
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1087dcce202bbbc8c84196bd2050662
670d89082f8da643e1196b11fb64bf71707f0e8d
f6a7b6e07177431d7845e2f2b7b1b3b76088671db32aeef580a72e9bd3ddae00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 3ec3470c-2268-4102-af88-27dcfed76bfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPCGOcoAMF2xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-481aa98b413690636fc3a2f0;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pVtBCTCGh0DCF_1Vf9qMWttoDUQO_xSCkpdis9Gu3o4_cVEqaHngVg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:30 GMT
age: 57361
etag: "670d89082f8da643e1196b11fb64bf71707f0e8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8d9af95acfc8b9b431eb1e020157f6d
f6f926be6e265a597aaede424f05fcd7c76fcc20
0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:27 GMT
age: 57364
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96ebb238-493f-4ccc-a8d9-7a7c6f8ab469.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96ebb238-493f-4ccc-a8d9-7a7c6f8ab469.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a4b36e1bf29c9c82f069cdd3c50874c
d2180d40ceb16924a87a41aad90dedb0bb912085
aab96d28ea8e21e6d37449eba400cac45acced1825ebdb27853d17ae4f993b00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96ebb238-493f-4ccc-a8d9-7a7c6f8ab469.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7963
x-amzn-requestid: cadfa4ff-473d-4927-bdf6-3aad64cddf18
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQbHTCIAMFfZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2735-41d711e5210099aa6273dd86;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: g0NS7XamCzSMKmm1-mLnWLwUuBoJczvwSmTb0c_7klsY78wbrg4bRw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:57:25 GMT
age: 56826
etag: "d2180d40ceb16924a87a41aad90dedb0bb912085"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HfslSWhSAKRjZr-qqajVm6bKf9jGt2pXq8N8GlXgyTwRxWqw0y-CgA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 05:14:28 GMT
age: 30603
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 19468faaec6db1e51980abbd705ee48f
bb3afdbbd926eaf309716a256736068b81135da8
87265904e4ebae1fd9973e2b647b5155e550fbeeed488a352051d37e3a44c1d8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 24 Sep 2022 08:41:36 GMT
Expires: Sat, 01 Oct 2022 08:41:35 GMT
Etag: "bb3afdbbd926eaf309716a256736068b81135da8"
Cache-Control: max-age=586022,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fbf4904db8b4fd-OSL
rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
13.214.167.188200 OK 27 kB URL HTTP/1.1 rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
IP 13.214.167.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (737)
Hash 8b2d217b3b4a415b2440b144a9e3caa2
cf594f5754b3fae8a1edc94298042def0c60dc14
56f50234488f8f0f7306b8b7a6025237547455e814c72bd2341bab55e3224763
GET /no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp= HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wwads.xyz/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
X-Powered-By: PHP/7.2.34
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 423331d8bae78ba045bea86f1e4c6e7f
8ed72a508ba25a95e6899569180a02728d5edb5c
fb27ab0f1591889639eff81fa012d5c185ecb1b04be5060af2e89e378fc264a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/abfb84fe/www-player.css
216.58.207.206200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/abfb84fe/www-player.css
IP 216.58.207.206:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ecb64b067159be151c0c39f352469f8e
4b21a75947495235f6a389dabaec2db5eef0f1be
a5f047981dbccc524d124a02def835945ef10deaa34f47b49f906d3f9dadebbe
GET /s/player/abfb84fe/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dEBM7szD9Kg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49730
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 14:48:18 GMT
expires: Fri, 22 Sep 2023 14:48:18 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 22 Sep 2022 00:22:49 GMT
content-type: text/css
age: 168975
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/abfb84fe/www-embed-player.vflset/www-embed-player.js
216.58.207.206200 OK 98 kB URL HTTP/2 www.youtube.com/s/player/abfb84fe/www-embed-player.vflset/www-embed-player.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (570)
Hash faf7cb6fdef7f573ad65139bd560afed
e01ff9c1ab3e3a94d92db4c8580b18558256c5ba
e0912caa0cba25c0e92c231d528c723f7bf7d7479c53a8505858c79284013e9e
GET /s/player/abfb84fe/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dEBM7szD9Kg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 97978
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 14:48:18 GMT
expires: Fri, 22 Sep 2023 14:48:18 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 22 Sep 2022 00:22:49 GMT
content-type: text/javascript
age: 168975
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/abfb84fe/fetch-polyfill.vflset/fetch-polyfill.js
216.58.207.206200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/abfb84fe/fetch-polyfill.vflset/fetch-polyfill.js
IP 216.58.207.206:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/abfb84fe/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dEBM7szD9Kg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 14:48:18 GMT
expires: Fri, 22 Sep 2023 14:48:18 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 22 Sep 2022 00:22:49 GMT
content-type: text/javascript
age: 168975
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 423331d8bae78ba045bea86f1e4c6e7f
8ed72a508ba25a95e6899569180a02728d5edb5c
fb27ab0f1591889639eff81fa012d5c185ecb1b04be5060af2e89e378fc264a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rosetohope.com/no/887219/18/assets/css/Features-Boxed.css
13.214.167.188200 OK 1.4 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/css/Features-Boxed.css
IP 13.214.167.188:0
Hash bca73cd8a0ba61c5b234e25f8d15dc60
a5be1b131e62a9369420bdf9bfa944f1a962a0ab
0adf29bc7f36349628fc07f09349bd0a7ed8ccf3cb10b98e5ec8d96618a47454
GET /no/887219/18/assets/css/Features-Boxed.css HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:43 GMT
ETag: "547-5dbd01ca68b7a"
Accept-Ranges: bytes
Content-Length: 1351
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash e5988767f6057a6d3f4d381362cf44cc
8173c67f066aa7149d55baf62bdf5bec52a997b7
7cef3d68226dbe81987aa23a344199c352c81f13065d5b81c914424f8e94fae7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 20:45:20 GMT
Expires: Fri, 30 Sep 2022 20:45:19 GMT
Etag: "8173c67f066aa7149d55baf62bdf5bec52a997b7"
Cache-Control: max-age=543045,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fbf497291db4fd-OSL
rosetohope.com/no/887219/18/assets/css/Registration-Form-with-Photo.css
13.214.167.188200 OK 1.5 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/css/Registration-Form-with-Photo.css
IP 13.214.167.188:0
Hash 41db4b60b519edd1a4204aaef6e0ae82
c45a01c3e3d7f0523f035e8efebaec4e4c3c33b3
ca5b0e60d8aab8ce5ebf327a24bc5d209ac94d0c051614bc5893f3d0b958bf6f
GET /no/887219/18/assets/css/Registration-Form-with-Photo.css HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:44 GMT
ETag: "5e9-5dbd01cab9c52"
Accept-Ranges: bytes
Content-Length: 1513
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
rosetohope.com/no/887219/18/assets/bootstrap/css/bootstrap.min.css
13.214.167.188200 OK 161 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/bootstrap/css/bootstrap.min.css
IP 13.214.167.188:0
File type ASCII text, with very long lines (65326)
Size 161 kB (161364 bytes)
Hash 3b3bcd00c478e36affb10ade5ad7083e
b0a7f2136184bdf441d8f9d6d77a396847e35a57
355391583f29e8e4c3cbba984916f2ec70744cb6ea475b2591549229799121e1
GET /no/887219/18/assets/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:57 GMT
ETag: "27654-5dbd01d73a629"
Accept-Ranges: bytes
Content-Length: 161364
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
rosetohope.com/no/887219/18/assets/css/Header-Blue.css
13.214.167.188200 OK 4.5 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/css/Header-Blue.css
IP 13.214.167.188:0
Hash 08e4586a051ce4259282ed835fb549cb
a5c4c4eb5f170743ec854de67713cf536dcde317
3da104d1e5c7a203fe3e4d882303b4a1c01fbbf97c3324cb94f9abb45f1778e4
GET /no/887219/18/assets/css/Header-Blue.css HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:43 GMT
ETag: "1165-5dbd01ca14fa9"
Accept-Ranges: bytes
Content-Length: 4453
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
rosetohope.com/no/887219/18/assets/css/styles.css
13.214.167.188200 OK 1.3 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/css/styles.css
IP 13.214.167.188:0
Hash 1b73e06fd57a16be72bdcbe4db928111
8fa7e8ebba058e2e313ead4d60d9f75e082e35da
ad800a02b58f7f60a74021de5cb75c736a7d47d65196583e11d98351a27631d3
GET /no/887219/18/assets/css/styles.css HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:43 GMT
ETag: "541-5dbd01ca1efd0"
Accept-Ranges: bytes
Content-Length: 1345
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
142.250.74.10200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
IP 142.250.74.10:0
Hash 6f496d20160d55d5d1b704dde0d7339a
f70aebe31b18f9977c855173de0747e758fa6b50
864208c0ec76415b85c29ae8e13ac271080df1a86b7a5ba4e5f3a44674ad6d7c
GET /css?family=Source+Sans+Pro:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 13:44:33 GMT
date: Sat, 24 Sep 2022 13:44:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 12:31:58 GMT
expires: Sun, 24 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 4356
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:26:57 GMT
expires: Thu, 21 Sep 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 238657
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
flagcdn.com/no.svg
104.21.79.51200 OK 48 kB IP 104.21.79.51:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 71321a7da9137bb27ebcc2c17d40e629
e6fc05b38b904370920fd60e47c080b37f63d521
46785ae9ccb8705790420efabf659c0d116c438450f8b836963fab7fd020e682
GET /no.svg HTTP/1.1
Host: flagcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 13:44:33 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Nov 2020 12:03:20 GMT
vary: Accept-Encoding
etag: W/"5fb65f08-123"
access-control-allow-origin: *
cache-control: public, max-age=2678400, s-maxage=2678400
cf-cache-status: HIT
age: 806835
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aJJUmHhOI%2FzIKfaI9AYOUqff%2FZO2GPf9PT8IVDZAvBGcQeCHYgPNSCk%2BZx57R2tvuKFEMjQi6TsoIKPT6TESj5Lo1i7vJNq%2F7NiYYOdR5nvIrMl65%2FWLczZkaNfOxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74fbf49c1ac00b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 08:31:01 GMT
expires: Wed, 20 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
age: 364413
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:10:21 GMT
expires: Wed, 20 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 333253
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:10:21 GMT
expires: Wed, 20 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 333253
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:15:31 GMT
expires: Wed, 20 Sep 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 332943
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rosetohope.com/no/887219/18/assets/js/custom.js
13.214.167.188404 Not Found 230 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/js/custom.js
IP 13.214.167.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8bcaf8004bb86ae76dc5c8f050c523bf
c9afdabaf20280b772eb6b67c29fbab82be4acb7
580e0d13a8bfe21449d88f8d4a2cd0003e827d36e9dca69a91343435bc9cf83f
Analyzer Verdict Alert fortinet Phishing
GET /no/887219/18/assets/js/custom.js HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 24 Sep 2022 13:44:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Content-Length: 230
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 340026679e26df7932a1effb5cccae93
54f0f3f5537bf6689e7419541e13ea0cbf528553
3b519c850c1994fdf8d8ab7758cb17d66bb3f5af5877fa1afe61684a6fbf9892
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 74699b8a18081d931bc11ce2d1d0764d
92133bf4512718a118b4bab6957092a1e8856abf
5b19e1304b7bec5dc60c9c1877e812cb27fd9b9aa66f94f92afbeb3702ed030d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 74699b8a18081d931bc11ce2d1d0764d
92133bf4512718a118b4bab6957092a1e8856abf
5b19e1304b7bec5dc60c9c1877e812cb27fd9b9aa66f94f92afbeb3702ed030d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 340026679e26df7932a1effb5cccae93
54f0f3f5537bf6689e7419541e13ea0cbf528553
3b519c850c1994fdf8d8ab7758cb17d66bb3f5af5877fa1afe61684a6fbf9892
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rosetohope.com/no/887219/18/assets/img/t18-airpods-top-fi-flag.png
13.214.167.188200 OK 1.9 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-top-fi-flag.png
IP 13.214.167.188:0
File type PNG image data, 66 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 8199d970a52dbcc125af18d57ed26f6e
eaaf8c57b51e26f1a89246e9adcd88f626f0f0bb
46abac93d04e5d13aef0a6acbd10396397d86af5d3a4531ee89cca3053c7d42c
GET /no/887219/18/assets/img/t18-airpods-top-fi-flag.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:53 GMT
ETag: "755-5dbd01d314656"
Accept-Ranges: bytes
Content-Length: 1877
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-4-stars.png
13.214.167.188200 OK 638 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-4-stars.png
IP 13.214.167.188:0
File type PNG image data, 135 x 33, 8-bit colormap, non-interlaced\012- data
Hash 4917699c62ac8395be8cfd1356a6ca1e
da464e68f6635280fb11a3bf81ff8a7f44c24e67
0f780e24aeacba722a837421d65b47ce4bb374294d771d250ee892d193042998
GET /no/887219/18/assets/img/t18-airpods-testi-4-stars.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:49 GMT
ETag: "27e-5dbd01cfccd08"
Accept-Ranges: bytes
Content-Length: 638
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-top-payment-logo.png
13.214.167.188200 OK 600 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-top-payment-logo.png
IP 13.214.167.188:0
File type PNG image data, 100 x 45, 8-bit colormap, non-interlaced\012- data
Hash 4ad917a0041c9e31dc1dd4bab8914c7e
3fdb56a9264361615552fb6f7c0fd40671ae7380
23c3c585e185ab2cc60bea3a4010dc53ef04db18e62f2157e16f8e58671b2bb3
GET /no/887219/18/assets/img/t18-airpods-top-payment-logo.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:50 GMT
ETag: "258-5dbd01d0b402c"
Accept-Ranges: bytes
Content-Length: 600
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
static.doubleclick.net/instream/ad_status.js
216.58.207.230200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 216.58.207.230:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 13:33:04 GMT
expires: Sat, 24 Sep 2022 13:48:04 GMT
cache-control: public, max-age=900
age: 690
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
216.58.207.194302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 216.58.207.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 24 Sep 2022 13:44:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
216.58.207.194302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 216.58.207.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 24 Sep 2022 13:44:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 340026679e26df7932a1effb5cccae93
54f0f3f5537bf6689e7419541e13ea0cbf528553
3b519c850c1994fdf8d8ab7758cb17d66bb3f5af5877fa1afe61684a6fbf9892
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 74699b8a18081d931bc11ce2d1d0764d
92133bf4512718a118b4bab6957092a1e8856abf
5b19e1304b7bec5dc60c9c1877e812cb27fd9b9aa66f94f92afbeb3702ed030d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.211.10200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.211.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 24 Sep 2022 13:44:34 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.211.10200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.211.10:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 14b2aa6e568e5b80f530f0998ec1dd4c
1034b2614f1f208878983b7ad10609d39bbc1840
2f34076e552b9169c3d6758fa10b641e6e3f4b5236724714f1620df1e6627429
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 24 Sep 2022 13:44:34 GMT
server: ESF
cache-control: private
content-length: 30767
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4de431d1f0b2fb15b71b607b17be7d3d
60f7beb2f1cf28d72cb159ca92a20cfb9105b493
a19c5c057f664ba912b3b7d03f9491cc81336b9e836158b795fd18a1ff1a654f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/0Q0sPaTf27KkVV0qBrYI7cmJeSJkpG4CF1zVddAZEjs.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/0Q0sPaTf27KkVV0qBrYI7cmJeSJkpG4CF1zVddAZEjs.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36110)
Hash d348ea7c67cf70cc27add8ec15920c5f
46b2db74425f5c6c10c69831277b83c76c8c24b8
e9198b139add4e4683e04549366c63b57000c4e9d719c0e5820124d63d0fccff
GET /js/th/0Q0sPaTf27KkVV0qBrYI7cmJeSJkpG4CF1zVddAZEjs.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 05:09:26 GMT
expires: Thu, 21 Sep 2023 05:09:26 GMT
cache-control: public, max-age=31536000
age: 290108
last-modified: Tue, 13 Sep 2022 11:00:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ecd575d97d4cd4413b8356d138803a0
6b811c6936f10e0af0efabf5110ded1a22c44994
dd4c9784dd01dba06078974526115c5b9d4fca13e1fdc4af35b29a1b9439fe90
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.211.10200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.211.10:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 4f4ca5b2f67bb610ca8174eff69bde0a
86c9c8b58ca9e70114b60e07bb9fd32d41e07688
cc5e9e67542d40399ed4d90739fc7b984f677b1498b4895ebaeb4c92868611f7
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 24 Sep 2022 13:44:34 GMT
server: ESF
cache-control: private
content-length: 30795
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi_webp/dEBM7szD9Kg/maxresdefault.webp
216.58.207.214200 OK 10 kB URL HTTP/2 i.ytimg.com/vi_webp/dEBM7szD9Kg/maxresdefault.webp
IP 216.58.207.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9853810ed835e9d9ea08754f8a41763a
496e4000ea12b7086843404734430332b9504c04
9eeda2680b5791b5113c2b90d4fbd5ef13c99129ce6053477e253b97208c68ca
GET /vi_webp/dEBM7szD9Kg/maxresdefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 9978
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 12:38:37 GMT
expires: Sat, 24 Sep 2022 14:38:37 GMT
cache-control: public, max-age=7200
age: 3957
etag: "1619164161"
content-type: image/webp
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ecd575d97d4cd4413b8356d138803a0
6b811c6936f10e0af0efabf5110ded1a22c44994
dd4c9784dd01dba06078974526115c5b9d4fca13e1fdc4af35b29a1b9439fe90
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da90409c72d710432ed4c105d169e42b
7bd965dbe69c0774bd7c6e7735588c9d4beea9ec
bc344255517fec731eb512fa75ff7a6286fd79938d20b9cfe277759c65455612
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu_wFx7HYpsHz2uB8iN_pyOXoU1k_Wj4xepbGQ=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 643 B URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu_wFx7HYpsHz2uB8iN_pyOXoU1k_Wj4xepbGQ=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash e989e0541f159658bfb7bc0d7fde47d5
cdf94075516b6c51084d7103e88e1191ea6712d5
914e1f5b155441ec8660aa7cd17a2b17f05947ad68223247a96ccf301841fca5
GET /ytc/AMLnZu_wFx7HYpsHz2uB8iN_pyOXoU1k_Wj4xepbGQ=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 643
x-xss-protection: 0
date: Sat, 24 Sep 2022 13:37:24 GMT
expires: Sun, 25 Sep 2022 13:37:24 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/jpeg
age: 430
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rosetohope.com/no/887219/18/assets/img/t18-airpods-top-heart-icn-1.png
13.214.167.188200 OK 310 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-top-heart-icn-1.png
IP 13.214.167.188:0
File type PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Hash af8cd1f0211e5206e5fd0cb323933bb9
c642ed184d00ab1aa108cbdcc8243790915b77e7
961d2c94341df80a967404dcf383b4e39b26bf34c997c850c57aaa3c503049da
GET /no/887219/18/assets/img/t18-airpods-top-heart-icn-1.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:52 GMT
ETag: "136-5dbd01d30968f"
Accept-Ranges: bytes
Content-Length: 310
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da90409c72d710432ed4c105d169e42b
7bd965dbe69c0774bd7c6e7735588c9d4beea9ec
bc344255517fec731eb512fa75ff7a6286fd79938d20b9cfe277759c65455612
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 13:44:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rosetohope.com/no/887219/18/assets/img/t18-airpods-top-lock-icn-2.png
13.214.167.188200 OK 310 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-top-lock-icn-2.png
IP 13.214.167.188:0
File type PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Hash 17d0fb6a014e12e0caf324d3e031e6ba
8c227ffd9b5c1dc27058bc001fd3a4baf438ec87
0d511befb8a50e0d1b5a5a24dd7c32e175714d00ac6118396d4e077dd65d9c56
GET /no/887219/18/assets/img/t18-airpods-top-lock-icn-2.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:50 GMT
ETag: "136-5dbd01d03d1de"
Accept-Ranges: bytes
Content-Length: 310
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-top-diamond-icn-3.png
13.214.167.188200 OK 418 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-top-diamond-icn-3.png
IP 13.214.167.188:0
File type PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Hash 8ce1c6cb0caa70e2ae674e7fb833d152
344dd3a3a28d67edf858a30df7dc44f596ccc57f
a9c1b89f57ac1df5479ccd84e9db50b75ba4d0b98c6a053653ef7129b774a71d
GET /no/887219/18/assets/img/t18-airpods-top-diamond-icn-3.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:52 GMT
ETag: "1a2-5dbd01d2c0a86"
Accept-Ranges: bytes
Content-Length: 418
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/bootstrap/js/bootstrap.min.js
13.214.167.188200 OK 84 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/bootstrap/js/bootstrap.min.js
IP 13.214.167.188:0
File type ASCII text, with very long lines (65299)
Hash f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
Analyzer Verdict Alert fortinet Phishing
GET /no/887219/18/assets/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:57 GMT
ETag: "1499a-5dbd01d78a37a"
Accept-Ranges: bytes
Content-Length: 84378
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
rosetohope.com/no/887219/18/assets/js/jquery.min.js
13.214.167.188200 OK 90 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/js/jquery.min.js
IP 13.214.167.188:0
File type ASCII text, with very long lines (65451)
Hash 12b69d0ae6c6f0c42942ae6da2896e84
d2cc8d43ce1c854b1172e42b1209502ad563db83
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
Analyzer Verdict Alert fortinet Phishing
GET /no/887219/18/assets/js/jquery.min.js HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:47 GMT
ETag: "15d83-5dbd01cdfdb09"
Accept-Ranges: bytes
Content-Length: 89475
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
rosetohope.com/no/887219/18/assets/img/t18-airpods-top-delivery-icn-4.png
13.214.167.188200 OK 320 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-top-delivery-icn-4.png
IP 13.214.167.188:0
File type PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Hash b7d2da0e6aa65d901e61a0c7334209b9
d21deb8fac67e7208123e05f499a87c42637bc7d
18ecb7cba0652b2afb02d367a82303850ed9ad78ee42040002454dfd44cf3b4d
GET /no/887219/18/assets/img/t18-airpods-top-delivery-icn-4.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:51 GMT
ETag: "140-5dbd01d19a798"
Accept-Ranges: bytes
Content-Length: 320
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-top-cart-icn.png
13.214.167.188200 OK 316 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-top-cart-icn.png
IP 13.214.167.188:0
File type PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Hash f8ab20b1d04db37d2c3883f835e28760
f6976805d9c590725b560abe4d10ff3acee4bfae
9191befdd6709eb03c8f3e3ff7e75db942065826434927bac3afafbfbc8439f0
GET /no/887219/18/assets/img/t18-airpods-top-cart-icn.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:53 GMT
ETag: "13c-5dbd01d3902c3"
Accept-Ranges: bytes
Content-Length: 316
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-body-bg-img.png
13.214.167.188200 OK 56 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-body-bg-img.png
IP 13.214.167.188:0
File type PNG image data, 758 x 152, 8-bit/color RGB, non-interlaced\012- data
Hash 81e5c3c6ea0715d4e839284810965b20
580dec338f5a86834903763c358efbce8e248525
56632f74d37c14a58ce67d840d758d630222ac065380775a8d86ddbaf96ba2e0
GET /no/887219/18/assets/img/t18-airpods-body-bg-img.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:52 GMT
ETag: "db8a-5dbd01d2a8bb8"
Accept-Ranges: bytes
Content-Length: 56202
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-profile-1.png
13.214.167.188200 OK 8.0 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-profile-1.png
IP 13.214.167.188:0
File type PNG image data, 136 x 137, 8-bit colormap, non-interlaced\012- data
Hash 698ca5d31e0067412a476ed920e80000
92fff82450ffcfddcb9ce1f7ff3a944a24a6f66c
e4108d60373a47f7aeea61eac2f45ea0114bcc48ba165bbbd68526bc6f3091c7
GET /no/887219/18/assets/img/t18-airpods-testi-profile-1.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:48 GMT
ETag: "1f1a-5dbd01cebe500"
Accept-Ranges: bytes
Content-Length: 7962
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.211.10200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.211.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 24 Sep 2022 13:44:34 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.211.10200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.211.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f1ded40121d6c43f406eec1803275b4
ba4b3600468594a6a8ce8b7616d6bd5e3ccb9d50
75b0cddd6f3b9cb5a75aa14bb490d432b4c69b32bfdffb387d04b2eaddd7a5ed
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1288
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 24 Sep 2022 13:44:34 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-5-stars.png
13.214.167.188200 OK 600 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-5-stars.png
IP 13.214.167.188:0
File type PNG image data, 136 x 33, 8-bit colormap, non-interlaced\012- data
Hash f94b5ab95081aab8457010108abf1214
255b186650d1663657f19b248885af6f09f69973
5ddf9b69385b4567de37a7dfa7945a10bddf942a7d27f9e4e6282879152167e7
GET /no/887219/18/assets/img/t18-airpods-testi-5-stars.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:51 GMT
ETag: "258-5dbd01d1fdd67"
Accept-Ranges: bytes
Content-Length: 600
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-profile-2.png
13.214.167.188200 OK 5.6 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-profile-2.png
IP 13.214.167.188:0
File type PNG image data, 136 x 137, 8-bit colormap, non-interlaced\012- data
Hash 3b2a478d9163c86ec20102362cbe52c5
35bc955c6c89b93cb95266a3bbb66bddbcdb05a4
84a75dbd8975201a6a4e3deb48ac5b082b710a5024ceae4be81f6f92b8164b84
GET /no/887219/18/assets/img/t18-airpods-testi-profile-2.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:47 GMT
ETag: "15e6-5dbd01ce1e676"
Accept-Ranges: bytes
Content-Length: 5606
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-profile-3.png
13.214.167.188200 OK 6.8 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-testi-profile-3.png
IP 13.214.167.188:0
File type PNG image data, 136 x 137, 8-bit colormap, non-interlaced\012- data
Hash 30afea9d91a7ad157e61166bba7f6145
56890347f505e59cd6c6ce9278c019a6ad02f7ed
98cbaaf99cd58ceede06bf0efa33066d184f3d387c95910f13c1fda694366a69
GET /no/887219/18/assets/img/t18-airpods-testi-profile-3.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:48 GMT
ETag: "1aa1-5dbd01ced6b9e"
Accept-Ranges: bytes
Content-Length: 6817
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-main-img.png
13.214.167.188200 OK 22 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-main-img.png
IP 13.214.167.188:0
File type PNG image data, 444 x 497, 8-bit colormap, non-interlaced\012- data
Hash 276dc65ce272ea59aceb0e0783023b82
a61fa8ff263b18cf3b944190af9a4cf20da58a37
d7ceb979b0795c1b2ff80ab79d8fa3bf0cdbe3e9504ee480de18027ee73086ac
GET /no/887219/18/assets/img/t18-airpods-main-img.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:51 GMT
ETag: "557f-5dbd01d17657b"
Accept-Ranges: bytes
Content-Length: 21887
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-body-lock-icn-1.png
13.214.167.188200 OK 513 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-body-lock-icn-1.png
IP 13.214.167.188:0
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash f42480aeef8ff0ec1df097b6f1c64488
18ca86f1bc9365b88efd3a2f3dbac31a4a8a5f99
f1ca89decdc81844738bc0ce5ea3617ec22cf18048295747a2c75c9a31cf34b5
GET /no/887219/18/assets/img/t18-airpods-body-lock-icn-1.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:49 GMT
ETag: "201-5dbd01cff595d"
Accept-Ranges: bytes
Content-Length: 513
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/js/custom.js
13.214.167.188404 Not Found 230 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/js/custom.js
IP 13.214.167.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8bcaf8004bb86ae76dc5c8f050c523bf
c9afdabaf20280b772eb6b67c29fbab82be4acb7
580e0d13a8bfe21449d88f8d4a2cd0003e827d36e9dca69a91343435bc9cf83f
Analyzer Verdict Alert fortinet Phishing
GET /no/887219/18/assets/js/custom.js HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Content-Length: 230
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
rosetohope.com/no/887219/18/assets/img/t18-airpods-body-magnify-icn-2.png
13.214.167.188200 OK 713 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-body-magnify-icn-2.png
IP 13.214.167.188:0
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 087fd6309c6f900caa6180129655ab95
28fd8f50ccbc6916b2a57bb1c48a56d75d81ac95
adf170a1899237407afe1929faab73b750cf76d136e73f4533f99423ee81cc74
GET /no/887219/18/assets/img/t18-airpods-body-magnify-icn-2.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:51 GMT
ETag: "2c9-5dbd01d1d8f92"
Accept-Ranges: bytes
Content-Length: 713
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
payments.rosetohope.com/images/compliance.png
18.194.3.144200 OK 5.0 kB URL HTTP/2 payments.rosetohope.com/images/compliance.png
IP 18.194.3.144:0
File type PNG image data, 289 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash ba91e49252bac6fb2c9368b2e195be73
f3f8228e34277d291673c20ae2adeec5bda8d714
5f0f271bf2925771140a800469012b786baabc8db75c916e07ca8a089135cfe0
GET /images/compliance.png HTTP/1.1
Host: payments.rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 13:44:35 GMT
content-type: image/png
content-length: 4956
last-modified: Thu, 17 Feb 2022 05:08:54 GMT
etag: "620dd866-135c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
payments.rosetohope.com/landing-page/payment-plan?code=BB-NOR-1&language_keys[]=congratulations&language_keys[]=you_are&language_keys[]=card_number&language_keys[]=mm%2Fyy&language_keys[]=order_now&language_keys[]=billing_information&language_keys[]=address&language_keys[]=city&language_keys[]=state&language_keys[]=postal_code&language_keys[]=phone_number
18.194.3.144200 OK 1.4 kB URL HTTP/2 payments.rosetohope.com/landing-page/payment-plan?code=BB-NOR-1&language_keys[]=congratulations&language_keys[]=you_are&language_keys[]=card_number&language_keys[]=mm%2Fyy&language_keys[]=order_now&language_keys[]=billing_information&language_keys[]=address&language_keys[]=city&language_keys[]=state&language_keys[]=postal_code&language_keys[]=phone_number
IP 18.194.3.144:0
Hash 4fab33e8d4e20634d3b0fe61cdb81cef
e974129482a4ce455f56a0c5f6223116bb31624a
254e5887f319730a10a3d608bf1976fe4f01a489c29d7aef93bc4d7548726a24
GET /landing-page/payment-plan?code=BB-NOR-1&language_keys[]=congratulations&language_keys[]=you_are&language_keys[]=card_number&language_keys[]=mm%2Fyy&language_keys[]=order_now&language_keys[]=billing_information&language_keys[]=address&language_keys[]=city&language_keys[]=state&language_keys[]=postal_code&language_keys[]=phone_number HTTP/1.1
Host: payments.rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 24 Sep 2022 13:44:35 GMT
access-control-allow-origin: https://rosetohope.com
vary: Accept-Encoding, Origin
set-cookie: XSRF-TOKEN=eyJpdiI6ImVGdUVYelRxNHVcL3Q5eWRTZndyM01BPT0iLCJ2YWx1ZSI6IldidWExWUFxTVdSMVRPck03b2l0ajRpNHphTWlhSWJ4bkFjUmh5Y1JVK3lHbjU2T0ExcjhuMjhZYXF1c1NXUWIiLCJtYWMiOiJhODNjMjZjMmE4YTA4YTUyNzAzZDFmYjViNTAyNmMwZTQ3ZmE5Zjc1NGJjYWFlY2FjYTViMTM0NWE4YTJkZGQxIn0%3D; expires=Sat, 01-Oct-2022 13:44:35 GMT; Max-Age=604800; path=/
rk_payments_session=eyJpdiI6InRXWU9MNHg5bjRORjk5QXZXYmREcnc9PSIsInZhbHVlIjoiNHMwSnJ3bWN4dm11R3hYWmFEZlg0S3NwV0V3cEU3V3FvQ2dicTZzbWJNM1wvTllHZHlcL2R2YlpUZzh0WENlQUtlIiwibWFjIjoiNmVlMDhiMjU0OGNkNjgyZmI2Y2JkY2YzMmU4Yjk0OGQ5ODJjMDQ4YTkzMTkzMjUyODI2OGZmMzEzZjc3MWJhZSJ9; expires=Sat, 01-Oct-2022 13:44:35 GMT; Max-Age=604800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
payments.rosetohope.com/landing-page/campaign-logs
18.194.3.144204 No Content 0 B URL HTTP/2 payments.rosetohope.com/landing-page/campaign-logs
IP 18.194.3.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
OPTIONS /landing-page/campaign-logs HTTP/1.1
Host: payments.rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://rosetohope.com/
Origin: https://rosetohope.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
server: nginx
cache-control: no-cache, private
date: Sat, 24 Sep 2022 13:44:35 GMT
access-control-allow-origin: https://rosetohope.com
access-control-allow-methods: POST
access-control-allow-headers: CONTENT-TYPE
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
payments.rosetohope.com/landing-page/log
18.194.3.144204 No Content 0 B URL HTTP/2 payments.rosetohope.com/landing-page/log
IP 18.194.3.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
OPTIONS /landing-page/log HTTP/1.1
Host: payments.rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://rosetohope.com/
Origin: https://rosetohope.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
server: nginx
cache-control: no-cache, private
date: Sat, 24 Sep 2022 13:44:35 GMT
access-control-allow-origin: https://rosetohope.com
access-control-allow-methods: POST
access-control-allow-headers: CONTENT-TYPE
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
api.covery.ai/resources/covery.js
3.125.90.216403 Forbidden 146 B URL HTTP/2 api.covery.ai/resources/covery.js
IP 3.125.90.216:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9fe3cb2b7313dc79bb477bc8fde184a7
4d7b3cb41e90618358d0ee066c45c76227a13747
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
GET /resources/covery.js HTTP/1.1
Host: api.covery.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Sat, 24 Sep 2022 13:44:35 GMT
content-type: text/html
content-length: 146
server: nginx
X-Firefox-Spdy: h2
rosetohope.com/no/887219/18/assets/img/t18-airpods-body-message-icn-3.png
13.214.167.188200 OK 607 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-body-message-icn-3.png
IP 13.214.167.188:0
File type PNG image data, 60 x 60, 8-bit colormap, non-interlaced\012- data
Hash 4bd8007a65e43b87aeba0a1eb80a1e99
5f4c1738866cecbe014f4adf691205b50eebac7c
0ba347c9cf4318c2d72f8281ac8d7bdded92e34093cc79272078853b5e79ec79
GET /no/887219/18/assets/img/t18-airpods-body-message-icn-3.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:35 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:52 GMT
ETag: "25f-5dbd01d25d0ce"
Accept-Ranges: bytes
Content-Length: 607
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/t18-airpods-body-heart-icn-4.png
13.214.167.188200 OK 616 B URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/t18-airpods-body-heart-icn-4.png
IP 13.214.167.188:0
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash d4047c6cac10e707ff2af69840130fa6
0d4774253d02f17451dd53b47907540f957829e3
32522055274e1ea9147704cc700ba38d492f55a0d22fc0ec7c342108facf5c0a
GET /no/887219/18/assets/img/t18-airpods-body-heart-icn-4.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:35 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:49 GMT
ETag: "268-5dbd01d023f89"
Accept-Ranges: bytes
Content-Length: 616
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
rosetohope.com/no/887219/18/assets/img/payment-method.png
13.214.167.188200 OK 45 kB URL HTTP/1.1 rosetohope.com/no/887219/18/assets/img/payment-method.png
IP 13.214.167.188:0
File type PNG image data, 984 x 82, 8-bit/color RGBA, non-interlaced\012- data
Hash 145fa1666ad8eed7c972634ea8b74f6e
711dbb19f924a85d275dc23d89fb66046cbdd039
545bf3b9626b5f2d72950cf8cbc3ad3c606e89b07878c255d036eea0a0143233
GET /no/887219/18/assets/img/payment-method.png HTTP/1.1
Host: rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/no/887219/18/?pubid=aff-no&pob=3&m=b3B0aW9uMQ%3D%3D&click_id=632f09bf5b547100014d1c75&subid=RT-60338f6279fcbe00012195b3-5:651171&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=f0613969b22b3de09f664a59a9b71b0f.1664027371&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 13:44:35 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 08:42:49 GMT
ETag: "af01-5dbd01cf5a8f2"
Accept-Ranges: bytes
Content-Length: 44801
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
payments.rosetohope.com/landing-page/campaign-logs
18.194.3.144200 OK 229 B URL HTTP/2 payments.rosetohope.com/landing-page/campaign-logs
IP 18.194.3.144:0
Hash c8269d7b65d5c35aaa0043d8839ca822
dde9f8ef38dbe5ec4819955c544a6c774c3218af
47b7e34578c709102345754864fbcb34bce5ed4e07b1d8bda5899d486d5711fb
Analyzer Verdict Alert fortinet Phishing
POST /landing-page/campaign-logs HTTP/1.1
Host: payments.rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 935
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 24 Sep 2022 13:44:35 GMT
access-control-allow-origin: https://rosetohope.com
vary: Accept-Encoding, Origin
set-cookie: XSRF-TOKEN=eyJpdiI6InFKelwvS2M5d3Mrb1BabFNZOHVncENBPT0iLCJ2YWx1ZSI6IkhUSDRBMzJNNlVcL0FscUhaWU13eEc2MDJLMnlXY0szNFFxXC9hYVl0SVk3REJEeFhHdTl6Q0J5UisrOGFSczhKdyIsIm1hYyI6IjgzMTlkZDAwZTQyZjg1MGJhMTA1MzE5YTdmYjFiNjc1ZjAyNzg5ZmRmZmFhMmY2ZTFhOTBkODUxYTE3ZTgwZTUifQ%3D%3D; expires=Sat, 01-Oct-2022 13:44:35 GMT; Max-Age=604800; path=/
rk_payments_session=eyJpdiI6InNRSjVsXC95cW1zSWhrVzNVWTRURlF3PT0iLCJ2YWx1ZSI6IktJb08xVGJrcldhaG9pVW5FalJVbXJcL3dcL0RoQ0pxeTA2R3pDaEtsMXNWT0dXZG80Q0tSY2RpZUhrTEFYaW5kaCIsIm1hYyI6IjIxMDU1M2U1YjgzYTBjOWEyNTJjOTExNGY2ZDQyYWFmNGQ4M2MwOGRjZDA0ZjM1ZTdkMDllNTI1MjE3ZjY2ZjkifQ%3D%3D; expires=Sat, 01-Oct-2022 13:44:35 GMT; Max-Age=604800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
payments.rosetohope.com/landing-page/log
18.194.3.144200 OK 57 B URL HTTP/2 payments.rosetohope.com/landing-page/log
IP 18.194.3.144:0
Hash 3cd51a6671c504ed640a23c92db0ea98
a3b1109a10552b9734cde66d8ef80c54cfeecc96
f8b490f60196797f653140ad47abf3f2d30cb3b277e9ca8ca3613fb805f1c53f
Analyzer Verdict Alert fortinet Phishing
POST /landing-page/log HTTP/1.1
Host: payments.rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 585
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 24 Sep 2022 13:44:35 GMT
access-control-allow-origin: https://rosetohope.com
vary: Accept-Encoding, Origin
set-cookie: XSRF-TOKEN=eyJpdiI6InRjbDhGZlVXRzNBdWNBek1MdzdDZVE9PSIsInZhbHVlIjoiUGVjMmhGMHIxVE1xSnZnTk10ajBVT2dxalRzVmczRm9ZQXpnbjkxK2UwMU1kRXlBK1NMNGFzKzU3bkxrbHozbiIsIm1hYyI6IjFiZmVhMWY3YjFlNmYwYmI1MDYzYjdmYWJiYjMwMGNiOGY0Mzc2OTU5NDliZjJiNDlmZTIwNTVkZmU4ZDM3ZjkifQ%3D%3D; expires=Sat, 01-Oct-2022 13:44:35 GMT; Max-Age=604800; path=/
rk_payments_session=eyJpdiI6Ik1GZVVjNlpaQzczQjhXWmZqWndwU2c9PSIsInZhbHVlIjoiQnJuQWRVYWVDbGlxalJCXC9XcUUzMlFRWU45MDdUcjdzaEMrdXdkbG4xUjEzbHdWdjNsbVJiQWpxeU5NUmFpbzYiLCJtYWMiOiJkMzk0OGIwNTdjMDMwOGFjNTRlZTlmY2ZmZjkwOTZlZWRmMzg1Yjk2YzA0OTZlZDZlOTgyZjRiYWRhYjBiYjcxIn0%3D; expires=Sat, 01-Oct-2022 13:44:35 GMT; Max-Age=604800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
IP 142.250.74.10:0
GET /css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 13:44:33 GMT
date: Sat, 24 Sep 2022 13:44:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/embed/dEBM7szD9Kg
216.58.207.206200 OK 0 B URL HTTP/2 www.youtube.com/embed/dEBM7szD9Kg
IP 216.58.207.206:0
GET /embed/dEBM7szD9Kg HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 24 Sep 2022 13:44:33 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=aLzkg2BcnH8; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=rVGiQl8vdqQ; Domain=.youtube.com; Expires=Thu, 23-Mar-2023 13:44:33 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+963; expires=Mon, 23-Sep-2024 13:44:33 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/embed/dEBM7szD9Kg
216.58.207.206200 OK 0 B URL HTTP/2 www.youtube.com/embed/dEBM7szD9Kg
IP 216.58.207.206:0
GET /embed/dEBM7szD9Kg HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 24 Sep 2022 13:44:33 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=pDu5WDOefcw; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=_p2i737HdEw; Domain=.youtube.com; Expires=Thu, 23-Mar-2023 13:44:33 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+543; expires=Mon, 23-Sep-2024 13:44:33 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/abfb84fe/player_ias.vflset/en_US/base.js
216.58.207.206200 OK 0 B URL HTTP/2 www.youtube.com/s/player/abfb84fe/player_ias.vflset/en_US/base.js
IP 216.58.207.206:0
GET /s/player/abfb84fe/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dEBM7szD9Kg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 591484
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 14:49:57 GMT
expires: Fri, 22 Sep 2023 14:49:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 22 Sep 2022 00:22:49 GMT
content-type: text/javascript
age: 168876
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
payments.rosetohope.com/landing-page/campaign-logs
18.194.3.144200 OK 0 B URL HTTP/2 payments.rosetohope.com/landing-page/campaign-logs
IP 18.194.3.144:0
Analyzer Verdict Alert fortinet Phishing
POST /landing-page/campaign-logs HTTP/1.1
Host: payments.rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 935
Origin: https://rosetohope.com
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 24 Sep 2022 13:44:38 GMT
access-control-allow-origin: https://rosetohope.com
vary: Accept-Encoding, Origin
set-cookie: XSRF-TOKEN=eyJpdiI6IjVvNGs2XC82cllNTzAzdnFTSTI0eUJRPT0iLCJ2YWx1ZSI6IlRaQ0NWZEtnQ1FkUWV5SWZ3TDBUK0UxOWFkQ25sb3RvNUVmZlMybFwvXC94bWpjNnVXMllNd2dHTlFVQ3JjN0ZVdSIsIm1hYyI6IjhkOTZiMWQ1YTU5NWJlYzU1NmNlZjVhYzc0MzA4OGNlMmVmNzA0ZTQyZjI4YjM3OGJmYzgzYmI0N2Y0Nzc0ZGIifQ%3D%3D; expires=Sat, 01-Oct-2022 13:44:38 GMT; Max-Age=604800; path=/
rk_payments_session=eyJpdiI6IjNwTGxrQWd0U0x5aVJpY3lIdHJPYWc9PSIsInZhbHVlIjoiZ085MUQ3Wm5vcFcyU0haRys3XC9rK0hiNks3NGdmRTRPc1JiNmkzQnVhQTVzbElQaUJDTEhWOUwrUGh3YTRVZTkiLCJtYWMiOiI1NjI0MmYxYjI5Yjk5N2ViNDMzOTU1N2FkYmRjZjA2OTE5NGVkZjJkODExNjc2NWM3YWFjMzExYTcyMjRiNDQzIn0%3D; expires=Sat, 01-Oct-2022 13:44:38 GMT; Max-Age=604800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
wwads.xyz/redirect/action/1InEhMywuJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1170424810&tsid=760790
104.21.59.128302 Found 0 B URL HTTP/2 wwads.xyz/redirect/action/1InEhMywuJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1170424810&tsid=760790
IP 104.21.59.128:0
GET /redirect/action/1InEhMywuJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1170424810&tsid=760790 HTTP/1.1
Host: wwads.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://forgefolder.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 24 Sep 2022 13:44:30 GMT
content-type: text/html; charset=UTF-8
location: https://wwads.xyz/clk/S3FrWFhwWmtKR1hDZGVhU1Q3NFdoR2RJdDdKek51b2xvbEFaS3lCblh2WWVLVnF2RkdYQW9IUFVQT0w0Kzl2SFVnK3FxT3ZyeGpxYjhtQmJ4dWtuRFVBZDR4K3BJYkl5V29sdENGeDY1d0lWSWxXTWxYRm9Xc0NnVUxQeHlycGNzcURQTmdORFdDeHRmTzg2amcySTFzNVFqbC9kblpWR3RIODhwSGV5Z212cW1NcVl6cUU1ZjQzcjNJOVFwWjJ3NzI5SFZXcVJob2JCb0dBY3NWNmZDUmtUSXd6Q3o2dCtxeVpxQ2treUpnM1Z4Vzl4RENNUEwybTBUTkFJS2ZyU0FuRXZjYTBaeTVoSVRBa0VacHpmZUN3ZGtPdE43NnN3ZUxBdDR0TlNTU1dQcmZNRDU5Ujd6UjJGZGhTb3Y2dVI
set-cookie: msv-16dc-2e179-9efa0-a0-0-0=5b5a2a9a; expires=Sun, 25-Sep-2022 13:44:30 GMT; Max-Age=86400
click-210-6bed0a=20092401_37_0_16dc_6bed0a_793_160_632f09be_5b5a2a9a_651168_0_0_64_64_0_2_2_0_0; expires=Thu, 23-Mar-2023 13:44:30 GMT; Max-Age=15552000; path=/conversion
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wjEHIF1Qs7pODdiHdYkoGfMXVFTIjjI%2FzH9VhbTQqZgRj%2Bfbz5GyBi02uupFBK0O17HgHUbH%2BhnOJ%2ByuKEDBQRbieFcVbiKZFQ%2FvKD43qk7Qunn4BnXO6kJm6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fbf483c9b6b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i
IP 142.250.74.10:0
GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 13:44:33 GMT
date: Sat, 24 Sep 2022 13:44:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP 142.250.74.10:0
GET /css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 13:44:33 GMT
date: Sat, 24 Sep 2022 13:44:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
payments.rosetohope.com/css/landing_page.css
18.194.3.144200 OK 0 B URL HTTP/2 payments.rosetohope.com/css/landing_page.css
IP 18.194.3.144:0
GET /css/landing_page.css HTTP/1.1
Host: payments.rosetohope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 13:44:35 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 03:28:13 GMT
vary: Accept-Encoding
etag: W/"632d27cd-18248"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Satisfy
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Satisfy
IP 142.250.74.10:0
GET /css?family=Satisfy HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rosetohope.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 13:44:33 GMT
date: Sat, 24 Sep 2022 13:44:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2