youroffers.xyz/panel/plugins/passwords.p
3.64.163.50410 Gone 108 B URL HTTP/1.1 youroffers.xyz/panel/plugins/passwords.p
IP 3.64.163.50:0
File type HTML document text\012- HTML document, ASCII text
Hash d1ca44912ba885e1eaadedb6abdfed1c
fd9778c2f225b1dff5a7f2863533e309d7e7feea
43ca290464e67fa9008d1677dc847484208dda56a39e699e68863fb041bc1c40
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /panel/plugins/passwords.p HTTP/1.1
Host: youroffers.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 410 Gone
Server: openresty
Date: Mon, 03 Oct 2022 11:54:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 24cdc937930ac2ef9c8f46ba1deabcc5
397417929951bf20f235d5f91510163ac213dc71
eb128aec099dbf1919ee5d965221e904ad3a2162583683cec44518640b505447
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB128AEC099DBF1919EE5D965221E904AD3A2162583683CEC44518640B505447"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8962
Expires: Mon, 03 Oct 2022 14:23:55 GMT
Date: Mon, 03 Oct 2022 11:54:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
18.164.68.8200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.164.68.8:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 03 Oct 2022 11:03:32 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 86897b9f074001e33ff5cbec58c4bc02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: dPLSamxG8OBpWHjF_0Y1Q2M5nOyuVd0hxllk_s_onXXN3i0PfjEr6g==
Age: 3061
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
216.137.44.95200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 216.137.44.95:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 03 Oct 2022 03:34:13 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 5afa85054bbc88552c8f1b1dd45fef78.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P2
x-amz-cf-id: 4p5HABvD-H1mv2EF-qkHroARVia8vB68WuWtAke2qVf7FTTQjjru9g==
age: 30076
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 11:54:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
youroffers.xyz/
3.64.163.50301 Moved Permanently 89 B IP 3.64.163.50:0
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 7e7549a267d3b2ad1d15c1012945680a
1ecf14b6f2716372c17f441bc1f53889835158b4
285fea0569b9750e7281a94ef95124d240fdfe705588fb2c069d163626819634
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET / HTTP/1.1
Host: youroffers.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: openresty
Date: Mon, 03 Oct 2022 11:54:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Location: https://youroffers.xyz/
Cache-Control: no-cache
X-Request-Id: 7939bbe9-3cb3-40b1-9867-29c4db5908e2
X-Runtime: 0.051219
cdn1.dan.com/assets/vendor/svg4everybody-f514fdcad5509c1d8608ad8ed6b18dc17777e467f3c0ef19b6b8e44753b288be.js
143.204.68.91200 OK 982 B URL HTTP/2 cdn1.dan.com/assets/vendor/svg4everybody-f514fdcad5509c1d8608ad8ed6b18dc17777e467f3c0ef19b6b8e44753b288be.js
IP 143.204.68.91:0
File type ASCII text, with very long lines (1896), with no line terminators
Hash 7e27a1f78cf2901cf631835d1abdd80d
2a470ea7454f0d0da5d3f8c22052f96fdf949eb4
1b1e6270bc0e76e8f70a5024015b12e3833db1d9a3d8252a343b57edd2efdf2f
GET /assets/vendor/svg4everybody-f514fdcad5509c1d8608ad8ed6b18dc17777e467f3c0ef19b6b8e44753b288be.js HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 982
server: openresty
date: Mon, 29 Aug 2022 02:39:05 GMT
last-modified: Thu, 09 Dec 2021 13:49:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: RfolyAtsB6udcWXHkkB37OPqRwblmTNBMQIY9WsdqY4jioHGKvnT9Q==
age: 3057329
X-Firefox-Spdy: h2
widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
18.164.68.26200 OK 6.1 kB URL HTTP/2 widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
IP 18.164.68.26:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (19239)
Hash 5add60196e5f96a414fb4b9586764e5d
633f471b3c2fcedeef9cad90cb5bf56f5fe55588
5370f4ba91dda790c7cae92817b812fcbd1ab367cbb4862f5669960ae4e2c9e0
GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6124
last-modified: Mon, 30 May 2022 14:38:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Mon, 03 Oct 2022 01:59:52 GMT
cache-control: max-age=86400
etag: "5add60196e5f96a414fb4b9586764e5d"
x-cache: Hit from cloudfront
via: 1.1 c3941d2249641ec51690205d7b1084ac.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: oGsqwsFmWV9S4C3Rci-FyEhGps1C3ncgMR2xnQ2gL1csyk3xnKU4Og==
age: 35683
X-Firefox-Spdy: h2
cdn0.dan.com/packs/js/public/shared-74da3e5383b71e12842e.chunk.js
143.204.68.104200 OK 188 B URL HTTP/2 cdn0.dan.com/packs/js/public/shared-74da3e5383b71e12842e.chunk.js
IP 143.204.68.104:0
Hash 0b9b39c5e1cf352fb0aa6875351a35b2
005d8f794803235aba6d8b613805a89f1494e726
0293a69c13671d5b7782d98022f505078bb531c59c6b149a3d183c32225caa29
GET /packs/js/public/shared-74da3e5383b71e12842e.chunk.js HTTP/1.1
Host: cdn0.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 188
server: openresty
date: Thu, 29 Sep 2022 11:57:36 GMT
last-modified: Thu, 29 Sep 2022 11:55:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 3017587acd2a65d8bc5fcc9f562d64cc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: tos0zo3eV0w7DtSzic4Tvfzv0fcct1APtC2qDO3jubpyS82CrdZCrA==
age: 345418
X-Firefox-Spdy: h2
cdn0.dan.com/assets/public/trustpilot-logo-008df92415278c07b98aab23d543867b3eb67c71c794afef0a84823cd7cc0df2.png
143.204.68.104200 OK 4.2 kB URL HTTP/2 cdn0.dan.com/assets/public/trustpilot-logo-008df92415278c07b98aab23d543867b3eb67c71c794afef0a84823cd7cc0df2.png
IP 143.204.68.104:0
File type PNG image data, 270 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 18907774a48bbf9c3e0a1cc915a0d870
7c434b9d7e66d861c54aa7805b7abaaa6d18bcf9
008df92415278c07b98aab23d543867b3eb67c71c794afef0a84823cd7cc0df2
GET /assets/public/trustpilot-logo-008df92415278c07b98aab23d543867b3eb67c71c794afef0a84823cd7cc0df2.png HTTP/1.1
Host: cdn0.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 4185
server: openresty
date: Thu, 25 Aug 2022 00:42:26 GMT
last-modified: Wed, 27 Oct 2021 14:42:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 3017587acd2a65d8bc5fcc9f562d64cc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: wyNKchgyTNxS21AnFuBTeo3ZocTR6I0f1NzeAT3DGZuGlW7OiePwyQ==
age: 3409928
X-Firefox-Spdy: h2
cdn1.dan.com/assets/public-5650085f38bef8daac460d9524da67e9d8cc6bb263cdf3c743ca3862820951e2.css
143.204.68.91200 OK 66 kB URL HTTP/2 cdn1.dan.com/assets/public-5650085f38bef8daac460d9524da67e9d8cc6bb263cdf3c743ca3862820951e2.css
IP 143.204.68.91:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
Hash 9373ddb8047f7d1c2523c389fc4f0d82
5fa525d7b9b397a9e7d125babbfde2eb14e7717a
5cf8277e82f4913c4e4290ef4df87108abf2308ec126aaa698d932b3461f1af6
GET /assets/public-5650085f38bef8daac460d9524da67e9d8cc6bb263cdf3c743ca3862820951e2.css HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 66321
server: openresty
date: Thu, 29 Sep 2022 11:57:36 GMT
last-modified: Thu, 29 Sep 2022 11:51:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: 8FV0h2dIiigcLp23rOyeYWXEelhcpSSPhWiXQMTKbUUYgyUzIyuGVA==
age: 345418
X-Firefox-Spdy: h2
cdn3.dan.com/packs/js/46-88556e9e50d17812c1f4.chunk.js
143.204.68.104200 OK 4.0 kB URL HTTP/2 cdn3.dan.com/packs/js/46-88556e9e50d17812c1f4.chunk.js
IP 143.204.68.104:0
File type ASCII text, with very long lines (11830)
Hash 7d8c723f4a9ef7b8b5299775d07f9755
630dab463d765daa41e714a8d43e0b95525eab6b
7a6f5609beffd6f22afb0d746402c49db439812344907a11320d212a3381bca9
GET /packs/js/46-88556e9e50d17812c1f4.chunk.js HTTP/1.1
Host: cdn3.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 4033
server: openresty
date: Thu, 15 Sep 2022 18:01:12 GMT
last-modified: Thu, 15 Sep 2022 17:59:21 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ffcbf18841bd703b7328f6803e6f0530.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: RLcrbRVGmtQLZBl9C8U5KwQi14Q6vL-SkEK0PzMUYYp_XBFzvkf7gw==
age: 1533202
X-Firefox-Spdy: h2
cdn1.dan.com/packs/js/runtime~public/shared-029da93a03dc79cb1656.js
143.204.68.91200 OK 790 B URL HTTP/2 cdn1.dan.com/packs/js/runtime~public/shared-029da93a03dc79cb1656.js
IP 143.204.68.91:0
File type ASCII text, with very long lines (1516)
Hash 87f9ac11f115f3f8fb0a5e1485574661
42d32861a37910f8a19da8d903f8732dde1f61b5
90ca0d9952c69199fc1d38309910369d304829eb278f6e3a6bb17948f43e95cc
GET /packs/js/runtime~public/shared-029da93a03dc79cb1656.js HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 790
server: openresty
date: Thu, 15 Sep 2022 08:51:23 GMT
last-modified: Thu, 15 Sep 2022 08:49:26 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: uuqox5bOpArYl8dxFmHmFceAYNKQUVmhQlZ5KVBYqre4L4LptVi3xQ==
age: 1566191
X-Firefox-Spdy: h2
cdn3.dan.com/packs/js/runtime~public/product-4702ba4ef082c873b6a6.js
143.204.68.104200 OK 790 B URL HTTP/2 cdn3.dan.com/packs/js/runtime~public/product-4702ba4ef082c873b6a6.js
IP 143.204.68.104:0
File type ASCII text, with very long lines (1516)
Hash fbd89b78012cf3943d91a7f70d3279bb
51b248e9fd3fe352a4a05718ee31652cf798f133
8225a704be213f912247d318cf12aec48b31d0e85d32d4159134337e81cdac17
GET /packs/js/runtime~public/product-4702ba4ef082c873b6a6.js HTTP/1.1
Host: cdn3.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 790
server: openresty
date: Thu, 15 Sep 2022 08:51:23 GMT
last-modified: Thu, 15 Sep 2022 08:49:26 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ffcbf18841bd703b7328f6803e6f0530.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: IB-lKYzzZCCzmDK0opbupon-lPkh6ivZvKf9oppklSLW-C9q9SXf7w==
age: 1566191
X-Firefox-Spdy: h2
cdn0.dan.com/packs/js/40-ba0bd55b74268690301e.chunk.js
143.204.68.104200 OK 50 kB URL HTTP/2 cdn0.dan.com/packs/js/40-ba0bd55b74268690301e.chunk.js
IP 143.204.68.104:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ebb8df9d0261411af8d436ec22835dfc
a21231e2af87fa2c2e9e7adf271574e2f6ac862c
cfe262ffbe743b6efec7f649748081251acb3ec8d6bea9a49f1a5920a042be64
GET /packs/js/40-ba0bd55b74268690301e.chunk.js HTTP/1.1
Host: cdn0.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 50096
server: openresty
date: Thu, 29 Sep 2022 11:57:36 GMT
last-modified: Thu, 29 Sep 2022 11:55:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3017587acd2a65d8bc5fcc9f562d64cc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: eJHPyLJ-DJOUyZzH1lktzJ_kJPjfIbJ5LCgLdurTw98vNANVROUFmQ==
age: 345418
X-Firefox-Spdy: h2
cdn1.dan.com/packs/js/runtime~public/fonts-04f2a61e6e81642757eb.js
143.204.68.91200 OK 789 B URL HTTP/2 cdn1.dan.com/packs/js/runtime~public/fonts-04f2a61e6e81642757eb.js
IP 143.204.68.91:0
File type ASCII text, with very long lines (1516)
Hash c82708ee382bce4ec512fa33a05514e0
c8a0280d9f76f76d0ef0ce1f5e0bbc89e0c5a2fa
8c8555685f29704f6f96133c2e0e3be90297b57196aa1f1aa08041828e59f588
GET /packs/js/runtime~public/fonts-04f2a61e6e81642757eb.js HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 789
server: openresty
date: Thu, 15 Sep 2022 08:51:23 GMT
last-modified: Thu, 15 Sep 2022 08:49:26 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: UdF-InCzxM3a4ETIPpwyfye5XQjyuDV3uNvzCdo-6ttgzzMtk91hQg==
age: 1566191
X-Firefox-Spdy: h2
cdn3.dan.com/packs/js/public/fonts-5c8b6b7bf32ee70f92c4.chunk.js
143.204.68.104200 OK 426 B URL HTTP/2 cdn3.dan.com/packs/js/public/fonts-5c8b6b7bf32ee70f92c4.chunk.js
IP 143.204.68.104:0
File type ASCII text, with very long lines (591)
Hash 22920c44500ad01b50cdbb114f79a3a1
c900dcd51683b9ffd9864ef55b6c72d7937b5cfd
803f11165364b374c7a7c6ba9e1f3368b756657fb04174bd4d1b8c85137958e6
GET /packs/js/public/fonts-5c8b6b7bf32ee70f92c4.chunk.js HTTP/1.1
Host: cdn3.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 426
server: openresty
date: Thu, 29 Sep 2022 11:57:36 GMT
last-modified: Thu, 29 Sep 2022 11:55:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ffcbf18841bd703b7328f6803e6f0530.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: 6tLMZb_4i_g9rRwNFw-muoMsD_S9VmyEQbb9nHs3Y6Rl9VWWh6hcmw==
age: 345418
X-Firefox-Spdy: h2
cdn1.dan.com/assets/public/i18n-bb2da241bfcbf784d15a84f03ef6ff7eef33b2c695b6821a6750b29c30faa75e.js
143.204.68.91200 OK 4.4 kB URL HTTP/2 cdn1.dan.com/assets/public/i18n-bb2da241bfcbf784d15a84f03ef6ff7eef33b2c695b6821a6750b29c30faa75e.js
IP 143.204.68.91:0
File type ASCII text, with very long lines (15400), with no line terminators
Hash de2f4a801d555fd16c042093f091acd4
86110e7d996ff7d52e1bbb9f0083f5369c965634
8d772411db1b7ce8f803656bdc1e7e0dfb299eb51371d957fe5ef8656a4819c6
GET /assets/public/i18n-bb2da241bfcbf784d15a84f03ef6ff7eef33b2c695b6821a6750b29c30faa75e.js HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 4434
server: openresty
date: Fri, 02 Sep 2022 03:15:48 GMT
last-modified: Thu, 09 Dec 2021 13:49:19 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: _a4tVSXAXtBfSUYrP-Br28SDmXtboQLpLM4G0W_uIY1m2ynip3aLAg==
age: 2709526
X-Firefox-Spdy: h2
cdn1.dan.com/packs/js/public/product-e7a69531b52efa151f7b.chunk.js
143.204.68.91200 OK 8.6 kB URL HTTP/2 cdn1.dan.com/packs/js/public/product-e7a69531b52efa151f7b.chunk.js
IP 143.204.68.91:0
File type ASCII text, with very long lines (32635)
Hash 364192a0fcc49096658a22be97f74a21
5ea6ebe645ce8a141412b4bf7bb62f48a9ccba3f
c2a4345572bd6a9f18e8f0774bc22c3c74aa464fe9819a5292e299249bc12b03
GET /packs/js/public/product-e7a69531b52efa151f7b.chunk.js HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 8566
server: openresty
date: Thu, 29 Sep 2022 11:57:36 GMT
last-modified: Thu, 29 Sep 2022 11:55:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: sQrHwxpogVsf1j903tBwmp5HzBYdXMsy7ns4lSJc5alk3FpuIUDEpg==
age: 345418
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4760
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 11:54:34 GMT
Last-Modified: Mon, 03 Oct 2022 10:35:14 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
cdn2.dan.com/assets/logos/Main@2x-0d2a786abd69d2da0f8ab1f105c0da3b8e1baf5c46c13169d6aa5b4c5fea7379.svg
143.204.68.91200 OK 12 kB URL HTTP/2 cdn2.dan.com/assets/logos/Main@2x-0d2a786abd69d2da0f8ab1f105c0da3b8e1baf5c46c13169d6aa5b4c5fea7379.svg
IP 143.204.68.91:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4396)
Hash 386fcff0359a238feae3616089163f60
3861370145d1176cdbeb8d44c70638efd49507e7
0d2a786abd69d2da0f8ab1f105c0da3b8e1baf5c46c13169d6aa5b4c5fea7379
GET /assets/logos/Main@2x-0d2a786abd69d2da0f8ab1f105c0da3b8e1baf5c46c13169d6aa5b4c5fea7379.svg HTTP/1.1
Host: cdn2.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn1.dan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 11658
server: openresty
date: Mon, 22 Aug 2022 05:57:03 GMT
last-modified: Mon, 18 Jul 2022 15:41:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: zsUI14AyYkHX4kfCct5EuvIoTBRq8EUi354T4mVtmt7b2KDynJDnpw==
age: 3650251
X-Firefox-Spdy: h2
cdn1.dan.com/assets/public/payment_logos-5e4dce7612e404dab090fbee14ac1eddd1c710bfce7d22ee87411662934a7387.png
143.204.68.91200 OK 3.2 kB URL HTTP/2 cdn1.dan.com/assets/public/payment_logos-5e4dce7612e404dab090fbee14ac1eddd1c710bfce7d22ee87411662934a7387.png
IP 143.204.68.91:0
File type PNG image data, 272 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 1a20ff7a7df04a852f968c5c988dd6fa
260328a70eeb31d942e6bf3afdc3ba0abf9534f7
5e4dce7612e404dab090fbee14ac1eddd1c710bfce7d22ee87411662934a7387
GET /assets/public/payment_logos-5e4dce7612e404dab090fbee14ac1eddd1c710bfce7d22ee87411662934a7387.png HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn1.dan.com/assets/public-5650085f38bef8daac460d9524da67e9d8cc6bb263cdf3c743ca3862820951e2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 3181
server: openresty
date: Tue, 23 Aug 2022 08:14:54 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: kkdsjzp-NU78cJS7IGTg4kib8UaBd9iD_7FQ4BhmZCuljN1F8drBeQ==
age: 3555580
X-Firefox-Spdy: h2
cdn2.dan.com/assets/public/benefits-protection-523634d05d9535c060cf03d228ff4df6bc4e3a82547bb5320daf91df16d6352f.svg
143.204.68.91200 OK 4.3 kB URL HTTP/2 cdn2.dan.com/assets/public/benefits-protection-523634d05d9535c060cf03d228ff4df6bc4e3a82547bb5320daf91df16d6352f.svg
IP 143.204.68.91:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (898)
Hash b4a9f0ba344eb285f99ea324daeab7d0
82020383fea04966c27241f53e7aad2a74eab53a
523634d05d9535c060cf03d228ff4df6bc4e3a82547bb5320daf91df16d6352f
GET /assets/public/benefits-protection-523634d05d9535c060cf03d228ff4df6bc4e3a82547bb5320daf91df16d6352f.svg HTTP/1.1
Host: cdn2.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn1.dan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 4277
server: openresty
date: Thu, 08 Sep 2022 01:21:56 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: CgLffZ9PgKFygagz4NkwgiZ_6PHpvOALPBkgbUuCq3z1EVSsEbN5kg==
age: 2197958
X-Firefox-Spdy: h2
cdn1.dan.com/assets/public/benefits-transfers-374cef9ae50af8a199e7054cfe5092643d1c7659965fb9480022e0487d467606.svg
143.204.68.91200 OK 2.5 kB URL HTTP/2 cdn1.dan.com/assets/public/benefits-transfers-374cef9ae50af8a199e7054cfe5092643d1c7659965fb9480022e0487d467606.svg
IP 143.204.68.91:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2008)
Hash 60377485c532698023ddb3324aafaff7
9fa2b7b0ee6792bdf3641cb45446b6d72496de1a
374cef9ae50af8a199e7054cfe5092643d1c7659965fb9480022e0487d467606
GET /assets/public/benefits-transfers-374cef9ae50af8a199e7054cfe5092643d1c7659965fb9480022e0487d467606.svg HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn1.dan.com/assets/public-5650085f38bef8daac460d9524da67e9d8cc6bb263cdf3c743ca3862820951e2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 2452
server: openresty
date: Mon, 29 Aug 2022 02:39:06 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: 4zORS7z2eYwVBt6Y2VkDRwWAYNuokDypT2F5PcK2G_UCn7RXGMqtqQ==
age: 3057328
X-Firefox-Spdy: h2
cdn0.dan.com/assets/public/benefits-payments-fcd4b0fd72963bb6eb6404128536393529f0f4f7b5be664067d679777011b851.svg
143.204.68.104200 OK 4.3 kB URL HTTP/2 cdn0.dan.com/assets/public/benefits-payments-fcd4b0fd72963bb6eb6404128536393529f0f4f7b5be664067d679777011b851.svg
IP 143.204.68.104:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (633)
Hash 4663788bd6ea455409d8d873a1a67005
96bb83e405812d18655e9211ad390d0fbde6a7b1
fcd4b0fd72963bb6eb6404128536393529f0f4f7b5be664067d679777011b851
GET /assets/public/benefits-payments-fcd4b0fd72963bb6eb6404128536393529f0f4f7b5be664067d679777011b851.svg HTTP/1.1
Host: cdn0.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn1.dan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 4341
server: openresty
date: Wed, 07 Sep 2022 01:59:29 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 3017587acd2a65d8bc5fcc9f562d64cc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: YkGvCz9ym3uECfbtXceY3kGQhqtgPGOdoECsqkKW4STzowMiPnbAgg==
age: 2282105
X-Firefox-Spdy: h2
cdn3.dan.com/assets/GraphikDan-Semibold-Web-560a9afe1c7efc78932e5a841e202476c7af320d0aec9d916cc2f065243cfcfc.woff2
143.204.68.104200 OK 42 kB URL HTTP/2 cdn3.dan.com/assets/GraphikDan-Semibold-Web-560a9afe1c7efc78932e5a841e202476c7af320d0aec9d916cc2f065243cfcfc.woff2
IP 143.204.68.104:0
File type Web Open Font Format (Version 2), TrueType, length 42052, version 1.0\012- data
Hash 7d992431ee5e40d98d9ab99cb5cde954
3e82b380c81c2f83e143e4bb1a4437903c689f05
560a9afe1c7efc78932e5a841e202476c7af320d0aec9d916cc2f065243cfcfc
GET /assets/GraphikDan-Semibold-Web-560a9afe1c7efc78932e5a841e202476c7af320d0aec9d916cc2f065243cfcfc.woff2 HTTP/1.1
Host: cdn3.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://youroffers.xyz
Connection: keep-alive
Referer: https://cdn1.dan.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 42052
server: openresty
date: Sat, 03 Sep 2022 01:30:23 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 ffcbf18841bd703b7328f6803e6f0530.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: Sf-j5MiUwq5UZoFaelI8m6OQf48KZq54VM1oQcSmIUsABFRmASXRdg==
age: 2629451
X-Firefox-Spdy: h2
cdn1.dan.com/assets/GraphikDan-Regular-Web-1b23e0d886e0602443c35df66f69cf1560710913bf88b512ed9cea147fccf0b6.woff2
143.204.68.91200 OK 37 kB URL HTTP/2 cdn1.dan.com/assets/GraphikDan-Regular-Web-1b23e0d886e0602443c35df66f69cf1560710913bf88b512ed9cea147fccf0b6.woff2
IP 143.204.68.91:0
File type Web Open Font Format (Version 2), TrueType, length 37172, version 1.0\012- data
Hash 6b2f88dd1fc37ad2228bc4b0e12bb011
088cd68a9ce402835ff00e8e2c8ef2ccf4081a3b
1b23e0d886e0602443c35df66f69cf1560710913bf88b512ed9cea147fccf0b6
GET /assets/GraphikDan-Regular-Web-1b23e0d886e0602443c35df66f69cf1560710913bf88b512ed9cea147fccf0b6.woff2 HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://youroffers.xyz
Connection: keep-alive
Referer: https://cdn1.dan.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 37172
server: openresty
date: Mon, 05 Sep 2022 01:05:11 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: i5vOu_XL39755ZZYzhBmKHEqJ26xH0AlM1jxMGb3D209jtwZm95VDg==
age: 2458163
X-Firefox-Spdy: h2
youroffers.xyz/packs/spritemap.svg
3.64.163.50200 OK 55 kB URL HTTP/2 youroffers.xyz/packs/spritemap.svg
IP 3.64.163.50:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (54932), with no line terminators
Hash e65cb1c7d5527e84cd713fad25a6d406
7e8b37a5f97ab78169dc0be5b5a6c608ca396f8b
de61e54de6f40ede7d709ef30ee2e2616b5c693fb0087ffbeaedd2a80f266379
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /packs/spritemap.svg HTTP/1.1
Host: youroffers.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c5ca=o%2Bb4xTR8HqzLhtowv8KXclHP5%2BHAiq3DVkqra%2BUSkVP8d2UiziKxRVF32pdRkgIn6iiKDz1FbMGoQbd9BL5HjRa8Cbs7T%2BrKUWe5Xi1pdB0ZrrEBTp%2FnffYn3qayCdC3%2FBXLrqc1Cko1VkD5fyTboe6Xfz3P%2FyQOwgfOSf6wyf8e6%2BU55%2F25BLBWT8vH%2BvNI95VaWSrFshdMTjQoEQqCL6Bj6LsXrA%2F%2FFwrSqPRjWGKN3ujTsxHXSu2h7LO4T%2BaqIpXi9%2B7%2B52kUaNfoLOkqZ9W4kYBWv5SiFK8IER52Z7v41C0mAvM%2Ff8tarHvou43g9fU9Mm7IRNp%2BZeD3Mvt%2Fzvd05%2FcR7ctM4a0q5i3Fo%2F%2BFiBC6AAGvHdc0jRSRFzNq8Q9tw1quhMCs1lgaxhrp%2B%2B%2FQ18ydZ9ZmIOjSsucPFkWOcjwdnJ04ZgiYpWu82%2FSfXoJhDWy9FGQP9KlIFJh8Iw%3D%3D--DDHM0f2AoBHbGrFI--bfW8wh2hShBUZ%2Bp9FoSvUA%3D%3D; time_zone_offset=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 03 Oct 2022 11:54:34 GMT
content-type: image/svg+xml
content-length: 54932
last-modified: Fri, 30 Sep 2022 12:13:50 GMT
X-Firefox-Spdy: h2
cdn2.dan.com/assets/GraphikDan-Bold-Web-11f7002d7b0e45f73367bf8e4f5763dc6a7f8f7d6be4f29f26650f13480a5f6a.woff2
143.204.68.91200 OK 39 kB URL HTTP/2 cdn2.dan.com/assets/GraphikDan-Bold-Web-11f7002d7b0e45f73367bf8e4f5763dc6a7f8f7d6be4f29f26650f13480a5f6a.woff2
IP 143.204.68.91:0
File type Web Open Font Format (Version 2), TrueType, length 38556, version 1.0\012- data
Hash 15e0a4e9b6fc2834eec6ccba1973aa45
080a7126b7fb4063ea36c06beca3ebfdc4cc63ef
11f7002d7b0e45f73367bf8e4f5763dc6a7f8f7d6be4f29f26650f13480a5f6a
GET /assets/GraphikDan-Bold-Web-11f7002d7b0e45f73367bf8e4f5763dc6a7f8f7d6be4f29f26650f13480a5f6a.woff2 HTTP/1.1
Host: cdn2.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://youroffers.xyz
Connection: keep-alive
Referer: https://cdn1.dan.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 38556
server: openresty
date: Wed, 31 Aug 2022 01:09:44 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: Aivdba1XM4I_q6fugQPJjtnfDeoB_4Tn6WGGMlinCAEdOdV9RvfVWA==
age: 2889890
X-Firefox-Spdy: h2
cdn1.dan.com/assets/GraphikDan-Light-Web-683068589a2fceaee125c3a3fd83a27a28f90ce37c099777eb89a4629d9fad3e.woff2
143.204.68.91200 OK 34 kB URL HTTP/2 cdn1.dan.com/assets/GraphikDan-Light-Web-683068589a2fceaee125c3a3fd83a27a28f90ce37c099777eb89a4629d9fad3e.woff2
IP 143.204.68.91:0
File type Web Open Font Format (Version 2), TrueType, length 34092, version 1.0\012- data
Hash 9e90e7eccd164bdeee5ae1e9331316d5
4a8c44ec681947f676ee97f33aab743a079eff7b
683068589a2fceaee125c3a3fd83a27a28f90ce37c099777eb89a4629d9fad3e
GET /assets/GraphikDan-Light-Web-683068589a2fceaee125c3a3fd83a27a28f90ce37c099777eb89a4629d9fad3e.woff2 HTTP/1.1
Host: cdn1.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://youroffers.xyz
Connection: keep-alive
Referer: https://cdn1.dan.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 34092
server: openresty
date: Tue, 03 May 2022 02:54:30 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: 9oKKIk0GPD6RMaGtaNxAQlee9LrzOPfvNJhllWyvsV0MLhA1Lg9tBQ==
age: 13251604
X-Firefox-Spdy: h2
cdn2.dan.com/assets/GraphikDan-Medium-Web-cf2e4f4feea57b2fb89e83ed56fc49bc0bf21a4f1fa20afe2e83d745c8890fc3.woff2
143.204.68.91200 OK 36 kB URL HTTP/2 cdn2.dan.com/assets/GraphikDan-Medium-Web-cf2e4f4feea57b2fb89e83ed56fc49bc0bf21a4f1fa20afe2e83d745c8890fc3.woff2
IP 143.204.68.91:0
File type Web Open Font Format (Version 2), TrueType, length 36308, version 1.0\012- data
Hash 47f09a78e5d17d771fb06bc91e174499
b335fe0226d224782678ff7bea49773993e6f052
cf2e4f4feea57b2fb89e83ed56fc49bc0bf21a4f1fa20afe2e83d745c8890fc3
GET /assets/GraphikDan-Medium-Web-cf2e4f4feea57b2fb89e83ed56fc49bc0bf21a4f1fa20afe2e83d745c8890fc3.woff2 HTTP/1.1
Host: cdn2.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://youroffers.xyz
Connection: keep-alive
Referer: https://cdn1.dan.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 36308
server: openresty
date: Sat, 03 Sep 2022 01:30:23 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: SGgnauxnv_Ysgra-zL12K6AZUqfqTesc-bZksCXgdI4Ih9dOzvs_rQ==
age: 2629451
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6abe76ca28fe176c44e7475b1d5c93fb
a4a87a771c6f081e5dae3499c090551c6dd31acb
451a8f3a3e654355467b434976022b84820c25b54f7b78472635c7dc3241423f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 11:54:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
youroffers.xyz/
3.64.163.50200 OK 10 kB IP 3.64.163.50:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7105)
Hash 1b388b557e3003cf3fe021dc4d5dc79f
aa3884c034529da25837f33e48b960e4c0946ada
35bea336667bc768f15b2b524da6ba6d4d119aff4ec53e4ed3c03b3266cda995
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET / HTTP/1.1
Host: youroffers.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Mon, 03 Oct 2022 11:54:34 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: W/"5b1da6111ea606a35cc094f38d42c158"
cache-control: max-age=0, private, must-revalidate
set-cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c5ca=o%2Bb4xTR8HqzLhtowv8KXclHP5%2BHAiq3DVkqra%2BUSkVP8d2UiziKxRVF32pdRkgIn6iiKDz1FbMGoQbd9BL5HjRa8Cbs7T%2BrKUWe5Xi1pdB0ZrrEBTp%2FnffYn3qayCdC3%2FBXLrqc1Cko1VkD5fyTboe6Xfz3P%2FyQOwgfOSf6wyf8e6%2BU55%2F25BLBWT8vH%2BvNI95VaWSrFshdMTjQoEQqCL6Bj6LsXrA%2F%2FFwrSqPRjWGKN3ujTsxHXSu2h7LO4T%2BaqIpXi9%2B7%2B52kUaNfoLOkqZ9W4kYBWv5SiFK8IER52Z7v41C0mAvM%2Ff8tarHvou43g9fU9Mm7IRNp%2BZeD3Mvt%2Fzvd05%2FcR7ctM4a0q5i3Fo%2F%2BFiBC6AAGvHdc0jRSRFzNq8Q9tw1quhMCs1lgaxhrp%2B%2B%2FQ18ydZ9ZmIOjSsucPFkWOcjwdnJ04ZgiYpWu82%2FSfXoJhDWy9FGQP9KlIFJh8Iw%3D%3D--DDHM0f2AoBHbGrFI--bfW8wh2hShBUZ%2Bp9FoSvUA%3D%3D; path=/; secure; HttpOnly
x-request-id: 9aadba30-7927-4c38-98a8-34fee4278408
x-runtime: 0.116436
content-encoding: gzip
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-TQWL3L
142.250.74.168200 OK 50 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TQWL3L
IP 142.250.74.168:0
File type ASCII text, with very long lines (2057)
Hash 3148158c24260152784f1ef2ca7b4db4
c8e13f24a12f1b06c4251679e076a3e87b79c036
1a68b942a7575b44a8e8c3a07971095ad17b8701fa19c5a34b44787404669baa
GET /gtm.js?id=GTM-TQWL3L HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 03 Oct 2022 11:54:35 GMT
expires: Mon, 03 Oct 2022 11:54:35 GMT
cache-control: private, max-age=900
last-modified: Mon, 03 Oct 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50224
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn2.dan.com/assets/icons/touch-icon-ipad-retina-56a8f2519ed554a55e6084d77c1ab7ef3511f8ed5e7877db50a9865621a79290.png
143.204.68.91200 OK 3.1 kB URL HTTP/2 cdn2.dan.com/assets/icons/touch-icon-ipad-retina-56a8f2519ed554a55e6084d77c1ab7ef3511f8ed5e7877db50a9865621a79290.png
IP 143.204.68.91:0
File type PNG image data, 152 x 152, 8-bit/color RGBA, non-interlaced\012- data
Hash 0c59777f5725af9a1d2d9153da1d7176
bc06fbcbf2170fe049279b7a1b6003eef8d6986a
56a8f2519ed554a55e6084d77c1ab7ef3511f8ed5e7877db50a9865621a79290
GET /assets/icons/touch-icon-ipad-retina-56a8f2519ed554a55e6084d77c1ab7ef3511f8ed5e7877db50a9865621a79290.png HTTP/1.1
Host: cdn2.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 3054
server: openresty
date: Sun, 21 Aug 2022 04:17:53 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 bf8b5b2c3ca89509ca41446ce65cfb98.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: KLJrCHUyNmIpNYqvHqcn4o8UvVyy6-k9dGYtcbKIDieTwT6gFtnZgw==
age: 3742602
X-Firefox-Spdy: h2
cdn3.dan.com/assets/icons/favicon-17cae8213bf0fbeae27b644f0616b74981f348af943f27b73abf8e7b3a557b8f.ico
143.204.68.104200 OK 15 kB URL HTTP/2 cdn3.dan.com/assets/icons/favicon-17cae8213bf0fbeae27b644f0616b74981f348af943f27b73abf8e7b3a557b8f.ico
IP 143.204.68.104:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 91b5b75e4f52df43982200873c1feef6
8a01193959229d10a361d4965e305490544c428c
17cae8213bf0fbeae27b644f0616b74981f348af943f27b73abf8e7b3a557b8f
GET /assets/icons/favicon-17cae8213bf0fbeae27b644f0616b74981f348af943f27b73abf8e7b3a557b8f.ico HTTP/1.1
Host: cdn3.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 15406
server: openresty
date: Fri, 20 May 2022 03:52:00 GMT
last-modified: Thu, 29 Jul 2021 09:32:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 ffcbf18841bd703b7328f6803e6f0530.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: 5WMPo9sa8hBN3E1wJH6LgpiVF04UzV_wJV266ikaUQ21quMbeFjWqQ==
age: 11779355
X-Firefox-Spdy: h2
youroffers.xyz/api/domains/suggestions?client_id=129588
3.64.163.50200 OK 20 kB URL HTTP/2 youroffers.xyz/api/domains/suggestions?client_id=129588
IP 3.64.163.50:0
File type JSON data\012- , ASCII text, with very long lines (2786)
Hash 0600cff961c9e97f18b5a4854a41d4ff
d75834b10b2d048ab721a0f40c0e1cd3401b5788
cc82c4a8a4752f213c9b9364b5ff5e832a279faf980e43f22223f5bd2934dfb0
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /api/domains/suggestions?client_id=129588 HTTP/1.1
Host: youroffers.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c5ca=o%2Bb4xTR8HqzLhtowv8KXclHP5%2BHAiq3DVkqra%2BUSkVP8d2UiziKxRVF32pdRkgIn6iiKDz1FbMGoQbd9BL5HjRa8Cbs7T%2BrKUWe5Xi1pdB0ZrrEBTp%2FnffYn3qayCdC3%2FBXLrqc1Cko1VkD5fyTboe6Xfz3P%2FyQOwgfOSf6wyf8e6%2BU55%2F25BLBWT8vH%2BvNI95VaWSrFshdMTjQoEQqCL6Bj6LsXrA%2F%2FFwrSqPRjWGKN3ujTsxHXSu2h7LO4T%2BaqIpXi9%2B7%2B52kUaNfoLOkqZ9W4kYBWv5SiFK8IER52Z7v41C0mAvM%2Ff8tarHvou43g9fU9Mm7IRNp%2BZeD3Mvt%2Fzvd05%2FcR7ctM4a0q5i3Fo%2F%2BFiBC6AAGvHdc0jRSRFzNq8Q9tw1quhMCs1lgaxhrp%2B%2B%2FQ18ydZ9ZmIOjSsucPFkWOcjwdnJ04ZgiYpWu82%2FSfXoJhDWy9FGQP9KlIFJh8Iw%3D%3D--DDHM0f2AoBHbGrFI--bfW8wh2hShBUZ%2Bp9FoSvUA%3D%3D; time_zone_offset=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 03 Oct 2022 11:54:35 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: W/"0932ae469e17a32a63f84abccb345136"
cache-control: max-age=0, private, must-revalidate
x-request-id: 320ecdcc-30ca-4174-865d-2d926d047f25
x-runtime: 0.049594
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 544d205b2f709e0bed39ebfc751d6187
71559b505f318323405eeb5ff59499c63e806559
692e14681ceb7536d5c09cf8700810a258b574e02e93c391e7551690111a5bc7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 11:54:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&gjid=1657747249&_gid=824701563.1664798075&_u=YGBAgEABAAAAAE~&z=1687741127
74.125.131.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&gjid=1657747249&_gid=824701563.1664798075&_u=YGBAgEABAAAAAE~&z=1687741127
IP 74.125.131.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&gjid=1657747249&_gid=824701563.1664798075&_u=YGBAgEABAAAAAE~&z=1687741127 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Content-Type: text/plain
Content-Length: 0
Origin: https://youroffers.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://youroffers.xyz
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 03 Oct 2022 11:54:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 53aa134dc3b33b709b6ccf39e549055f
2e85a28ef73d7c403ad693fc8602e95fe3d803f3
877de7cadd4fc848afaac488f89ed987929505b563a03eb79e4e9d8fa0b41a0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 11:54:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&_u=YGBAgEABAAAAAE~&z=554616239
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&_u=YGBAgEABAAAAAE~&z=554616239
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&_u=YGBAgEABAAAAAE~&z=554616239 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 11:54:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 15 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 8766c5a801f08afceca9b66ff9097e6a
ce7640d1d166eddeb9d40be642ec34652f790713
f448f99b4ad9a9b50daa9c38054cf16ab2b9fcb5d83ddad60571fb6a8a432a99
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 03 Oct 2022 11:54:35 GMT
expires: Mon, 03 Oct 2022 11:54:35 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 17557423932572341828
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 50366815306618737b22afb3327c4db9
d362647235cb883e1a58b6d4d6e6144813667119
8b8aa0dbd637f517324351c700f038a94fc87f5444576c337f2e7c6d860e2c50
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 11:54:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 544d205b2f709e0bed39ebfc751d6187
71559b505f318323405eeb5ff59499c63e806559
692e14681ceb7536d5c09cf8700810a258b574e02e93c391e7551690111a5bc7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 11:54:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8c665d81a8995febfec300bd9f554c90
aa3599f282cff5e07d5681ec4854b70a82590f6d
57cd30b987eb23f54208b51c04daefd3657fdd84325f4035817b32e4ad5b5461
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 11:54:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&_u=YGBAgEABAAAAAE~&z=554616239
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&_u=YGBAgEABAAAAAE~&z=554616239
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-47793354-3&cid=1009529987.1664798075&jid=710284581&_u=YGBAgEABAAAAAE~&z=554616239 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 11:54:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 50366815306618737b22afb3327c4db9
d362647235cb883e1a58b6d4d6e6144813667119
8b8aa0dbd637f517324351c700f038a94fc87f5444576c337f2e7c6d860e2c50
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 11:54:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/903602112/?random=1664798075326&cv=9&fst=1664798075326&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9s0&sendb=1&ig=0&data=ecomm_prodid%3D&frm=0&url=https%3A%2F%2Fyouroffers.xyz%2F&tiba=The%20domain%20name%20youroffers.xyz%20is%20for%20sale&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.98200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/903602112/?random=1664798075326&cv=9&fst=1664798075326&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9s0&sendb=1&ig=0&data=ecomm_prodid%3D&frm=0&url=https%3A%2F%2Fyouroffers.xyz%2F&tiba=The%20domain%20name%20youroffers.xyz%20is%20for%20sale&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2294), with no line terminators
Hash ede5abf17f79460f26a735c053691a1f
df1896fa298ceef9735437a5e1691ff46608583f
a4dfb52a1ecbd431f6d6a66df88a8137dfac97d5a1d0f23b432210789f6ab435
GET /pagead/viewthroughconversion/903602112/?random=1664798075326&cv=9&fst=1664798075326&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9s0&sendb=1&ig=0&data=ecomm_prodid%3D&frm=0&url=https%3A%2F%2Fyouroffers.xyz%2F&tiba=The%20domain%20name%20youroffers.xyz%20is%20for%20sale&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 11:54:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1044
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 03-Oct-2022 12:09:35 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15992
Expires: Mon, 03 Oct 2022 16:21:08 GMT
Date: Mon, 03 Oct 2022 11:54:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15992
Expires: Mon, 03 Oct 2022 16:21:08 GMT
Date: Mon, 03 Oct 2022 11:54:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15992
Expires: Mon, 03 Oct 2022 16:21:08 GMT
Date: Mon, 03 Oct 2022 11:54:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F382faf63-655f-460a-9545-c4d888a724c6.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F382faf63-655f-460a-9545-c4d888a724c6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36debc920b17e124779c01af9101a59e
b105f7bf041365d644c98c7e11ffa75e4656d29d
f518ccd094d0e187b91cfd36dfb282566c0d088ce13501157dc97c702211d938
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F382faf63-655f-460a-9545-c4d888a724c6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10839
x-amzn-requestid: 67718257-ee21-44f0-80bd-f15cea37ac5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZZWcKFD0IAMFV7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a044d-09a45a242bf4bdfe0f4608e4;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 21:36:13 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dOlitYNRYQsyiYLagdUWS2MmO34k8otqQ5yKZ7f4zzbj1HxhAzZoqQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 21:44:43 GMT
age: 50993
etag: "b105f7bf041365d644c98c7e11ffa75e4656d29d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd0be942-f345-4da4-974e-a9fe16b90b3c.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd0be942-f345-4da4-974e-a9fe16b90b3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 523edd86af4757d0bc5fa5b3b8a3596a
8118ee462077c291b9d6f1402b85b55a9ceba8c2
c27de9970317636df8c4a517a9ed38e573235b351bf92c9b8bb1f964cd100031
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd0be942-f345-4da4-974e-a9fe16b90b3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9083
x-amzn-requestid: fda71fd3-ef25-4a63-94ae-1bfc8aef8d14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZZXD2H0DIAMFjrg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a054b-198915fc17ce3dab571b7575;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 21:40:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _JxPe8uPQIgRKoJxtJAKjXpVy1hCW0rFcs8K_erJOHbVNpw339Pz6w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 21:45:27 GMT
age: 50949
etag: "8118ee462077c291b9d6f1402b85b55a9ceba8c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F780fc623-fddc-49c7-99c9-1dd66ce64db7.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F780fc623-fddc-49c7-99c9-1dd66ce64db7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfb6fbd0b91416a5a7cc7f7d0fcbf27c
ced4806b7cc4d08e2c3f1c5e591184f462e86ec2
9a217da43a32c70ebd39b3076b3c14b16d8931ccebfe5d41139fa706b3b3e149
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F780fc623-fddc-49c7-99c9-1dd66ce64db7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8279
x-amzn-requestid: fed6efac-3419-4ecc-89f8-d4c3e0c22915
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZZWbsHpBIAMFT1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a044a-5fc3bf5b7126d4a835d93e3d;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 21:36:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7g6tucmoqeX5RFtet3L9XllP1G6fx4RWt5XqTsVvhtxZnPxV0EVpqA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 21:57:37 GMT
age: 50219
etag: "ced4806b7cc4d08e2c3f1c5e591184f462e86ec2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TVz3oiy-Z2r9lGFDgsnGNxotvvAPeOaa7LMzqs432QjZpZo-PNt1-g==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 04:42:51 GMT
age: 25905
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb166fe-e146-46cf-a93b-905deefbae87.jpeg
34.120.237.76200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb166fe-e146-46cf-a93b-905deefbae87.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9a96da552b7ddb23b1f2fb506de2aed4
2926163d332abfb70f9565a45f7546f2efdc7716
2da0e160e0e8a116ab76614e29609e43d132cc9e56636ad91399f33e53346a23
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb166fe-e146-46cf-a93b-905deefbae87.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3272
x-amzn-requestid: b2ace456-0abd-416c-9c1c-799eb5c73269
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZZWabG8zIAMF-PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a0442-3e61e1e9283bd78e76731b47;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 21:36:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oHEIG44XMoSu6XEYOPW8LNkvZPbIrgo6KuLHluknV7Hgfv-3IOWL2A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 21:44:42 GMT
age: 50994
etag: "2926163d332abfb70f9565a45f7546f2efdc7716"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a090b5-0736-4ddd-b6ca-3c76661e7051.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a090b5-0736-4ddd-b6ca-3c76661e7051.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 721a8d8f94c3796abf021978fcdbc831
3fc3aeae907a0ce0db21753c67c1000681e48b8e
cb497b15e7c2e49930b99f8d6659f0394acefb7b11613ca04397ee782dac759d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a090b5-0736-4ddd-b6ca-3c76661e7051.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8158
x-amzn-requestid: 424c8c6c-7075-4ace-97e6-2b0a609d1b7e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZZXDxGRlIAMFZrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a054b-046d963a345c15e81dc74e4d;Sampled=0
x-amzn-remapped-date: Sun, 02 Oct 2022 21:40:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AM8Ox9ObWGoXI-QnnoI7QkY5mOh8j6xBPetTrhyVktVO40ekk4X2Eg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 21:45:27 GMT
age: 50949
etag: "3fc3aeae907a0ce0db21753c67c1000681e48b8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
youroffers.xyz/domain_views
3.64.163.50200 OK 0 B URL HTTP/2 youroffers.xyz/domain_views
IP 3.64.163.50:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
POST /domain_views HTTP/1.1
Host: youroffers.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 138
Origin: https://youroffers.xyz
Connection: keep-alive
Cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c5ca=o%2Bb4xTR8HqzLhtowv8KXclHP5%2BHAiq3DVkqra%2BUSkVP8d2UiziKxRVF32pdRkgIn6iiKDz1FbMGoQbd9BL5HjRa8Cbs7T%2BrKUWe5Xi1pdB0ZrrEBTp%2FnffYn3qayCdC3%2FBXLrqc1Cko1VkD5fyTboe6Xfz3P%2FyQOwgfOSf6wyf8e6%2BU55%2F25BLBWT8vH%2BvNI95VaWSrFshdMTjQoEQqCL6Bj6LsXrA%2F%2FFwrSqPRjWGKN3ujTsxHXSu2h7LO4T%2BaqIpXi9%2B7%2B52kUaNfoLOkqZ9W4kYBWv5SiFK8IER52Z7v41C0mAvM%2Ff8tarHvou43g9fU9Mm7IRNp%2BZeD3Mvt%2Fzvd05%2FcR7ctM4a0q5i3Fo%2F%2BFiBC6AAGvHdc0jRSRFzNq8Q9tw1quhMCs1lgaxhrp%2B%2B%2FQ18ydZ9ZmIOjSsucPFkWOcjwdnJ04ZgiYpWu82%2FSfXoJhDWy9FGQP9KlIFJh8Iw%3D%3D--DDHM0f2AoBHbGrFI--bfW8wh2hShBUZ%2Bp9FoSvUA%3D%3D; time_zone_offset=0; _ga=GA1.2.1009529987.1664798075; _gid=GA1.2.824701563.1664798075; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 03 Oct 2022 11:54:35 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cache-control: no-cache
set-cookie: bc9bd58fe1b6ef954d6d794db6d30e25e8ff50634d24346cf8006ef422e3c05c6e48b07678e34d08c97ad3f91012c80ac690b50f51fbd49b16e301de58d9c5ca=Roy6vLyv0%2BCHdyW9sSHfgOtHaOmwzd%2F2yv34dY35uRk%2BYLDKqcgr5Z%2BcBcWORuLDyULoxoLw1x%2F4%2FGA1ur%2Fwsw6ULkuPm2ddbs10BU3HxBKtNopYR0DOFaLIqwd%2FkDArn7IgegxlOEyuijRuiOLaLoUwtQ7d%2FlF1lymSZZKATCMxFytEvei2yKfMTXL8eH%2BBcB7NiyyM4a5FTZ12IAXTFxzv4AFVsdmaRzgBsJk%2B95nqEPsZZ58rNFU5UeJrcIeIwsAqqa5mKpj3EJaZXrY9QPRe3GKWO3RgJjVjdDaFMz4IxorGgB5mFIquatS6EgY4zp0eaHHHL19vTZAzUoN3fu6bPLLfFU6z507rFofxOm0JpoEHSG9yR6pbFJS6jmtRmNYnnYOnh43pJNwwo7ls6EvVKNfb%2BXHsoBUQYAML2s8E7aMYaJMQUcaebubxuzt5Y4wb2uZKZjHf%2BWSCKfCjFvzzEVP7CtY6W4tyj6%2B%2FgRVre16EKK9uHyVQaCq%2FpExZiyGIlpKkBHL%2F3aH9--KTEqpfzXafDScCBC--ElMl%2Baa9Rsd4IivDRm2KJQ%3D%3D; path=/; secure; HttpOnly
x-request-id: fc1155c0-3a42-408e-ac79-356546339287
x-runtime: 0.014162
content-encoding: gzip
X-Firefox-Spdy: h2
cdn3.dan.com/packs/js/3-5af6aefb07c4560e22ac.chunk.js
143.204.68.104200 OK 0 B URL HTTP/2 cdn3.dan.com/packs/js/3-5af6aefb07c4560e22ac.chunk.js
IP 143.204.68.104:0
GET /packs/js/3-5af6aefb07c4560e22ac.chunk.js HTTP/1.1
Host: cdn3.dan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://youroffers.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 120427
server: openresty
date: Thu, 29 Sep 2022 11:57:36 GMT
last-modified: Thu, 29 Sep 2022 11:55:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ffcbf18841bd703b7328f6803e6f0530.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P1
x-amz-cf-id: pkZaaYy3vOQd3uKpp-CFFpKYiaLCPJFb35MuwgG-G1H2j97yhuCcOQ==
age: 345418
X-Firefox-Spdy: h2