Report - c1.to/l3aks?ref=328834

Report Overview

Visited public
2024-08-01 10:24:47
Tags
Submit Tags
URL
c1.to/l3aks?ref=328834
Finishing URL
freeleaks.pages.dev/offers
IP / ASN
159.203.133.15
#14061 DIGITALOCEAN-ASN
Title
Premium content

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static2.mylead.global	939030	2018-04-19	2018-12-08 06:54:46	2024-06-13 22:09:47	2.9 kB	209 kB	104.22.15.218
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-30 18:12:03	2.0 kB	5.3 kB	23.36.76.226
freeleaks.pages.dev	unknown	unknown	No data	No data	4.0 kB	33 kB	172.66.44.244
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-07-30 18:16:29	838 B	18 kB	151.101.129.229
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-07-30 18:16:57	1.6 kB	3.5 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-07-31 03:52:55	1.6 kB	102 kB	142.250.74.131
discord.com	1053	2000-11-06	2013-06-04 20:47:24	2024-07-31 18:12:17	1.2 kB	4.3 kB	162.159.138.232
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-07-31 07:22:22	910 B	12 kB	142.250.74.106
e5.o.lencr.org	unknown	2020-06-29	2024-06-07 07:39:25	2024-07-31 18:05:23	326 B	727 B	23.36.77.32
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-07-31 08:51:18	447 B	31 kB	151.101.194.137
cdn-host.serv00.net	unknown	unknown	No data	No data	408 B	11 kB	128.204.223.119
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2024-07-30 18:14:36	437 B	267 B	104.26.13.205
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-07-31 07:22:34	962 B	2.7 kB	104.17.25.14
locker-cpa.eu	unknown	unknown	2022-05-31 16:43:16	2024-04-13 18:14:23	6.5 kB	242 kB	188.114.97.1
c1.to	unknown	unknown	2021-02-03 22:35:45	2023-02-16 13:42:37	476 B	707 B	159.203.133.15
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-07-30 18:12:28	327 B	888 B	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-01 10:24:22	low	Client IP	104.26.13.205	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	locker-cpa.eu/iframeLoader/1b55f890-4e70-11ef-9315-17ff98ebd8c7?	ScriptElement	3.0 kB	2024-07-31	2024-10-04
Pretty URL locker-cpa.eu/iframeLoader/1b55f890-4e70-11ef-9315-17ff98ebd8c7? IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-31 23:11 Last Seen2024-10-04 10:18 Times Seen17 Hash c3353a7ec630bc6203880b529f1b2c3a 15bead6fc10fee1908a1eb962c4d50f6a5033f12 ab2554d3a101419cd36ce8b8e2fcf5b81ea003216a3126d065f8da3933b27654 Loading...

	locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1	ScriptElement	15 B	2023-11-03	2024-10-04
Pretty URL locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-03 13:40 Last Seen2024-10-04 10:18 Times Seen18 Hash 74f02e0ccefa1fa3591cc71cc5286cfb 6fc15a4d273d8d2c1f61e024c2b767ece4dcce55 3c97c5ad679dd913c7ff13c382a1db7f1fdbaead88e777a14a0d930500ea8355 Loading...

	cdn.jsdelivr.net/npm/css-vars-ponyfill@2	ScriptElement	23 kB	2024-03-25	2025-06-29
Pretty URL cdn.jsdelivr.net/npm/css-vars-ponyfill@2 IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-25 23:40 Last Seen2025-06-29 03:22 Times Seen113 Hash d95555bf007fcdda849a37d9714463b7 d26443c35ce9e5e1e6193fa0fb191c2aab7f55a5 3b0720cf5312d04a43124a81e657a9aaa77cd27688d0146daaedbe6d423107ce Loading...

	locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1	ScriptElement	0 B	0001-01-01	2025-06-30
Pretty URL locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-30 06:46 Times Seen5206654 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (54)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 1d047e3b166ee35938a43c55f20ee111 7880600b5415b4843047ef21d177aed6d4ad053f 61a47554eb6db3ac87779825845d4d458efeeb1c1833c7e9af01e2fd6014e4cb HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "61A47554EB6DB3AC87779825845D4D458EFEEB1C1833C7E9AF01E2FD6014E4CB" Last-Modified: Mon, 29 Jul 2024 18:27:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2468 Expires: Thu, 01 Aug 2024 11:05:28 GMT Date: Thu, 01 Aug 2024 10:24:20 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash eb8b5a3f62f8ead7f86e028723019196 8941f16c283439f44a148ba7668a67a55aba16de f76a44ac993c568fcdac2165655a7886f3207e980286b7605a48dc897e4fd68b HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F76A44AC993C568FCDAC2165655A7886F3207E980286B7605A48DC897E4FD68B" Last-Modified: Mon, 29 Jul 2024 18:28:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2226 Expires: Thu, 01 Aug 2024 11:01:26 GMT Date: Thu, 01 Aug 2024 10:24:20 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 12b3b90abdd8ddc5edfc58288f11925f 8093a9a5520def1c87fd60aab5c3636f305224d2 e9e51da5ed2854a5ead2219e70b950ccac93efd228bdd965f3a116ee600f390b HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "E9E51DA5ED2854A5EAD2219E70B950CCAC93EFD228BDD965F3A116EE600F390B" Last-Modified: Mon, 29 Jul 2024 18:26:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3798 Expires: Thu, 01 Aug 2024 11:27:39 GMT Date: Thu, 01 Aug 2024 10:24:21 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 06f86a556a3bc0d04f36267a3081f07f 3ca01a6761c66a9434a2ee060e2cb4b685b0b9f8 e9d373f8bcb454c3fc0b4e4d3768e5104c7f4cad03145468f9d2c0ff89c08143 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "E9D373F8BCB454C3FC0B4E4D3768E5104C7F4CAD03145468F9D2C0FF89C08143" Last-Modified: Thu, 01 Aug 2024 06:27:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7853 Expires: Thu, 01 Aug 2024 12:35:14 GMT Date: Thu, 01 Aug 2024 10:24:21 GMT Connection: keep-alive`

	e5.o.lencr.org/	23.36.77.32		344 B
URL e5.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 344 B (344 bytes) Hash 131a5ae2a9099d4a3081daffd4fc1bbe fd0332d8cdc2963dcbe118cb6cada38c231e4404 c7f847a54e6e4280555b27beb9133cd6c28d3d605cf48b76908722f6eb4dd697 HTTP Headers `POST / HTTP/1.1 Host: e5.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 344 ETag: "C7F847A54E6E4280555B27BEB9133CD6C28D3D605CF48B76908722F6EB4DD697" Last-Modified: Mon, 29 Jul 2024 19:55:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5174 Expires: Thu, 01 Aug 2024 11:50:35 GMT Date: Thu, 01 Aug 2024 10:24:21 GMT Connection: keep-alive`

	GET c1.to/l3aks?ref=328834	159.203.133.15	301 Moved Permanently	0 B
URL User Request GET HTTP/1.1 c1.to/l3aks?ref=328834 IP 159.203.133.15:443 ASN #14061 DIGITALOCEAN-ASN Certificate IssuerLet's Encrypt Subjectatu.ca FingerprintC4:98:38:FC:57:32:F1:45:64:51:67:EF:12:21:D5:50:8A:64:A9:FD ValiditySat, 08 Jun 2024 19:33:19 GMT - Fri, 06 Sep 2024 19:33:18 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /l3aks?ref=328834 HTTP/1.1 Host: c1.to User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 301 Moved Permanently Date: Thu, 01 Aug 2024 10:24:21 GMT Server: Apache/2.4.61 (Debian) Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=phoqnd8vdvtm8dpketaoa9b51d; path=/ short_3115405=1; expires=Thu, 01 Aug 2024 10:39:22 GMT; Max-Age=900; path=/; HttpOnly location: https://freeleaks.pages.dev?ref=328834 Connection: keep-alive, Keep-Alive Keep-Alive: timeout=5, max=100 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,PUT,POST Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Credentials: true Content-Length: 0 Content-Type: text/html; charset=UTF-8

	GET freeleaks.pages.dev/offers.html	172.66.44.244	308 Permanent Redirect	0 B
URL User Request GET HTTP/3 freeleaks.pages.dev/offers.html IP 172.66.44.244:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectfreeleaks.pages.dev Fingerprint6D:A8:89:6E:BA:64:14:05:CD:49:D6:30:9B:74:5D:A7:EE:16:C3:6D ValidityMon, 29 Jul 2024 13:41:41 GMT - Sun, 27 Oct 2024 13:41:40 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /offers.html HTTP/1.1 Host: freeleaks.pages.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/?ref=328834 DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 308 Permanent Redirect date: Thu, 01 Aug 2024 10:24:22 GMT content-length: 0 location: /offers access-control-allow-origin: * referrer-policy: strict-origin-when-cross-origin report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2FMJlkIIHvY9ZuWIObCVCVr1ITjoKhJvvYCtTc0xODNBhzjsjZBaOhjIx73inLpu5ml1uVkGnV60gD3RsYgJoLwV833xfzLVGRG1qQj260F30r2hyOAeU6%2BdlpBEH5UzZ5EIbKyO"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e3c6eb40b55-OSL alt-svc: h3=":443"; ma=86400

	r11.o.lencr.org/	23.36.77.32		504 B
URL r11.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash eb2ff66a540cc914e49092fe3d553807 0f77abcb418c7ae5f807563d09c537c153e0f502 65f81ac780abb24008ea308ff8a61d34e3db18da2b8b155dfcc0ebb2ee16e1ae HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "65F81AC780ABB24008EA308FF8A61D34E3DB18DA2B8B155DFCC0EBB2EE16E1AE" Last-Modified: Mon, 29 Jul 2024 20:02:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=12917 Expires: Thu, 01 Aug 2024 13:59:39 GMT Date: Thu, 01 Aug 2024 10:24:22 GMT Connection: keep-alive`

	GET code.jquery.com/jquery-3.7.1.min.js	151.101.194.137	200 OK	30 kB
URL GET HTTP/2 code.jquery.com/jquery-3.7.1.min.js IP 151.101.194.137:443 ASN #54113 FASTLY Requested by https://freeleaks.pages.dev/?ref=328834 Certificate IssuerSectigo Limited Subject.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT File type JavaScript source, ASCII text, with very long lines (65447) Size 30 kB (30336 bytes) Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a HTTP Headers `GET /jquery-3.7.1.min.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/ Origin: https://freeleaks.pages.dev DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=utf-8 last-modified: Fri, 18 Oct 1991 12:00:00 GMT etag: W/"28feccc0-155ed" cache-control: public, max-age=31536000, stale-while-revalidate=604800 access-control-allow-origin: * cross-origin-resource-policy: cross-origin content-encoding: gzip via: 1.1 varnish, 1.1 varnish accept-ranges: bytes date: Thu, 01 Aug 2024 10:24:22 GMT age: 1625944 x-served-by: cache-lga21978-LGA, cache-hel1410031-HEL x-cache: HIT, HIT x-cache-hits: 27, 129513 x-timer: S1722507863.622321,VS0,VE0 vary: Accept-Encoding content-length: 30336 X-Firefox-Spdy: h2

	GET cdn-host.serv00.net/webhook.js	128.204.223.119	200 OK	11 kB
URL GET HTTP/2 cdn-host.serv00.net/webhook.js IP 128.204.223.119:443 ASN #57367 Atman Sp. z o.o. Requested by https://freeleaks.pages.dev/?ref=328834 Certificate IssuerLet's Encrypt Subject.serv00.net Fingerprint1F:2E:33:5C:95:9C:4C:67:11:DB:CE:7B:8F:62:02:A3:0F:EC:5B:4A ValidityMon, 01 Jul 2024 14:04:17 GMT - Sun, 29 Sep 2024 14:04:16 GMT File type ASCII text, with very long lines (11058) Size 11 kB (11106 bytes) Hash f8c40f182c07ed142b3c81d4e27eb17b 8bd85fc944c467b1246460b6fa29cb59fb474741 2939ac16464b41de7345edc292e9396b1b0e15721c3de86eb8f403797cdc699b HTTP Headers `GET /webhook.js HTTP/1.1 Host: cdn-host.serv00.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Thu, 01 Aug 2024 10:24:22 GMT content-type: application/javascript content-length: 11106 last-modified: Thu, 01 Aug 2024 08:51:28 GMT etag: "66ab4c90-2b62" accept-ranges: bytes X-Firefox-Spdy: h2`

	GET api.ipify.org/?format=json	104.26.13.205	200 OK	21 B
URL GET HTTP/2 api.ipify.org/?format=json IP 104.26.13.205:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/?ref=328834 Certificate IssuerGoogle Trust Services Subjectipify.org Fingerprint14:92:0D:1D:39:E0:D3:AD:DC:06:2E:2E:6B:21:C6:C0:AC:D6:A1:B6 ValidityThu, 18 Jul 2024 02:50:08 GMT - Wed, 16 Oct 2024 02:50:07 GMT File type JSON text data Size 21 B (21 bytes) Hash 7d69c71af0f191e9a72db6153f8018d1 f67c5f2887bc05654b47f76e9621e53a4091aed1 5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65 HTTP Headers `GET /?format=json HTTP/1.1 Host: api.ipify.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/ Origin: https://freeleaks.pages.dev DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:22 GMT content-type: application/json content-length: 21 access-control-allow-origin: * vary: Origin cf-cache-status: DYNAMIC server: cloudflare cf-ray: 8ac51e3e4888b4fa-OSL X-Firefox-Spdy: h2`

	GET cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css	104.17.25.14	200 OK	333 B
URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:EC:C6:E9:D9:C1:6D:05:88:6E:33:AF:3B:E7:7B:86:81:20:66:CA ValidityWed, 31 Jul 2024 04:16:10 GMT - Tue, 29 Oct 2024 04:16:09 GMT File type ASCII text, with very long lines (773), with no line terminators Size 333 B (333 bytes) Hash 93e42565f156d067f72108759177a957 19b2c8de419fbd69c38971ac4923e7636edda182 82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e HTTP Headers `GET /ajax/libs/meyer-reset/2.0/reset.min.css HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://locker-cpa.eu DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: style Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:23 GMT content-type: text/css; charset=utf-8 content-length: 333 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03f23-305" last-modified: Mon, 04 May 2020 16:13:23 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 739127 expires: Tue, 22 Jul 2025 10:24:23 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JI22tVH8KnJJYlt8q4tuM5q1Is0ciWvKEqoUSbXQzMbmmyTYx41DQRFMgH9TPLyFEiFXVoRVNtA13VmnlAtCW7sHbe9B3qDe0NQHi7ssg7oq74stxlTYhkKjuGiv5uny3guA6Jjc"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 8ac51e416a2f56c4-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	GET cdn.jsdelivr.net/npm/css-vars-ponyfill@2	151.101.129.229	200 OK	8.2 kB
URL GET HTTP/2 cdn.jsdelivr.net/npm/css-vars-ponyfill@2 IP 151.101.129.229:443 ASN #54113 FASTLY Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT File type JavaScript source, Unicode text, UTF-8 text, with very long lines (23165) Size 8.2 kB (8214 bytes) Hash d95555bf007fcdda849a37d9714463b7 d26443c35ce9e5e1e6193fa0fb191c2aab7f55a5 3b0720cf5312d04a43124a81e657a9aaa77cd27688d0146daaedbe6d423107ce HTTP Headers `GET /npm/css-vars-ponyfill@2 HTTP/1.1 Host: cdn.jsdelivr.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: * timing-allow-origin: * cache-control: public, max-age=604800, s-maxage=43200 cross-origin-resource-policy: cross-origin x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload content-type: application/javascript; charset=utf-8 x-jsd-version: 2.4.9 x-jsd-version-type: version etag: W/"5b5b-0mRDw1zp5eHmGT+g+xkcKqt/VaU" content-encoding: br accept-ranges: bytes date: Thu, 01 Aug 2024 10:24:23 GMT age: 35483 x-served-by: cache-fra-eddf8230121-FRA, cache-hel1410027-HEL x-cache: HIT, HIT vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 8214 X-Firefox-Spdy: h2

	GET locker-cpa.eu/iframeLoader/1b55f890-4e70-11ef-9315-17ff98ebd8c7?	188.114.97.1		9.9 kB
URL GET locker-cpa.eu/iframeLoader/1b55f890-4e70-11ef-9315-17ff98ebd8c7? IP 188.114.97.1:0 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/offers Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type gzip compressed data, from Unix Size 9.9 kB (9935 bytes) Hash 9e756492f2bb77cb7afba0db41535cc0 cf5ca40ccbba3a35e9a7843172061c6f3c1b8c47 bb746b1284ba4aa0b064b2f86e07cf4e140890d8130c56d564b2fe017b3fce07 HTTP Headers `GET /iframeLoader/1b55f890-4e70-11ef-9315-17ff98ebd8c7? HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:22 GMT content-type: application/json vary: Accept-Encoding cache-control: no-cache, private set-cookie: XSRF-TOKEN=eyJpdiI6IlgxU2JMZDVpWmNrT1hZZVRDY3QrQVE9PSIsInZhbHVlIjoieDY5Q0ZxTDYwbkdRS2szZGRXUWc3aG5xSzE4aEJDTXVBK2dESmptcXEzb0RGSnJlMHBRS2dWUTdcL0RaUHFNK3VGZHNJaW5kSGVZRE1UYVFicjRESWhSZVQ0eVdjSjQ4QlNDam9TdEJcL1Y3dEduUk9LVmlBRVVwejNwU1wvbHBUOXoiLCJtYWMiOiI0NmQwNDY1OTU2NzViZWFkM2UxNDdmZjFlNmFlMGU1YjQ2NzkwZDY2ODY4ODE5NzVkZTE2YTIwZWRhNmUxNWM5In0%3D; expires=Thu, 01-Aug-2024 12:24:22 GMT; Max-Age=7200; path=/ lockercpapl_session=eyJpdiI6IlwveWFZSkxwWXpMQW41Vm1DbjZPR3FRPT0iLCJ2YWx1ZSI6IkFhNHk4dE5mNndcL1BoSGFhNGV1ckdpaHFTMU9NZDhBa2ttVjBZbkthVWMxTzlmRzJtWWlkRUFnc2dLR3hwcjNXd1ZaYmRNN2RxOVpVdDQ4c3pxMDE3dlFJU0VoQUM0RUFyMGZoRG9ocTFvXC9xdEdBRHBkSStTa3pJbERLZStBSE0iLCJtYWMiOiI2Mjc5MTlkY2QxMmNlYWU4ZDlkM2I1YWEwZGMyMDNjNzkzZjIzNTljN2NmNzU3ZWQwNTFhMDEwZTM4NDZlZDQ0In0%3D; expires=Thu, 01-Aug-2024 12:24:22 GMT; Max-Age=7200; path=/; httponly content-encoding: gzip cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SoZUt1Sta6vZ%2BlTPusxL8UpA%2B0ZBuT%2FBaRgOU1G336QKYxAe%2BTltnMzdjSnjFK7wZYwpdK7XDGls3Pjnu0EcdpXxZ01piJ6la8XuWP%2BGnQIMdD2I9zKIJdkWfqXbVlWt"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8ac51e3d396456ae-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 4e65f865b00bcb08c52dfe77a48c1c03 26cbc733e53341bd2aab8c860546de10e9839e84 00250d516d26ead1f376d80fef0c83c59df998d20c72ed5b96262e40ae3b96a8 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "00250D516D26EAD1F376D80FEF0C83C59DF998D20C72ED5B96262E40AE3B96A8" Last-Modified: Mon, 29 Jul 2024 18:27:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5082 Expires: Thu, 01 Aug 2024 11:49:05 GMT Date: Thu, 01 Aug 2024 10:24:23 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 4e65f865b00bcb08c52dfe77a48c1c03 26cbc733e53341bd2aab8c860546de10e9839e84 00250d516d26ead1f376d80fef0c83c59df998d20c72ed5b96262e40ae3b96a8 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "00250D516D26EAD1F376D80FEF0C83C59DF998D20C72ED5B96262E40AE3B96A8" Last-Modified: Mon, 29 Jul 2024 18:27:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5082 Expires: Thu, 01 Aug 2024 11:49:05 GMT Date: Thu, 01 Aug 2024 10:24:23 GMT Connection: keep-alive`

	GET locker-cpa.eu/assets/images/lock-icon-t1.png	188.114.97.1	200 OK	1.1 kB
URL GET HTTP/3 locker-cpa.eu/assets/images/lock-icon-t1.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type PNG image data, 33 x 42, 8-bit/color RGBA, non-interlaced Size 1.1 kB (1109 bytes) Hash 8249f9dd357b12faebce9122999248e0 ba1bc28e4d72058806ca481f6c04e756e3c09c01 209cbe70b493d8a0c70d20583663bb7c2cd3264b84f17110bd1b16d7b1dc0958 HTTP Headers `GET /assets/images/lock-icon-t1.png HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:23 GMT content-type: image/png content-length: 1109 last-modified: Sat, 08 May 2021 19:26:34 GMT etag: "6096e5ea-455" cache-control: max-age=14400 cf-cache-status: HIT age: 7066 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DeXkMfEBTJ4hl2mZZbBl2BiexiH8jhatTvAMfY60KozNk%2BJ2C25o%2Bpp8I1iBmY6PYc8SdrMRFPDdCYTYsTnT2%2BN0ciadfKMAvS0cM6NV6CP0OkS2uHoTZpHmQulGpNqF"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e4289bc1c02-OSL alt-svc: h3=":443"; ma=86400

	o.pki.goog/wr2	142.250.74.131		472 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 55f3dcf011857f78bd5d1bed699da7dd 03967f34c839b237c04b9d4b40fcda13855e55dc e671dcc68730fe32ea36fa04982308232a2bbef8ff48ecad4c046a3f39404058 HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Thu, 01 Aug 2024 10:24:23 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	o.pki.goog/wr2	142.250.74.131		472 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 55f3dcf011857f78bd5d1bed699da7dd 03967f34c839b237c04b9d4b40fcda13855e55dc e671dcc68730fe32ea36fa04982308232a2bbef8ff48ecad4c046a3f39404058 HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Thu, 01 Aug 2024 10:24:23 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	GET static2.mylead.global/img/programs/logo/program_435239_1694543069.jpg	104.22.15.218	200 OK	13 kB
URL GET HTTP/2 static2.mylead.global/img/programs/logo/program_435239_1694543069.jpg IP 104.22.15.218:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectmylead.global Fingerprint88:93:C3:22:53:80:0D:7D:05:16:95:38:3E:4A:00:70:0A:AD:F2:DB ValidityWed, 10 Jul 2024 13:40:28 GMT - Tue, 08 Oct 2024 13:40:27 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 280x280, components 3 Size 13 kB (12709 bytes) Hash c9547ebd1577b7eec9aaa04312b18c8c b9ff22e8b7bc326c67703fc7af8315d139604505 cde8f4ea55e55329cc3b7f6edd41d7099c0e0e3beff17ac45854ec62e82c2b43 HTTP Headers `GET /img/programs/logo/program_435239_1694543069.jpg HTTP/1.1 Host: static2.mylead.global User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:23 GMT content-type: image/jpeg content-length: 12709 cf-bgj: h2pri etag: "c9547ebd1577b7eec9aaa04312b18c8c" last-modified: Tue, 12 Sep 2023 18:24:30 GMT via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront) x-amz-cf-id: 73_JF26-OQzN5declnQBVAkq0EfZ08avTUr-BhNPdvIfy2THhmc22g== x-amz-cf-pop: OSL50-C1 x-amz-server-side-encryption: AES256 x-cache: Miss from cloudfront cache-control: max-age=31536000 cf-cache-status: HIT age: 89 accept-ranges: bytes vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e455c9eb4f4-OSL X-Firefox-Spdy: h2

	GET static2.mylead.global/img/programs/logo/affiliate_programs_11_6967701696026189.png	104.22.15.218	200 OK	48 kB
URL GET HTTP/2 static2.mylead.global/img/programs/logo/affiliate_programs_11_6967701696026189.png IP 104.22.15.218:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectmylead.global Fingerprint88:93:C3:22:53:80:0D:7D:05:16:95:38:3E:4A:00:70:0A:AD:F2:DB ValidityWed, 10 Jul 2024 13:40:28 GMT - Tue, 08 Oct 2024 13:40:27 GMT File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 400x400, components 3 Size 48 kB (47768 bytes) Hash 30df41166cd1b97df9782313023bff14 3fe79026c2e67af9371fae40310ca14fcaf64cc4 e5572bc6bbc7d4581f08a469f7efa5ee46cbd2fca84c85f8bb075387a5ddd70b HTTP Headers `GET /img/programs/logo/affiliate_programs_11_6967701696026189.png HTTP/1.1 Host: static2.mylead.global User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:23 GMT content-type: image/jpeg content-length: 47768 cf-bgj: h2pri etag: "30df41166cd1b97df9782313023bff14" last-modified: Fri, 29 Sep 2023 22:23:10 GMT via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront) x-amz-cf-id: 97bgLR5D_h04t1PUNL2a6KWYvp-uQh_k3rt7dUp1VtiqM1FAJt6JVQ== x-amz-cf-pop: OSL50-C1 x-amz-server-side-encryption: AES256 x-cache: Miss from cloudfront cache-control: max-age=31536000 cf-cache-status: HIT age: 3165 accept-ranges: bytes vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e454c9cb4f4-OSL X-Firefox-Spdy: h2

	GET static2.mylead.global/img/programs/logo/program_441052_1698408793.jpg	104.22.15.218	200 OK	69 kB
URL GET HTTP/2 static2.mylead.global/img/programs/logo/program_441052_1698408793.jpg IP 104.22.15.218:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectmylead.global Fingerprint88:93:C3:22:53:80:0D:7D:05:16:95:38:3E:4A:00:70:0A:AD:F2:DB ValidityWed, 10 Jul 2024 13:40:28 GMT - Tue, 08 Oct 2024 13:40:27 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 450x450, components 3 Size 69 kB (69283 bytes) Hash 67ee18989b7994d51795e0fab6e570b7 48502db62505b8671d535bbfe8a288e983e044fe c0d7bbc2269aff420aafceb04f5348d9b754d91e7c1c7d7d62d0f64a2a00940e HTTP Headers `GET /img/programs/logo/program_441052_1698408793.jpg HTTP/1.1 Host: static2.mylead.global User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:23 GMT content-type: image/jpeg content-length: 69283 cf-bgj: h2pri etag: "67ee18989b7994d51795e0fab6e570b7" last-modified: Fri, 27 Oct 2023 12:13:14 GMT via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront) x-amz-cf-id: -AIX_tx2RcCHaEyxV5TDrUG96wQxFH-JDS867I7hzROrKffKWCWnNA== x-amz-cf-pop: OSL50-C1 x-amz-server-side-encryption: AES256 x-cache: Miss from cloudfront cache-control: max-age=31536000 cf-cache-status: HIT age: 3165 accept-ranges: bytes vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e455ca5b4f4-OSL X-Firefox-Spdy: h2

	GET locker-cpa.eu/images/star-active-t1.png?e4ef9b916d4ae57b94009baa7a950ffd	188.114.97.1	200 OK	1.2 kB
URL GET HTTP/3 locker-cpa.eu/images/star-active-t1.png?e4ef9b916d4ae57b94009baa7a950ffd IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type PNG image data, 38 x 36, 8-bit/color RGBA, non-interlaced Size 1.2 kB (1161 bytes) Hash e4ef9b916d4ae57b94009baa7a950ffd 760711045f708a0c74168aed4e082c02f85e9b47 3806cd2269902debd258eb6b67e337ba485bfbc249a5d65559bb46ce4d89001c HTTP Headers GET /images/star-active-t1.png?e4ef9b916d4ae57b94009baa7a950ffd HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/css/84765-1.css?id=4de1cf96d85e2bed30b5 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:24 GMT content-type: image/png content-length: 1161 last-modified: Sat, 08 May 2021 19:26:34 GMT etag: "6096e5ea-489" cache-control: max-age=14400 cf-cache-status: HIT age: 2960 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=njohgn%2F9pQP1bmIpzsc6jLD4VWo%2Fb4lIhVirZWmRPkdNNJ5kDgQ2Jk4JI%2FDU34c%2FeJpoc16zagb%2BHuXInAbpYbno6bpPUb3yf%2B3cGVT%2BXTDUPqy5T9sSMSpCUEa9Wb1m"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e4b69931c02-OSL alt-svc: h3=":443"; ma=86400

	GET locker-cpa.eu/images/star-active.png?2566e55942858fdb947a0ac2f1a0957b	188.114.97.1	200 OK	438 B
URL GET HTTP/3 locker-cpa.eu/images/star-active.png?2566e55942858fdb947a0ac2f1a0957b IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type PNG image data, 24 x 22, 8-bit/color RGBA, non-interlaced Size 438 B (438 bytes) Hash 2566e55942858fdb947a0ac2f1a0957b 93c601b21a637e5ad82b58044457ea385df75350 67955e49acf4fbaa2e4fa6f9d88bf4a6cb0a6f7cb4e9cd8df815c38b6d1e14c1 HTTP Headers `GET /images/star-active.png?2566e55942858fdb947a0ac2f1a0957b HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/css/84765-1.css?id=4de1cf96d85e2bed30b5 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:24 GMT content-type: image/png content-length: 438 last-modified: Sat, 08 May 2021 19:26:34 GMT etag: "6096e5ea-1b6" cache-control: max-age=14400 cf-cache-status: HIT age: 2960 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FVPf%2BYOLcQQaDrIwzoFhazZ3V56TLvPDNJYlzBeuCgx9rSzt9hPCLYyV9SX4Nv2FS8HtPtdU8xi2ZCKnZjA%2Bb7L%2Bv4MtYSuhH30vZxc42s%2Fg3OXR2Z0tSbz%2B81n7EuTn"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e4b698c1c02-OSL alt-svc: h3=":443"; ma=86400

	o.pki.goog/wr2	142.250.74.131		472 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 91fe6ecedc34caabb5a2a360d07cd70e 51302da536142a971a2d4ff072f12c726aea12ee 2f0089cea200492d11811bbd9cad0d2f401085c219e12cf7fed301aab966c2bf HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Thu, 01 Aug 2024 10:24:24 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	o.pki.goog/wr2	142.250.74.131		472 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 91fe6ecedc34caabb5a2a360d07cd70e 51302da536142a971a2d4ff072f12c726aea12ee 2f0089cea200492d11811bbd9cad0d2f401085c219e12cf7fed301aab966c2bf HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Thu, 01 Aug 2024 10:24:24 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	GET locker-cpa.eu/api/locker/offers?country_code=NO&user_agent=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjA%3D&ip=OTEuOTAuNDIuMTU0&program_id=84765&epc_value=30&is_adult=1&max_offer_number=3&wifi=1&configuration_id=2279491&priority_offers=1	188.114.97.1	200 OK	34 kB
URL GET HTTP/3 locker-cpa.eu/api/locker/offers?country_code=NO&user_agent=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjA%3D&ip=OTEuOTAuNDIuMTU0&program_id=84765&epc_value=30&is_adult=1&max_offer_number=3&wifi=1&configuration_id=2279491&priority_offers=1 IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type gzip compressed data, from Unix Size 34 kB (33530 bytes) Hash 732b0a376363c8e6296780eb48fdb090 b37db65b11bdceaad953c9fa75507cbb6c6942a2 1102345cc6c6855e14f5e10e741e9f51107d4a1e62e92b8ac90a956638b4bdd4 HTTP Headers GET /api/locker/offers?country_code=NO&user_agent=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjA%3D&ip=OTEuOTAuNDIuMTU0&program_id=84765&epc_value=30&is_adult=1&max_offer_number=3&wifi=1&configuration_id=2279491&priority_offers=1 HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:23 GMT content-type: application/json vary: Accept-Encoding cache-control: no-cache, private x-ratelimit-limit: 6000 x-ratelimit-remaining: 5999 content-encoding: gzip cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFk14m%2F3vithncvlJL4B1X27h8cVHhrNcEf51OqzpA6aR9O0zt%2BTYS3OFHo0ONP%2F%2FLo7Uz1Yzm34yuSQkssaC91tm%2BMb605xd8GwMk86BnlpxEGMpJBOtealuCaYge%2B%2B"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8ac51e4289bd1c02-OSL alt-svc: h3=":443"; ma=86400

	GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2	142.250.74.131	200 OK	33 kB
URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP 142.250.74.131:443 ASN #15169 GOOGLE Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subject.gstatic.com FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14 ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0 Size 33 kB (33092 bytes) Hash 057478083c1d55ea0c2182b24f6dd72f caf557cd276a76992084efc4c8857b66791a6b7f bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b HTTP Headers GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://locker-cpa.eu DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 33092 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 30 Jul 2024 03:21:09 GMT expires: Wed, 30 Jul 2025 03:21:09 GMT cache-control: public, max-age=31536000 last-modified: Wed, 13 Sep 2023 22:51:58 GMT content-type: font/woff2 age: 198196 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	o.pki.goog/wr2	142.250.74.131		472 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 91fe6ecedc34caabb5a2a360d07cd70e 51302da536142a971a2d4ff072f12c726aea12ee 2f0089cea200492d11811bbd9cad0d2f401085c219e12cf7fed301aab966c2bf HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Thu, 01 Aug 2024 10:24:25 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	GET freeleaks.pages.dev/offers.html	172.66.44.244	308 Permanent Redirect	0 B
URL User Request GET HTTP/3 freeleaks.pages.dev/offers.html IP 172.66.44.244:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectfreeleaks.pages.dev Fingerprint6D:A8:89:6E:BA:64:14:05:CD:49:D6:30:9B:74:5D:A7:EE:16:C3:6D ValidityMon, 29 Jul 2024 13:41:41 GMT - Sun, 27 Oct 2024 13:41:40 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /offers.html HTTP/1.1 Host: freeleaks.pages.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/?ref=328834 DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 308 Permanent Redirect date: Thu, 01 Aug 2024 10:24:41 GMT content-length: 0 location: /offers access-control-allow-origin: * referrer-policy: strict-origin-when-cross-origin report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b6xtHUuESgYmLfcCrDKlMGcmXrxtYXCmEqs0fQNdkCc4Oaesd4HMLftEslIp7eTuhWYJLmrRpHIMUBnqwNOsTbhb%2F2qd%2BN1%2FW5kB%2FwPJYV9GAi3XqGILmqx45Hxxu%2F3obhHilgBH"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51eb17cde0b55-OSL alt-svc: h3=":443"; ma=86400

	GET cdn.jsdelivr.net/npm/css-vars-ponyfill@2	151.101.129.229	200 OK	8.2 kB
URL GET HTTP/2 cdn.jsdelivr.net/npm/css-vars-ponyfill@2 IP 151.101.129.229:443 ASN #54113 FASTLY Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT File type JavaScript source, Unicode text, UTF-8 text, with very long lines (23165) Size 8.2 kB (8214 bytes) Hash d95555bf007fcdda849a37d9714463b7 d26443c35ce9e5e1e6193fa0fb191c2aab7f55a5 3b0720cf5312d04a43124a81e657a9aaa77cd27688d0146daaedbe6d423107ce HTTP Headers `GET /npm/css-vars-ponyfill@2 HTTP/1.1 Host: cdn.jsdelivr.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK content-length: 8214 access-control-allow-origin: * access-control-expose-headers: * timing-allow-origin: * cache-control: public, max-age=604800, s-maxage=43200 cross-origin-resource-policy: cross-origin x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload content-type: application/javascript; charset=utf-8 x-jsd-version: 2.4.9 x-jsd-version-type: version etag: W/"5b5b-0mRDw1zp5eHmGT+g+xkcKqt/VaU" content-encoding: br accept-ranges: bytes date: Thu, 01 Aug 2024 10:24:41 GMT age: 35501 x-served-by: cache-fra-eddf8230121-FRA, cache-hel1410030-HEL x-cache: HIT, HIT vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

	GET cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css	104.17.25.14	200 OK	333 B
URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:EC:C6:E9:D9:C1:6D:05:88:6E:33:AF:3B:E7:7B:86:81:20:66:CA ValidityWed, 31 Jul 2024 04:16:10 GMT - Tue, 29 Oct 2024 04:16:09 GMT File type ASCII text, with very long lines (773), with no line terminators Size 333 B (333 bytes) Hash 93e42565f156d067f72108759177a957 19b2c8de419fbd69c38971ac4923e7636edda182 82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e HTTP Headers `GET /ajax/libs/meyer-reset/2.0/reset.min.css HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://locker-cpa.eu DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: style Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:41 GMT content-type: text/css; charset=utf-8 content-length: 333 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03f23-305" last-modified: Mon, 04 May 2020 16:13:23 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 739145 expires: Tue, 22 Jul 2025 10:24:41 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8DCP%2B9S4pEwfhiLtUrQ1JWV6z1hnfbQq7S55hqpnPS6kr3PfxdWodor3UW1O2g1sQ%2BDDkL%2Bx%2B23eGVkP%2B1PkGxJ%2FVh1zJfozS2vp29Z4xbbazwgEMAD%2BYLmwpGSxOL%2B42gfr5rQ8"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 8ac51eb3f9dd56c4-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	GET locker-cpa.eu/assets/images/lock-icon-t1.png	188.114.97.1	200 OK	1.1 kB
URL GET HTTP/3 locker-cpa.eu/assets/images/lock-icon-t1.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type PNG image data, 33 x 42, 8-bit/color RGBA, non-interlaced Size 1.1 kB (1109 bytes) Hash 8249f9dd357b12faebce9122999248e0 ba1bc28e4d72058806ca481f6c04e756e3c09c01 209cbe70b493d8a0c70d20583663bb7c2cd3264b84f17110bd1b16d7b1dc0958 HTTP Headers `GET /assets/images/lock-icon-t1.png HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:41 GMT content-type: image/png content-length: 1109 last-modified: Sat, 08 May 2021 19:26:34 GMT etag: "6096e5ea-455" cache-control: max-age=14400 cf-cache-status: HIT age: 7084 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d0IoGEZas8S8Io7XU1Q%2BRDYykS%2FRn%2Fz4zcD2YR759RKQLtyh5HIa0zXHd2qkT%2BJOXuxTP16iEa0W%2BiaCFa464lU4szWHUXodFZ45zVPr8QFmkEEOn8v2INQOsvgGEoRL"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51eb48f4f1c02-OSL alt-svc: h3=":443"; ma=86400

	GET locker-cpa.eu/api/locker/offers?country_code=NO&user_agent=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjA%3D&ip=OTEuOTAuNDIuMTU0&program_id=84765&epc_value=30&is_adult=1&max_offer_number=5&wifi=1&configuration_id=2279491	188.114.97.1	200 OK	70 kB
URL GET HTTP/3 locker-cpa.eu/api/locker/offers?country_code=NO&user_agent=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjA%3D&ip=OTEuOTAuNDIuMTU0&program_id=84765&epc_value=30&is_adult=1&max_offer_number=5&wifi=1&configuration_id=2279491 IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type gzip compressed data, from Unix Size 70 kB (69852 bytes) Hash 760e268612f7828c0eab85622cf7be63 456c6c817ddd55fb035bbaf9cd69a51a6c099c0b fca667e218b6ae8d2fd2f6ff8a4e1cc102bdce7a93f446eeb5050e7e684c4204 HTTP Headers GET /api/locker/offers?country_code=NO&user_agent=TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjA%3D&ip=OTEuOTAuNDIuMTU0&program_id=84765&epc_value=30&is_adult=1&max_offer_number=5&wifi=1&configuration_id=2279491 HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:42 GMT content-type: application/json vary: Accept-Encoding cache-control: no-cache, private x-ratelimit-limit: 6000 x-ratelimit-remaining: 5998 content-encoding: gzip cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1fi8RXduMwUE3Gdse1cRbvmfWJTp1W4bDKkpAEhkI3SntQQSH6n5ldS21Q4QUL3ZdHKyDCdYLcTvzeLCxWMsSItDY2RBFuVxf7ZJMDHs41LM8DICevQEKP0c7NeQyJg1"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8ac51eb48f561c02-OSL alt-svc: h3=":443"; ma=86400

	GET locker-cpa.eu/css/84765-1.css?id=4de1cf96d85e2bed30b5	188.114.97.1	200 OK	16 kB
URL GET HTTP/3 locker-cpa.eu/css/84765-1.css?id=4de1cf96d85e2bed30b5 IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type gzip compressed data, from Unix Size 16 kB (15488 bytes) Hash 4b64e18f1a45a5f275273e8931f99647 7c48c98fe7fefdcdf44fa13ad89f4862ce79bbba ddf6bf27986d70fa217121d470f52162e2c776b72de70af7e2684abd68d40609 HTTP Headers `GET /css/84765-1.css?id=4de1cf96d85e2bed30b5 HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:41 GMT content-type: text/css last-modified: Thu, 23 Jun 2022 14:53:30 GMT vary: Accept-Encoding etag: W/"62b47e6a-2a6f" expires: Sun, 27 Jul 2025 08:14:38 GMT cache-control: max-age=31536000 content-encoding: gzip cf-cache-status: HIT age: 439803 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v2Xh8rgjDHuomu4wpeLyEi4rBmmCkieZLoWcQ89uGzsnY4Qbgm7qGntnnWgBIxPwJ289n8yBpVmcIrTJHAfBbQl0gVCNTu51mLehptJgz276W4i5TFjBf3ZGUR8veHoX"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8ac51eb47f4a1c02-OSL alt-svc: h3=":443"; ma=86400

	GET static2.mylead.global/img/programs/logo/affiliate_programs_11_6967701696026189.png	104.22.15.218	200 OK	48 kB
URL GET HTTP/2 static2.mylead.global/img/programs/logo/affiliate_programs_11_6967701696026189.png IP 104.22.15.218:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectmylead.global Fingerprint88:93:C3:22:53:80:0D:7D:05:16:95:38:3E:4A:00:70:0A:AD:F2:DB ValidityWed, 10 Jul 2024 13:40:28 GMT - Tue, 08 Oct 2024 13:40:27 GMT File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 400x400, components 3 Size 48 kB (47768 bytes) Hash 30df41166cd1b97df9782313023bff14 3fe79026c2e67af9371fae40310ca14fcaf64cc4 e5572bc6bbc7d4581f08a469f7efa5ee46cbd2fca84c85f8bb075387a5ddd70b HTTP Headers `GET /img/programs/logo/affiliate_programs_11_6967701696026189.png HTTP/1.1 Host: static2.mylead.global User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:42 GMT content-type: image/jpeg content-length: 47768 cf-bgj: h2pri etag: "30df41166cd1b97df9782313023bff14" last-modified: Fri, 29 Sep 2023 22:23:10 GMT via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront) x-amz-cf-id: 97bgLR5D_h04t1PUNL2a6KWYvp-uQh_k3rt7dUp1VtiqM1FAJt6JVQ== x-amz-cf-pop: OSL50-C1 x-amz-server-side-encryption: AES256 x-cache: Miss from cloudfront cache-control: max-age=31536000 cf-cache-status: HIT age: 3184 accept-ranges: bytes vary: Accept-Encoding server: cloudflare cf-ray: 8ac51eb70f29b4f4-OSL X-Firefox-Spdy: h2

	GET static2.mylead.global/img/programs/logo/affiliate_programs_165_26581663085054.png	104.22.15.218	200 OK	16 kB
URL GET HTTP/2 static2.mylead.global/img/programs/logo/affiliate_programs_165_26581663085054.png IP 104.22.15.218:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectmylead.global Fingerprint88:93:C3:22:53:80:0D:7D:05:16:95:38:3E:4A:00:70:0A:AD:F2:DB ValidityWed, 10 Jul 2024 13:40:28 GMT - Tue, 08 Oct 2024 13:40:27 GMT File type PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced Size 16 kB (15727 bytes) Hash 2d022068ceb3cfbdefd3178f21cff698 3df0a0d0c0646a7dab84d4b04da405b6acb9f6f8 4b090e9c75290ddc6a143c498b590b558707d83e508dc9f0c32859ff9b5768ff HTTP Headers `GET /img/programs/logo/affiliate_programs_165_26581663085054.png HTTP/1.1 Host: static2.mylead.global User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:42 GMT content-type: image/png content-length: 15727 last-modified: Tue, 13 Sep 2022 16:04:15 GMT etag: "2d022068ceb3cfbdefd3178f21cff698" x-cache: Miss from cloudfront via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: lvH2oUTjf2aZxsllZHvkeZteWiQVAXcT_w-QCWD-rstvHYPKtyRpbg== cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes vary: Accept-Encoding server: cloudflare cf-ray: 8ac51eb6ff20b4f4-OSL X-Firefox-Spdy: h2

	GET static2.mylead.global/img/programs/logo/program_28073_1653037247.png	104.22.15.218	200 OK	12 kB
URL GET HTTP/2 static2.mylead.global/img/programs/logo/program_28073_1653037247.png IP 104.22.15.218:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectmylead.global Fingerprint88:93:C3:22:53:80:0D:7D:05:16:95:38:3E:4A:00:70:0A:AD:F2:DB ValidityWed, 10 Jul 2024 13:40:28 GMT - Tue, 08 Oct 2024 13:40:27 GMT File type PNG image data, 231 x 222, 8-bit/color RGBA, non-interlaced Size 12 kB (11903 bytes) Hash fc6efc6f87c5a7235441bda99e3a3a13 143641c0b43378ad71779df3f85bded3d325439b 6088a6d16f13a03cca82eeb862c5fa763ce97cf43772e693f8e5200f051644b0 HTTP Headers `GET /img/programs/logo/program_28073_1653037247.png HTTP/1.1 Host: static2.mylead.global User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:42 GMT content-type: image/png content-length: 11903 last-modified: Fri, 20 May 2022 09:00:48 GMT etag: "fc6efc6f87c5a7235441bda99e3a3a13" x-cache: Miss from cloudfront via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: sdmaNmfiqB46UEJSTm7Fk2ydmWKOtMW_PoioAVMgq6ZR35sBz1v9RA== cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes vary: Accept-Encoding server: cloudflare cf-ray: 8ac51eb6ff22b4f4-OSL X-Firefox-Spdy: h2

	GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2	142.250.74.131	200 OK	33 kB
URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP 142.250.74.131:443 ASN #15169 GOOGLE Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subject.gstatic.com FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14 ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0 Size 33 kB (33092 bytes) Hash 057478083c1d55ea0c2182b24f6dd72f caf557cd276a76992084efc4c8857b66791a6b7f bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b HTTP Headers GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://locker-cpa.eu DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 33092 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 30 Jul 2024 03:21:09 GMT expires: Wed, 30 Jul 2025 03:21:09 GMT cache-control: public, max-age=31536000 last-modified: Wed, 13 Sep 2023 22:51:58 GMT content-type: font/woff2 age: 198214 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET locker-cpa.eu/iframeLoader/1b55f890-4e70-11ef-9315-17ff98ebd8c7?	188.114.97.1		34 kB
URL GET locker-cpa.eu/iframeLoader/1b55f890-4e70-11ef-9315-17ff98ebd8c7? IP 188.114.97.1:0 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/offers Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type gzip compressed data, from Unix Size 34 kB (34067 bytes) Hash f09599d31396dd184cbdd92d81ea32dc 3f9490714c64600d1d931bda03b365994cd74928 104d18467dee35f6009496843bf170f845158fd797aad520a0a79a7ee9ee821c HTTP Headers `GET /iframeLoader/1b55f890-4e70-11ef-9315-17ff98ebd8c7? HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:41 GMT content-type: application/json vary: Accept-Encoding cache-control: no-cache, private set-cookie: XSRF-TOKEN=eyJpdiI6IkpYbURDN0xVWk0za0FmbDQ0dE45SkE9PSIsInZhbHVlIjoiRjNneVFDR3FKbFFYNlpwYnIzdFA1VVd6SXNaamVyR1JNWkVweXN6SHhYQUtJaXVMSnd0K3QyVEw1XC9kN0JSNUVhN0M1bDVvMFpHR1ZcL05CQ3dJd3dDT3hYeGE1WUdwMXJlbzNyc04zYUw2Q1FxOTI3UGlWTjV1R1YraDJoOVJtciIsIm1hYyI6ImI4NWUzNDY2MTM0NDRhZTJkYTA4MDA1Y2RhZTNhNjY0YWIyZTZjODUxOWRjYzZhMGIxN2ZjYmNjYTI5NTg5Y2MifQ%3D%3D; expires=Thu, 01-Aug-2024 12:24:41 GMT; Max-Age=7200; path=/ lockercpapl_session=eyJpdiI6IkUxK1l4anRUcjNQVnZvTTFYWStcL0JBPT0iLCJ2YWx1ZSI6IkoyTTgxb1QxWWVYSDFucWxURWV6emhcL0JXUklmQjg3SEFzTXVEYVlqWjRwU3VCSFNRNE51c2hcL2gyV3UwR01NV0xXV1FpMFVtRmswZU14MnpYZFN6blN0ZFNjWUpRalg2Smg0OHp1TGkzWHIwWTIyXC8xb3pHTG4yVEM5a3hhdElOIiwibWFjIjoiZjk0OGNmODc4OTg5M2I1OTU1ZmJiMTI3NTY4ZWMwYzNhZjA5MTg5NjI4ZjdjMjNhNDE0MWYwYWQ0NThjY2I5NiJ9; expires=Thu, 01-Aug-2024 12:24:41 GMT; Max-Age=7200; path=/; httponly content-encoding: gzip cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GCBBp1zXD7%2BXMygTE3hlniK8YfjLwypN7DCjzNdyyR0HdGF1GXqVbc5hlpyFHOl0kzy5Yqygoju0tGAgPtM0ppeoDLCZGJuDbc141D1ettCHRYX9%2FPcu4nwwXHta%2BRrg"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8ac51eb22d781c02-OSL alt-svc: h3=":443"; ma=86400

	GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2	142.250.74.131	200 OK	33 kB
URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP 142.250.74.131:443 ASN #15169 GOOGLE Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subject.gstatic.com FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14 ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0 Size 33 kB (33092 bytes) Hash 057478083c1d55ea0c2182b24f6dd72f caf557cd276a76992084efc4c8857b66791a6b7f bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b HTTP Headers GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://locker-cpa.eu DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 33092 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 30 Jul 2024 03:21:09 GMT expires: Wed, 30 Jul 2025 03:21:09 GMT cache-control: public, max-age=31536000 last-modified: Wed, 13 Sep 2023 22:51:58 GMT content-type: font/woff2 age: 198214 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET locker-cpa.eu/images/arrow-item.png?cce8e0bc0e5c0daff4a33b0ddcce4c70	188.114.97.1	200 OK	127 B
URL GET HTTP/3 locker-cpa.eu/images/arrow-item.png?cce8e0bc0e5c0daff4a33b0ddcce4c70 IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type PNG image data, 6 x 8, 8-bit/color RGBA, non-interlaced Size 127 B (127 bytes) Hash cce8e0bc0e5c0daff4a33b0ddcce4c70 263a3073d90be94d829beb4f93c91db2847068b4 d2356957e4036489976b237d0cad19120021989c7b7393c3f8f0f644a1b49d04 HTTP Headers `GET /images/arrow-item.png?cce8e0bc0e5c0daff4a33b0ddcce4c70 HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/css/84765-1.css?id=4de1cf96d85e2bed30b5 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:43 GMT content-type: image/png content-length: 127 last-modified: Sat, 08 May 2021 19:26:34 GMT etag: "6096e5ea-7f" cache-control: max-age=14400 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ARYE565nvNPOWmCOBCpJzbXgN%2B%2BRlSXv4%2FanPjIPAvGfkmH2wjUfOPztZ6OhDlkpka31YSLKzbvDduzau%2BeX%2BsBoxe3DU4ANp9HgujiqxULxhLYvJNL%2FPsBBj8nx1%2FN"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51ebd3e9a1c02-OSL alt-svc: h3=":443"; ma=86400

	GET freeleaks.pages.dev/favicon.ico	172.66.44.244	200 OK	8.7 kB
URL GET HTTP/3 freeleaks.pages.dev/favicon.ico IP 172.66.44.244:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/?ref=328834 Certificate IssuerGoogle Trust Services Subjectfreeleaks.pages.dev Fingerprint6D:A8:89:6E:BA:64:14:05:CD:49:D6:30:9B:74:5D:A7:EE:16:C3:6D ValidityMon, 29 Jul 2024 13:41:41 GMT - Sun, 27 Oct 2024 13:41:40 GMT File type HTML document, ASCII text, with very long lines (9207), with no line terminators Size 8.7 kB (8712 bytes) Hash eed39f0e40b89d8b7878816ad42aad1f e866657e48a3621de461e47ef3d40a98d82baf0a 62d00d428c9d7e9b6f11b1be57c6dafbdeef209e03968539fa9a35c3c45faac2 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: freeleaks.pages.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/?ref=328834 DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:22 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=peipvd0K%2BCfTEQw9n1ekr%2F8O8y837Riow8FOLiXPPskjnf%2F3L7Xg2UzHWWeuyRyvdV369YHZ%2BrrMBF4nhwqQWbIM9yITTt5viuzHUFgk8KBCaViW4nea31%2BQv3J5qfyFvX%2BlbNIn"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e3ec8ba0b55-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	GET freeleaks.pages.dev/favicon.ico	172.66.44.244	200 OK	8.7 kB
URL GET HTTP/3 freeleaks.pages.dev/favicon.ico IP 172.66.44.244:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/offers Certificate IssuerGoogle Trust Services Subjectfreeleaks.pages.dev Fingerprint6D:A8:89:6E:BA:64:14:05:CD:49:D6:30:9B:74:5D:A7:EE:16:C3:6D ValidityMon, 29 Jul 2024 13:41:41 GMT - Sun, 27 Oct 2024 13:41:40 GMT File type HTML document, ASCII text, with very long lines (9207), with no line terminators Size 8.7 kB (8712 bytes) Hash eed39f0e40b89d8b7878816ad42aad1f e866657e48a3621de461e47ef3d40a98d82baf0a 62d00d428c9d7e9b6f11b1be57c6dafbdeef209e03968539fa9a35c3c45faac2 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: freeleaks.pages.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/offers DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:41 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whh5R%2B5i0JWC4BjqBp6s%2B3j5xuAgtj%2FtTp7E8BFFUA%2FZjFAyQcZkrp5g%2BOq6Whk%2FdYnesPjcu%2F4BGjmGHubOVucknJMYDXQEYM8ZnFJQsLaNTMTriaXXLlPJJrLamGMjEWRXItQ5"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51eb30e230b55-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	GET freeleaks.pages.dev/offers	172.66.44.244	200 OK	626 B
URL GET HTTP/3 freeleaks.pages.dev/offers IP 172.66.44.244:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/?ref=328834 Certificate IssuerGoogle Trust Services Subjectfreeleaks.pages.dev Fingerprint6D:A8:89:6E:BA:64:14:05:CD:49:D6:30:9B:74:5D:A7:EE:16:C3:6D ValidityMon, 29 Jul 2024 13:41:41 GMT - Sun, 27 Oct 2024 13:41:40 GMT File type HTML document, ASCII text, with very long lines (666), with no line terminators Size 626 B (626 bytes) Hash 8652b3540556a9fdaf7284b31b480062 a5b80af24f9e6a258e1bc3d796605b8b5cab213c 44dcc7f1070a3723c47655128b460ec16acc67df17b1d4164939adc901b79121 HTTP Headers GET /offers HTTP/1.1 Host: freeleaks.pages.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/?ref=328834 DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:22 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=riGiVnQzLHGHn4He4Mv9ed7lfrZXUAAkYFUmvoy%2Fs%2FWGf5hxWQ3Os%2F%2BHZGxXv%2F68F3Nyyk9wM92v32MIyq7lEfImrfa%2B6FlDveGaAwFSwq9E2nwdjPNvtpv00fOFx8vU5Om9vGHq"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e3c8ed90b55-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	GET locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1	188.114.97.1	200 OK	32 kB
URL GET HTTP/3 locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/offers Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type HTML document, ASCII text, with very long lines (17961) Size 32 kB (32091 bytes) Hash 86d449d47ecd92e4675271f69868b05d 2877b0ed5d7698a8592170ae82130b00489c7a64 c74bb02e114f6974fe208f964b8340903a4c04698d7f35add32b18b95a06ea2c HTTP Headers GET /iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:23 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding cache-control: no-cache, private set-cookie: XSRF-TOKEN=eyJpdiI6IkhBZk5XQkNrS2xBdExVV2VCTXNRb3c9PSIsInZhbHVlIjoiazdOeVVXcmRQYXNjOWxHbWF0TGpFWEc2blNiNytZQStFTFpRS0hkYUs4NG9ybG84dWpBb2JRaEVpM1ozYmNqaXNHRmZLeVwvdSs3c1BcL2djOHNFVGtJWFI3ZTVxbTlUZ05SYUtMaUF4RGdVeHpqS3d4aE1tTDUyNHZ1SDBySXVqSSIsIm1hYyI6IjdjOWNlODdhOTlhOTg1YjE1ZTIxMWE1MjYxMDQ0ZWM1ZDcwZGNlZGI3MzY1MjNkZDQxNGRlOTZkMjdhN2VhOGQifQ%3D%3D; expires=Thu, 01-Aug-2024 12:24:23 GMT; Max-Age=7200; path=/ lockercpapl_session=eyJpdiI6IlNjRW1QZEFGem1BRW9uT3dRUU05Tmc9PSIsInZhbHVlIjoiaUVUTTN6MFd1V1dHOVQ1SHJaUDdcL3d6M0VtZ0ZJNStaY2ZsbHlPWXJtY1hITlgyQTBFb0VaanBReDUxODVrUVdnS05LNWJ5b2phVjdoXC9LUVY0Z3kzaGlmNnlyODQwK2twXC9xQXhWMUNrN21NTnpGaDl6T3NIQWVZV2pKQm8xNHciLCJtYWMiOiIzMzg3ZWY2MzUyMGEzMjI5MTAwNzE3MDYwMDU1MDEyYTE1ZGFmZmYxZTlhNGY0YjUyMmY5MDBjMzZhOGZlMWM2In0%3D; expires=Thu, 01-Aug-2024 12:24:23 GMT; Max-Age=7200; path=/; httponly cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C2KphLlii%2FZb7H6javSp%2FYqWs5u9P0NtG9wpB1NmpCqOWUlgT6x7Dh%2Fd4NbAEVnRuNzP7gePU1w0Aqt5dhV%2BS1GS15OWjAFsa8dDNhJCS15ExHjH88f%2FtN7hYc262za3"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8ac51e3f5f2d1c02-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	GET freeleaks.pages.dev/offers	172.66.44.244	200 OK	626 B
URL User Request GET HTTP/3 freeleaks.pages.dev/offers IP 172.66.44.244:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectfreeleaks.pages.dev Fingerprint6D:A8:89:6E:BA:64:14:05:CD:49:D6:30:9B:74:5D:A7:EE:16:C3:6D ValidityMon, 29 Jul 2024 13:41:41 GMT - Sun, 27 Oct 2024 13:41:40 GMT File type HTML document, ASCII text, with very long lines (666), with no line terminators Size 626 B (626 bytes) Hash 8652b3540556a9fdaf7284b31b480062 a5b80af24f9e6a258e1bc3d796605b8b5cab213c 44dcc7f1070a3723c47655128b460ec16acc67df17b1d4164939adc901b79121 HTTP Headers GET /offers HTTP/1.1 Host: freeleaks.pages.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/?ref=328834 DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:41 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Br%2FzALdk0a5qG%2FkziVctDcoMHTUeTwD7t7ZHTL1uPh7mWcWTnL7YRYtmKFT0naTinRB4t9MgojlkWb44QkP%2B9Re5FP762QtcXaI2mkDj1GSTXr%2Fe6CmM88g5si6QbjDP5HQ%2Fud%2B7"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51eb1ad080b55-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	GET freeleaks.pages.dev/?ref=328834	172.66.44.244	200 OK	8.7 kB
URL User Request GET HTTP/2 freeleaks.pages.dev/?ref=328834 IP 172.66.44.244:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectfreeleaks.pages.dev Fingerprint6D:A8:89:6E:BA:64:14:05:CD:49:D6:30:9B:74:5D:A7:EE:16:C3:6D ValidityMon, 29 Jul 2024 13:41:41 GMT - Sun, 27 Oct 2024 13:41:40 GMT File type HTML document, ASCII text, with very long lines (9207), with no line terminators Size 8.7 kB (8712 bytes) Hash eed39f0e40b89d8b7878816ad42aad1f e866657e48a3621de461e47ef3d40a98d82baf0a 62d00d428c9d7e9b6f11b1be57c6dafbdeef209e03968539fa9a35c3c45faac2 HTTP Headers `GET /?ref=328834 HTTP/1.1 Host: freeleaks.pages.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:22 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JmIpscmaiWfrRSevqZ45ZaJod0O2xHdWzvKp7uYpgtHLQsPiYi1VyebDMIU7I7FEeWc8142YxJ23b55B1L9JoxS3H9Ei60qVU%2Fh9UPt5zIji9NuPPlkIdC9FjGAzRJ2VPW24C9Ll"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e3a38c4b50c-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	POST discord.com/api/webhooks/1268490642951110717/DzIWdQsrWZbcsq2q-bnUmoz4kXD7wa-0WKiGvD9KoQjJDO7iIIHSqir46yiOp5mWS_kR	162.159.138.232	204 No Content	0 B
URL POST HTTP/2 discord.com/api/webhooks/1268490642951110717/DzIWdQsrWZbcsq2q-bnUmoz4kXD7wa-0WKiGvD9KoQjJDO7iIIHSqir46yiOp5mWS_kR IP 162.159.138.232:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/?ref=328834 Certificate IssuerCloudflare, Inc. Subjectdiscord.com FingerprintA8:AB:66:57:DC:35:70:C3:39:4A:3E:36:5C:AB:B3:0C:B1:E0:61:D3 ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /api/webhooks/1268490642951110717/DzIWdQsrWZbcsq2q-bnUmoz4kXD7wa-0WKiGvD9KoQjJDO7iIIHSqir46yiOp5mWS_kR HTTP/1.1 Host: discord.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/ content-type: application/json Content-Length: 418 Origin: https://freeleaks.pages.dev DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 204 No Content date: Thu, 01 Aug 2024 10:24:23 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: https://freeleaks.pages.dev access-control-allow-credentials: true access-control-allow-methods: POST, GET, PUT, PATCH, DELETE access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-Resource-Optimization-Level, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision access-control-expose-headers: Retry-After, X-RateLimit-Global, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Reset-After, X-RateLimit-Bucket, X-RateLimit-Scope, Date strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1722507864 x-ratelimit-reset-after: 1 via: 1.1 google alt-svc: h3=":443"; ma=86400 cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2Fz40b24uvkj8gjBm1A0Ot1hEpathZ0d6w1HxMc3aTiTHkkDS5Qbw%2B9M77eNPhg7ArXc7%2Fi%2B5vaf0sS4onitQowe11LTkCsQe3V4PlOKpMfj0e59QcX1shjIQxC1"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options: nosniff content-security-policy: frame-ancestors 'none'; default-src 'none' set-cookie: __dcfduid=38a26c8c4ff011efa6da2658e1439a27; Expires=Tue, 31-Jul-2029 10:24:23 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax __sdcfduid=38a26c8c4ff011efa6da2658e1439a2710243981611f571ba8558258d4c3f3669317d646938e1d33a8516bee0f86fb22; Expires=Tue, 31-Jul-2029 10:24:23 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax __cfruid=b59fb02881327766f2ce8c45fcac095981ea05a3-1722507863; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None _cfuvid=Ref0zuHLO8ies25iCmgxx4T5QAhV.aEtNsmOF9VHD0c-1722507863362-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None server: cloudflare cf-ray: 8ac51e40aa3d0b55-OSL X-Firefox-Spdy: h2

	GET freeleaks.pages.dev/hosts.json	172.66.44.244	200 OK	84 B
URL GET HTTP/3 freeleaks.pages.dev/hosts.json IP 172.66.44.244:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/?ref=328834 Certificate IssuerGoogle Trust Services Subjectfreeleaks.pages.dev Fingerprint6D:A8:89:6E:BA:64:14:05:CD:49:D6:30:9B:74:5D:A7:EE:16:C3:6D ValidityMon, 29 Jul 2024 13:41:41 GMT - Sun, 27 Oct 2024 13:41:40 GMT File type troff or preprocessor input, ASCII text, with no line terminators Size 84 B (84 bytes) Hash 3c9001acf33230b8a130298f0f4b6b41 69a83e0921ae361a6ff834715dc912eff5c4424a 78f74401bbb6cd676b6dffb8b563ab95b7d40e11eed0210bbaca73920ef70cd2 HTTP Headers `GET /hosts.json HTTP/1.1 Host: freeleaks.pages.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/?ref=328834 DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:22 GMT content-type: application/json access-control-allow-origin: * cache-control: public, max-age=0, must-revalidate etag: W/"cc26fbb3b32ac368fe6cc1ee813bbb6e" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zZJpl8lVkOGjUbVThMAbXjqasno2HwOTbsCScbMJRD9T4eU5zjWUsPFid0lG2HDJOUo5xaWrp8TOPq4cdeK42LSlzrAkRd7VSUGiB%2BsXHwWtBFy21tO95og8a7aVvIfqhwiFxQYa"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8ac51e3df80e0b55-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	OPTIONS discord.com/api/webhooks/1268490642951110717/DzIWdQsrWZbcsq2q-bnUmoz4kXD7wa-0WKiGvD9KoQjJDO7iIIHSqir46yiOp5mWS_kR	162.159.138.232	200 OK	0 B
URL OPTIONS HTTP/2 discord.com/api/webhooks/1268490642951110717/DzIWdQsrWZbcsq2q-bnUmoz4kXD7wa-0WKiGvD9KoQjJDO7iIIHSqir46yiOp5mWS_kR IP 162.159.138.232:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/?ref=328834 Certificate IssuerCloudflare, Inc. Subjectdiscord.com FingerprintA8:AB:66:57:DC:35:70:C3:39:4A:3E:36:5C:AB:B3:0C:B1:E0:61:D3 ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers OPTIONS /api/webhooks/1268490642951110717/DzIWdQsrWZbcsq2q-bnUmoz4kXD7wa-0WKiGvD9KoQjJDO7iIIHSqir46yiOp5mWS_kR HTTP/1.1 Host: discord.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Referer: https://freeleaks.pages.dev/ Origin: https://freeleaks.pages.dev DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 01 Aug 2024 10:24:23 GMT content-type: text/html; charset=utf-8 allow: OPTIONS, POST, PATCH, GET, HEAD, DELETE access-control-allow-origin: https://freeleaks.pages.dev access-control-allow-credentials: true access-control-allow-methods: POST, GET, PUT, PATCH, DELETE access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-Resource-Optimization-Level, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision strict-transport-security: max-age=31536000; includeSubDomains; preload via: 1.1 google alt-svc: h3=":443"; ma=86400 cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kith1mI1%2Faoq55mxQnbsYdnkvTk3FTdonKUOH7Qb5stmMNBiC7QjBKv89pV%2BnBvWhEb5KUkAhO3dVV%2B7ECQMLzo0j1ddi%2BB1pcX%2FTvYmIkxySNu%2F5MKjT8ci%2BGDk"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-content-type-options: nosniff content-security-policy: frame-ancestors 'none'; default-src 'none' set-cookie: __dcfduid=3885d2d44ff011ef97038a2868f0bb52; Expires=Tue, 31-Jul-2029 10:24:23 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax __sdcfduid=3885d2d44ff011ef97038a2868f0bb522e7e8bf9569c7c46230181133c940dde0fb0045c5d7247e3c449a1dfa0aeb1b3; Expires=Tue, 31-Jul-2029 10:24:23 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax __cfruid=b59fb02881327766f2ce8c45fcac095981ea05a3-1722507863; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None _cfuvid=37NMh4CEkdbMqHHOkWw.q5Lk9UtdDBXF6pPyzTJ7oEc-1722507863140-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None server: cloudflare cf-ray: 8ac51e3fa95f0b55-OSL content-encoding: br X-Firefox-Spdy: h2

	GET fonts.googleapis.com/css?family=Montserrat:300,400,700&display=swap	142.250.74.106	200 OK	5.5 kB
URL GET HTTP/3 fonts.googleapis.com/css?family=Montserrat:300,400,700&display=swap IP 142.250.74.106:443 ASN #15169 GOOGLE Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectupload.video.google.com FingerprintC4:3F:12:39:D2:EC:4C:2C:1C:0A:A6:18:8E:2A:97:2C:D8:C2:7E:AF ValidityTue, 30 Jul 2024 12:49:45 GMT - Tue, 22 Oct 2024 12:49:44 GMT File type ASCII text, with very long lines (5625), with no line terminators Size 5.5 kB (5490 bytes) Hash e3c770895c9916ae555dc7bb0939b50a ae93472c7d2498147ce0d20b04d0882ba68c7446 a0aaa277225200b05eddc5e4940a744835ae7684960ca9c8232bb3a453faa945 HTTP Headers `GET /css?family=Montserrat:300,400,700&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Thu, 01 Aug 2024 10:24:41 GMT date: Thu, 01 Aug 2024 10:24:41 GMT cache-control: private, max-age=86400 cross-origin-opener-policy: same-origin-allow-popups cross-origin-resource-policy: cross-origin content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	GET locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1	188.114.97.1	200 OK	32 kB
URL GET HTTP/3 locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://freeleaks.pages.dev/offers Certificate IssuerGoogle Trust Services Subjectlocker-cpa.eu Fingerprint87:49:BE:E2:25:36:B2:5A:6C:B7:C6:AF:32:60:32:E4:BE:66:77:DD ValidityMon, 17 Jun 2024 02:52:04 GMT - Sun, 15 Sep 2024 02:52:03 GMT File type HTML document, ASCII text, with very long lines (17961) Size 32 kB (32091 bytes) Hash 86d449d47ecd92e4675271f69868b05d 2877b0ed5d7698a8592170ae82130b00489c7a64 c74bb02e114f6974fe208f964b8340903a4c04698d7f35add32b18b95a06ea2c HTTP Headers GET /iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 HTTP/1.1 Host: locker-cpa.eu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://freeleaks.pages.dev/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Thu, 01 Aug 2024 10:24:41 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding cache-control: no-cache, private set-cookie: XSRF-TOKEN=eyJpdiI6IlRPUkVuMjF3VG1YMHAxRllkQ21nY0E9PSIsInZhbHVlIjoiWlFpZVFvRWwyWGNHWjdMQWJ1bGJhZlBvaStXY2RyVkNXZHhzSDJLWXpmUUcwa3BydDBDb0ZaQWx0cGZURG9FY0NITzlNY1ZQNEFzVXcyUlg3cnlHMWNXSnRiR09LdTBoajBMWkJcL2dnTW9QTWFhZWdhNExHT2szRGdRTUU4RXBmIiwibWFjIjoiMmUwNmQwYjEwNTY4MjExNTEzMTRlY2QzYmU3MWU1NDkwN2RhOGUwZmY1ZjUxYzhlOGRlMGQ4Nzc2MGZmY2NlNSJ9; expires=Thu, 01-Aug-2024 12:24:41 GMT; Max-Age=7200; path=/ lockercpapl_session=eyJpdiI6IkNmeGxVMHhxNzY1eExJOEZTM2xlSHc9PSIsInZhbHVlIjoialBXWHNSbzV0dEtvb25lR0l0aHFhd2puR0k4c1VqR2JYK3ZqK3c2d1RSTms0a1FWaTRDQnZaVzIwcTV2TXcyOFB1QThnR2Z4N25EMlFcL3RmY0RQT0RhTFRtdktTamp6K29DQkpYekZ2TStURzd6Y25rM1wvRFwvUkluVkZ2S0ZhVEkiLCJtYWMiOiI3YzM1NzdhYzNlMzFmNDZmMmIwNzExNDI2ZTY2ZTdjOTZiMDQ1YTQ4NmRiMjFkYzMxYTVkNWJhYTFkNWExZmViIn0%3D; expires=Thu, 01-Aug-2024 12:24:41 GMT; Max-Age=7200; path=/; httponly cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltInXS3mI1UCGLm35V4A%2FVyJTjaLo4wmFy7yfbY%2B95yK1ICX4yRUD655X9LzbElJmF2LgpDZ%2BsfsvNJkrsCBk%2F19iKtKuqR3Y2elMW9hS4P9o%2BRNBEOEDJHwPjuNsLaj"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8ac51eb2fe041c02-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	GET fonts.googleapis.com/css?family=Montserrat:300,400,700&display=swap	142.250.74.106	200 OK	5.5 kB
URL GET HTTP/2 fonts.googleapis.com/css?family=Montserrat:300,400,700&display=swap IP 142.250.74.106:443 ASN #15169 GOOGLE Requested by https://locker-cpa.eu/iframe/1b55f890-4e70-11ef-9315-17ff98ebd8c7?if=1 Certificate IssuerGoogle Trust Services Subjectupload.video.google.com FingerprintC4:3F:12:39:D2:EC:4C:2C:1C:0A:A6:18:8E:2A:97:2C:D8:C2:7E:AF ValidityTue, 30 Jul 2024 12:49:45 GMT - Tue, 22 Oct 2024 12:49:44 GMT File type ASCII text, with very long lines (5625), with no line terminators Size 5.5 kB (5490 bytes) Hash e3c770895c9916ae555dc7bb0939b50a ae93472c7d2498147ce0d20b04d0882ba68c7446 a0aaa277225200b05eddc5e4940a744835ae7684960ca9c8232bb3a453faa945 HTTP Headers `GET /css?family=Montserrat:300,400,700&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://locker-cpa.eu/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Thu, 01 Aug 2024 10:24:23 GMT date: Thu, 01 Aug 2024 10:24:23 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (54)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN