kwebbels.howtosave.cash/v1/
54.230.111.71200 OK 222 kB URL HTTP/1.1 kwebbels.howtosave.cash/v1/
IP 54.230.111.71:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3561)
Size 222 kB (221530 bytes)
Hash ed313475cba5f2a4d575edaa98126274
f0294d83dc276b79aa823157a70dd787047f8463
e6950f68c8b287a0040052224bfba675e7df3d7f21a7ca7ff2bdd9f71a3a50bb
GET /v1/ HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:29 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aPnKMirquynNo_Q6xOwfDQvPe7U7dH8L63LBr4xl2l7fueWFa2-O8w==
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5647
Expires: Sun, 05 Feb 2023 08:43:36 GMT
Date: Sun, 05 Feb 2023 07:09:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8788
Expires: Sun, 05 Feb 2023 09:35:57 GMT
Date: Sun, 05 Feb 2023 07:09:29 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 06:33:54 GMT
content-type: application/json
age: 2135
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16469
Expires: Sun, 05 Feb 2023 11:43:58 GMT
Date: Sun, 05 Feb 2023 07:09:29 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /p9qtrxjKE0CKIBx1OArAM4+RTl7250PAT0fp5bfxEX9jP6m7E2Q/7Ezwg4OsDnrAqLvGvZUe8iMINb0qKaqrA==
x-amz-request-id: B9560280CACG7ZJE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 06:24:22 GMT
age: 2707
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 07:09:29 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 452ad10eb5a6a0cc0146544a6755ad65
6f0d56487b84371e441c75b98f6a56e85b429b86
c2f51f240139e43c2df21b9712d21b72bb3439e38299a9872f97cb779a16451b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3154
Cache-Control: max-age=107395
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:09:29 GMT
Etag: "63de4a5a-1d7"
Expires: Mon, 06 Feb 2023 12:59:24 GMT
Last-Modified: Sat, 04 Feb 2023 12:06:50 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
kwebbels.howtosave.cash/v1/css/campaign.css
54.230.111.71200 OK 1.4 kB URL HTTP/1.1 kwebbels.howtosave.cash/v1/css/campaign.css
IP 54.230.111.71:0
Hash 58be3bed9147385d962af35cc33eb83b
de1e6ee24a8dfff288be05e44ef28c07ba02367b
0cd8baa7d2283df7d39e3df0960b0d4ede7e25a432ecbd50b567dee96c65cb3d
GET /v1/css/campaign.css HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:29 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: W/"63de440f-140a"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7dx7Un0sO8lQTDHbpvkn6ODgDoi3WOkeFuZIHPHSy21M0BSJjr_vWg==
kwebbels.howtosave.cash/v1/js/form.js
54.230.111.71200 OK 1.1 kB URL HTTP/1.1 kwebbels.howtosave.cash/v1/js/form.js
IP 54.230.111.71:0
Hash a2b4f170282e0a08fb9487da2d7698a0
53caa6e4fd0b87bf94ff2dbec303c95d65d948cc
14ef8e6ef6b9b36994c4e2852fc67328da70b18cc5f8d117d4324b846f8235a8
GET /v1/js/form.js HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:29 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: W/"63de440f-a93"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Lbw-ZQaAtUhw8rfB8g7EVAu1yTQScvk059fIzSIfbmf5CDXfMnOF6Q==
kwebbels.howtosave.cash/v1/js/teaser.js
54.230.111.71200 OK 1.6 kB URL HTTP/1.1 kwebbels.howtosave.cash/v1/js/teaser.js
IP 54.230.111.71:0
Hash 5fac1615e0e769e69f433c1a86a485cf
871b67400b557adb27f63afdf3f2706bf8ecaa11
42df6f81bb1fd4c998b45ef96473708aed7ee672b0e697fc7202687c24ea38d0
GET /v1/js/teaser.js HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:29 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: W/"63de440f-1c71"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8IWjISbGn6QNlQqU-8aXN8LveIew-ANadyp_UdIv74-zwTjSq3KTHQ==
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js
151.101.1.229200 OK 23 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js
IP 151.101.1.229:0
File type ASCII text, with very long lines (65299)
Hash 1753c16688d0d51f0b3dc7ed7d4dbc4d
6a4842b3dc99394c6584c203175570ff8737c777
a61044d56003744699349a1ffbd6f85e0c62d4ac59b50d185363dd85d755b5c9
GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 05 Feb 2023 07:09:30 GMT
age: 13950502
x-served-by: cache-fra19170-FRA, cache-bma1624-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23046
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css
151.101.1.229200 OK 24 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css
IP 151.101.1.229:0
File type Unicode text, UTF-8 text, with very long lines (65306)
Hash 57a992194d8a5b4bbd4ade561fd348bb
bb66f00fe168c6df50af51abdededdfceb15c59f
be95ec6ab71f5fa87401a698cb9566490258fa9012bb0e8467920b0f74163a0a
GET /npm/bootstrap@5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 05 Feb 2023 07:09:30 GMT
age: 213911
x-served-by: cache-fra-eddf8230022-FRA, cache-bma1624-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23938
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash 65e82a62d7609cff4d3ed17cfb5f217b
65fd54a41275280d4d9e11b61c3f5816e4a7d3a6
d03a3190ac30c5ea886bf73a5e433761e1ad90852ce5197b4de2278968b65849
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "02332F492813B5AA87AAD190EB0A058EAA2A253F"
Expires: Sun, 05 Feb 2023 18:00:00 GMT
Last-Modified: Sun, 05 Feb 2023 06:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 179
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7949d226dcb60b61-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b55a64337cd3bf8a631ffb14f7e6c574
5485fbc944ac91f9b80f452224f77ce0cde61b91
d1414b340f31ae58df93b62276d9e8323e861f799085df8d07b466a910ac3f96
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1414B340F31AE58DF93B62276D9E8323E861F799085DF8D07B466A910AC3F96"
Last-Modified: Thu, 02 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 05 Feb 2023 13:09:30 GMT
Date: Sun, 05 Feb 2023 07:09:30 GMT
Connection: keep-alive
content2020.qubiqlabs.com/cp/_assets/css/footer.css
34.78.252.25200 OK 1.7 kB URL HTTP/1.1 content2020.qubiqlabs.com/cp/_assets/css/footer.css
IP 34.78.252.25:0
Hash b8c24be466dd044ddc136be9e2ea477e
d05d66fee34a02d193d045ce48493b438d16a271
998ed2817e3c070e9f2d53a3cdaed41f6d12f3101ac63d6d6a561edb075bc52c
GET /cp/_assets/css/footer.css HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/css
Content-Length: 1652
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 11:39:42 GMT
ETag: "63de43fe-674"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
kwebbels.howtosave.cash/_shared/modals/privacy/nl/header.html
54.230.111.71200 OK 33 B URL HTTP/1.1 kwebbels.howtosave.cash/_shared/modals/privacy/nl/header.html
IP 54.230.111.71:0
File type ASCII text, with no line terminators
Hash 18682cfde3f1fec7358aa01d0739ab81
2f613cf374433e50afdd940770d34283f2b2655d
a2f944be95f9120874b7998305072b45c4ffc006014bd402f43a60dea7d0f501
GET /_shared/modals/privacy/nl/header.html HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OewQJTN5y_UYSpS42316liwRunvwRP2N1hgB_tR9uaBsbm-WC3Oitw==
kwebbels.howtosave.cash/_shared/modals/terms/default/nl/header.html
54.230.111.71200 OK 94 B URL HTTP/1.1 kwebbels.howtosave.cash/_shared/modals/terms/default/nl/header.html
IP 54.230.111.71:0
Hash d52b512ea9cac6578ef1ab9246b0347b
cdb6051ca04d3159187b18092bfb1f11876c5c00
5a607277ae18f79d351c7c8dcccf4b1822189dd0c95893a4a4dd6958d14d28fc
GET /_shared/modals/terms/default/nl/header.html HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PIBYaoO6dF6mV4bdDUAQGaN3HbkUiOgH76efW7EFDoV8Y54rSI4kHA==
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4c77db9a511acc32e911d9012f584acd
c577954e6c96a262e4a5589de5ea3d618ea8a70f
3a44c7e5bcefed428ab45297d5c5657c27c5d8267917cdefae42a8f37a219ed6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A44C7E5BCEFED428AB45297D5C5657C27C5D8267917CDEFAE42A8F37A219ED6"
Last-Modified: Sat, 04 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16714
Expires: Sun, 05 Feb 2023 11:48:04 GMT
Date: Sun, 05 Feb 2023 07:09:30 GMT
Connection: keep-alive
kwebbels.howtosave.cash/_shared/modals/privacy/nl/index.html
54.230.111.71200 OK 16 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/modals/privacy/nl/index.html
IP 54.230.111.71:0
File type Unicode text, UTF-8 text, with very long lines (307)
Hash 4b8c98e65608b11779256a5c36de801f
a593daca0a63045a084a024468c7ec3bf27a684b
3f9b8a831eca77b12af7f7a29647d69e1b6125d293a89411fa93ef42e907fcc2
GET /_shared/modals/privacy/nl/index.html HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mwytGgz0c5XcKgmVoY7R4YnQDi8Q_1mLVtWTa716xBI_0AZt6h9UZg==
kwebbels.howtosave.cash/_shared/modals/terms/default/nl/index.html
54.230.111.71200 OK 1.5 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/modals/terms/default/nl/index.html
IP 54.230.111.71:0
File type HTML document, Unicode text, UTF-8 text
Hash 6bfb608d942d488891a4c37f10dad5fe
c274b210debcd07ef6c714bdb525f6c420249a5d
1534fe046188922cea31fcd1ebcce762918de4da5bcee0c6f5df5f8184d0e4d2
GET /_shared/modals/terms/default/nl/index.html HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kaq0wF_s-6JhYtpfoA4oCrbkwTJ8I-9iwL63TXlzMkThPq-aXyWr1w==
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 95ee7115016dec2f8ddae8a900d93fb3
5945e4ef4da36de41d22c7cc97675e6d01bcaf15
be16e001441b3cfa255df2a6f2cee9b27e765867c0d35122ab8815ad6d47c394
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BE16E001441B3CFA255DF2A6F2CEE9B27E765867C0D35122AB8815AD6D47C394"
Last-Modified: Sun, 05 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Sun, 05 Feb 2023 13:08:56 GMT
Date: Sun, 05 Feb 2023 07:09:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8cb3f8a733d3a47c2e7259f4318d1ac4
a5883969350663aa67850dbe5c5f535697192594
c271d71a1d69123363717193522563a150af5d2bce17eef601591e2cd62a8121
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C271D71A1D69123363717193522563A150AF5D2BCE17EEF601591E2CD62A8121"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 05 Feb 2023 13:09:30 GMT
Date: Sun, 05 Feb 2023 07:09:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 06:49:07 GMT
age: 1223
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content2020.qubiqlabs.com/html_feeds/unsubscribe/en/unsub_en_header.html
34.78.252.25200 OK 49 B URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/unsubscribe/en/unsub_en_header.html
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash 96665f33efce15ac77989ec400ba46ef
c5f2bdd40a4e9522c3acbd703e40517475a1c46a
827c87c95a41bc8525501c16f3ebf08e76ec20ac1030f7f90ca19663ebe554f1
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/unsubscribe/en/unsub_en_header.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
content2020.qubiqlabs.com/html_feeds/gdpr/gb/gdpr_gb_header.html
34.78.252.25200 OK 89 B URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/gdpr/gb/gdpr_gb_header.html
IP 34.78.252.25:0
Hash f00e887deebfad8886c6a465324dcb45
b127ecc9553258782cb93532f2f638fcc2f91c01
b8ef7371107e2bae095a13a333e70eebcb739226e21b76b9997989604c2e082b
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/gdpr/gb/gdpr_gb_header.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
content2020.qubiqlabs.com/html_feeds/requirements/gb/rq_gb_content.html
34.78.252.25200 OK 1.7 kB URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/requirements/gb/rq_gb_content.html
IP 34.78.252.25:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 825423b6aea22d2679e17e774262dd80
9a4243e2c0b10cdf46b5c7bc06bd19afe8124813
d7d0c7718692b32d6d57ea98b46cc6a90301027c8dff1af430ab6c03b44d6564
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/requirements/gb/rq_gb_content.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
content2020.qubiqlabs.com/html_feeds/unsubscribe/en/unsub_en_content.html
34.78.252.25200 OK 2.0 kB URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/unsubscribe/en/unsub_en_content.html
IP 34.78.252.25:0
File type HTML document text\012- exported SGML document, ASCII text
Hash 72015b829dc6cd4a4fd32ec75b616b13
7590a5c027eafdf82966b22419d05af852cc8679
81e07c9f74626d9e2cfbb979ae9521822e5295ef99d00cd3eabb4f7feb46d453
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/unsubscribe/en/unsub_en_content.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 289bf8ff0a08c87f8d10ed181b1bfe79
a8eda4b501449427e248b0ad45e750785d7d4f0c
6bc2e558cab75702f22ac579de770d8a3e1ed8ef0deb2325d87136c0957d22f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BC2E558CAB75702F22AC579DE770D8A3E1ED8EF0DEB2325D87136C0957D22F8"
Last-Modified: Fri, 03 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21581
Expires: Sun, 05 Feb 2023 13:09:11 GMT
Date: Sun, 05 Feb 2023 07:09:30 GMT
Connection: keep-alive
content2020.qubiqlabs.com/html_feeds/gdpr/gb/gdpr_gb_content.html
34.78.252.25200 OK 537 B URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/gdpr/gb/gdpr_gb_content.html
IP 34.78.252.25:0
Hash 8b77c9e6c4a1e4dbfab57b76c4fbf13b
c3a749334caa513fbdeb39285e29b3f4f1cdd7b3
6053f788bc3e3bc05d924a4b82d79a0a2f4bdd43b9976af2d30992cf3a90be42
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/gdpr/gb/gdpr_gb_content.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
content2020.qubiqlabs.com/html_feeds/requirements/gb/rq_gb_header.html
34.78.252.25200 OK 98 B URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/requirements/gb/rq_gb_header.html
IP 34.78.252.25:0
Hash 16fb45f550da7b1de1ed39e5dc7ffc58
6cac986a08f1e022a6a2f3662ebbea23061074c0
352a32c7490e4db9985d10064627b4f6bad374392f9af5046a1f79d3164aff21
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/requirements/gb/rq_gb_header.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
content2020.qubiqlabs.com/html_feeds/reward_status/en/rs_header.html
34.78.252.25200 OK 52 B URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/reward_status/en/rs_header.html
IP 34.78.252.25:0
Hash 69909144bcca7fc592defb0536558064
1f5bfc57442c75439e3a03544892d8d95605bbca
b4939306f012b01283a6594bcdfa17f6e9afe680a8ab6b0d0e4efdbf09055ffc
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/reward_status/en/rs_header.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 34f1613425e9310bea7f8642dd1d159b
c1bce1ffe9ffd35e9db102e8e7ac7de2594cc3e1
c088033baf66b1edb6fdfdbea7659d67ff24aeb981fce5b8f450e0a4dd94fb63
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 07:09:30 GMT
Etag: "63dc4a94-1d7"
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MPI0FsUyjI-exHHKHeNqGEN1YimEO5bIiQHQ1PO-wSLxpzNf3BDHww==
content2020.qubiqlabs.com/html_feeds/reward_status/en/rs_content.html
34.78.252.25200 OK 2.0 kB URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/reward_status/en/rs_content.html
IP 34.78.252.25:0
File type HTML document text\012- exported SGML document, ASCII text
Hash 0dfa63202944d447c176d8a37bbf3ddf
e853ee221d26e7d8c0042e7b9bdbf99ce798c22a
36bed6620d67cd01e4631299510b97ea3ef4fc49d7fe260079f4fc417bf41826
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/reward_status/en/rs_content.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
cdn.quiztionnaire.uk/fonts/Poppins/poppins-v19-latin-regular.woff2
172.67.172.133200 OK 7.9 kB URL HTTP/2 cdn.quiztionnaire.uk/fonts/Poppins/poppins-v19-latin-regular.woff2
IP 172.67.172.133:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /fonts/Poppins/poppins-v19-latin-regular.woff2 HTTP/1.1
Host: cdn.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 07:09:30 GMT
content-type: application/octet-stream
content-length: 7884
last-modified: Sat, 04 Feb 2023 11:40:40 GMT
etag: "63de4438-1ecc"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I3bSJPGBbM2InKa%2Fbeoe%2B3XPhrdWibcp6pDoNBIq4zw9VUinS%2Bl3v8j%2F936GBTMkyWmZp6PvPtF7C1dTl2jQmpsi73%2FEO6k6P44reeb6KBP6oT4yDmwQHVl1atGye9bm%2FaJ36pwpDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7949d2294a981c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
content2020.qubiqlabs.com/html_feeds/reward_options/gb/ro_gb_header.html
34.78.252.25200 OK 42 B URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/reward_options/gb/ro_gb_header.html
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash ebd987665aab2fbc5355102c9e12ed29
f799ae3d50674cf8648532e2fccbe5e6bb0596e7
7e08cab7e06de455a6572bd2ad78c9b083de25d392b02315651c2443026ed008
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/reward_options/gb/ro_gb_header.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
content2020.qubiqlabs.com/html_feeds/reward_options/gb/ro_gb_content.html
34.78.252.25200 OK 713 B URL HTTP/1.1 content2020.qubiqlabs.com/html_feeds/reward_options/gb/ro_gb_content.html
IP 34.78.252.25:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash b26e450cf2a7647badf6b27d42112eac
02e6bbc1bb0f9ed35d21b825f61bf7f942cb6b82
9976762620647e2d165199e10a90d75d002310170166b56b8cd311c3fc82e15a
Analyzer Verdict Alert fortinet Phishing
GET /html_feeds/reward_options/gb/ro_gb_content.html HTTP/1.1
Host: content2020.qubiqlabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Access-Control-Allow-Origin: *
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 34f1613425e9310bea7f8642dd1d159b
c1bce1ffe9ffd35e9db102e8e7ac7de2594cc3e1
c088033baf66b1edb6fdfdbea7659d67ff24aeb981fce5b8f450e0a4dd94fb63
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=150973
Date: Sun, 05 Feb 2023 07:09:30 GMT
Etag: "63deed93-1d7"
Expires: Tue, 07 Feb 2023 01:05:43 GMT
Last-Modified: Sat, 04 Feb 2023 23:43:15 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 30xuBkdOCLXmXd0ZCA9XbwUd--Ktf_YYK8kqI-lNJQFwrUivwB3VpA==
Age: 4948
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 95ee7115016dec2f8ddae8a900d93fb3
5945e4ef4da36de41d22c7cc97675e6d01bcaf15
be16e001441b3cfa255df2a6f2cee9b27e765867c0d35122ab8815ad6d47c394
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BE16E001441B3CFA255DF2A6F2CEE9B27E765867C0D35122AB8815AD6D47C394"
Last-Modified: Sun, 05 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Sun, 05 Feb 2023 13:08:56 GMT
Date: Sun, 05 Feb 2023 07:09:30 GMT
Connection: keep-alive
cdn.quiztionnaire.uk/fonts/Nothing-You-Could-Do/8a4a5223b1aff80512700dfb9948f375.woff2
172.67.172.133200 OK 16 kB URL HTTP/2 cdn.quiztionnaire.uk/fonts/Nothing-You-Could-Do/8a4a5223b1aff80512700dfb9948f375.woff2
IP 172.67.172.133:0
File type Web Open Font Format (Version 2), TrueType, length 16092, version 1.0\012- data
Hash f5a882b037e5f99bb51c204904178989
84c6875cd0e7935705b405b03369013d60cd1db8
9b382dab410d42a48f296d95f0e93054f7f36635f6b7f9b6e72946b1d70c3687
GET /fonts/Nothing-You-Could-Do/8a4a5223b1aff80512700dfb9948f375.woff2 HTTP/1.1
Host: cdn.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 07:09:30 GMT
content-type: application/octet-stream
content-length: 16092
last-modified: Sat, 04 Feb 2023 11:40:40 GMT
etag: "63de4438-3edc"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJ3LzpPQj8KbQEW5CltsIPoLBj5o4STlsVzsOra7uQMs1oiPZU54Y09FY2Jo2wdXWInrQmTOWJnQB%2BzC1Asq1Zj7MA4a8EqCMsq%2FY4qBI5vJw13zc6P1D%2F4I03MuMhdBxYf4xnPlPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7949d2294a951c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.formulead.com/css/main.min.css
34.78.252.25200 OK 94 kB URL HTTP/1.1 cdn.formulead.com/css/main.min.css
IP 34.78.252.25:0
File type ASCII text, with very long lines (65518)
Hash 86544848beaffa1f00df85a64a709e4d
2f8ac448380daa4cf75c577c7717d7181a69dcee
d6793c514450f63e0eb467c41092148fac198e507f2d9b0e6768cfa41220aea5
GET /css/main.min.css HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Mon, 16 Jan 2023 16:19:09 GMT
ETag: W/"b267e-185bb609c48"
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5777
Expires: Sun, 05 Feb 2023 08:45:47 GMT
Date: Sun, 05 Feb 2023 07:09:30 GMT
Connection: keep-alive
kwebbels.howtosave.cash/_shared/images/ribbon_green.png
54.230.111.71200 OK 1.6 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/ribbon_green.png
IP 54.230.111.71:0
File type PNG image data, 216 x 216, 8-bit colormap, non-interlaced\012- data
Hash 3d3c2f1a01ca12a52d44318396dd88d3
131976933c86a26480467b1bccb530a3ff1570a8
19202935637ea6cf3d9f5ea9d169f369c0d40c7829321e7602fb0538f0dee87d
GET /_shared/images/ribbon_green.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1561
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-619"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dJsw1gDEb1VQlLjcNv6OhzCkxcYfz-ZowvLFpW7xkMVU2VB_Qfpx_w==
kit.fontawesome.com/0711a5d108.js
104.18.22.52200 OK 431 kB URL HTTP/2 kit.fontawesome.com/0711a5d108.js
IP 104.18.22.52:0
File type ASCII text, with very long lines (54510)
Size 431 kB (431075 bytes)
Hash 32256d083892306a1be8aedb8a6bad71
f03b3c99e219b5590c5dfb47cf8d3cf24d01a929
dc0a59726155f389354767d2f5d0319a635cb6de53f3cb00ce5f08bf9638d572
GET /0711a5d108.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 07:09:30 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F0DcA7-z0nOHfeGPt83h
cf-cache-status: MISS
server: cloudflare
cf-ray: 7949d2269af1b4e8-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
kwebbels.howtosave.cash/_shared/images/1.png
54.230.111.71200 OK 17 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/1.png
IP 54.230.111.71:0
File type PNG image data, 300 x 169, 8-bit colormap, non-interlaced\012- data
Hash 665414fb153a131c529f85dbd5fb5330
2f2ce3a51f19390f44b27b90b5ad1360cbf208e9
6f46428ef3b0cdb9510af682ad66269a79bcd29799644de6b397f7ee28081baf
GET /_shared/images/1.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 17040
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-4290"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 874xlHsiu2DNx0_A-mvJXXleRuxp8WnyjYze0g6fLk6kJh_LACMnXA==
kwebbels.howtosave.cash/_shared/images/4.png
54.230.111.71200 OK 20 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/4.png
IP 54.230.111.71:0
File type PNG image data, 300 x 169, 8-bit colormap, non-interlaced\012- data
Hash ddba69b2982174ef054c10f9c60b24e9
746333534311f025a643f7440531459ad687325f
a7d77693f3dc9c47c31fa079b54916a8a03c01f26fc944effa5a4539af9c59bf
GET /_shared/images/4.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 20005
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-4e25"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7DX0R1YqdQeW10Zi1docvz_HTSB0ikzkAlNwvIVN-C16ECCnysU23A==
kwebbels.howtosave.cash/_shared/images/2.png
54.230.111.71200 OK 21 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/2.png
IP 54.230.111.71:0
File type PNG image data, 300 x 169, 8-bit colormap, non-interlaced\012- data
Hash 1dcedd51acc00541c10d571beea230a4
78cfabc3e2415435050faef9f0156f3fbe4060ef
9b78cde0b1eb7240a528b6c065f9c35506922b4076e949179288a4ebaaa18323
GET /_shared/images/2.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 20559
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-504f"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wYAaCpQFDhZb_CwjZ8mHyjpBFbRQXU3oU07YrVMw1vRfPTcNR3xrNQ==
kwebbels.howtosave.cash/_shared/images/small.png
54.230.111.71200 OK 2.3 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/small.png
IP 54.230.111.71:0
File type PNG image data, 59 x 122, 8-bit colormap, non-interlaced\012- data
Hash 72eaffb3d2d16e0f10aa1891bb16d334
cff5248f3ed19c5fccca64ca359bd7583bf97ca8
7aa78c4e6f2a3b8d24a6794492639ef26094779cee5dfcf92706c8cb5a8f514d
GET /_shared/images/small.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2326
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-916"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qfCI_2yaV-kxt2cE3mcNdIkllA5YdNtg40JOy5P2KnlpQhV_cZGTCg==
kwebbels.howtosave.cash/_shared/images/3.png
54.230.111.71200 OK 21 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/3.png
IP 54.230.111.71:0
File type PNG image data, 300 x 169, 8-bit colormap, non-interlaced\012- data
Hash ed9b1d7905f4339068119616ac2fbe39
e9468ef564a69746474321339106016b76d529e0
bd9b64614316e818b351744facc472a43d5f0ef290b34b71b31c8b9dd3ab5fa7
GET /_shared/images/3.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 20990
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-51fe"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kNDG1ggup55sFLnD0RfuiD3j3p_j4Bffajo76Ou8wSHJUIJQ93VfQA==
cdn.formulead.com/v/country
34.78.252.25200 OK 51 B URL HTTP/1.1 cdn.formulead.com/v/country
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 91440c116c92d75cfc02cd72bd060a82
591d3adc1d1d80e012b0dd0214df1f0438ae37f5
1b35c679adcfb2f8fbf92afcaf9f7a741f3c6273503a54b6c55448e1b2807c80
GET /v/country HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 51
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"33-WR063B0dgOASsN0CFN8fBDiuN/U"
set-cookie: qst.sid=s%3AzbBUsl9vMHxWQZzGHL9WG0c990LtZf8B.6qqxg9K2WB0owu45ac5YConkTZW5Xj8avJ5ZNaF425w; Path=/; HttpOnly
Vary: Accept-Encoding
kwebbels.howtosave.cash/v1/images/background_up.png
54.230.111.71200 OK 6.1 kB URL HTTP/1.1 kwebbels.howtosave.cash/v1/images/background_up.png
IP 54.230.111.71:0
File type PNG image data, 2000 x 186, 8-bit colormap, non-interlaced\012- data
Hash 239f6a2a31140a6a202cb567a02e3bbc
64bc25dff397c96ee45dd11a5bfb6c7aa92fd9d4
143326a864176d7fa8ccaf63ef9028cb5ec67fc321fb5d9b55638d5ef00f1eb4
GET /v1/images/background_up.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 6057
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-17a9"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Mc-eMpL670cTWBxSb4ZXu0pVAOvnPXcvF33gtZVYak46U1TsMQzCRQ==
kwebbels.howtosave.cash/_shared/images/arrow.png
54.230.111.71200 OK 551 B URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/arrow.png
IP 54.230.111.71:0
File type PNG image data, 94 x 50, 4-bit colormap, non-interlaced\012- data
Hash ab698a1c42605f73eb3ba06aebf1c02a
29cca60bbedf2e9ab3b1d702a740fa969e21a960
32f3307b104f6a77731d7dbb5269b553830749625f76e6d65420e61e391fed01
GET /_shared/images/arrow.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 551
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-227"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 09RFDvgIwxgrRdIGEeA4hugD8Ga4Om6aE_2kXnqkyqlFqfMg3pOLiA==
kwebbels.howtosave.cash/_shared/images/5.png
54.230.111.71200 OK 24 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/5.png
IP 54.230.111.71:0
File type PNG image data, 300 x 169, 8-bit colormap, non-interlaced\012- data
Hash 9d4c17edd470fea5255b14f33eafa9ee
c83a5dea6f8869b4b8242195c47d496b0f6e2f5a
30fa0e78fe4704a01e0e2e69aa214018f3367ba6c6bc1ddf07a11c8bbd871b05
GET /_shared/images/5.png HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 24047
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-5def"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Y464oSWZ2vw4-N_WriFz27ZTzj1tx3HKxsHWFTrrIq6By23Dqs5WwA==
kwebbels.howtosave.cash/_shared/images/favicon.ico
54.230.111.71200 OK 4.3 kB URL HTTP/1.1 kwebbels.howtosave.cash/_shared/images/favicon.ico
IP 54.230.111.71:0
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Hash e86c8e2dca6c2d52227108bac7fc154c
7803509daa14ed2a687cdfd2c4db2c90f61db8cd
3542dcd83d9933baabd4e58930a59c63cdd8d92c9067263f2dff34a55ee81647
GET /_shared/images/favicon.ico HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/
HTTP/1.1 200 OK
Content-Type: image/x-icon
Content-Length: 4286
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-10be"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: iI-BwKz5p-QpetFpra-4o0PEtEfLUrYZTL3V274S1R7LK2dKRmEMlQ==
push.services.mozilla.com/
52.43.158.68101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.158.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EkbyVd0k1xT5fIRkdTy4Pw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eaaWYWbpClQDHXCj/5QXy5HiqGE=
ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
172.64.169.22200 OK 78 kB URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
IP 172.64.169.22:0
File type Web Open Font Format (Version 2), TrueType, length 78168, version 331.-31196\012- data
Hash a9fd1225fb2cd32320e2b931dca01089
44ec5c6a868b4ce62350d9f040ed8e18f7a1d128
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7
GET /releases/v5.15.4/webfonts/free-fa-solid-900.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 07:09:30 GMT
content-type: font/woff2
content-length: 78168
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
etag: "a9fd1225fb2cd32320e2b931dca01089"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 f2d96237236476e7356cfe5344feb776.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P8
x-amz-cf-id: tvf_YJfI8A6OnLDb-GaebAf_WornlX6_TQoW0Mudck2FLakbvWqhkw==
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pm%2FKpiAUqZZicyY%2BRHCToUqzVfHSKMDKVhsmYrq9Ye1eFasgnXArQxQweqvVzLNBo2ftLYxCRp1wcYE9SAWE3JHQ7CmxSO7KxsEDVHvm2ufgM5t9XFwP2sxVGEk5RkkUgDEOyeP2RA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7949d22bd8137519-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.formulead.com/p/60a79febab6dda5d0f2f49da/feed?sc_domain=kwebbels.howtosave.cash&cl_ip=91.90.42.154&qb_placement_id=60a79febab6dda5d0f2f49da&qb_offer_id=633c4894cb520dd4dd2ac578&qb_flow_id=633c4894cb520dd4dd2ac578&qb_vendor_id=57e91f224ab5a70100f3e746&qb_country=NL&ql_session_id=Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX&aff_offer_id=1&sc_url=http%3A%2F%2Fkwebbels.howtosave.cash%2Fv1%2F&sc_campaign_path=%2Fv1%2F&sc_campaign_domain=http%3A%2F%2Fkwebbels.howtosave.cash&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fv1%2F&stp=1&feed_type=initial
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/60a79febab6dda5d0f2f49da/feed?sc_domain=kwebbels.howtosave.cash&cl_ip=91.90.42.154&qb_placement_id=60a79febab6dda5d0f2f49da&qb_offer_id=633c4894cb520dd4dd2ac578&qb_flow_id=633c4894cb520dd4dd2ac578&qb_vendor_id=57e91f224ab5a70100f3e746&qb_country=NL&ql_session_id=Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX&aff_offer_id=1&sc_url=http%3A%2F%2Fkwebbels.howtosave.cash%2Fv1%2F&sc_campaign_path=%2Fv1%2F&sc_campaign_domain=http%3A%2F%2Fkwebbels.howtosave.cash&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fv1%2F&stp=1&feed_type=initial
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/60a79febab6dda5d0f2f49da/feed?sc_domain=kwebbels.howtosave.cash&cl_ip=91.90.42.154&qb_placement_id=60a79febab6dda5d0f2f49da&qb_offer_id=633c4894cb520dd4dd2ac578&qb_flow_id=633c4894cb520dd4dd2ac578&qb_vendor_id=57e91f224ab5a70100f3e746&qb_country=NL&ql_session_id=Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX&aff_offer_id=1&sc_url=http%3A%2F%2Fkwebbels.howtosave.cash%2Fv1%2F&sc_campaign_path=%2Fv1%2F&sc_campaign_domain=http%3A%2F%2Fkwebbels.howtosave.cash&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fv1%2F&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a78b06ca527ce7542b24b349e0485d8b
6f5e5126c1c9d40c9ba09d58e1755d2ca39d02ab
bc7dc156ab8b2b33422fff0922e219246eb1d12469d10ac8007416fed41ac473
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:09:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
216.58.207.228200 OK 584 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
IP 216.58.207.228:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 3d8594fc3ac5bc6f770065bbfce89b46
821e839f6743b9ce29764ecf214b95f8a07386e0
a05f718912165f5a3c41ef80639a008b06e13752f6e19a8ac1d2a8f86ad02046
GET /recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu- HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 05 Feb 2023 07:09:31 GMT
date: Sun, 05 Feb 2023 07:09:31 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.formulead.com/p/60a79febab6dda5d0f2f49da/feed?sc_domain=kwebbels.howtosave.cash&cl_ip=91.90.42.154&qb_placement_id=60a79febab6dda5d0f2f49da&qb_offer_id=633c4894cb520dd4dd2ac578&qb_flow_id=633c4894cb520dd4dd2ac578&qb_vendor_id=57e91f224ab5a70100f3e746&qb_country=NL&ql_session_id=Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX&aff_offer_id=1&sc_url=http%3A%2F%2Fkwebbels.howtosave.cash%2Fv1%2F&sc_campaign_path=%2Fv1%2F&sc_campaign_domain=http%3A%2F%2Fkwebbels.howtosave.cash&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fv1%2F&stp=1&feed_type=initial
34.78.252.25200 OK 3.8 kB URL HTTP/1.1 cdn.formulead.com/p/60a79febab6dda5d0f2f49da/feed?sc_domain=kwebbels.howtosave.cash&cl_ip=91.90.42.154&qb_placement_id=60a79febab6dda5d0f2f49da&qb_offer_id=633c4894cb520dd4dd2ac578&qb_flow_id=633c4894cb520dd4dd2ac578&qb_vendor_id=57e91f224ab5a70100f3e746&qb_country=NL&ql_session_id=Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX&aff_offer_id=1&sc_url=http%3A%2F%2Fkwebbels.howtosave.cash%2Fv1%2F&sc_campaign_path=%2Fv1%2F&sc_campaign_domain=http%3A%2F%2Fkwebbels.howtosave.cash&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fv1%2F&stp=1&feed_type=initial
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (13205), with no line terminators
Hash cda87826a05a15fa9a73a922f978d44e
73044c0da99e7af3ef852afd32878674de8d4afe
c9688a3992ff37b306207dcaaf4e05ff17f31b727889a8debc75e8b89820e317
GET /p/60a79febab6dda5d0f2f49da/feed?sc_domain=kwebbels.howtosave.cash&cl_ip=91.90.42.154&qb_placement_id=60a79febab6dda5d0f2f49da&qb_offer_id=633c4894cb520dd4dd2ac578&qb_flow_id=633c4894cb520dd4dd2ac578&qb_vendor_id=57e91f224ab5a70100f3e746&qb_country=NL&ql_session_id=Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX&aff_offer_id=1&sc_url=http%3A%2F%2Fkwebbels.howtosave.cash%2Fv1%2F&sc_campaign_path=%2Fv1%2F&sc_campaign_domain=http%3A%2F%2Fkwebbels.howtosave.cash&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fv1%2F&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX.hYJfwilVq3267RkwspqRflMIclKrRwDbSvbQIJrVfnA
X-Request-Id: ec6d0a7715bac977d46c0c93
X-iivmxswc: b2bdbbb35a28dbb5158e50f8302bda46f953dbd40b9365b838829c5e377defe6
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Cookie: plc=60a79febab6dda5d0f2f49da
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:31 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Set-Cookie: stp=1; Path=/; Expires=Tue, 04 Feb 2025 07:09:31 GMT; Secure; SameSite=None
ck_tsp=2023-02-05T07%3A09%3A31.086Z; Path=/; Expires=Tue, 04 Feb 2025 07:09:31 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Tue, 04 Feb 2025 07:09:31 GMT; Secure; SameSite=None
ETag: W/"3461-IHLG3RM6NG1jD+cRV4fC03kn2dM"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:09:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: ec6d0a7715bac977d46c0c93
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Cookie: plc=60a79febab6dda5d0f2f49da
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
set-cookie: qst.sid=s%3A3-uA869M5QpS73_CArlwsTyVHY0aBbfY.StH6eFPCykNSdclZVwynAy%2F6H8BhIp9EB4TnIxx0PJs; Path=/; HttpOnly
Vary: Accept-Encoding
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=0711a5d108
172.64.169.22200 OK 4.7 kB URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=0711a5d108
IP 172.64.169.22:0
File type ASCII text, with very long lines (26500)
Hash 6540c97de7c5ed5649a804572cbfafb9
c45708b3318a1a977b87b3d314aa805cd5e3dbe3
66e64be9a88d2b947d5de7199b82973e6f65eaaa91d21e73c6e339b999d44474
GET /releases/v5.15.4/css/free-v4-shims.min.css?token=0711a5d108 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 07:09:30 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f2d96237236476e7356cfe5344feb776.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P8
x-amz-cf-id: FR7KpkF6OoM7ihSm39roRl2oOakmzLwN0As6RZwv67RrEfNjK9nMLQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bftr6njP85xQXQqaa2odw4eSU3k50J6EE%2BAO8KofLiw%2BV0EgCc579rVV8%2FMg8lO64Zfd58lLnrzNYLWjZmViZVG7bYH%2Bcruf52P1oL2i9TzZtG0Ao75SNKEvuatLLIUaff38qrS8qA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7949d227be0d7519-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
216.58.211.3200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (633)
Size 164 kB (163841 bytes)
Hash fe98364486b3206867b17008f995646f
35a5e9aa210970f7abd718d99e629c6982a3cc02
1fd703cb16e3f6f3f7192109d19c69d6e5ac1cfa0feb5b105a86564b7970d28a
GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163841
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 08:53:11 GMT
expires: Wed, 31 Jan 2024 08:53:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
age: 425780
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:09:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/p/60a79febab6dda5d0f2f49da/feed?stp=1&feed_type=full
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/60a79febab6dda5d0f2f49da/feed?stp=1&feed_type=full
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/60a79febab6dda5d0f2f49da/feed?stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:32 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3456
Expires: Sun, 05 Feb 2023 08:07:08 GMT
Date: Sun, 05 Feb 2023 07:09:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3456
Expires: Sun, 05 Feb 2023 08:07:08 GMT
Date: Sun, 05 Feb 2023 07:09:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3456
Expires: Sun, 05 Feb 2023 08:07:08 GMT
Date: Sun, 05 Feb 2023 07:09:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3456
Expires: Sun, 05 Feb 2023 08:07:08 GMT
Date: Sun, 05 Feb 2023 07:09:32 GMT
Connection: keep-alive
cdn.quiztionnaire.uk/fonts/myriad-pro/MyriadPro-Regular.woff
172.67.172.133200 OK 52 kB URL HTTP/2 cdn.quiztionnaire.uk/fonts/myriad-pro/MyriadPro-Regular.woff
IP 172.67.172.133:0
File type Web Open Font Format, CFF, length 51572, version 0.0\012- data
Hash 6a324f29ef3efabd2176f8b697ad71ed
dd696f0c713eb491c6e16bec9fda63f3f23999ba
6d64c461708b8f11e06451c96779d22fc2b8de582214c77493ecc57c32ede06e
GET /fonts/myriad-pro/MyriadPro-Regular.woff HTTP/1.1
Host: cdn.quiztionnaire.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 07:09:32 GMT
content-type: application/font-woff
content-length: 51572
last-modified: Sat, 04 Feb 2023 11:40:40 GMT
etag: "63de4438-c974"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZrBN0FemGE0mYlOtb2N6FMhgqpx%2BCrW0OxrGUx7pnGQsSdaCIZWPlc%2BTNUdTbHfj4zGp77xzPM%2Bl9ZWsLNn%2BBq7BjqA03G1VyamboBYrtMaLXqnJa68IPTDhUtmSPPA4CA0X16cnYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7949d23308111c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: ec6d0a7715bac977d46c0c93
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Cookie: plc=60a79febab6dda5d0f2f49da; stp=1; ck_tsp=2023-02-05T07%3A09%3A31.086Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
set-cookie: qst.sid=s%3AyRZHpVK2YVakgKNtMmXYbBvEJWQr6YRC.BXd8g5FJ%2BVwRrMAwXoIjiivyd2GU7UOPj%2F6UyOXZwHc; Path=/; HttpOnly
Vary: Accept-Encoding
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e0c38abfcd86f8074d4182d49fc354f
1367bebb73fa652695242100b26c394f1bfe4457
e42d110060133ac05e6cdfafa6473c55473220fdc7eaf03e3a89f58aa3603670
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11056
x-amzn-requestid: 4acc3364-4a33-4934-bdcb-41284d952113
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFrwEW4IAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8317-33872f461a2faab552322837;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XhPm-ZDoEjlgeiXUwMRQZ5pOMs4qJzXagWZg302DcrYpUm5X7O8ZZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:46:47 GMT
age: 33765
etag: "1367bebb73fa652695242100b26c394f1bfe4457"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jIvBQjGh9JzWQM0YpEYiqP5CcBrkwqLVjAYhMWJ1P1H0MRkm7kpnpg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:12:06 GMT
age: 32246
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1092c4dd4d9ca4d09462ae46e1dd7c1
17444ff60be1afbc40d3653fa936f9eaf9478068
ea8362c7249080b34288ee675f70333607fc3be37e716fdcf63e4901849def9f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7288
x-amzn-requestid: 1aa297f5-2f9a-45be-b823-1eb4d5887769
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WrwH-iIAMFyhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded17e-2b630b4a302b8ae118883b71;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:43:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z2oKgp1keqEkvN6jjsUepMbrxD4JCXKAOHrMNJHcuXN0CpulUh5GLA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:39 GMT
etag: "17444ff60be1afbc40d3653fa936f9eaf9478068"
content-type: image/jpeg
age: 33953
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 13:05:46 GMT
age: 65026
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 14:53:45 GMT
age: 58547
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94063a59-0665-4d1d-89f4-785b4ab501d8.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94063a59-0665-4d1d-89f4-785b4ab501d8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bee08788da5b88dde69aeb1d4de005c9
537c7a19a9395a60452b6b0b3ae08d47f4705181
02365d88ae9ff3ace3f29509df0e436ab0838d44714ef0f25dea463d665f794a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94063a59-0665-4d1d-89f4-785b4ab501d8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6486
x-amzn-requestid: 544d13b9-8d45-4029-88e0-280f27cc0fa3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi4-SHN1IAMFSkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76ec1-3f1ee84f53fe45cc01439a28;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TtyPO9j12ZpU3XdElRgCrqB4XNERrppavwJZJn5As8mqjjDLyZBmsw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:39 GMT
age: 33953
etag: "537c7a19a9395a60452b6b0b3ae08d47f4705181"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 21:48:03 GMT
expires: Fri, 02 Feb 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 206489
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 16:40:43 GMT
expires: Fri, 02 Feb 2024 16:40:43 GMT
cache-control: public, max-age=31536000
age: 224929
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.formulead.com/t/page
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:32 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/recaptcha3?token=03AFY_a8Usc8N5lo3l0aE59oJ1pDdHfrW27ygbGh4loA6PkQd0TE_Acit0XP-NxyXfF2NVmEsE_xN2kVjglxAYSS3JufEmpsNy8UP3nEO-lEqsEXJD7XfvFXMaIOlmgDqPmX1VdtpD-P7MpdHEMq8reuO2_nYpsEQDszGxVVVva7zjoVvCD19Nv4ZR4QM2t48E6iWgYHUe5Zgo8uMb4kN903v8-28d84dwbs8-DA4pezQH7RcprXXTsgvDg-dAJXEPU81mvds2giYj_boOi1TmYK8cH2GRsWZny5y0WaVhgBQSGAOPS9IY1BkG08AwgiuxF_LTX-5hdeJFYnADmtLNdsoFf2PY6AJ0J56PAxabYIpaGHAyrmLQ-lZjQvoW_26x1mUi-mhoKoCtDSbpvyWvtLjwJPISW-2pyk0b2sQOih0C-_ZVhA68gTFnBojxfYl-GqRM6iTGv0eqd23Xiyg0CSyt4o7or-gH-SlP-PV_iAJaZy0T2g-9yM15By6jl_aC8gjFRw6Qa7IcSkBAVHAK8WuCV4gUW9I59A&step=1
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/recaptcha3?token=03AFY_a8Usc8N5lo3l0aE59oJ1pDdHfrW27ygbGh4loA6PkQd0TE_Acit0XP-NxyXfF2NVmEsE_xN2kVjglxAYSS3JufEmpsNy8UP3nEO-lEqsEXJD7XfvFXMaIOlmgDqPmX1VdtpD-P7MpdHEMq8reuO2_nYpsEQDszGxVVVva7zjoVvCD19Nv4ZR4QM2t48E6iWgYHUe5Zgo8uMb4kN903v8-28d84dwbs8-DA4pezQH7RcprXXTsgvDg-dAJXEPU81mvds2giYj_boOi1TmYK8cH2GRsWZny5y0WaVhgBQSGAOPS9IY1BkG08AwgiuxF_LTX-5hdeJFYnADmtLNdsoFf2PY6AJ0J56PAxabYIpaGHAyrmLQ-lZjQvoW_26x1mUi-mhoKoCtDSbpvyWvtLjwJPISW-2pyk0b2sQOih0C-_ZVhA68gTFnBojxfYl-GqRM6iTGv0eqd23Xiyg0CSyt4o7or-gH-SlP-PV_iAJaZy0T2g-9yM15By6jl_aC8gjFRw6Qa7IcSkBAVHAK8WuCV4gUW9I59A&step=1
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/recaptcha3?token=03AFY_a8Usc8N5lo3l0aE59oJ1pDdHfrW27ygbGh4loA6PkQd0TE_Acit0XP-NxyXfF2NVmEsE_xN2kVjglxAYSS3JufEmpsNy8UP3nEO-lEqsEXJD7XfvFXMaIOlmgDqPmX1VdtpD-P7MpdHEMq8reuO2_nYpsEQDszGxVVVva7zjoVvCD19Nv4ZR4QM2t48E6iWgYHUe5Zgo8uMb4kN903v8-28d84dwbs8-DA4pezQH7RcprXXTsgvDg-dAJXEPU81mvds2giYj_boOi1TmYK8cH2GRsWZny5y0WaVhgBQSGAOPS9IY1BkG08AwgiuxF_LTX-5hdeJFYnADmtLNdsoFf2PY6AJ0J56PAxabYIpaGHAyrmLQ-lZjQvoW_26x1mUi-mhoKoCtDSbpvyWvtLjwJPISW-2pyk0b2sQOih0C-_ZVhA68gTFnBojxfYl-GqRM6iTGv0eqd23Xiyg0CSyt4o7or-gH-SlP-PV_iAJaZy0T2g-9yM15By6jl_aC8gjFRw6Qa7IcSkBAVHAK8WuCV4gUW9I59A&step=1 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:32 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/recaptcha3?token=03AFY_a8Usc8N5lo3l0aE59oJ1pDdHfrW27ygbGh4loA6PkQd0TE_Acit0XP-NxyXfF2NVmEsE_xN2kVjglxAYSS3JufEmpsNy8UP3nEO-lEqsEXJD7XfvFXMaIOlmgDqPmX1VdtpD-P7MpdHEMq8reuO2_nYpsEQDszGxVVVva7zjoVvCD19Nv4ZR4QM2t48E6iWgYHUe5Zgo8uMb4kN903v8-28d84dwbs8-DA4pezQH7RcprXXTsgvDg-dAJXEPU81mvds2giYj_boOi1TmYK8cH2GRsWZny5y0WaVhgBQSGAOPS9IY1BkG08AwgiuxF_LTX-5hdeJFYnADmtLNdsoFf2PY6AJ0J56PAxabYIpaGHAyrmLQ-lZjQvoW_26x1mUi-mhoKoCtDSbpvyWvtLjwJPISW-2pyk0b2sQOih0C-_ZVhA68gTFnBojxfYl-GqRM6iTGv0eqd23Xiyg0CSyt4o7or-gH-SlP-PV_iAJaZy0T2g-9yM15By6jl_aC8gjFRw6Qa7IcSkBAVHAK8WuCV4gUW9I59A&step=1
34.78.252.25200 OK 170 B URL HTTP/1.1 cdn.formulead.com/v/recaptcha3?token=03AFY_a8Usc8N5lo3l0aE59oJ1pDdHfrW27ygbGh4loA6PkQd0TE_Acit0XP-NxyXfF2NVmEsE_xN2kVjglxAYSS3JufEmpsNy8UP3nEO-lEqsEXJD7XfvFXMaIOlmgDqPmX1VdtpD-P7MpdHEMq8reuO2_nYpsEQDszGxVVVva7zjoVvCD19Nv4ZR4QM2t48E6iWgYHUe5Zgo8uMb4kN903v8-28d84dwbs8-DA4pezQH7RcprXXTsgvDg-dAJXEPU81mvds2giYj_boOi1TmYK8cH2GRsWZny5y0WaVhgBQSGAOPS9IY1BkG08AwgiuxF_LTX-5hdeJFYnADmtLNdsoFf2PY6AJ0J56PAxabYIpaGHAyrmLQ-lZjQvoW_26x1mUi-mhoKoCtDSbpvyWvtLjwJPISW-2pyk0b2sQOih0C-_ZVhA68gTFnBojxfYl-GqRM6iTGv0eqd23Xiyg0CSyt4o7or-gH-SlP-PV_iAJaZy0T2g-9yM15By6jl_aC8gjFRw6Qa7IcSkBAVHAK8WuCV4gUW9I59A&step=1
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e7d80c8689b52b0f128ac739e5e51b0b
cede12e6bc3eb0a4dea08ff0d8550dc9933c12c8
f88146970ba95ebb8e7e1c3890cbbeb6209f696ed9c9f9922278facc956bff9b
GET /v/recaptcha3?token=03AFY_a8Usc8N5lo3l0aE59oJ1pDdHfrW27ygbGh4loA6PkQd0TE_Acit0XP-NxyXfF2NVmEsE_xN2kVjglxAYSS3JufEmpsNy8UP3nEO-lEqsEXJD7XfvFXMaIOlmgDqPmX1VdtpD-P7MpdHEMq8reuO2_nYpsEQDszGxVVVva7zjoVvCD19Nv4ZR4QM2t48E6iWgYHUe5Zgo8uMb4kN903v8-28d84dwbs8-DA4pezQH7RcprXXTsgvDg-dAJXEPU81mvds2giYj_boOi1TmYK8cH2GRsWZny5y0WaVhgBQSGAOPS9IY1BkG08AwgiuxF_LTX-5hdeJFYnADmtLNdsoFf2PY6AJ0J56PAxabYIpaGHAyrmLQ-lZjQvoW_26x1mUi-mhoKoCtDSbpvyWvtLjwJPISW-2pyk0b2sQOih0C-_ZVhA68gTFnBojxfYl-GqRM6iTGv0eqd23Xiyg0CSyt4o7or-gH-SlP-PV_iAJaZy0T2g-9yM15By6jl_aC8gjFRw6Qa7IcSkBAVHAK8WuCV4gUW9I59A&step=1 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: ec6d0a7715bac977d46c0c93
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Cookie: plc=60a79febab6dda5d0f2f49da; stp=1; ck_tsp=2023-02-05T07%3A09%3A31.086Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 170
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"aa-zt4S5rw+sKTeoI/w2FUNyZM8Esg"
set-cookie: qst.sid=s%3Avc2_QrFdKECYMpQQqkWJlBHlvBOy_gdf.pQBJzKQwYPtlvvuNOQxbRtPjjzNFLglNNUNAxriTbo4; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/t/vdt
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/vdt HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-ofvuinwk,x-session-id,x-zqhkygow
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:33 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/vdt
34.78.252.25200 OK 16 B IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/vdt HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX.hYJfwilVq3267RkwspqRflMIclKrRwDbSvbQIJrVfnA
Content-Type: application/json
x-zqhkygow: aea095746b412c304b1e8a6705197b520a6c7e7252cffb4fdf171bc20ff2b2b5
x-ofvuinwk: df3b3364733604265dffcdbbf575bc4b641872235c4cb1bb30de3fb4a0ba0ac3
Content-Length: 1855
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:33 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
cdn.formulead.com/p/60a79febab6dda5d0f2f49da/feed?stp=1&feed_type=full
34.78.252.25200 OK 4.7 kB URL HTTP/1.1 cdn.formulead.com/p/60a79febab6dda5d0f2f49da/feed?stp=1&feed_type=full
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (15921), with no line terminators
Hash b6f8e5d5d78791f33a6ac60a47ace6e8
4aad430e4cf93d0b10313d6e3fd267b95754fc9c
b696f09320e8e34780d04c3b2ac2cbd8518d5a1f7105334ba4a493511ee5c9c5
GET /p/60a79febab6dda5d0f2f49da/feed?stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX.hYJfwilVq3267RkwspqRflMIclKrRwDbSvbQIJrVfnA
X-Request-Id: ec6d0a7715bac977d46c0c93
X-iivmxswc: b2bdbbb35a28dbb5158e50f8302bda46f953dbd40b9365b838829c5e377defe6
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Cookie: plc=60a79febab6dda5d0f2f49da; stp=1; ck_tsp=2023-02-05T07%3A09%3A31.086Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:33 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"3efd-01hqfbGoqwR+AnYqTJ+BKOi3Cl4"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/t/page
34.78.252.25200 OK 16 B IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:Z1TZ_7wgCOwmnznVWhwhrf_BFytwcUnX.hYJfwilVq3267RkwspqRflMIclKrRwDbSvbQIJrVfnA
Content-Type: application/json
Content-Length: 105
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://kwebbels.howtosave.cash
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
st.formulead.com/assets/img/spinner/puff.svg
54.230.111.9200 OK 0 B URL HTTP/2 st.formulead.com/assets/img/spinner/puff.svg
IP 54.230.111.9:0
GET /assets/img/spinner/puff.svg HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
server: nginx/1.19.0
last-modified: Thu, 26 Jan 2023 09:06:13 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 04 Feb 2023 09:20:32 GMT
etag: W/"63d24285-5b4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kWNBpvnPtRkvVsh3y6eAO6KcxLNULhzFNoSPuL_F_Y68N5mf0WxZvA==
age: 78538
X-Firefox-Spdy: h2
st.formulead.com/assets/js/dl_modified.js
54.230.111.9200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/dl_modified.js
IP 54.230.111.9:0
GET /assets/js/dl_modified.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Thu, 26 Jan 2023 09:06:13 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Sun, 05 Feb 2023 07:09:31 GMT
etag: W/"63d24285-132f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qt71KDRhbvRv4k_G81N8hWsiSnvjmHuKvrl9X5IaGdhdeW1YdI7HSw==
age: 1353
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=0711a5d108
172.64.169.22200 OK 0 B URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=0711a5d108
IP 172.64.169.22:0
GET /releases/v5.15.4/css/free.min.css?token=0711a5d108 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 07:09:30 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c23bc76444fad08250d9cd740d061b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P8
x-amz-cf-id: si2W5OQYc17QGVyvkNzJ5ZjC8eRl2br6fddWJuJkvmdMSDUT-CeWyQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ufrBziSFh%2FNG7wFDo8eKQMRD2GIvfC1suT21Q5Yb6DXSyKA4V4m1HCKh%2BSB0T4wOb%2BPLPgpks7U33z9EDQDzTmzMjYR289zQrWgglch2lrTao5yjT7lvi4fNeoTT8AeXNULEUsDmRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7949d227be0c7519-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
st.formulead.com/assets/js/helpers.js
54.230.111.9200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/helpers.js
IP 54.230.111.9:0
GET /assets/js/helpers.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Thu, 26 Jan 2023 09:06:13 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 04 Feb 2023 08:54:54 GMT
etag: W/"63d24285-12044"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mJQrwB1qTZJtg959B3VWFVPQMv-Z5tqponVpT553f9yuLClHtXqiSw==
age: 80076
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=0711a5d108
172.64.169.22200 OK 0 B URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=0711a5d108
IP 172.64.169.22:0
GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=0711a5d108 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kwebbels.howtosave.cash/
Origin: http://kwebbels.howtosave.cash
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 07:09:30 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 368bc8b1f5073a6f7cdb40029e9a5a88.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P8
x-amz-cf-id: wkxR7AR_C85mGuyXNnnvJv2ox3WFjdHsF7sN1f2XzqBk61qxYlAR2w==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HBDRy3LQUZIb7v7Xo6J43%2FTuuGWU3mIltC%2BMOTmCGjLX0RjZkM3RUbSH%2B9ftxR6WtZaYGahkBK9IlYRI7CTiiEWM%2FPMXbLu2VeX6meL%2BRv2JqGbIR7UpFT1eB4whsWWd3nX9M%2FKcUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7949d227be0e7519-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
st.formulead.com/assets/js/bioep.min.js
54.230.111.9200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/bioep.min.js
IP 54.230.111.9:0
GET /assets/js/bioep.min.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Thu, 26 Jan 2023 09:06:13 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 04 Feb 2023 09:23:20 GMT
etag: W/"63d24285-14c4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ALHOilvo6fyCBXpmcIJhxX-XcxuRWLF_INKekKPlyA1uibKtiOTrpg==
age: 78370
X-Firefox-Spdy: h2
www.kwebbelskinderboeken.nl/wp-content/uploads/2019/11/Naamloos-2-min.png
45.153.84.106200 OK 0 B URL HTTP/2 www.kwebbelskinderboeken.nl/wp-content/uploads/2019/11/Naamloos-2-min.png
IP 45.153.84.106:0
GET /wp-content/uploads/2019/11/Naamloos-2-min.png HTTP/1.1
Host: www.kwebbelskinderboeken.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 10 Nov 2020 12:39:08 GMT
etag: "5bc9e-5b3bff7055300"
accept-ranges: bytes
content-length: 375966
content-type: image/png
date: Sun, 05 Feb 2023 07:09:19 GMT
server: Apache/2
X-Firefox-Spdy: h2
kwebbels.howtosave.cash/v1/images/background.jpg
54.230.111.71200 OK 0 B URL HTTP/1.1 kwebbels.howtosave.cash/v1/images/background.jpg
IP 54.230.111.71:0
GET /v1/images/background.jpg HTTP/1.1
Host: kwebbels.howtosave.cash
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kwebbels.howtosave.cash/v1/css/campaign.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 169752
Connection: keep-alive
Server: nginx/1.19.0
Date: Sun, 05 Feb 2023 07:09:30 GMT
Last-Modified: Sat, 04 Feb 2023 11:39:59 GMT
ETag: "63de440f-29718"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U3uLYXc0xpqvdVoM8xPvpi56Sah0ByhCzEB1W1EzqNN8AkwOJff9lQ==