www.onemortrk.pics/?sl=5572257-31c36&tag=wmg0bs26ii6tklmlinghgvjq&eyeg=1
51.68.85.158302 Found 0 B URL HTTP/1.1 www.onemortrk.pics/?sl=5572257-31c36&tag=wmg0bs26ii6tklmlinghgvjq&eyeg=1
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5572257-31c36&tag=wmg0bs26ii6tklmlinghgvjq&eyeg=1 HTTP/1.1
Host: www.onemortrk.pics
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 05 Jan 2023 21:09:01 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=310004a28934a5878cf99b72cddeb5bd9bc3b0105-202301-flb*5572257-31c36*wmg0bs26ii6tklmlinghgvjq*sl_5572257-31c36*b0799962baed7d4782eb5f55556b2c4f27004505**
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6301
Expires: Thu, 05 Jan 2023 22:54:03 GMT
Date: Thu, 05 Jan 2023 21:09:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ce8af3d72e7e9af609039abee59c8b87
8e1b16591fbc632df35f15e23da55ee86af31bc3
52edddbda4a3a3b778f61a491b21e6ea439e9d8024189e636b1f37b2dd7226fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52EDDDBDA4A3A3B778F61A491B21E6EA439E9D8024189E636B1F37B2DD7226FC"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4992
Expires: Thu, 05 Jan 2023 22:32:14 GMT
Date: Thu, 05 Jan 2023 21:09:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 05 Jan 2023 20:41:16 GMT
content-type: application/json
age: 1666
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 600f7ba6e1a6fbbd176cd2df19b1e4d9
cdd72b25fd91ee980aba193b12e890096e4fe852
860214860947dfbe26099f018747154823b175fceb2821a390cc655da191a6d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "860214860947DFBE26099F018747154823B175FCEB2821A390CC655DA191A6D0"
Last-Modified: Thu, 05 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2593
Expires: Thu, 05 Jan 2023 21:52:15 GMT
Date: Thu, 05 Jan 2023 21:09:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gJW9O2S3QiqdWnVRwdmoNwG0anRNKwm0wlvSYCg5so1YYwvbGiCsVueie2AJ8//4NnIWcerIum8=
x-amz-request-id: 9TXKM69DBW5ZB8HD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 05 Jan 2023 20:59:41 GMT
age: 561
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 21:09:02 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 843bdee4ab520dbd590c75f6b6c64be2
e325e999fa6b672d533975338b9160d356f855f2
ab49ec737b281b406e8caa5e4b98cd70e4efd6c854623bad74f82de0f2cf64c3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 05 Jan 2023 21:09:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 05 Jan 2023 19:26:51 GMT
Expires: Fri, 06 Jan 2023 19:26:51 GMT
ETag: "e325e999fa6b672d533975338b9160d356f855f2"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=310004a28934a5878cf99b72cddeb5bd9bc3b0105-202301-flb*5572257-31c36*wmg0bs26ii6tklmlinghgvjq*sl_5572257-31c36*b0799962baed7d4782eb5f55556b2c4f27004505**
34.90.46.36302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=310004a28934a5878cf99b72cddeb5bd9bc3b0105-202301-flb*5572257-31c36*wmg0bs26ii6tklmlinghgvjq*sl_5572257-31c36*b0799962baed7d4782eb5f55556b2c4f27004505**
IP 34.90.46.36:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=310004a28934a5878cf99b72cddeb5bd9bc3b0105-202301-flb*5572257-31c36*wmg0bs26ii6tklmlinghgvjq*sl_5572257-31c36*b0799962baed7d4782eb5f55556b2c4f27004505** HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Thu, 05 Jan 2023 21:09:02 GMT
content-length: 0
location: https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63b73c6e99f6d90001c322af&s=503
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=63b73c6e99f6d90001c322af; expires=Fri, 05 Jan 2024 21:09:02 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 05 Jan 2023 21:08:11 GMT
age: 51
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 73a99621729e1bc9e236a1085b98a0cf
5e1f71493085f6be7788f59987c1f0850b77d4d7
219d1a8d7d1a027553f72c8c024488863d8996457b31c78014002f81174f3ad1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2696
Cache-Control: max-age=132163
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:02 GMT
Etag: "63b69329-1d7"
Expires: Sat, 07 Jan 2023 09:51:45 GMT
Last-Modified: Thu, 05 Jan 2023 09:06:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5fecc72cd5874efab1300e75ea5cd468
227b20dde87c1ffc0a641e4dfa29aaed6b1bd8d3
341bedd94ed21ad9b90327aefa556402cdff63be798f3ed626edb064baafcae4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "341BEDD94ED21AD9B90327AEFA556402CDFF63BE798F3ED626EDB064BAAFCAE4"
Last-Modified: Wed, 04 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8944
Expires: Thu, 05 Jan 2023 23:38:06 GMT
Date: Thu, 05 Jan 2023 21:09:02 GMT
Connection: keep-alive
t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63b73c6e99f6d90001c322af&s=503
51.161.115.163302 Found 0 B URL HTTP/1.1 t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63b73c6e99f6d90001c322af&s=503
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63b73c6e99f6d90001c322af&s=503 HTTP/1.1
Host: t2.blowingwnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 05 Jan 2023 21:09:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 1217p3t0dz
Raund: 19t
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503
push.services.mozilla.com/
52.34.56.119101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.34.56.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qzy9XgDM5y4bUHw9zsR5mA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yvPXNXUJM1cpAhKETEXS+tylJR0=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a30310077f91cd1155aafdfbccce499b
18856575d13f9466333c5ea6e1ed556738475294
d331f4c73d6068175353a9846f933423fdb608e03aedf5afc68e98498b720282
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D331F4C73D6068175353A9846F933423FDB608E03AEDF5AFC68E98498B720282"
Last-Modified: Tue, 03 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5513
Expires: Thu, 05 Jan 2023 22:40:56 GMT
Date: Thu, 05 Jan 2023 21:09:03 GMT
Connection: keep-alive
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503
51.83.143.92200 OK 491 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (537)
Hash e97cad3e9966c2589db6e976e3430ec6
c3e2f775821b95c50bd3bcc12fe382cfad00622f
50465006efea9c6aed39dcfc426a2178d00bccd831f9103a2f31c1b45d8a5ff2
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 21:09:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=63b73c6f07ffa9678e11c52c; expires=Sun, 08-Jan-2023 21:09:03 GMT; Max-Age=259200; path=/; domain=ron.trffclb.com; HttpOnly
Content-Encoding: gzip
ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503&bv=1 HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503
Cookie: bt-603611c5b7eaf46891533240=63b73c6f07ffa9678e11c52c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 05 Jan 2023 21:09:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ron.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 12uf2w0vxv-2v5
Location: https://popcash.net/world/go/134600/317194
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 058a75daa45350881e2e5685796fb771
d22316cf6ce75189f9576ecd5262ab015728cc36
cf0bf2a57ab2cdf2d27b01bb864f22ea169471b0d9e7ae09f3df052267ffdc64
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4141
Cache-Control: max-age=111283
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:03 GMT
Etag: "63b63bf5-116"
Expires: Sat, 07 Jan 2023 04:03:46 GMT
Last-Modified: Thu, 05 Jan 2023 02:54:45 GMT
Server: ECS (amb/6BB0)
X-Cache: HIT
Content-Length: 278
ron.trffclb.com/favicon.ico
51.83.143.92200 OK 20 B URL HTTP/1.1 ron.trffclb.com/favicon.ico
IP 51.83.143.92:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ron.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 21:09:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
popcash.net/world/go/134600/317194
172.67.194.203301 Moved Permanently 162 B URL HTTP/2 popcash.net/world/go/134600/317194
IP 172.67.194.203:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ron.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Thu, 05 Jan 2023 21:09:03 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nfPAGAAvSfyjimt5zoIiKXiCZoVRdE%2FCd200us%2BSDx1kCazn28i1uJ7Ben7A9kEb7gB3NStl0uxc5cyyyjwJ57SKIL6ldj7h3A2iDbvEcpWuyN2kVjeckV9UShTF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 784f31588b65b529-OSL
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
54.205.43.136200 OK 272 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 54.205.43.136:0
File type HTML document, ASCII text
Hash 3334171a6a0812485de9fbd6ff04544b
9f276599ce6658946725b7cb922635e504adaae4
c9efe76fd4dd760df296609e9fcec179b50ee94f6266feff57e0653585cf5260
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 05 Jan 2023 21:09:04 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 272
Connection: keep-alive
ps.popcash.net/ad/ad?p=134600&w=317194&t=81b65179e1f7a69f&r=&vw=1280&vh=0
54.205.43.136303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=134600&w=317194&t=81b65179e1f7a69f&r=&vw=1280&vh=0
IP 54.205.43.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=134600&w=317194&t=81b65179e1f7a69f&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Thu, 05 Jan 2023 21:09:04 GMT
Location: http://enki-mit.com/zcvisitor/2f279c87-8d3d-11ed-9345-12e64337dca3/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=484dcef0-98c9-11ec-814f-12beee04f19b#pc151445
Server: nginx
Content-Length: 0
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 05 Jan 2023 22:49:32 GMT
Date: Thu, 05 Jan 2023 21:09:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 05 Jan 2023 22:49:32 GMT
Date: Thu, 05 Jan 2023 21:09:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 05 Jan 2023 22:49:32 GMT
Date: Thu, 05 Jan 2023 21:09:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 05 Jan 2023 22:49:32 GMT
Date: Thu, 05 Jan 2023 21:09:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6028
Expires: Thu, 05 Jan 2023 22:49:32 GMT
Date: Thu, 05 Jan 2023 21:09:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F038e46b4-c5e2-4f46-817c-434795e1e545.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F038e46b4-c5e2-4f46-817c-434795e1e545.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ce88a04d7f32ce0497bd84db44da8d4
761049019c342553004815ea394dcf282f2cc613
038aa4e5da1428524de833071814998d6c1d8b8b60d4e9c10e60d8a75f7b88fb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F038e46b4-c5e2-4f46-817c-434795e1e545.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5601
x-amzn-requestid: 54813ea9-9435-4355-910b-5b4d1eadf2ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eGlhgHU1oAMFTYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b282d6-17e772ae5b70371367792063;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 07:08:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hB4FJa_z49ZYA_EY_5CH9CVlU2tYkrhayxyWMmR8lNxR10rjfff-MQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 06:33:38 GMT
age: 52526
etag: "761049019c342553004815ea394dcf282f2cc613"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e832123ea0c92a446b5894e75efc86ae
bb438ca635b43819701067ef07a3d910ad29a0c7
e1b0c6cd873f304de15664f96af6b6914e13fbbfb3e2179ba43369e116446773
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5578
x-amzn-requestid: 93353c3e-1b26-424c-b4c6-0d113703edd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFvpBFGvIAMFobw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b22c9f-1d07cff31ae39320693642f0;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 01:00:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DqWBkBqUffF-tNXmSr2AzrL7hMr0RufOsND4zDF26f8A4c1tetxnWg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 03:41:11 GMT
age: 62873
etag: "bb438ca635b43819701067ef07a3d910ad29a0c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F343434d9-f716-41aa-8934-1a5f79402aa1.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F343434d9-f716-41aa-8934-1a5f79402aa1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 008614d302ad57bc6502ad5e07652378
968bc262d2939ec6f0dce9d852682c0aaf86d3d7
5eab9a2591f0f9761ba3b90a5a191b79b6326cccb1ee6b586b00dfc1517c8db6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F343434d9-f716-41aa-8934-1a5f79402aa1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4248
x-amzn-requestid: 17ccfd69-0d12-42ac-b111-059a68735e70
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eCutmF7mIAMFW2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b0f7f0-5e1653641a0303815656a578;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 03:03:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zxPQmFj8Y1QxN5CKzoPL9l_tBPeokp60xLh7nhRHTWjcdKreTPy01A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 07:08:59 GMT
age: 50405
etag: "968bc262d2939ec6f0dce9d852682c0aaf86d3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa32e61e5-fcf0-4825-a1bf-ea145dd3ae6c.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa32e61e5-fcf0-4825-a1bf-ea145dd3ae6c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cecd6a1a228ac55f193a180229d3a33
9e5fd5a101828d5491305deb539dc5836c5b3065
7bbd9e261625c2d2a700a817c2f10b779c8463baacda02f9f34161c08487ca31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa32e61e5-fcf0-4825-a1bf-ea145dd3ae6c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8721
x-amzn-requestid: 1c24289e-6169-4088-a2b8-311e3640e4bf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eAA7IGTdIAMFzCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63afe1e0-561d5981260c41511219c673;Sampled=0
x-amzn-remapped-date: Sat, 31 Dec 2022 07:16:48 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: qoxCvnR2nVjlCdQJ6Wyq_Ot0p1SVdhl71LEKAm0-tkPMxWHGdIl42w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 07:08:44 GMT
age: 50420
etag: "9e5fd5a101828d5491305deb539dc5836c5b3065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f013561-93d6-474a-8f03-299013f0ba30.webp
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f013561-93d6-474a-8f03-299013f0ba30.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1b2573cd90d9c94112bc677d90d8a7
52830fa620718a629970f4ca9df109ea1d979f2d
f869d532534d81fd1335a9182409f9f1dda1ec7e8dba6445bcd219aec5f5d1e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f013561-93d6-474a-8f03-299013f0ba30.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7367
x-amzn-requestid: 24c48b0b-7f01-4f67-b37e-8bc7ed792c36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eGlAJEqsIAMFeIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b28200-0813561555102cf079fd916a;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 07:04:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 37GusA4sbXjkTta8RVbfbgH9DBDcURpydCozw6ZQmS5biBUxqPZEGQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 05:30:34 GMT
age: 56310
etag: "52830fa620718a629970f4ca9df109ea1d979f2d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb16f641-0924-4c5c-9f83-6779c59c746a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb16f641-0924-4c5c-9f83-6779c59c746a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7711a1490729319952a150b84e91a5d6
11fda31d48a4df3fd6346d92f45a680f500bff64
e9663e981c6716c243b58ac99549dfbe6dd8371c42d50add46457b5911f63529
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb16f641-0924-4c5c-9f83-6779c59c746a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11381
x-amzn-requestid: 6964d7af-01cd-425b-aeb9-89a336f83a25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePKyuGyJoAMF91Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1aa-62558f6852d5861033eecdef;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BQpaWc_3xnsf6SPx3UvVIfgBRURZkVYrXyKQi6Khv6_90Ao78BZDeg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:55:08 GMT
age: 83636
etag: "11fda31d48a4df3fd6346d92f45a680f500bff64"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
enki-mit.com/zcvisitor/2f279c87-8d3d-11ed-9345-12e64337dca3/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=484dcef0-98c9-11ec-814f-12beee04f19b
52.7.54.238302 0 B URL HTTP/1.1 enki-mit.com/zcvisitor/2f279c87-8d3d-11ed-9345-12e64337dca3/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=484dcef0-98c9-11ec-814f-12beee04f19b
IP 52.7.54.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/2f279c87-8d3d-11ed-9345-12e64337dca3/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=484dcef0-98c9-11ec-814f-12beee04f19b HTTP/1.1
Host: enki-mit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Thu, 05 Jan 2023 21:09:04 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://geotrkclknow.com/rot/ZrYlOOwRni7p0sNB
Server: GteZlijP
ocsp.pki.goog/s/gts1p5/_jvK7pzkejU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/_jvK7pzkejU
IP 142.250.74.131:0
Hash 12f8d26fd1ce14df8d5367e4cbfbb3fd
0b6786737fa2dd68fbdb01047f31ec9373c9436b
9f23ff4d1d02b38d7619f32c91b32e2a94bf2eb34c9b448024f3a4298fbbc03c
POST /s/gts1p5/_jvK7pzkejU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/_jvK7pzkejU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/_jvK7pzkejU
IP 142.250.74.131:0
Hash 12f8d26fd1ce14df8d5367e4cbfbb3fd
0b6786737fa2dd68fbdb01047f31ec9373c9436b
9f23ff4d1d02b38d7619f32c91b32e2a94bf2eb34c9b448024f3a4298fbbc03c
POST /s/gts1p5/_jvK7pzkejU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc6a27b9aadfbd6a2501fb322be6ebdc
ba732bcdebb32374983d86b50c16118d86ff2366
ab44f83cdf74fba8b83b172785cad1359ce8cd537b701c627b788303c0004d83
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB44F83CDF74FBA8B83B172785CAD1359CE8CD537B701C627B788303C0004D83"
Last-Modified: Tue, 03 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4785
Expires: Thu, 05 Jan 2023 22:28:49 GMT
Date: Thu, 05 Jan 2023 21:09:04 GMT
Connection: keep-alive
ubfbboxn.com/click?trvid=25893
3.125.239.17200 OK 343 B URL HTTP/2 ubfbboxn.com/click?trvid=25893
IP 3.125.239.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ffc0db8b4f91652d454b72f49490adad
50a53bc1710f7f043091dca668775ae54866186e
aa2a1414a017d0d7f2b2396795db3c278319bdcef43fc02f1a02e20e9017d6b9
GET /click?trvid=25893 HTTP/1.1
Host: ubfbboxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 21:09:04 GMT
content-type: text/html; charset=utf-8
content-length: 343
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
expires: Thu, 01 Jan 1970 00:00:00 UTC
pragma: no-cache
X-Firefox-Spdy: h2
ubfbboxn.com/click?jsreferer=ps.popcash.net&trvid=25893&trvjs=t
3.125.239.17200 OK 1.0 kB URL HTTP/2 ubfbboxn.com/click?jsreferer=ps.popcash.net&trvid=25893&trvjs=t
IP 3.125.239.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (307)
Hash 24a13d3ac216d12185cff1ce304a89fe
a5f5cedf18f6f6c9aaecd1fb0bf9c61294593c0e
4ffb133843084f1cd0339f99277fa3aba99d6af196fd991abc759b29fa7a762a
GET /click?jsreferer=ps.popcash.net&trvid=25893&trvjs=t HTTP/1.1
Host: ubfbboxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ubfbboxn.com/click?trvid=25893
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 21:09:04 GMT
content-type: text/html; charset=utf-8
content-length: 1003
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
expires: Thu, 01 Jan 1970 00:00:00 UTC
pragma: no-cache
set-cookie: ClickDataNG=H4sIAAAAAAAA_1xTTW_bMAz9KwZPGyA4spukiYqgaFNsGNCmA9qul11kmUnUKpJBSflY2_8-yPbSYJdAJF_4yMfnN9giee0sCChynnNgEA4NguAMfKwe_72Vs1ukgDWIpTQeGSij1euPOv3RTkhu7O6FmjEwqGVAEMX4vJyOyulwyEDJTSP1yiZ0OZpMzxhoP_95dexFLsigXQsYlSVnQNFgitITa02owh2GtUsABt5FUm29mDAw0tbarnp4Hz2RAQHAwC2XSKl2fjbhDCqSVq17bFvrkOsQGi8Gg61u0AdH6HPlNgOj7au_1PVuNhrzye_IeTn2sdL17L-tlfOhH3eLNnaqNfLgYvikmkcitOoAAp4eboBBJH3CHatlVbm9bZlbfS9fPOESCWnW-LxxjZJ-nVsM3SSBtrqetZIeEy9-FoCBbq7qmtB7EDAt8inPh2VejIanpXGnUPRIVyu0AQTcuT_aGDkY5Tz78qxt7XY-WzxmBc_5Rfas7Xh4ke3TD21FwUc5_5p9R_XqBiUvOC94kX3ThEu3H7RVSIK0C4CA0_2SUXCrFR4t5tKoPWW6m__1ac3UpyK3822fnuHY4pqkrbtdusSdq9GcJhZyg12sOj6Yy8rg4ObhNgniGxBwbfQ-e3AmJif69qTRBkrHWty3e6y6aRb37-_33rhsngCHhNThcFKAdHlCG-bphr0NSa-0vW1OUoGk9VJ1xvcgbDSGgYo-uA2IN8B9QLLStB8ZfHz8DQAA___Ky5sBrQMAAA==; Expires=Sat, 04 Feb 2023 21:09:04 GMT; SameSite=None; Secure
ClickDataNgFall=H4sIAAAAAAAA_1xTTW_bMAz9KwZPGyA4spukiYqgaFNsGNCmA9qul11kmUnUKpJBSflY2_8-yPbSYJdAJF_4yMfnN9giee0sCChynnNgEA4NguAMfKwe_72Vs1ukgDWIpTQeGSij1euPOv3RTkhu7O6FmjEwqGVAEMX4vJyOyulwyEDJTSP1yiZ0OZpMzxhoP_95dexFLsigXQsYlSVnQNFgitITa02owh2GtUsABt5FUm29mDAw0tbarnp4Hz2RAQHAwC2XSKl2fjbhDCqSVq17bFvrkOsQGi8Gg61u0AdH6HPlNgOj7au_1PVuNhrzye_IeTn2sdL17L-tlfOhH3eLNnaqNfLgYvikmkcitOoAAp4eboBBJH3CHatlVbm9bZlbfS9fPOESCWnW-LxxjZJ-nVsM3SSBtrqetZIeEy9-FoCBbq7qmtB7EDAt8inPh2VejIanpXGnUPRIVyu0AQTcuT_aGDkY5Tz78qxt7XY-WzxmBc_5Rfas7Xh4ke3TD21FwUc5_5p9R_XqBiUvOC94kX3ThEu3H7RVSIK0C4CA0_2SUXCrFR4t5tKoPWW6m__1ac3UpyK3822fnuHY4pqkrbtdusSdq9GcJhZyg12sOj6Yy8rg4ObhNgniGxBwbfQ-e3AmJif69qTRBkrHWty3e6y6aRb37-_33rhsngCHhNThcFKAdHlCG-bphr0NSa-0vW1OUoGk9VJ1xvcgbDSGgYo-uA2IN8B9QLLStB8ZfHz8DQAA___Ky5sBrQMAAA==; Expires=Sat, 04 Feb 2023 21:09:04 GMT
X-Firefox-Spdy: h2
ubfbboxn.com/double?t=2&d=eyJVUkwiOiJodHRwczovL3ZpcGVzdG9yZXMuY29tL2xpbmtzP2lkdz01NjA4XHUwMDI2c3ViaWQ9MW44cmFtbndqcnA2IiwiUmVkaXJlY3RXb3JkaW5nIjoiICIsIlJlZGlyZWN0VGl0bGUiOiJSZWRpcmVjdGlvbi4uLiIsIlJlZGlyZWN0TGlua1RleHQiOiIgIiwiSW5zdGFsbElkIjoyMDAxfQ==
3.125.239.17200 OK 636 B URL HTTP/2 ubfbboxn.com/double?t=2&d=eyJVUkwiOiJodHRwczovL3ZpcGVzdG9yZXMuY29tL2xpbmtzP2lkdz01NjA4XHUwMDI2c3ViaWQ9MW44cmFtbndqcnA2IiwiUmVkaXJlY3RXb3JkaW5nIjoiICIsIlJlZGlyZWN0VGl0bGUiOiJSZWRpcmVjdGlvbi4uLiIsIlJlZGlyZWN0TGlua1RleHQiOiIgIiwiSW5zdGFsbElkIjoyMDAxfQ==
IP 3.125.239.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 31755ebcf281c710b15762cd967eea03
511957ae6731cc758733df3b90d45fa3d1f0ed7e
dadf52091986451a6efcce83d7bfaa373ddec49fc92305a97754f4c69f2736f9
GET /double?t=2&d=eyJVUkwiOiJodHRwczovL3ZpcGVzdG9yZXMuY29tL2xpbmtzP2lkdz01NjA4XHUwMDI2c3ViaWQ9MW44cmFtbndqcnA2IiwiUmVkaXJlY3RXb3JkaW5nIjoiICIsIlJlZGlyZWN0VGl0bGUiOiJSZWRpcmVjdGlvbi4uLiIsIlJlZGlyZWN0TGlua1RleHQiOiIgIiwiSW5zdGFsbElkIjoyMDAxfQ== HTTP/1.1
Host: ubfbboxn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: ClickDataNG=H4sIAAAAAAAA_1xTTW_bMAz9KwZPGyA4spukiYqgaFNsGNCmA9qul11kmUnUKpJBSflY2_8-yPbSYJdAJF_4yMfnN9giee0sCChynnNgEA4NguAMfKwe_72Vs1ukgDWIpTQeGSij1euPOv3RTkhu7O6FmjEwqGVAEMX4vJyOyulwyEDJTSP1yiZ0OZpMzxhoP_95dexFLsigXQsYlSVnQNFgitITa02owh2GtUsABt5FUm29mDAw0tbarnp4Hz2RAQHAwC2XSKl2fjbhDCqSVq17bFvrkOsQGi8Gg61u0AdH6HPlNgOj7au_1PVuNhrzye_IeTn2sdL17L-tlfOhH3eLNnaqNfLgYvikmkcitOoAAp4eboBBJH3CHatlVbm9bZlbfS9fPOESCWnW-LxxjZJ-nVsM3SSBtrqetZIeEy9-FoCBbq7qmtB7EDAt8inPh2VejIanpXGnUPRIVyu0AQTcuT_aGDkY5Tz78qxt7XY-WzxmBc_5Rfas7Xh4ke3TD21FwUc5_5p9R_XqBiUvOC94kX3ThEu3H7RVSIK0C4CA0_2SUXCrFR4t5tKoPWW6m__1ac3UpyK3822fnuHY4pqkrbtdusSdq9GcJhZyg12sOj6Yy8rg4ObhNgniGxBwbfQ-e3AmJif69qTRBkrHWty3e6y6aRb37-_33rhsngCHhNThcFKAdHlCG-bphr0NSa-0vW1OUoGk9VJ1xvcgbDSGgYo-uA2IN8B9QLLStB8ZfHz8DQAA___Ky5sBrQMAAA==; ClickDataNgFall=H4sIAAAAAAAA_1xTTW_bMAz9KwZPGyA4spukiYqgaFNsGNCmA9qul11kmUnUKpJBSflY2_8-yPbSYJdAJF_4yMfnN9giee0sCChynnNgEA4NguAMfKwe_72Vs1ukgDWIpTQeGSij1euPOv3RTkhu7O6FmjEwqGVAEMX4vJyOyulwyEDJTSP1yiZ0OZpMzxhoP_95dexFLsigXQsYlSVnQNFgitITa02owh2GtUsABt5FUm29mDAw0tbarnp4Hz2RAQHAwC2XSKl2fjbhDCqSVq17bFvrkOsQGi8Gg61u0AdH6HPlNgOj7au_1PVuNhrzye_IeTn2sdL17L-tlfOhH3eLNnaqNfLgYvikmkcitOoAAp4eboBBJH3CHatlVbm9bZlbfS9fPOESCWnW-LxxjZJ-nVsM3SSBtrqetZIeEy9-FoCBbq7qmtB7EDAt8inPh2VejIanpXGnUPRIVyu0AQTcuT_aGDkY5Tz78qxt7XY-WzxmBc_5Rfas7Xh4ke3TD21FwUc5_5p9R_XqBiUvOC94kX3ThEu3H7RVSIK0C4CA0_2SUXCrFR4t5tKoPWW6m__1ac3UpyK3822fnuHY4pqkrbtdusSdq9GcJhZyg12sOj6Yy8rg4ObhNgniGxBwbfQ-e3AmJif69qTRBkrHWty3e6y6aRb37-_33rhsngCHhNThcFKAdHlCG-bphr0NSa-0vW1OUoGk9VJ1xvcgbDSGgYo-uA2IN8B9QLLStB8ZfHz8DQAA___Ky5sBrQMAAA==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 21:09:05 GMT
content-type: text/html; charset=utf-8
content-length: 636
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
expires: Thu, 01 Jan 1970 00:00:00 UTC
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8cf2af550643dea1ae5519d32f922c01
7afa37900fcfa29d3fcdcd28d0f60ff54d71613c
7e6fe87040f4155e0eae63daaaa906402546c530cbdc840726319a750371aa71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5442
Cache-Control: max-age=157960
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:05 GMT
Etag: "63b6ed37-116"
Expires: Sat, 07 Jan 2023 17:01:45 GMT
Last-Modified: Thu, 05 Jan 2023 15:31:03 GMT
Server: ECS (amb/6BB2)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8cf2af550643dea1ae5519d32f922c01
7afa37900fcfa29d3fcdcd28d0f60ff54d71613c
7e6fe87040f4155e0eae63daaaa906402546c530cbdc840726319a750371aa71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5442
Cache-Control: max-age=157960
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:05 GMT
Etag: "63b6ed37-116"
Expires: Sat, 07 Jan 2023 17:01:45 GMT
Last-Modified: Thu, 05 Jan 2023 15:31:03 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 9a9404be8eb67359c1c96bec2d725f6d
fe081f027b04c2ae0508affead06a81114039575
b617bcf89a92c4f95a89aadccd0ad15c7e5885e76e298020b6ea293d4bddd541
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 21:09:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 04 Jan 2023 00:48:22 GMT
Expires: Wed, 11 Jan 2023 00:48:21 GMT
Etag: "fe081f027b04c2ae0508affead06a81114039575"
Cache-Control: max-age=444555,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 784f31657c580b69-OSL
hellofresheuro.sjv.io/c/229435/1285779/9318?subId1=1n8ramnwjrp6
35.227.211.136302 Found 241 B URL HTTP/2 hellofresheuro.sjv.io/c/229435/1285779/9318?subId1=1n8ramnwjrp6
IP 35.227.211.136:0
File type HTML document, ASCII text
Hash 4204616f07ee2c3206ac5e8144c0d26c
dc11fa4cf577be290c4ff8276931338e616d85d5
7f23f766318c7cc86e975b8e3d11340a557812a0efbe84f7112f18448cb6bada
GET /c/229435/1285779/9318?subId1=1n8ramnwjrp6 HTTP/1.1
Host: hellofresheuro.sjv.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vipestores.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Thu, 05 Jan 2023 21:09:05 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
location: https://www.ojrq.net/p/?return=https%3A%2F%2Fhellofresheuro.sjv.io%2Fc%2F229435%2F1285779%2F9318%3FsubId1%3D1n8ramnwjrp6%26level%3D1%26srcref%3Dhttps%253A%252F%252Fvipestores.com%252F&cid=9318&tpsync=yes
content-type: text/html; charset=utf-8
content-length: 241
date: Thu, 05 Jan 2023 21:09:05 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 9a9404be8eb67359c1c96bec2d725f6d
fe081f027b04c2ae0508affead06a81114039575
b617bcf89a92c4f95a89aadccd0ad15c7e5885e76e298020b6ea293d4bddd541
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 21:09:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 04 Jan 2023 00:48:22 GMT
Expires: Wed, 11 Jan 2023 00:48:21 GMT
Etag: "fe081f027b04c2ae0508affead06a81114039575"
Cache-Control: max-age=444555,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 784f31664cf00b69-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 38795a099dfcd20861c38664681cb736
2cfc51c6ba69fecbf9a82865036eb4bcacabef5b
1b79672b55c9b6f3d28196302ab932b734c2dc19a40a2c21589d358ddc4654c8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 21:09:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 03 Jan 2023 19:08:01 GMT
Expires: Tue, 10 Jan 2023 19:08:00 GMT
Etag: "2cfc51c6ba69fecbf9a82865036eb4bcacabef5b"
Cache-Control: max-age=424134,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 784f31666f60b50c-OSL
www.ojrq.net/p/?return=https%3A%2F%2Fhellofresheuro.sjv.io%2Fc%2F229435%2F1285779%2F9318%3FsubId1%3D1n8ramnwjrp6%26level%3D1%26srcref%3Dhttps%253A%252F%252Fvipestores.com%252F&cid=9318&tpsync=yes
34.95.127.121302 Found 0 B URL HTTP/2 www.ojrq.net/p/?return=https%3A%2F%2Fhellofresheuro.sjv.io%2Fc%2F229435%2F1285779%2F9318%3FsubId1%3D1n8ramnwjrp6%26level%3D1%26srcref%3Dhttps%253A%252F%252Fvipestores.com%252F&cid=9318&tpsync=yes
IP 34.95.127.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/?return=https%3A%2F%2Fhellofresheuro.sjv.io%2Fc%2F229435%2F1285779%2F9318%3FsubId1%3D1n8ramnwjrp6%26level%3D1%26srcref%3Dhttps%253A%252F%252Fvipestores.com%252F&cid=9318&tpsync=yes HTTP/1.1
Host: www.ojrq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vipestores.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Thu, 05 Jan 2023 21:09:05 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
set-cookie: brwsr=3010eb56-8d3d-11ed-861d-efd8bbf4fe1b; Domain=.ojrq.net; Path=/; Secure; Max-Age=62208000; Expires=Wed, 25 Dec 2024 21:09:05 GMT; HttpOnly; SameSite=None
location: https://hellofresheuro.sjv.io/c/229435/1285779/9318?subId1=1n8ramnwjrp6&level=1&srcref=https%3A%2F%2Fvipestores.com%2F&brwsr=3010eb56-8d3d-11ed-861d-efd8bbf4fe1b&brwsrsig=Qi01gAy2R1bWRdq3DTWGsxlYSglTpm
content-length: 0
date: Thu, 05 Jan 2023 21:09:05 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 38795a099dfcd20861c38664681cb736
2cfc51c6ba69fecbf9a82865036eb4bcacabef5b
1b79672b55c9b6f3d28196302ab932b734c2dc19a40a2c21589d358ddc4654c8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 05 Jan 2023 21:09:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 03 Jan 2023 19:08:01 GMT
Expires: Tue, 10 Jan 2023 19:08:00 GMT
Etag: "2cfc51c6ba69fecbf9a82865036eb4bcacabef5b"
Cache-Control: max-age=424134,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 784f31673e530b69-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d7fa4dacced7a22be4a5988523bc069e
92a9357aa883137bb87f4e6e16e11f33ed3395ef
02b41a9f41a6f721eafd620266f09361da2f7bb92a19f54534d4ff250649c272
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=87383
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:06 GMT
Etag: "63b5eec9-117"
Expires: Fri, 06 Jan 2023 21:25:29 GMT
Last-Modified: Wed, 04 Jan 2023 21:25:29 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d7fa4dacced7a22be4a5988523bc069e
92a9357aa883137bb87f4e6e16e11f33ed3395ef
02b41a9f41a6f721eafd620266f09361da2f7bb92a19f54534d4ff250649c272
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2
Cache-Control: max-age=87383
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:07 GMT
Etag: "63b5eec9-117"
Expires: Fri, 06 Jan 2023 21:25:30 GMT
Last-Modified: Wed, 04 Jan 2023 21:25:29 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
vipestores.com/no/food/hellofreshno
188.114.97.1200 OK 24 kB URL HTTP/2 vipestores.com/no/food/hellofreshno
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash edca005e0f4a6a00e2dee791854fa352
640cbe7eac421f668c8f709631133bda837b7b38
6aec944340267d88e5d3a799749a2a9155da23dca6184abcbc727be247565cd6
GET /no/food/hellofreshno HTTP/1.1
Host: vipestores.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjBMMEZCL05SQUpLejVEQ1Bod2lyV3c9PSIsInZhbHVlIjoiT053b0c2NVRzRzR6TGMzL1Y5Z25pckw3dU9rMHE1dWcyaWQ2SnZ3YVd3SVFUSGgrQVRyUUNFcHgvb0NDZkpENyIsIm1hYyI6IjFlMGRhODc4MWVjODhhNmI4ODZmZTM2OTVmMzcwM2NiNTJmNjc1MDhkODg3ZDJhZGExMDQxZWZlMTZhMDZjN2MifQ%3D%3D; vipstores_session=eyJpdiI6IjE3WHVQYWFNczZPNWdFbDB2MTAzcGc9PSIsInZhbHVlIjoiSnYvNUVIbmg1UURaRlRIbHhIZjRIZG1oZWQxdFQ2OFQxTUJtRmlLYU9hamNWZEhJY0R6ZnJjcGtyS1FLN0tLQyIsIm1hYyI6IjU2ZTlhYWU4OGFjMTQwNDA5ODI3NTVjNDc4MTY3ODhjOGZmOTczY2RkMDU0NzRlZjM5ZDQ1M2UwNjIyYWI0NTYifQ%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:05 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImRqZjJNaS8rWmQ2T2NqSG14RktrU3c9PSIsInZhbHVlIjoiQ0gvMFhaNVhTMEdLOGFNTEVMNmxVVVFDQnZIZHFINFN3eGorQkF2MlpoWUI3ek5CNzVndkE2V0pLMXVueVJBVSIsIm1hYyI6ImRhNmUwZDEwNThlY2U5ZTRmMzJhODc3M2QzNWMxYWY5ODc3MGUzYTkyZmY3Y2NmMmMwMjRjMjQ0YTkyZWNkZWMifQ%3D%3D; expires=Thu, 05-Jan-2023 23:09:05 GMT; Max-Age=7200; path=/; samesite=lax
vipstores_session=eyJpdiI6InhPRXFxa21VQmkvanVSeStrRW5ub0E9PSIsInZhbHVlIjoiVlZKb3dDWHlpSm5EUzRPZ1NXd1FtVFd6L0lXVXhwU1J5ZzdGVDFTR0l5M29sbzh6NnpVTFFPSFFZQXA2YWcwVSIsIm1hYyI6IjVjN2Y4MDMwYjZiMjMzNGQ3NjUwYjE4Njk2ODRiOTZkOWM2OWFiNDZlODQwNDI4YTk0ZjA1Y2FiMmRmOTI3ZTUifQ%3D%3D; expires=Thu, 05-Jan-2023 23:09:05 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fe%2BwSadmiZlNsob2IEtfB8yommBzV%2FiZPHGf0omT4I7sGqH3a0LrHf0WbDUTcu%2FXzWjCN1ccLH3NJoXXFncLLV%2FRbYHonwcJU%2BcXm0QU6FrBgb8JHoFen%2FoeH5PH7496qw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 784f31645a6eb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.hellofresh.com/gb/cms/landing_pages/resolution/reason-check-mark-copy.png
104.18.11.23200 OK 1.6 kB URL HTTP/2 cdn.hellofresh.com/gb/cms/landing_pages/resolution/reason-check-mark-copy.png
IP 104.18.11.23:0
File type PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash e4378df8bebcf9bbc8ba9ead5702899e
518ac6b70262a0dd2d2b0dcff99f15704a1720b6
912080697605bebbd5a1571eb2e561ca5eac35c8904198fa093a79ba8f8f90bb
GET /gb/cms/landing_pages/resolution/reason-check-mark-copy.png HTTP/1.1
Host: cdn.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:07 GMT
content-type: image/png
content-length: 1569
x-amz-id-2: STnALr1jKFq3KCIHQwX7cTP2ftyrW+xRvfR/oUSr9c5CaHYYjC7crwi86Jq+vgwuo9IoWwLkr2Q=
x-amz-request-id: KDS5WSHFNJ3E8NTP
last-modified: Wed, 14 Aug 2019 13:24:12 GMT
etag: "e4378df8bebcf9bbc8ba9ead5702899e"
x-amz-version-id: null
cf-cache-status: HIT
age: 23847882
expires: Fri, 06 Jan 2023 01:09:07 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=G5cMSrGfkSn0EvkEX2gf1iK1tvHjwZl0l2ncs9yZVcI-1672952947-0-AUm0vipHT8jT2tbZPBOaU0whYHucVYvfLVYf0EkiSm4D03owcSqL6UHE2UQWzonTv9fZ1E0v9Lb8zqwfrqAsM6rU6mv3X6ZUG5cCkix5fzPC; path=/; expires=Thu, 05-Jan-23 21:39:07 GMT; domain=.hellofresh.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f31718ad30b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.hellofresh.com/assets/fonts/source-sans-pro-v11/latin-regular.woff2
104.18.10.23200 OK 16 kB URL HTTP/2 www.hellofresh.com/assets/fonts/source-sans-pro-v11/latin-regular.woff2
IP 104.18.10.23:0
File type Web Open Font Format (Version 2), TrueType, length 15908, version 1.0\012- data
Hash 76d8cbb0496cb184eff868152b67ad45
d4ae4e38ca7bb859c359e9df16efeb35a009053c
cb992eae898417162c48b37712991d9ad8053c4a64fce51aff195edc69dc35f2
GET /assets/fonts/source-sans-pro-v11/latin-regular.woff2 HTTP/1.1
Host: www.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hellofresh.no
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:07 GMT
content-type: binary/octet-stream
content-length: 15908
access-control-allow-methods: HEAD, GET
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: public, max-age=31536000
etag: "76d8cbb0496cb184eff868152b67ad45"
last-modified: Thu, 21 Feb 2019 10:26:05 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-id-2: 9wphEsbWaEEvxp2EdyEvMddLdPNTB9Yy0ef8oEHYO3XzofHu8q1q/pALEufthLS49LP92xdN/oc=
x-amz-request-id: 9NJ9VPQEJ2CKC5Z8
x-envoy-upstream-service-time: 34
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 15950255
expires: Fri, 05 Jan 2024 21:09:07 GMT
accept-ranges: bytes
set-cookie: __cf_bm=iVexBKYzguBssk9Lta7faVnm2YjzomTUVmDrtD7IXRU-1672952947-0-AS7Y2RtcjfmOn8WGBV+qNAOOuPJ0qtDzDyODrjfzayrJUwxrb7hK7ypu8o2s7ard/OQPfxM+k1oc+9lejk/XDoOjIw3uFP3HswSkAG4xRxIL; path=/; expires=Thu, 05-Jan-23 21:39:07 GMT; domain=.hellofresh.com; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f3171cd62b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.hellofresh.com/assets/fonts/source-sans-pro-v11/latin-600.woff2
104.18.10.23200 OK 16 kB URL HTTP/2 www.hellofresh.com/assets/fonts/source-sans-pro-v11/latin-600.woff2
IP 104.18.10.23:0
File type Web Open Font Format (Version 2), TrueType, length 15784, version 1.0\012- data
Hash b3866d3fbe239e8754f4db4795ce2817
a0c7bead0f83f1a6419f026c899de3af7c9e55e2
d8381e66783011957eabadb622d7899061bf93e78fff38ebfe00ab743d6c8e60
GET /assets/fonts/source-sans-pro-v11/latin-600.woff2 HTTP/1.1
Host: www.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hellofresh.no
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:07 GMT
content-type: binary/octet-stream
content-length: 15784
access-control-allow-methods: HEAD, GET
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: public, max-age=31536000
etag: "b3866d3fbe239e8754f4db4795ce2817"
last-modified: Thu, 21 Feb 2019 10:26:04 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-id-2: OtbktZWLFtU+q2lN+/jY6epRXzmJ4SsM9G2j3tzIXNDwV+JRpZVxWj/htK+KSaBFcQQxHVRwZ2Y=
x-amz-request-id: BYFZ55ZZFHDVQZTQ
x-envoy-upstream-service-time: 53
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 18402148
expires: Fri, 05 Jan 2024 21:09:07 GMT
accept-ranges: bytes
set-cookie: __cf_bm=3errJYNn.TWUlguqktdNPzRzMbiN5VvUNSC7jljluxI-1672952947-0-Aft909+ajuX0UcYmjxYNrz/5hroliWu85hvDXchnmWz3+aGXM+foa/SuoWCF8l6KrZm4yneBNq+wSF4lo+2K+KQo6hrWVeZWDHXqVmTEFtF2; path=/; expires=Thu, 05-Jan-23 21:39:07 GMT; domain=.hellofresh.com; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f31721da8b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.hellofresh.com/assets/fonts/agrandir-v1/Agrandir-HelloFresh_Regular.woff2
104.18.10.23200 OK 24 kB URL HTTP/2 www.hellofresh.com/assets/fonts/agrandir-v1/Agrandir-HelloFresh_Regular.woff2
IP 104.18.10.23:0
File type Web Open Font Format (Version 2), CFF, length 23704, version 3.-32768\012- data
Hash 021fc9cc68ba65a1b90ac6cc63f14e6b
80d9a94446ef23cfbf8b84129f4e3006e85af3f2
460c21e6ad4856a0b727beb6175ecf7dad82ae8f91d4b9639ba693e8ce8409cb
GET /assets/fonts/agrandir-v1/Agrandir-HelloFresh_Regular.woff2 HTTP/1.1
Host: www.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hellofresh.no
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:07 GMT
content-type: binary/octet-stream
content-length: 23704
access-control-allow-methods: HEAD, GET
access-control-allow-origin: *
access-control-max-age: 3000
etag: "021fc9cc68ba65a1b90ac6cc63f14e6b"
last-modified: Tue, 02 Mar 2021 13:26:12 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-id-2: ZLka0EL93w1NcKjSvbHFfH5qT27fOoaDxTZWOvzJLiut0szNCAGSEkzYKHTzTytmEG380yYratY=
x-amz-request-id: 9NJ4S9WSJ1B5CYPV
x-envoy-upstream-service-time: 48
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 14562697
expires: Fri, 06 Jan 2023 01:09:07 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=kHl3aDg5a80hNnwoltGtFUe2XHzA2CwYlC5FLc5Rgnw-1672952947-0-AfZcnKfuV0SsQR0fDM2c/m7NsCAS2HH7Rl7/KB3x8aD1VQdHClF/AwQxddmDQu2bAtnBYoXj38ZENUeNfN1JIURDprEb/1IZzyFHpEJnBTfP; path=/; expires=Thu, 05-Jan-23 21:39:07 GMT; domain=.hellofresh.com; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f31721da9b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.hellofresh.com/f_auto,fl_lossy,q_auto/hellofresh_website/gb/cms/icons/icon_review.svg
2.18.173.70200 OK 226 B URL HTTP/2 img.hellofresh.com/f_auto,fl_lossy,q_auto/hellofresh_website/gb/cms/icons/icon_review.svg
IP 2.18.173.70:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 141dde902e3063eb268d206d245427ac
b095c04427762ae762ddb3372229feb1ca3c03df
2e5a2afd4a4d04ad49a50028351b55180ae6110cde4fe2cb5049a154f2e7e6ea
GET /f_auto,fl_lossy,q_auto/hellofresh_website/gb/cms/icons/icon_review.svg HTTP/1.1
Host: img.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="icon_review.webp"
content-type: image/webp
etag: "141dde902e3063eb268d206d245427ac"
last-modified: Sat, 10 Oct 2020 04:56:27 GMT
content-length: 226
date: Thu, 05 Jan 2023 21:09:07 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent,Save-Data
x-content-type-options: nosniff
server-timing: akam;dur=5;start=2023-01-05T21:09:07.580Z;desc=hit,rtt;dur=2
X-Firefox-Spdy: h2
img.hellofresh.com/f_auto,fl_lossy,q_auto/hellofresh_website/be/cms/landing_pages/icon-instagram.svg
2.18.173.70200 OK 258 B URL HTTP/2 img.hellofresh.com/f_auto,fl_lossy,q_auto/hellofresh_website/be/cms/landing_pages/icon-instagram.svg
IP 2.18.173.70:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bd2715fda7834cefbabd5e9bfdac652c
70bc45ac4e8dd257e243436dd39cdbdc46b806e5
c4f1422e96cba148b1f19325b85d8d73a97f69388f6f6f025bf56e296c7857c9
GET /f_auto,fl_lossy,q_auto/hellofresh_website/be/cms/landing_pages/icon-instagram.svg HTTP/1.1
Host: img.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="icon-instagram.webp"
content-type: image/webp
etag: "bd2715fda7834cefbabd5e9bfdac652c"
last-modified: Fri, 11 Feb 2022 10:44:31 GMT
content-length: 258
date: Thu, 05 Jan 2023 21:09:07 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent,Save-Data
x-content-type-options: nosniff
server-timing: akam;dur=4;start=2023-01-05T21:09:07.592Z;desc=hit,rtt;dur=2
X-Firefox-Spdy: h2
img.hellofresh.com/f_auto,fl_lossy,q_auto/hellofresh_website/be/cms/landing_pages/icon-facebook.svg
2.18.173.70200 OK 148 B URL HTTP/2 img.hellofresh.com/f_auto,fl_lossy,q_auto/hellofresh_website/be/cms/landing_pages/icon-facebook.svg
IP 2.18.173.70:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 25a295a551b7b2b421c8297166eabe03
7c65f16425576ddaa1bd0a8ebd05fee8e99af6c3
e05fe32b622f725d30adeeda1b91502830182d340a97ba4f4a1bf27b24b2fb0f
GET /f_auto,fl_lossy,q_auto/hellofresh_website/be/cms/landing_pages/icon-facebook.svg HTTP/1.1
Host: img.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="icon-facebook.webp"
content-type: image/webp
etag: "25a295a551b7b2b421c8297166eabe03"
last-modified: Fri, 11 Feb 2022 10:44:31 GMT
content-length: 148
date: Thu, 05 Jan 2023 21:09:07 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent,Save-Data
x-content-type-options: nosniff
server-timing: akam;dur=6;start=2023-01-05T21:09:07.606Z;desc=hit,rtt;dur=3
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e4fdd703d4ebb3209cd70c0ffd234da1
2e3a0a6fe0e63d2991e4b8726d5a2c21406a0dc1
ff40f371b1ebac1fbc0e809a0e85f500977372f25e8a72eda450083755fef11d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.hellofresh.com/f_auto,fl_lossy,q_auto,w_500/hellofresh_website/dk/cms/Landing%20pages/Global_HIW_Gif__NO.gif
2.18.173.70200 OK 112 kB URL HTTP/2 img.hellofresh.com/f_auto,fl_lossy,q_auto,w_500/hellofresh_website/dk/cms/Landing%20pages/Global_HIW_Gif__NO.gif
IP 2.18.173.70:0
Size 112 kB (112163 bytes)
Hash 382a8648968f8257a1d9ce8eed25422c
47e961aa900749ceb10ccf32fe689162967f8dc2
2e25557c49bc60627effac99fdc268b11b3b94046eab3e303a6d53bc03feedd4
GET /f_auto,fl_lossy,q_auto,w_500/hellofresh_website/dk/cms/Landing%20pages/Global_HIW_Gif__NO.gif HTTP/1.1
Host: img.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-disposition: inline; filename="Global_HIW_Gif__NO.webp"
content-type: image/webp
etag: "dd6faba5e781cac2c670424233f4569c"
last-modified: Wed, 01 Dec 2021 11:02:49 GMT
content-length: 108780
date: Thu, 05 Jan 2023 21:09:07 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent,Save-Data
x-content-type-options: nosniff
server-timing: akam;dur=5;start=2023-01-05T21:09:07.600Z;desc=hit,rtt;dur=3
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 6.5 kB IP 142.250.74.131:0
Hash bb14c653f5fe82709ae2baa7ed8a20a8
fb6a29c004539d769f57c6163271e86345b714d9
f9d70a101ca2583d2e4e228dd39b943dd44743d68d0b02f33d52dff12609b93a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-KMWJG5K
142.250.74.168200 OK 85 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KMWJG5K
IP 142.250.74.168:0
File type ASCII text, with very long lines (36834)
Hash 3263b2b4ef45e94f4e0777babfa69cb1
423bfc2125273bc712bc03e33c0c91d1be00ee3e
5cc26cd5b35001a03f2c20b626e93e39d50b86c4174282aae580dccf6760cc6e
GET /gtm.js?id=GTM-KMWJG5K HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 05 Jan 2023 21:09:07 GMT
expires: Thu, 05 Jan 2023 21:09:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85387
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-NX6F8ZR
142.250.74.168200 OK 78 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-NX6F8ZR
IP 142.250.74.168:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 74b9f9de1428d285df4191ad5a19393d
8672b6c3e7be943439b82126986e0793b86be62e
56da94bc3d59588e34910c01cc90032f569fad2df7ed269216a849d5e74d5396
GET /gtm.js?id=GTM-NX6F8ZR HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 05 Jan 2023 21:09:07 GMT
expires: Thu, 05 Jan 2023 21:09:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 58073
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 3.6 kB IP 142.250.74.131:0
Hash 5b054da576dfbafe859d167f9c23f50c
6195be4f22febb5b1e933ca7b325bebfaad5ac9c
d6a2a44f6856e1364f7d9813ff5f00d675c320d8a759b1ff6e57c8168352997e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac952a23a955cca4b6feddd6459de86f
0a20125cf6413cfa2bc989389e7e3a261b10007a
229811ad51e2204f1b3542cc1776c85a2978d2a7a2b7244efb2c0181eb80c3cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "229811AD51E2204F1B3542CC1776C85A2978D2A7A2B7244EFB2C0181EB80C3CF"
Last-Modified: Wed, 04 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21333
Expires: Fri, 06 Jan 2023 03:04:40 GMT
Date: Thu, 05 Jan 2023 21:09:07 GMT
Connection: keep-alive
o46710.ingest.sentry.io/api/5396938/envelope/?sentry_key=5c397ef08a6c49098d09dfd70fddf09e&sentry_version=7&sentry_client=sentry.javascript.react%2F7.20.0
34.120.195.249200 OK 1.8 kB URL HTTP/2 o46710.ingest.sentry.io/api/5396938/envelope/?sentry_key=5c397ef08a6c49098d09dfd70fddf09e&sentry_version=7&sentry_client=sentry.javascript.react%2F7.20.0
IP 34.120.195.249:0
Hash f9cd7ed1dd30b30087f6dee6b47d79f9
c725b7316cd5df583169f8471574ff0d09a7318f
dea1740d8d156c387a869c818e512711ac284939cf329d1eb942eab05fdf70d5
POST /api/5396938/envelope/?sentry_key=5c397ef08a6c49098d09dfd70fddf09e&sentry_version=7&sentry_client=sentry.javascript.react%2F7.20.0 HTTP/1.1
Host: o46710.ingest.sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hellofresh.no/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.hellofresh.no
Content-Length: 421
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 21:09:07 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: https://www.hellofresh.no
access-control-expose-headers: retry-after, x-sentry-error, x-sentry-rate-limits
vary: Origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac952a23a955cca4b6feddd6459de86f
0a20125cf6413cfa2bc989389e7e3a261b10007a
229811ad51e2204f1b3542cc1776c85a2978d2a7a2b7244efb2c0181eb80c3cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "229811AD51E2204F1B3542CC1776C85A2978D2A7A2B7244EFB2C0181EB80C3CF"
Last-Modified: Wed, 04 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21333
Expires: Fri, 06 Jan 2023 03:04:40 GMT
Date: Thu, 05 Jan 2023 21:09:07 GMT
Connection: keep-alive
img.hellofresh.com/w_96,q_auto,f_auto,c_limit,fl_lossy/hellofresh_website/logo/ModularLandingPages/Logo6.png
2.18.173.70200 OK 1.4 kB URL HTTP/2 img.hellofresh.com/w_96,q_auto,f_auto,c_limit,fl_lossy/hellofresh_website/logo/ModularLandingPages/Logo6.png
IP 2.18.173.70:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 09fbd5cdf8d5764f0de7d7e3e384fb91
f800a2207e398b8fa121123a7bd2002dfd83fada
daceaff1bdfac7ee409f1f6696e2c1406d39d24bd374c28872839536514deb15
GET /w_96,q_auto,f_auto,c_limit,fl_lossy/hellofresh_website/logo/ModularLandingPages/Logo6.png HTTP/1.1
Host: img.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Cookie: __cf_bm=_C.TqiNM9buwDIUhnLhFEowxUtuRHf1oh43.SP7Coxw-1672952947-0-AZha3RPFp5ydw0ANDlav447muQ4Yqdt3bz5CIQFo5gjNJxE7+NV9u1Clv27dAgDpaYfNexj8wArMrN4/6rp5xcOZ7JW2w0dtjXOfgSl9B7wg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-disposition: inline; filename="Logo6.webp"
content-type: image/webp
etag: "09fbd5cdf8d5764f0de7d7e3e384fb91"
last-modified: Tue, 27 Dec 2022 10:47:31 GMT
content-length: 1396
date: Thu, 05 Jan 2023 21:09:08 GMT
cache-control: private, no-transform, immutable, max-age=31536000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: *
server: Cloudinary
strict-transport-security: max-age=604800
vary: Accept,User-Agent,Save-Data
x-content-type-options: nosniff
server-timing: akam;dur=4;start=2023-01-05T21:09:08.543Z;desc=hit,rtt;dur=6
X-Firefox-Spdy: h2
cdn.hellofresh.com/au/cms/banners/hero/BTS_LP_Tablet.jpg
104.18.11.23200 OK 4.6 kB URL HTTP/2 cdn.hellofresh.com/au/cms/banners/hero/BTS_LP_Tablet.jpg
IP 104.18.11.23:0
Hash 05365a5549b6d2cd8a1b022222b0b36e
2422376d621da83cf7029572b41056466fc7510f
dcd4e3a171443b4650318a2255984424b4ad267cf610122897ab835098e28569
GET /au/cms/banners/hero/BTS_LP_Tablet.jpg HTTP/1.1
Host: cdn.hellofresh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:07 GMT
content-type: image/jpeg
content-length: 596435
cf-bgj: h2pri
etag: "28c9fdee3ccdcb715c2528368d8f506e"
last-modified: Tue, 14 Sep 2021 08:20:24 GMT
x-amz-id-2: 09dDxT3GxLcaL17wY91k/WNsa3zuDMsoXnIjTQe3496uFdOIe2+Hd9R8ybv06UVZx5kgpC1MaaY=
x-amz-request-id: Q51XR8B2W1Q7C350
x-amz-version-id: NA2hwIR7pChwaqKeqPnYjDKC2t6fcpUM
cf-cache-status: HIT
age: 4592889
expires: Fri, 06 Jan 2023 01:09:07 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=_C.TqiNM9buwDIUhnLhFEowxUtuRHf1oh43.SP7Coxw-1672952947-0-AZha3RPFp5ydw0ANDlav447muQ4Yqdt3bz5CIQFo5gjNJxE7+NV9u1Clv27dAgDpaYfNexj8wArMrN4/6rp5xcOZ7JW2w0dtjXOfgSl9B7wg; path=/; expires=Thu, 05-Jan-23 21:39:07 GMT; domain=.hellofresh.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f31719adb0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/Ifmjw5UV6aI
142.250.74.131200 OK 11 kB URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Ifmjw5UV6aI
IP 142.250.74.131:0
Hash 6e6e3f048f3f323dfd3a81581598def4
f32303b5adec02b31825e062bfa4b52758141b7d
2e566e9dd43b64aa4609b3a83b384bdd3dddfb2122abfef8f9bf54563101be31
POST /s/gts1d4/Ifmjw5UV6aI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cookielaw.org/scripttemplates/otSDKStub.js
104.16.148.64200 OK 13 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP 104.16.148.64:0
Hash 65b3142176b82ca90877357139d3fd75
54d64a0d3deafabccd3a91c6bef9c208e6937760
4287787ce20ab5d4a0a8bbd7d232bf9317a464eb65e4937dd3c545d249e83e55
GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:08 GMT
content-type: application/javascript
content-length: 7151
content-encoding: gzip
content-md5: QpLkTroHlqrE0LequA2uwg==
last-modified: Wed, 04 Jan 2023 21:21:46 GMT
etag: 0x8DAEE99AF43D116
x-ms-request-id: 9e12c7f5-201e-014e-589a-205b56000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 69541
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f31795deeb4ff-OSL
X-Firefox-Spdy: h2
tms.hft.hellofresh.no/measurement-script
34.110.220.115200 OK 219 kB URL HTTP/2 tms.hft.hellofresh.no/measurement-script
IP 34.110.220.115:0
File type ASCII text, with very long lines (19336)
Size 219 kB (219149 bytes)
Hash 2d5863441b9891f25ff499edbefc030c
db5772366015316eb184cc9a9f4609abe87b984d
b58353e1321b3da5b11e64267043ddd89ec36a4566678a6752733d582f292932
GET /measurement-script HTTP/1.1
Host: tms.hft.hellofresh.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Cookie: __cf_bm=btpNV4INBRANzj0DCte_CsIYYD.kgtDhIXFYhwBhTzU-1672952947-0-AQL8ImGenz8rd06O5qbD3RBmQjXi17Lqax5+V+gztu6IGrr2Xrl9G95ujRBgMj5kD0+teRAt1LUSKni2/7S9+GzELM/U3dfMrg1eHJiTpv1s; __cfruid=5349852968cb35000f306b7392dc1c5b2621db04-1672952947
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accept-ranges: none
x-cloud-trace-context: 03948ba6b5eaf0346aa9d41737909e1f;o=1
date: Thu, 05 Jan 2023 21:09:08 GMT
server: Google Frontend
content-length: 219149
via: 1.1 google
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/Ifmjw5UV6aI
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Ifmjw5UV6aI
IP 142.250.74.131:0
Hash 416bc45b013c731d51c4e8899c9e5d60
7fb1b948244760d28aab4471636972a3e4c146be
d08d5be7b80270e92cc4c8e7aed6cb992f46c371ccbc68b80e6bd9c1604aefb1
POST /s/gts1d4/Ifmjw5UV6aI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash e1c97a68e732df33d7ed327967ea93bd
c1fc1c42b12eeb5e56e767d36af862248ba95cbc
eaafeadc5b8396e555f120abe0da4e5300aeaad7a5faf0d0f7b3c3351bfd01da
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=130799
Date: Thu, 05 Jan 2023 21:09:08 GMT
Etag: "63b6905c-1d7"
Expires: Sat, 07 Jan 2023 09:29:07 GMT
Last-Modified: Thu, 05 Jan 2023 08:54:52 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 13RmeVYW0Bysdv06D3S25TkFwYgu7OPAfELnUboIkr4_1vSdIFX2IA==
Age: 2055
web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/live/chat-live.js
52.218.30.0200 OK 59 kB URL HTTP/1.1 web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/live/chat-live.js
IP 52.218.30.0:0
Hash 382b010ef49a4effbc60693bb121dbef
1374f4cfeebc538e425561dee8350fb705c43a01
a1875808f1c68e65f73ff1fd9bd2ee01b30e3e1bc920fcc28270646b4f1e4a52
GET /live/chat-live.js HTTP/1.1
Host: web-chat-tag-cdn.s3.eu-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: DNWa7cdavzJ4I4NLgpKDbAEbSGxfGu25CI1G6a0wxLSK+uDBIFCL1bp/Vv5LdmvYHwguqGg6atU=
x-amz-request-id: PJZ8684RGEC55NG4
Date: Thu, 05 Jan 2023 21:09:09 GMT
x-amz-replication-status: FAILED
Last-Modified: Fri, 23 Dec 2022 12:18:04 GMT
ETag: "ec8dd6d937918496f3c59ae6e5282e19"
Cache-Control: no-cache,max-age=0,immutable
Content-Encoding: gzip
x-amz-version-id: LFDevC4oYPGlvvTYZoD0SqRaWa8PdV5x
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 52442
cdn.cookielaw.org/consent/dba35d25-ed8a-4c6b-a9d4-17eb16750212/dba35d25-ed8a-4c6b-a9d4-17eb16750212.json
104.16.148.64200 OK 1.5 kB URL HTTP/2 cdn.cookielaw.org/consent/dba35d25-ed8a-4c6b-a9d4-17eb16750212/dba35d25-ed8a-4c6b-a9d4-17eb16750212.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (3589), with no line terminators
Hash 5a246f29933430a7cc3fc1a41c7ea972
bac1e0da3cdbbdfa43d887eb1f2555f424d0ed03
0311ae414b8fd8c12cbc39746a1b46688dff2944dbcef795bf790fc73226144b
GET /consent/dba35d25-ed8a-4c6b-a9d4-17eb16750212/dba35d25-ed8a-4c6b-a9d4-17eb16750212.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hellofresh.no
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:09 GMT
content-type: application/x-javascript
content-length: 1489
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: WiRvKZM0MKfMP8GkHH6pcg==
last-modified: Thu, 24 Mar 2022 17:03:29 GMT
etag: 0x8DA0DB83809970C
x-ms-request-id: 32d930e1-001e-003b-7436-599ab8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 60165
expires: Fri, 06 Jan 2023 21:09:09 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f317b88c7b4ee-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js
104.16.148.64200 OK 81 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js
IP 104.16.148.64:0
File type ASCII text, with very long lines (65455)
Hash af27d9858b2a2e2b0912706c3aa815b1
10c1fa093e80cbcb3ba39b8e54e934b37cb3aa57
a736527d6f80163a1b0ec8f7f8a2902c7005b4ec61fce5295d9612df48a72d06
GET /scripttemplates/6.32.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:09 GMT
content-type: application/javascript
content-length: 81095
content-encoding: gzip
content-md5: ryfZhYsqLisJEnBsOqgVsQ==
last-modified: Fri, 18 Mar 2022 16:29:23 GMT
etag: 0x8DA08FC76466F7A
x-ms-request-id: 4e03c84a-e01e-0031-75f4-3a8331000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 69496
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f317c5a9eb4ff-OSL
X-Firefox-Spdy: h2
cdn.optimizely.com/js/10774230797.js
23.38.200.155200 OK 241 kB URL HTTP/2 cdn.optimizely.com/js/10774230797.js
IP 23.38.200.155:0
File type ASCII text, with very long lines (65468)
Size 241 kB (240894 bytes)
Hash 414899315a48ce1acdd7b8a4d2cc17f4
3c61f3059d8bf59855137d04de7319f18fe5ec23
43325284316e324addd79caf530619f66eab5f714df4bb7d40b36afc66447a5a
GET /js/10774230797.js HTTP/1.1
Host: cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jnCwhAmmDH0jrB+jPys4ojo7W2dckkFPFyB2r+pFhR7cfaMybC0e+0JeJogEGQyGeO2RCup1GOs=
x-amz-request-id: 587ZE4KYDDCANJFP
x-amz-replication-status: PENDING
last-modified: Mon, 02 Jan 2023 11:33:30 GMT
etag: "414899315a48ce1acdd7b8a4d2cc17f4"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 24803
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: ErNe86KpZuXy2PUbENi4eHgGAlehAjIO
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
server: AmazonS3
content-length: 240894
vary: Accept-Encoding
cache-control: max-age=600
date: Thu, 05 Jan 2023 21:09:09 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="23.38.200.155";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/live/602.js
52.218.30.0200 OK 6.5 kB URL HTTP/1.1 web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/live/602.js
IP 52.218.30.0:0
File type ASCII text, with very long lines (16174)
Hash 4fe7ae4a40dd8f2f40a3f586a70eca31
c6cfbaa1ff3b5dbbf644a2c8e5b89d1f3c7fdd15
a1752c50200e40e9b56f5799f45ed1d9c4af41916973bc956ecdc66c6bcf0720
GET /live/602.js HTTP/1.1
Host: web-chat-tag-cdn.s3.eu-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: R9msOJrexnwVrtcCRDcpeJ7fm6zsBF0BPpcNGqhrAhE2VyiYUX8Vdt3oUMyo3Pk+3ZsGMWuZo5I=
x-amz-request-id: G9E0BSY64QF6J5EC
Date: Thu, 05 Jan 2023 21:09:10 GMT
x-amz-replication-status: FAILED
Last-Modified: Fri, 23 Dec 2022 12:18:04 GMT
ETag: "4fe7ae4a40dd8f2f40a3f586a70eca31"
Cache-Control: no-cache,max-age=0,immutable
Content-Encoding: gzip
x-amz-version-id: AuXBCcT5HRAwaVopAfQvLpgWndBPaPVj
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 6479
cdn.cookielaw.org/consent/dba35d25-ed8a-4c6b-a9d4-17eb16750212/1974ae4d-21d2-4d6b-9857-228eede9d155/en.json
104.16.148.64200 OK 13 kB URL HTTP/2 cdn.cookielaw.org/consent/dba35d25-ed8a-4c6b-a9d4-17eb16750212/1974ae4d-21d2-4d6b-9857-228eede9d155/en.json
IP 104.16.148.64:0
File type JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (52736), with no line terminators
Hash 64905c28fee7087e41b026df86019c3a
2316ec15d0eee8a72d24ff5cd92e1816a173ab7b
f7b17e915641c72661fc9086769a61a6d6d0d5827967840f9d9fb4771253a785
GET /consent/dba35d25-ed8a-4c6b-a9d4-17eb16750212/1974ae4d-21d2-4d6b-9857-228eede9d155/en.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hellofresh.no/
Origin: https://www.hellofresh.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:09 GMT
content-type: application/x-javascript
content-length: 12696
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: ZJBcKP7nCH5BsCbfhgGcOg==
last-modified: Thu, 24 Mar 2022 17:03:30 GMT
etag: 0x8DA0DB838CE0408
x-ms-request-id: f5f1c29d-d01e-00b1-18a1-3f209b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 63562
expires: Fri, 06 Jan 2023 21:09:09 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f317d9bd4b4ee-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.32.0/assets/otFloatingRoundedIcon.json
104.16.148.64200 OK 3.8 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.32.0/assets/otFloatingRoundedIcon.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (12537)
Hash bc553ebbad3b4169074812236c5abde7
a10efd019ec0717559f3a00d705899fcd360fb1e
c8f3010e2203276c0921484571ea442eb9708a898fb90bb19884ef3ab89daf3e
GET /scripttemplates/6.32.0/assets/otFloatingRoundedIcon.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hellofresh.no/
Origin: https://www.hellofresh.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:09 GMT
content-type: application/json
content-length: 3789
content-encoding: gzip
content-md5: vFU+u607QWkHSBIjbFq95w==
last-modified: Fri, 18 Mar 2022 16:29:15 GMT
etag: 0x8DA08FC717A55ED
x-ms-request-id: c4691d25-d01e-0093-57a1-3f4ead000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 63561
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f317decc4b4ee-OSL
X-Firefox-Spdy: h2
web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/live/core-bubble.js
52.218.30.0200 OK 5.8 kB URL HTTP/1.1 web-chat-tag-cdn.s3.eu-west-1.amazonaws.com/live/core-bubble.js
IP 52.218.30.0:0
Hash 7c3760c9b3ec279788b97fdbe82c966d
f08f3cd2f4688b15f157c965b85845cfb63f4190
c0d5c09737e15d1eaf55a5727bf585593c8ed0ffd7a6131741a2e4a27d4c2174
GET /live/core-bubble.js HTTP/1.1
Host: web-chat-tag-cdn.s3.eu-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: dLL1N9dOmyNPw1MQ5bSFJ2hYmba8s0Gj2jVvkQt08iXGkEj2ioICSRDKsEGdqil5e0RzLNEqBII=
x-amz-request-id: G9EFW6B6CE8Q4F4Q
Date: Thu, 05 Jan 2023 21:09:10 GMT
x-amz-replication-status: FAILED
Last-Modified: Fri, 23 Dec 2022 12:18:04 GMT
ETag: "4f9eca1bb3e3abc3a0b39117cc9b54d2"
Cache-Control: no-cache,max-age=0,immutable
Content-Encoding: gzip
x-amz-version-id: D4PeBedJfgDje8e6yzXBnrb6BW07KxII
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 1031
cdn3.optimizely.com/js/geo4.js
104.110.9.127200 OK 3.6 kB URL HTTP/1.1 cdn3.optimizely.com/js/geo4.js
IP 104.110.9.127:0
Hash 10d29ec2749e1b4c90a85f636085a13b
3529ec3f5e2c27e3cfc95242bc0033579d1acdf2
c79b200b6b8ead40a2d65e40b1de1f0e14ea3bb864a961780cd89f01b9d2349b
GET /js/geo4.js HTTP/1.1
Host: cdn3.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AmazonS3
Content-Length: 302
Content-Type: application/javascript
x-amz-id-2: +tkr/7Ns7kenSzCK7455ZyE4sN+8K/pZ+M8ci8OpfMRII6vk5qGLnhIQW4kmSFsTbjS5D/kX93I=
Unused62: 8096267
x-amz-version-id: F8W1XaLRNmnJXrMgZ6ZMuxtE6L376GC.
x-amz-server-side-encryption: AES256
ETag: "8777c006589ecabfa3d63a6b5bf24393"
x-amz-replication-status: COMPLETED
x-amz-request-id: M8KPVV219SSHET6W
Cache-Control: max-age=83344
Date: Thu, 05 Jan 2023 21:09:09 GMT
Connection: keep-alive
a10561433763.cdn.optimizely.com/client_storage/a10561433763.html
104.110.8.48200 OK 933 B URL HTTP/2 a10561433763.cdn.optimizely.com/client_storage/a10561433763.html
IP 104.110.8.48:0
File type HTML document, ASCII text, with very long lines (1371)
Hash 1a871ef3f4e8d8ddd1f49db188fed8f0
6257ee7d4e2214a069eb8d8d72389dcff9d42f5f
83fd8555ac60f180a7a4e68c5cf90ab011bf08bf3e29abd94633d6947ce71ca1
GET /client_storage/a10561433763.html HTTP/1.1
Host: a10561433763.cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hellofresh.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VjjHTEInKbfqDJdOcoZkBlWqKc7a8ydgSyCAtCq/39UoxXM2qP+i5UeVsi6m4rJ/aSvdnTu/p/4=
x-amz-request-id: 6WGQF7C71CNCQT7Y
x-amz-replication-status: COMPLETED
last-modified: Mon, 02 Jan 2023 11:31:48 GMT
etag: "1a871ef3f4e8d8ddd1f49db188fed8f0"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: 7_Hpak36JzI6XGMngflS2sjYoe9ti1MS
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
content-length: 933
vary: Accept-Encoding
cache-control: max-age=120
date: Thu, 05 Jan 2023 21:09:09 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="3";dur=0,cdnip;desc="104.110.8.48";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash f162f51693ed1184f04614f63e42fb18
c98f21d8c3d4bc679620373cfefc4442ce67ff41
13921572359a4312282a020b747fd3ca5bbb21ec0e54908e67604461b11ae6ff
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=113217
Date: Thu, 05 Jan 2023 21:09:10 GMT
Etag: "63b64fc3-1d7"
Expires: Sat, 07 Jan 2023 04:36:07 GMT
Last-Modified: Thu, 05 Jan 2023 04:19:15 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hU22LFBP-_pTfsbgIAPiFeEn_OeEYKFWv-mYlmd7WVWPOe1s5YdDMQ==
Age: 1012
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash f162f51693ed1184f04614f63e42fb18
c98f21d8c3d4bc679620373cfefc4442ce67ff41
13921572359a4312282a020b747fd3ca5bbb21ec0e54908e67604461b11ae6ff
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=113160
Date: Thu, 05 Jan 2023 21:09:10 GMT
Etag: "63b64fc3-1d7"
Expires: Sat, 07 Jan 2023 04:35:10 GMT
Last-Modified: Thu, 05 Jan 2023 04:19:15 GMT
Server: ECS (nyb/1D23)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cYnx5BWoQH6NdqgW8zYe8A74K9C-jtHPemRExaQlLxmJVSXPzkkPqw==
Age: 955
errors.client.optimizely.com/log
3.223.219.224200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 3.223.219.224:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.hellofresh.no/
Origin: https://www.hellofresh.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://www.hellofresh.no
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Thu, 05 Jan 2023 21:09:10 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
3.223.219.224204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 3.223.219.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 329
Origin: https://www.hellofresh.no
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.hellofresh.no
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Thu, 05 Jan 2023 21:09:10 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 3161a5d4dae14c1232383197d0eb9cb6
08efb5b1b39aa7d303e48529e1f78c9215b5a641
f5b30308d4e284715a842bf8fc1307923863d4b5b0a892a7c478c3950cdeb646
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=124157
Date: Thu, 05 Jan 2023 21:09:10 GMT
Etag: "63b67892-1d7"
Expires: Sat, 07 Jan 2023 07:38:27 GMT
Last-Modified: Thu, 05 Jan 2023 07:13:22 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VAeBZ-IMuNsopVEr9pvpaFcuz1i52EYHiX9fuulkNcgRBl3-zMCVVQ==
Age: 1505
logx.optimizely.com/v1/events
54.84.230.230204 No Content 0 B URL HTTP/1.1 logx.optimizely.com/v1/events
IP 54.84.230.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/events HTTP/1.1
Host: logx.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2233
Origin: https://www.hellofresh.no
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.hellofresh.no
Access-Control-Expose-Headers: X-Results-Data-Source
Content-Type: text/plain
Date: Thu, 05 Jan 2023 21:09:11 GMT
Server: nginx/1.21.0
Timing-Allow-Origin: *
X-Request-Id: f294cc27-d341-4964-b590-0acd95aeda6f
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 6.1 kB IP 93.184.220.29:0
Hash 5fff3382ae5a8d1b5f3ca32275c37d36
601542b8c99868e36d80cc42c074f102a0eb595e
edae6f6df4b74271d3f45d4e53e088d5c249a6d42c288c67bf51ddd6ba72f524
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4143
Cache-Control: max-age=137566
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 21:09:11 GMT
Etag: "63b6a2a6-117"
Expires: Sat, 07 Jan 2023 11:21:57 GMT
Last-Modified: Thu, 05 Jan 2023 10:12:54 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
geotrkclknow.com/rot/ZrYlOOwRni7p0sNB
172.67.161.46302 Found 0 B URL HTTP/2 geotrkclknow.com/rot/ZrYlOOwRni7p0sNB
IP 172.67.161.46:0
GET /rot/ZrYlOOwRni7p0sNB HTTP/1.1
Host: geotrkclknow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 05 Jan 2023 21:09:04 GMT
content-type: text/html; charset=UTF-8
location: https://ubfbboxn.com/click?trvid=25893
cache-control: no-cache, private
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5NTmoVaZ2tI27M%2F0kn69KxF1mbdlJ9g252TX%2F0Wtb82qvIaDpmi8nDCqETrC%2FZ7tf5mH8SJJr3MXu%2F5qelACFL%2Bk14zjTuv9jFf6XvhXLR1g%2BrYaCMGiqjUfFsJPIDC0Z%2B0p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 784f315f88b00b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vipestores.com/links?idw=5608&subid=1n8ramnwjrp6
188.114.97.1200 OK 0 B URL HTTP/2 vipestores.com/links?idw=5608&subid=1n8ramnwjrp6
IP 188.114.97.1:0
GET /links?idw=5608&subid=1n8ramnwjrp6 HTTP/1.1
Host: vipestores.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:05 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjBMMEZCL05SQUpLejVEQ1Bod2lyV3c9PSIsInZhbHVlIjoiT053b0c2NVRzRzR6TGMzL1Y5Z25pckw3dU9rMHE1dWcyaWQ2SnZ3YVd3SVFUSGgrQVRyUUNFcHgvb0NDZkpENyIsIm1hYyI6IjFlMGRhODc4MWVjODhhNmI4ODZmZTM2OTVmMzcwM2NiNTJmNjc1MDhkODg3ZDJhZGExMDQxZWZlMTZhMDZjN2MifQ%3D%3D; expires=Thu, 05-Jan-2023 23:09:05 GMT; Max-Age=7200; path=/; samesite=lax
vipstores_session=eyJpdiI6IjE3WHVQYWFNczZPNWdFbDB2MTAzcGc9PSIsInZhbHVlIjoiSnYvNUVIbmg1UURaRlRIbHhIZjRIZG1oZWQxdFQ2OFQxTUJtRmlLYU9hamNWZEhJY0R6ZnJjcGtyS1FLN0tLQyIsIm1hYyI6IjU2ZTlhYWU4OGFjMTQwNDA5ODI3NTVjNDc4MTY3ODhjOGZmOTczY2RkMDU0NzRlZjM5ZDQ1M2UwNjIyYWI0NTYifQ%3D%3D; expires=Thu, 05-Jan-2023 23:09:05 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2Bc3PvVLjsqWosZ1xlfgVDhYI8xnylxY3g9wRSIvksBgJ66QpauNhroIlQyvFRLZ4ClN8ARFpkz4IWD3wXIg%2FJHmdC6xkuCE4DTfEeWSsz%2BIiy%2FfVpbz9xCNeKpLRrwURA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 784f316368cbb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
geolocation.onetrust.com/cookieconsentpub/v1/geo/location
104.18.27.85200 OK 0 B URL HTTP/2 geolocation.onetrust.com/cookieconsentpub/v1/geo/location
IP 104.18.27.85:0
GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hellofresh.no
Connection: keep-alive
Referer: https://www.hellofresh.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:09 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 784f317c0c3ab505-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.hellofresh.no/pages/inspiration-delivered?irclickid=z0kXNnUY9xyNUEFX6ETKYS8DUkAzdRy1D1MORM0&irgwc=1&utm_source=affiliate&utm_medium=cpo&utm_campaign=NO_0_WEB_0_BAU_IR_NWK_VIPAffiliateNetwork_DIS-1099-AMT-4_VIP1099_VIP%20Affiliate%20Network_229435&utm_content=TEXT_LINK&c=VIP1099&dis=communication_one
104.18.23.147200 OK 0 B URL HTTP/2 www.hellofresh.no/pages/inspiration-delivered?irclickid=z0kXNnUY9xyNUEFX6ETKYS8DUkAzdRy1D1MORM0&irgwc=1&utm_source=affiliate&utm_medium=cpo&utm_campaign=NO_0_WEB_0_BAU_IR_NWK_VIPAffiliateNetwork_DIS-1099-AMT-4_VIP1099_VIP%20Affiliate%20Network_229435&utm_content=TEXT_LINK&c=VIP1099&dis=communication_one
IP 104.18.23.147:0
GET /pages/inspiration-delivered?irclickid=z0kXNnUY9xyNUEFX6ETKYS8DUkAzdRy1D1MORM0&irgwc=1&utm_source=affiliate&utm_medium=cpo&utm_campaign=NO_0_WEB_0_BAU_IR_NWK_VIPAffiliateNetwork_DIS-1099-AMT-4_VIP1099_VIP%20Affiliate%20Network_229435&utm_content=TEXT_LINK&c=VIP1099&dis=communication_one HTTP/1.1
Host: www.hellofresh.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vipestores.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:07 GMT
content-type: text/html; charset=utf-8
cf-ray: 784f31697d290b49-OSL
cache-control: public, max-age=14400
content-language: nb-NO
vary: Accept-Encoding
cf-cache-status: MISS
x-content-type-options: nosniff
x-envoy-upstream-service-time: 721
x-frame-options: SAMEORIGIN
x-powered-by: Next.js
x-xss-protection: 1; mode=block
set-cookie: hf_landing_page=NO-ValueMessaging-Main-Page; Path=/pages/inspiration-delivered; expires=Thu Jan 19 2023 21:09:07 GMT+0000 (Coordinated Universal Time)
__cf_bm=btpNV4INBRANzj0DCte_CsIYYD.kgtDhIXFYhwBhTzU-1672952947-0-AQL8ImGenz8rd06O5qbD3RBmQjXi17Lqax5+V+gztu6IGrr2Xrl9G95ujRBgMj5kD0+teRAt1LUSKni2/7S9+GzELM/U3dfMrg1eHJiTpv1s; path=/; expires=Thu, 05-Jan-23 21:39:07 GMT; domain=.hellofresh.no; HttpOnly; Secure; SameSite=None
__cfruid=5349852968cb35000f306b7392dc1c5b2621db04-1672952947; path=/; domain=.hellofresh.no; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.32.0/assets/otCommonStyles.css
104.16.148.64200 OK 0 B URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.32.0/assets/otCommonStyles.css
IP 104.16.148.64:0
GET /scripttemplates/6.32.0/assets/otCommonStyles.css HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hellofresh.no/
Origin: https://www.hellofresh.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 05 Jan 2023 21:09:09 GMT
content-type: text/css
content-md5: SHFDtZO2nDZuiPDW83p1IQ==
last-modified: Fri, 18 Mar 2022 16:29:27 GMT
x-ms-request-id: 8001b0d3-c01e-00c3-72a1-3f51a5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 63561
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 784f317dfccab4ee-OSL
content-encoding: gzip
X-Firefox-Spdy: h2