firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 15:43:04 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QB3iYvdcg9DS4s284l-rdKIa7lzMuezHVt8IOgitk21kc_WB-y0acg==
Age: 1244
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5537
Expires: Sat, 03 Sep 2022 17:36:05 GMT
Date: Sat, 03 Sep 2022 16:03:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ya3WYdAbqCRkS6WTv_ZrFzbNfe8vG4Oo66FxImfSOMRqVVsQXVxyCQ==
age: 53311
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 16:03:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 03 Sep 2022 15:38:16 GMT
Expires: Sat, 03 Sep 2022 16:38:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vEpXDL-A_mh1kKg7DhTab2nrXelieBKVzX-_2YgEn-e4F4vL46lLlg==
Age: 1533
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fc12f0a98aa28ccb56e0b56d7e40ded
f7efcfb8b4f4aa40268bada3fec380820a70ee35
a34aa9b7db949a583c3f1b4d87fed415a11d119c9615b5e710c3125173f8a277
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5876
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:49 GMT
Last-Modified: Sat, 03 Sep 2022 14:25:53 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
shipit.reddragon.bond/favicon.ico
184.154.10.250200 OK 1.2 kB URL HTTP/2 shipit.reddragon.bond/favicon.ico
IP 184.154.10.250:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: shipit.reddragon.bond
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shipit.reddragon.bond/?utm_term=7139184954000277617&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52
Cookie: u=0cf0dfe5e6286f0264e7ae5807fb6972
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 16:03:49 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Sun, 04 Sep 2022 16:03:49 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
accept-ranges: bytes
X-Firefox-Spdy: h2
shipit.reddragon.bond/sw.js?v=1662221026618
184.154.10.250200 OK 776 B URL HTTP/2 shipit.reddragon.bond/sw.js?v=1662221026618
IP 184.154.10.250:0
Hash aa6261f6bcdea58ca6703b3109bd5eb6
788cbd4d7de687a942a7d0797e2119de29192e88
ab99cce1d646bd4caaca1f3d9af1f9e80a8a607031bde78f31b64c30d65cc8cd
Analyzer Verdict Alert fortinet Phishing
GET /sw.js?v=1662221026618 HTTP/1.1
Host: shipit.reddragon.bond
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=0cf0dfe5e6286f0264e7ae5807fb6972
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 16:03:49 GMT
content-type: application/javascript
content-length: 776
last-modified: Wed, 13 Jul 2022 18:17:53 GMT
vary: Accept-Encoding
etag: "62cf0c51-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.240.140.78101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.140.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZqV4AAmyG4BWBEo4pkqo3w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TZu2FifK99sn4+/qRsrYPd7D+bk=
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
51.68.81.31200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
IP 51.68.81.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3757)
Hash 345e9d263c60dbeed8d14a446d086a7d
04441f2a023d9cd2ab14aeceecfc96d393316d25
8e8a55b561194287baeb746b743b5a7a695a1d4068d35f0c217504893023d256
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shipit.reddragon.bond/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=1eb3ced293ee15deb03f8683bed4c596&eyer=0.7620245246963732&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=shipit.reddragon.bond
51.68.81.31302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=1eb3ced293ee15deb03f8683bed4c596&eyer=0.7620245246963732&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=shipit.reddragon.bond
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=1eb3ced293ee15deb03f8683bed4c596&eyer=0.7620245246963732&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=shipit.reddragon.bond HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Sat, 03 Sep 2022 16:03:49 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.7620245246963732&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=shipit.reddragon.bond
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.7620245246963732&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=shipit.reddragon.bond
51.68.81.31302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.7620245246963732&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=shipit.reddragon.bond
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.7620245246963732&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=shipit.reddragon.bond HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Sat, 03 Sep 2022 16:03:49 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000a1ddf1056199ab91877567963f6a72810903-202209-flb*5467509-4538f*M7139184954000277617*sl_5467509-4538f*67b6376e7e998ad5ba601cc92ed71fcd0648f6a7*1636-6f97946z*1636
www.wewillserv.com/favicon.ico
51.68.81.31204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Sat, 03 Sep 2022 16:03:50 GMT
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 622a5c5a64b9c055d895bde78b3625af
5d50252af4c7367d43bd08204ec82d2c6438d9e1
5e05b754fc57305ca2477800c40f97e8fcdc2edbccd009acb84129b26b1d77b1
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 03 Sep 2022 16:03:50 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 02 Sep 2022 23:22:08 GMT
Expires: Sat, 03 Sep 2022 23:22:08 GMT
ETag: "5d50252af4c7367d43bd08204ec82d2c6438d9e1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000a1ddf1056199ab91877567963f6a72810903-202209-flb*5467509-4538f*M7139184954000277617*sl_5467509-4538f*67b6376e7e998ad5ba601cc92ed71fcd0648f6a7*1636-6f97946z*1636
34.90.46.36302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000a1ddf1056199ab91877567963f6a72810903-202209-flb*5467509-4538f*M7139184954000277617*sl_5467509-4538f*67b6376e7e998ad5ba601cc92ed71fcd0648f6a7*1636-6f97946z*1636
IP 34.90.46.36:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000a1ddf1056199ab91877567963f6a72810903-202209-flb*5467509-4538f*M7139184954000277617*sl_5467509-4538f*67b6376e7e998ad5ba601cc92ed71fcd0648f6a7*1636-6f97946z*1636 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 16:03:50 GMT
content-length: 0
location: https://www.jukminung.com/rc/a91581ead4?affclick=63137ae6af91a70001157c07&pubid=503
set-cookie: afclick=63137ae6af91a70001157c07; expires=Sun, 03 Sep 2023 16:03:50 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fbf58e151499163b409825b75292117d
c0f850244aed9983d411e7596dc5ffd6bba3bb23
fd9018db7938c545590cbadfdd1aa769f33a54414e5942c9c25f16dedbf4cfe3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FD9018DB7938C545590CBADFDD1AA769F33A54414E5942C9C25F16DEDBF4CFE3"
Last-Modified: Thu, 01 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4715
Expires: Sat, 03 Sep 2022 17:22:25 GMT
Date: Sat, 03 Sep 2022 16:03:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fbf58e151499163b409825b75292117d
c0f850244aed9983d411e7596dc5ffd6bba3bb23
fd9018db7938c545590cbadfdd1aa769f33a54414e5942c9c25f16dedbf4cfe3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FD9018DB7938C545590CBADFDD1AA769F33A54414E5942C9C25F16DEDBF4CFE3"
Last-Modified: Thu, 01 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4715
Expires: Sat, 03 Sep 2022 17:22:25 GMT
Date: Sat, 03 Sep 2022 16:03:50 GMT
Connection: keep-alive
shipit.reddragon.bond/sw.js?v=1662221026618
184.154.10.250304 Not Modified 0 B URL HTTP/2 shipit.reddragon.bond/sw.js?v=1662221026618
IP 184.154.10.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /sw.js?v=1662221026618 HTTP/1.1
Host: shipit.reddragon.bond
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=0cf0dfe5e6286f0264e7ae5807fb6972
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 13 Jul 2022 18:17:53 GMT
If-None-Match: "62cf0c51-308"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Sat, 03 Sep 2022 16:03:50 GMT
last-modified: Wed, 13 Jul 2022 18:17:53 GMT
vary: Accept-Encoding
etag: "62cf0c51-308"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10369
Expires: Sat, 03 Sep 2022 18:56:39 GMT
Date: Sat, 03 Sep 2022 16:03:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10369
Expires: Sat, 03 Sep 2022 18:56:39 GMT
Date: Sat, 03 Sep 2022 16:03:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10369
Expires: Sat, 03 Sep 2022 18:56:39 GMT
Date: Sat, 03 Sep 2022 16:03:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf445006-1014-4737-ad3b-0047d0183dd8.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf445006-1014-4737-ad3b-0047d0183dd8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0bde418da52c5b733e4edeb10173974e
75555a00ea68f94d83233ca3dcb7ffa60ba9da5d
67bb1775a03b6b17b05181738c8196a9ed8087dc75927e649c28c084f31c0160
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf445006-1014-4737-ad3b-0047d0183dd8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8614
x-amzn-requestid: a941656b-92dd-4948-a24e-1437469def78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2emWFBMIAMFq4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631277c2-5336706371034d98547bafbd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2v3yN2UAH_DeMis8_-Br4uvD4SK-sluX1aFEM391ZhV4_G2lloBHQg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:44 GMT
age: 65646
etag: "75555a00ea68f94d83233ca3dcb7ffa60ba9da5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d78cbff83c152b84864606781a29563d
8bdbc6e135be6e582d0e23754399422e3792777b
3c385de9ade05e1652ccc386e73aaccc4c223a07b81af4c5fdf3f73a166909f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14061
x-amzn-requestid: db7b338c-4fb1-46c0-827a-87e43ceacb90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjB_aFGyoAMFbeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ab062-060509a31e21bd514f736d49;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 00:01:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p_pP4bQ_t2iBcAl5CetPTBaNmV8E_Br_0Mn5qIlGeC8JCmILxA_l6A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 10:54:15 GMT
age: 18575
etag: "8bdbc6e135be6e582d0e23754399422e3792777b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:54 GMT
age: 65636
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cb62c7c522b71c62a97630d8330ef5
950611314b81428b3d80ff8659272cc800cf48b6
3fd0bbf8a1fe8776136d611d6b99b909b71e6af3a13f8794338af2f0026b59ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7975
x-amzn-requestid: 5ed9a360-5a7f-427a-a750-bd8f25214909
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwpOBEpjIAMFzXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63102259-4b9d2f6e61cc186f78718168;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:09:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BU7CFrnTBhvyqoRVp1t-e_ZErBnJA9l4qGkmxOQd10W48IzyIFGFZw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:46:11 GMT
age: 44259
etag: "950611314b81428b3d80ff8659272cc800cf48b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: alcmiW5Cb3Z96RJNXfz4F54HNERbyV71Q8hqVuNEOTUc48kItzlfHQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:53 GMT
age: 65637
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V6_bFwCNNOb2sZgOQJ8NekZD0pbYwclTg17YlQjCIdKFKGuzfDR0nQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:42:03 GMT
age: 44507
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 74a84fb943c5fe5892e4871923812040
f0b32288ffb009d0e133d7e8a7f0f826ed5d41c4
49146fdbd52c98f920292094d9d242ec4d2e5ca8d36b659e74cee4679cab7008
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "49146FDBD52C98F920292094D9D242EC4D2E5CA8D36B659E74CEE4679CAB7008"
Last-Modified: Fri, 02 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9131
Expires: Sat, 03 Sep 2022 18:36:01 GMT
Date: Sat, 03 Sep 2022 16:03:50 GMT
Connection: keep-alive
intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pub22cbdd1412b94d4a84a40e259c795a0a&sub_id=8063a697
104.248.110.148302 Found 694 B URL HTTP/1.1 intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pub22cbdd1412b94d4a84a40e259c795a0a&sub_id=8063a697
IP 104.248.110.148:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3491ae59056b6762635ab68cbe76a89f
39eb47467df7ae7cfb46ba51187a13014ab53855
694e5f9e166f6fd801a1d8c777422b8079e403532ee3125f4da00a1356600542
GET /redirects?offer_id=13&affiliate_id=9&click_id=pub22cbdd1412b94d4a84a40e259c795a0a&sub_id=8063a697 HTTP/1.1
Host: intrap.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jukminung.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx/1.18.0 (Ubuntu)
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
date: Sat, 03 Sep 2022 16:03:51 GMT
location: https://mobs.thatconvertingoffer.com/rc/6a43da6ccf?affclick=affclick=70610f46d85878ae8c880e6752128771&pubid=
expires: Sat, 03 Sep 2022 16:03:51 GMT
transfer-encoding: chunked
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9c449d2e66b5c5d73d7417d7864466c2
a37ff7721aeba027a8d0f1f4458e859f3380f177
e7fdd4b8eeaa71ee3b1bf563601f06008a0b90854d46be5942833cac25de9ad5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "E7FDD4B8EEAA71EE3B1BF563601F06008A0B90854D46BE5942833CAC25DE9AD5"
Last-Modified: Thu, 01 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11140
Expires: Sat, 03 Sep 2022 19:09:31 GMT
Date: Sat, 03 Sep 2022 16:03:51 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9c449d2e66b5c5d73d7417d7864466c2
a37ff7721aeba027a8d0f1f4458e859f3380f177
e7fdd4b8eeaa71ee3b1bf563601f06008a0b90854d46be5942833cac25de9ad5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "E7FDD4B8EEAA71EE3B1BF563601F06008A0B90854D46BE5942833CAC25DE9AD5"
Last-Modified: Thu, 01 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11139
Expires: Sat, 03 Sep 2022 19:09:31 GMT
Date: Sat, 03 Sep 2022 16:03:52 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash add66f4e918a7a4ee2f87d7d16ab15a9
453ebcd0ac46e36b2005acdd18f2e40855cf33e4
702b90bd6227be34e4e07fab1ebb871c486da9b1ea73dcf50feafb456665bab5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 14:56:44 GMT
Expires: Thu, 08 Sep 2022 14:56:43 GMT
Etag: "453ebcd0ac46e36b2005acdd18f2e40855cf33e4"
Cache-Control: max-age=427370,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 744fb7cfca7d1bfe-OSL
cold.dailynox.com/625fcab5e79ecf00014334d4?pubid=60338f6279fcbe00012195b3&ref_id=20090321_2f_2_28c2_6b2392_22b6_160_63137ae8_5b5a2a9a_0_0_0_64_64_0_2_2_0_0&source=28c2::2aa40cd7
85.17.54.17302 Found 400 B URL HTTP/1.1 cold.dailynox.com/625fcab5e79ecf00014334d4?pubid=60338f6279fcbe00012195b3&ref_id=20090321_2f_2_28c2_6b2392_22b6_160_63137ae8_5b5a2a9a_0_0_0_64_64_0_2_2_0_0&source=28c2::2aa40cd7
IP 85.17.54.17:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document, ASCII text, with very long lines (398)
Hash da5ab66e6c104a204caa6259b4d41ac5
82a1aa889146dfd02f70f220e9ce05dda0e14c56
31a25ec4a1e21a0072d95420164e178d42921ef26c6c9a0c8f3151d67bc1031d
GET /625fcab5e79ecf00014334d4?pubid=60338f6279fcbe00012195b3&ref_id=20090321_2f_2_28c2_6b2392_22b6_160_63137ae8_5b5a2a9a_0_0_0_64_64_0_2_2_0_0&source=28c2::2aa40cd7 HTTP/1.1
Host: cold.dailynox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://99deals.cyou/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Sat, 03 Sep 2022 16:03:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 400
Connection: keep-alive
Location: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Set-Cookie: redhash=NjMxMzdhZTliZGE3YWUwMDAxZjM5YmExfDB8NjI1ZmNhYjVlNzllY2YwMDAxNDMzNGQ0fHxmNzEzMDJlOS0zNjQyLTRmNDYtODYxNi02YmFlMmFjNjBjMzJ8MTY2MjIyMTAzMw==; Path=/; Domain=cold.dailynox.com; Expires=Sun, 03 Sep 2023 16:03:53 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 082b810cc542824311ea7a66a5da765c
a2ed20c0fc7e54932fcce2b71ced35203523edb6
89e21d32391794f01666f3964a51f56cd337c4be1d318e53576a001f1e493052
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Sep 2022 10:18:10 GMT
Expires: Sat, 10 Sep 2022 10:18:09 GMT
Etag: "a2ed20c0fc7e54932fcce2b71ced35203523edb6"
Cache-Control: max-age=583455,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 744fb7d12c221bfe-OSL
pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
34.241.188.250200 OK 27 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
IP 34.241.188.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (743)
Hash e824ddbe3f2e507e8677dbad7718d826
6c15a8ea7ce6dffee79ca70ea8e38dd4c63ae899
9bc5da707b370a5dbb0807031f8018645067e184da2f69335dc6fb5f9942f455
GET /no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp= HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://99deals.cyou/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
X-Powered-By: PHP/7.2.34
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pointmultiply.com/no/887328/18/assets/bootstrap/css/bootstrap.min.css
34.241.188.250200 OK 161 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/bootstrap/css/bootstrap.min.css
IP 34.241.188.250:0
File type ASCII text, with very long lines (65326)
Size 161 kB (161364 bytes)
Hash 3b3bcd00c478e36affb10ade5ad7083e
b0a7f2136184bdf441d8f9d6d77a396847e35a57
355391583f29e8e4c3cbba984916f2ec70744cb6ea475b2591549229799121e1
GET /no/887328/18/assets/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:31 GMT
ETag: "27654-5dbd1530b6eb6"
Accept-Ranges: bytes
Content-Length: 161364
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pointmultiply.com/no/887328/18/assets/css/Features-Boxed.css
34.241.188.250200 OK 1.4 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/css/Features-Boxed.css
IP 34.241.188.250:0
Hash bca73cd8a0ba61c5b234e25f8d15dc60
a5be1b131e62a9369420bdf9bfa944f1a962a0ab
0adf29bc7f36349628fc07f09349bd0a7ed8ccf3cb10b98e5ec8d96618a47454
GET /no/887328/18/assets/css/Features-Boxed.css HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:01 GMT
ETag: "547-5dbd1513c28fd"
Accept-Ranges: bytes
Content-Length: 1351
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pointmultiply.com/no/887328/18/assets/css/Header-Blue.css
34.241.188.250200 OK 4.5 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/css/Header-Blue.css
IP 34.241.188.250:0
Hash 08e4586a051ce4259282ed835fb549cb
a5c4c4eb5f170743ec854de67713cf536dcde317
3da104d1e5c7a203fe3e4d882303b4a1c01fbbf97c3324cb94f9abb45f1778e4
GET /no/887328/18/assets/css/Header-Blue.css HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:00 GMT
ETag: "1165-5dbd1512e6d7b"
Accept-Ranges: bytes
Content-Length: 4453
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
pointmultiply.com/no/887328/18/assets/bootstrap/js/bootstrap.min.js
34.241.188.250200 OK 84 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/bootstrap/js/bootstrap.min.js
IP 34.241.188.250:0
File type ASCII text, with very long lines (65299)
Hash f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
GET /no/887328/18/assets/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:32 GMT
ETag: "1499a-5dbd1531d8378"
Accept-Ranges: bytes
Content-Length: 84378
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pointmultiply.com/no/887328/18/assets/css/Registration-Form-with-Photo.css
34.241.188.250200 OK 1.5 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/css/Registration-Form-with-Photo.css
IP 34.241.188.250:0
Hash 41db4b60b519edd1a4204aaef6e0ae82
c45a01c3e3d7f0523f035e8efebaec4e4c3c33b3
ca5b0e60d8aab8ce5ebf327a24bc5d209ac94d0c051614bc5893f3d0b958bf6f
GET /no/887328/18/assets/css/Registration-Form-with-Photo.css HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:01 GMT
ETag: "5e9-5dbd1513f2e67"
Accept-Ranges: bytes
Content-Length: 1513
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
pointmultiply.com/no/887328/18/assets/css/styles.css
34.241.188.250200 OK 1.3 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/css/styles.css
IP 34.241.188.250:0
Hash 1b73e06fd57a16be72bdcbe4db928111
8fa7e8ebba058e2e313ead4d60d9f75e082e35da
ad800a02b58f7f60a74021de5cb75c736a7d47d65196583e11d98351a27631d3
GET /no/887328/18/assets/css/styles.css HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:00 GMT
ETag: "541-5dbd1512c3717"
Accept-Ranges: bytes
Content-Length: 1345
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
pointmultiply.com/no/887328/18/assets/js/custom.js
34.241.188.250404 Not Found 230 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/js/custom.js
IP 34.241.188.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0ec48212c910931d5a105c1e97862c7a
54afa207b088ffa1215640625088afabeaf27d04
cc00039abc253ecb6a7dea90bb04779abb583666a36438d73636b5b09cac0665
GET /no/887328/18/assets/js/custom.js HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Content-Length: 230
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9665d92cfb2f9db5f7032ed692dff0e0
2ca6220de116f04429a7ce3f3c8f95cae61db137
5cc77ac9117df4aa52cc268287bf82f9dde172f1bcd7f640d3f0ef04a5ed07c5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-diamond-icn-3.png
34.241.188.250200 OK 418 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-diamond-icn-3.png
IP 34.241.188.250:0
File type PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Hash 8ce1c6cb0caa70e2ae674e7fb833d152
344dd3a3a28d67edf858a30df7dc44f596ccc57f
a9c1b89f57ac1df5479ccd84e9db50b75ba4d0b98c6a053653ef7129b774a71d
GET /no/887328/18/assets/img/t18-airpods-top-diamond-icn-3.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:21 GMT
ETag: "1a2-5dbd1527054f8"
Accept-Ranges: bytes
Content-Length: 418
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-lock-icn-2.png
34.241.188.250200 OK 310 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-lock-icn-2.png
IP 34.241.188.250:0
File type PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Hash 17d0fb6a014e12e0caf324d3e031e6ba
8c227ffd9b5c1dc27058bc001fd3a4baf438ec87
0d511befb8a50e0d1b5a5a24dd7c32e175714d00ac6118396d4e077dd65d9c56
GET /no/887328/18/assets/img/t18-airpods-top-lock-icn-2.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:14 GMT
ETag: "136-5dbd152075ad6"
Accept-Ranges: bytes
Content-Length: 310
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/js/jquery.min.js
34.241.188.250200 OK 90 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/js/jquery.min.js
IP 34.241.188.250:0
File type ASCII text, with very long lines (65451)
Hash 12b69d0ae6c6f0c42942ae6da2896e84
d2cc8d43ce1c854b1172e42b1209502ad563db83
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
GET /no/887328/18/assets/js/jquery.min.js HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:09 GMT
ETag: "15d83-5dbd151bf59d7"
Accept-Ranges: bytes
Content-Length: 89475
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 8d7b8ca109a9263755a0da42cebaf9ab
9083a6e166510da29d07ccf5efb8502bc01d0ed6
b1a02ac8cb1b611ce05ff6be7fb4363827be58ece690f9c89d5c4fff22f7fc7c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Sep 2022 05:06:13 GMT
Expires: Sat, 10 Sep 2022 05:06:12 GMT
Etag: "9083a6e166510da29d07ccf5efb8502bc01d0ed6"
Cache-Control: max-age=564738,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 744fb7d42fd81bfe-OSL
pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-5-stars.png
34.241.188.250200 OK 600 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-5-stars.png
IP 34.241.188.250:0
File type PNG image data, 136 x 33, 8-bit colormap, non-interlaced\012- data
Hash f94b5ab95081aab8457010108abf1214
255b186650d1663657f19b248885af6f09f69973
5ddf9b69385b4567de37a7dfa7945a10bddf942a7d27f9e4e6282879152167e7
GET /no/887328/18/assets/img/t18-airpods-testi-5-stars.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:18 GMT
ETag: "258-5dbd1524d44b2"
Accept-Ranges: bytes
Content-Length: 600
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-profile-2.png
34.241.188.250200 OK 5.6 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-profile-2.png
IP 34.241.188.250:0
File type PNG image data, 136 x 137, 8-bit colormap, non-interlaced\012- data
Hash 3b2a478d9163c86ec20102362cbe52c5
35bc955c6c89b93cb95266a3bbb66bddbcdb05a4
84a75dbd8975201a6a4e3deb48ac5b082b710a5024ceae4be81f6f92b8164b84
GET /no/887328/18/assets/img/t18-airpods-testi-profile-2.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:07 GMT
ETag: "15e6-5dbd1519930a0"
Accept-Ranges: bytes
Content-Length: 5606
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-heart-icn-1.png
34.241.188.250200 OK 310 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-heart-icn-1.png
IP 34.241.188.250:0
File type PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Hash af8cd1f0211e5206e5fd0cb323933bb9
c642ed184d00ab1aa108cbdcc8243790915b77e7
961d2c94341df80a967404dcf383b4e39b26bf34c997c850c57aaa3c503049da
GET /no/887328/18/assets/img/t18-airpods-top-heart-icn-1.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:22 GMT
ETag: "136-5dbd15282a451"
Accept-Ranges: bytes
Content-Length: 310
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-delivery-icn-4.png
34.241.188.250200 OK 320 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-delivery-icn-4.png
IP 34.241.188.250:0
File type PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Hash b7d2da0e6aa65d901e61a0c7334209b9
d21deb8fac67e7208123e05f499a87c42637bc7d
18ecb7cba0652b2afb02d367a82303850ed9ad78ee42040002454dfd44cf3b4d
GET /no/887328/18/assets/img/t18-airpods-top-delivery-icn-4.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:17 GMT
ETag: "140-5dbd15237e81f"
Accept-Ranges: bytes
Content-Length: 320
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-4-stars.png
34.241.188.250200 OK 638 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-4-stars.png
IP 34.241.188.250:0
File type PNG image data, 135 x 33, 8-bit colormap, non-interlaced\012- data
Hash 4917699c62ac8395be8cfd1356a6ca1e
da464e68f6635280fb11a3bf81ff8a7f44c24e67
0f780e24aeacba722a837421d65b47ce4bb374294d771d250ee892d193042998
GET /no/887328/18/assets/img/t18-airpods-testi-4-stars.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:12 GMT
ETag: "27e-5dbd151f0ecd6"
Accept-Ranges: bytes
Content-Length: 638
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-payment-logo.png
34.241.188.250200 OK 600 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-payment-logo.png
IP 34.241.188.250:0
File type PNG image data, 100 x 45, 8-bit colormap, non-interlaced\012- data
Hash 4ad917a0041c9e31dc1dd4bab8914c7e
3fdb56a9264361615552fb6f7c0fd40671ae7380
23c3c585e185ab2cc60bea3a4010dc53ef04db18e62f2157e16f8e58671b2bb3
GET /no/887328/18/assets/img/t18-airpods-top-payment-logo.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:15 GMT
ETag: "258-5dbd15214cc22"
Accept-Ranges: bytes
Content-Length: 600
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-cart-icn.png
34.241.188.250200 OK 316 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-cart-icn.png
IP 34.241.188.250:0
File type PNG image data, 23 x 23, 8-bit colormap, non-interlaced\012- data
Hash f8ab20b1d04db37d2c3883f835e28760
f6976805d9c590725b560abe4d10ff3acee4bfae
9191befdd6709eb03c8f3e3ff7e75db942065826434927bac3afafbfbc8439f0
GET /no/887328/18/assets/img/t18-airpods-top-cart-icn.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:23 GMT
ETag: "13c-5dbd15291ee40"
Accept-Ranges: bytes
Content-Length: 316
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-profile-1.png
34.241.188.250200 OK 8.0 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-profile-1.png
IP 34.241.188.250:0
File type PNG image data, 136 x 137, 8-bit colormap, non-interlaced\012- data
Hash 698ca5d31e0067412a476ed920e80000
92fff82450ffcfddcb9ce1f7ff3a944a24a6f66c
e4108d60373a47f7aeea61eac2f45ea0114bcc48ba165bbbd68526bc6f3091c7
GET /no/887328/18/assets/img/t18-airpods-testi-profile-1.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:09 GMT
ETag: "1f1a-5dbd151b7bcaf"
Accept-Ranges: bytes
Content-Length: 7962
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-profile-3.png
34.241.188.250200 OK 6.8 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-testi-profile-3.png
IP 34.241.188.250:0
File type PNG image data, 136 x 137, 8-bit colormap, non-interlaced\012- data
Hash 30afea9d91a7ad157e61166bba7f6145
56890347f505e59cd6c6ce9278c019a6ad02f7ed
98cbaaf99cd58ceede06bf0efa33066d184f3d387c95910f13c1fda694366a69
GET /no/887328/18/assets/img/t18-airpods-testi-profile-3.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:08 GMT
ETag: "1aa1-5dbd151a8bcf7"
Accept-Ranges: bytes
Content-Length: 6817
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-main-img.png
34.241.188.250200 OK 22 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-main-img.png
IP 34.241.188.250:0
File type PNG image data, 444 x 497, 8-bit colormap, non-interlaced\012- data
Hash 276dc65ce272ea59aceb0e0783023b82
a61fa8ff263b18cf3b944190af9a4cf20da58a37
d7ceb979b0795c1b2ff80ab79d8fa3bf0cdbe3e9504ee480de18027ee73086ac
GET /no/887328/18/assets/img/t18-airpods-main-img.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:16 GMT
ETag: "557f-5dbd1522c8df7"
Accept-Ranges: bytes
Content-Length: 21887
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-lock-icn-1.png
34.241.188.250200 OK 513 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-lock-icn-1.png
IP 34.241.188.250:0
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash f42480aeef8ff0ec1df097b6f1c64488
18ca86f1bc9365b88efd3a2f3dbac31a4a8a5f99
f1ca89decdc81844738bc0ce5ea3617ec22cf18048295747a2c75c9a31cf34b5
GET /no/887328/18/assets/img/t18-airpods-body-lock-icn-1.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:13 GMT
ETag: "201-5dbd151f409af"
Accept-Ranges: bytes
Content-Length: 513
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
www.youtube.com/s/player/c16db54a/www-player.css
142.250.74.46200 OK 49 kB URL HTTP/2 www.youtube.com/s/player/c16db54a/www-player.css
IP 142.250.74.46:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 666388d9ac2c812d3d9b0e511b1cfea0
4dfa524e6558a4aaf676578dd3275f544cb36625
a1532094c979ab2823b5baf7e5843d731e1c64765a8b8495f89bb56b7f7df117
GET /s/player/c16db54a/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dEBM7szD9Kg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49081
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 20:40:24 GMT
expires: Sat, 02 Sep 2023 20:40:24 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:46:29 GMT
content-type: text/css
age: 69809
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-heart-icn-4.png
34.241.188.250200 OK 616 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-heart-icn-4.png
IP 34.241.188.250:0
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash d4047c6cac10e707ff2af69840130fa6
0d4774253d02f17451dd53b47907540f957829e3
32522055274e1ea9147704cc700ba38d492f55a0d22fc0ec7c342108facf5c0a
GET /no/887328/18/assets/img/t18-airpods-body-heart-icn-4.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:14 GMT
ETag: "268-5dbd15201a9da"
Accept-Ranges: bytes
Content-Length: 616
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
www.youtube.com/s/player/c16db54a/www-embed-player.vflset/www-embed-player.js
142.250.74.46200 OK 112 kB URL HTTP/2 www.youtube.com/s/player/c16db54a/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (42979), with no line terminators
Size 112 kB (112253 bytes)
Hash 8a5788de3174bdfa787ef7285fe7e070
c4cf7785682a9201a03b58f69309c0350d80d455
36aeef67406df48a36d409e8bf143185bb7a82fbf55cc706b28adb3b362e423c
GET /s/player/c16db54a/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dEBM7szD9Kg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 97590
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 20:40:24 GMT
expires: Sat, 02 Sep 2023 20:40:24 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:46:29 GMT
content-type: text/javascript
age: 69809
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pointmultiply.com/no/887328/18/assets/js/custom.js
34.241.188.250404 Not Found 230 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/js/custom.js
IP 34.241.188.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0ec48212c910931d5a105c1e97862c7a
54afa207b088ffa1215640625088afabeaf27d04
cc00039abc253ecb6a7dea90bb04779abb583666a36438d73636b5b09cac0665
GET /no/887328/18/assets/js/custom.js HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Content-Length: 230
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.youtube.com/s/player/c16db54a/player_ias.vflset/en_US/base.js
142.250.74.46200 OK 587 kB URL HTTP/2 www.youtube.com/s/player/c16db54a/player_ias.vflset/en_US/base.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (596)
Size 587 kB (586778 bytes)
Hash da3059ae3f2d892ccddf5832ff6f7a5a
df25b539e3bc115ff39343862807b32cfce2b4bc
abe75b67d443e17494a271925559be75c8a07e454c645153dac3e4f3a82947c4
GET /s/player/c16db54a/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dEBM7szD9Kg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 586778
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 20:40:43 GMT
expires: Sat, 02 Sep 2023 20:40:43 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:46:29 GMT
content-type: text/javascript
age: 69790
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-message-icn-3.png
34.241.188.250200 OK 607 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-message-icn-3.png
IP 34.241.188.250:0
File type PNG image data, 60 x 60, 8-bit colormap, non-interlaced\012- data
Hash 4bd8007a65e43b87aeba0a1eb80a1e99
5f4c1738866cecbe014f4adf691205b50eebac7c
0ba347c9cf4318c2d72f8281ac8d7bdded92e34093cc79272078853b5e79ec79
GET /no/887328/18/assets/img/t18-airpods-body-message-icn-3.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:20 GMT
ETag: "25f-5dbd1525d4a20"
Accept-Ranges: bytes
Content-Length: 607
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
www.youtube.com/s/player/c16db54a/fetch-polyfill.vflset/fetch-polyfill.js
142.250.74.46200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/c16db54a/fetch-polyfill.vflset/fetch-polyfill.js
IP 142.250.74.46:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/c16db54a/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/dEBM7szD9Kg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 20:40:24 GMT
expires: Sat, 02 Sep 2023 20:40:24 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:46:29 GMT
content-type: text/javascript
age: 69809
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-fi-flag.png
34.241.188.250200 OK 1.9 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-top-fi-flag.png
IP 34.241.188.250:0
File type PNG image data, 66 x 66, 8-bit/color RGBA, non-interlaced\012- data
Hash 8199d970a52dbcc125af18d57ed26f6e
eaaf8c57b51e26f1a89246e9adcd88f626f0f0bb
46abac93d04e5d13aef0a6acbd10396397d86af5d3a4531ee89cca3053c7d42c
GET /no/887328/18/assets/img/t18-airpods-top-fi-flag.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:23 GMT
ETag: "755-5dbd1528e21a0"
Accept-Ranges: bytes
Content-Length: 1877
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-magnify-icn-2.png
34.241.188.250200 OK 713 B URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-magnify-icn-2.png
IP 34.241.188.250:0
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 087fd6309c6f900caa6180129655ab95
28fd8f50ccbc6916b2a57bb1c48a56d75d81ac95
adf170a1899237407afe1929faab73b750cf76d136e73f4533f99423ee81cc74
GET /no/887328/18/assets/img/t18-airpods-body-magnify-icn-2.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:18 GMT
ETag: "2c9-5dbd1524038f6"
Accept-Ranges: bytes
Content-Length: 713
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/payment-method.png
34.241.188.250200 OK 45 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/payment-method.png
IP 34.241.188.250:0
File type PNG image data, 984 x 82, 8-bit/color RGBA, non-interlaced\012- data
Hash 145fa1666ad8eed7c972634ea8b74f6e
711dbb19f924a85d275dc23d89fb66046cbdd039
545bf3b9626b5f2d72950cf8cbc3ad3c606e89b07878c255d036eea0a0143233
GET /no/887328/18/assets/img/payment-method.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:12 GMT
ETag: "af01-5dbd151e4c3a8"
Accept-Ranges: bytes
Content-Length: 44801
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-bg-img.png
34.241.188.250200 OK 56 kB URL HTTP/1.1 pointmultiply.com/no/887328/18/assets/img/t18-airpods-body-bg-img.png
IP 34.241.188.250:0
File type PNG image data, 758 x 152, 8-bit/color RGB, non-interlaced\012- data
Hash 81e5c3c6ea0715d4e839284810965b20
580dec338f5a86834903763c358efbce8e248525
56632f74d37c14a58ce67d840d758d630222ac065380775a8d86ddbaf96ba2e0
GET /no/887328/18/assets/img/t18-airpods-body-bg-img.png HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 16:03:53 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Last-Modified: Mon, 04 Apr 2022 10:09:22 GMT
ETag: "db8a-5dbd1527d83dc"
Accept-Ranges: bytes
Content-Length: 56202
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9665d92cfb2f9db5f7032ed692dff0e0
2ca6220de116f04429a7ce3f3c8f95cae61db137
5cc77ac9117df4aa52cc268287bf82f9dde172f1bcd7f640d3f0ef04a5ed07c5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i
142.250.74.10200 OK 16 kB URL HTTP/2 fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i
IP 142.250.74.10:0
Hash 95d344de28c7779939d7c364e6b6cb08
da48a8deedc8e681b2a6f5762778a223d2222625
7ef90a26293b8364d0de3d7eb5064a589ce3808e687d9948a59c6bdb8b3778e0
GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 16:03:53 GMT
date: Sat, 03 Sep 2022 16:03:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 18:53:20 GMT
expires: Tue, 29 Aug 2023 18:53:20 GMT
cache-control: public, max-age=31536000
age: 421833
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Aug 2022 17:10:21 GMT
expires: Wed, 30 Aug 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 341612
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Aug 2022 17:15:31 GMT
expires: Wed, 30 Aug 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 341302
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Aug 2022 17:10:21 GMT
expires: Wed, 30 Aug 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 341612
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
142.250.74.163200 OK 48 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 47952, version 1.0\012- data
Hash 17b406b7b8caa297435fa358e194f5a1
e2132f0e97781af56fa966c0fabb49132f2af203
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 18:59:14 GMT
expires: Tue, 29 Aug 2023 18:59:14 GMT
cache-control: public, max-age=31536000
age: 421480
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:26:57 GMT
expires: Thu, 31 Aug 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 247017
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
payments.pointmultiply.com/landing-page/payment-plan?code=EXP-NOR-1&language_keys[]=congratulations&language_keys[]=you_are&language_keys[]=card_number&language_keys[]=mm%2Fyy&language_keys[]=order_now&language_keys[]=billing_information&language_keys[]=address&language_keys[]=city&language_keys[]=state&language_keys[]=postal_code&language_keys[]=phone_number
18.194.3.144200 OK 1.3 kB URL HTTP/2 payments.pointmultiply.com/landing-page/payment-plan?code=EXP-NOR-1&language_keys[]=congratulations&language_keys[]=you_are&language_keys[]=card_number&language_keys[]=mm%2Fyy&language_keys[]=order_now&language_keys[]=billing_information&language_keys[]=address&language_keys[]=city&language_keys[]=state&language_keys[]=postal_code&language_keys[]=phone_number
IP 18.194.3.144:0
Hash 7df4b9ba894fc8dcda798959ee748b2a
9568245b2f92ce3e6d62c668719f8a2a1565ee7f
ff0ce105d974932724a302683b8644c61f753ffe14d11151816d530741a55ffa
GET /landing-page/payment-plan?code=EXP-NOR-1&language_keys[]=congratulations&language_keys[]=you_are&language_keys[]=card_number&language_keys[]=mm%2Fyy&language_keys[]=order_now&language_keys[]=billing_information&language_keys[]=address&language_keys[]=city&language_keys[]=state&language_keys[]=postal_code&language_keys[]=phone_number HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
content-type: application/json
cache-control: no-cache, private
date: Sat, 03 Sep 2022 16:03:54 GMT
access-control-allow-origin: https://pointmultiply.com
vary: Accept-Encoding, Origin
set-cookie: XSRF-TOKEN=eyJpdiI6ImNyOW5Xb2ZhTzdoVWpVSnlOdjh1MXc9PSIsInZhbHVlIjoiRVo1TDk5Rlh2QXhxbVAyVFZraFJETk9MZ0c5SHJzWVZsVncwQ3ltMktaa29FT1wvZ3FLRFwvaDFpQVhKVlFralJFIiwibWFjIjoiOTJkZWQ1ZWI0ZGRiOWQ2NDYzNjMzNjk0OThkZjQ3NjA5MzRjNThkODY0MTgyZDRiMzMwOWE1NGNjMWE5MjAyZSJ9; expires=Sat, 10-Sep-2022 16:03:54 GMT; Max-Age=604800; path=/
rk_payments_session=eyJpdiI6ImJBVzR6aWFmcWc1SUR0MStRNWUyT0E9PSIsInZhbHVlIjoiUURxSGh1VHJcL1wvZXFyK1ZiVUU1aCtiZDRiTkJPalBXQ2U3UkZzYk9JXC9UajNyYW1qRlpsMXBzU1M3UXpIMlpqYiIsIm1hYyI6IjM3Yjg1YjVlYmY1YTEwYTI3YzdjOTg4ZDBmMzk4MmI1NmVmOWRjOGI0NzUyNTQyMDhlZGQ0MGM1OThiYzM4MzYifQ%3D%3D; expires=Sat, 10-Sep-2022 16:03:54 GMT; Max-Age=604800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 67c1acc9a2c24ad86bfa6bbb7e71ad0e
ab698d34b607c33f50b0cfe74d56aee41dfb378f
2f6164f3709d62464979cee3261b3e1dbb82a216e4480cbe1094a9bb1ef76a9e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 16:03:54 GMT
Last-Modified: Sat, 03 Sep 2022 15:42:59 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rAmZHIlKZ8gUVaniVs3HXS8oAFL-qnMMfoODmR-KXHqpjxvyPhnBAg==
Age: 1255
pointmultiply.com/favicon.ico
34.241.188.250404 Not Found 209 B URL HTTP/1.1 pointmultiply.com/favicon.ico
IP 34.241.188.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 18ffb59b61525f781cf9251045be575d
bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
GET /favicon.ico HTTP/1.1
Host: pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/no/887328/18/?pubid=aff-no&pob=3&m=b3B0aW9uMw%3D%3D&click_id=63137ae9bda7ae0001f39ba1&subid=RT-60338f6279fcbe00012195b3-28c2::2aa40cd7&utm_medium=mail&utm_term=airpods&terms=y&email=&fname=&lname=&fp=&address=&city=&zip=&state=&lpkeyua=cb729de5a7c4fb836d51664801b45b6f.1662221333&tp=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2022 16:03:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
Content-Length: 209
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
api.covery.ai/resources/covery.js
18.196.163.159403 Forbidden 146 B URL HTTP/2 api.covery.ai/resources/covery.js
IP 18.196.163.159:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9fe3cb2b7313dc79bb477bc8fde184a7
4d7b3cb41e90618358d0ee066c45c76227a13747
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
GET /resources/covery.js HTTP/1.1
Host: api.covery.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Sat, 03 Sep 2022 16:03:54 GMT
content-type: text/html
content-length: 146
server: nginx
X-Firefox-Spdy: h2
payments.pointmultiply.com/images/compliance.png
18.194.3.144200 OK 5.0 kB URL HTTP/2 payments.pointmultiply.com/images/compliance.png
IP 18.194.3.144:0
File type PNG image data, 289 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash ba91e49252bac6fb2c9368b2e195be73
f3f8228e34277d291673c20ae2adeec5bda8d714
5f0f271bf2925771140a800469012b786baabc8db75c916e07ca8a089135cfe0
GET /images/compliance.png HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 03 Sep 2022 16:03:54 GMT
content-type: image/png
content-length: 4956
last-modified: Thu, 17 Feb 2022 05:08:54 GMT
etag: "620dd866-135c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
payments.pointmultiply.com/landing-page/log
18.194.3.144204 No Content 0 B URL HTTP/2 payments.pointmultiply.com/landing-page/log
IP 18.194.3.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /landing-page/log HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://pointmultiply.com/
Origin: https://pointmultiply.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
cache-control: no-cache, private
date: Sat, 03 Sep 2022 16:03:54 GMT
access-control-allow-origin: https://pointmultiply.com
access-control-allow-methods: POST
access-control-allow-headers: CONTENT-TYPE
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
payments.pointmultiply.com/landing-page/campaign-logs
18.194.3.144204 No Content 0 B URL HTTP/2 payments.pointmultiply.com/landing-page/campaign-logs
IP 18.194.3.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /landing-page/campaign-logs HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://pointmultiply.com/
Origin: https://pointmultiply.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.20.1
cache-control: no-cache, private
date: Sat, 03 Sep 2022 16:03:54 GMT
access-control-allow-origin: https://pointmultiply.com
access-control-allow-methods: POST
access-control-allow-headers: CONTENT-TYPE
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fb935f05e6aaba744f686e2bb3928f9
5b8211247e237b44ddd5bc3df47063bfcac84b0e
a998f91aa98aee49510e973a892dd630395bb1af087c7dbc77b61d29bef2bf68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2a93541e0561e7e62bf5b2ecbb2021f9
47970ee954abc5187c54ebf63fb86406be2c588f
4b5315e9009017cb3f37ac77524966daea1f13cba36ec67f18981faa0e2d8a13
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
payments.pointmultiply.com/landing-page/log
18.194.3.144200 OK 55 B URL HTTP/2 payments.pointmultiply.com/landing-page/log
IP 18.194.3.144:0
Hash 132e0128c904515e5531fe6a48e2c3af
5daa25a46dd86bd68f785e864ed4ad95ceab8dbf
bbcd5284879f50b3dce0c342d6f89101a69b632ecb996953d80d632015db1779
POST /landing-page/log HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 601
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
content-type: application/json
cache-control: no-cache, private
date: Sat, 03 Sep 2022 16:03:54 GMT
access-control-allow-origin: https://pointmultiply.com
vary: Accept-Encoding, Origin
set-cookie: XSRF-TOKEN=eyJpdiI6IjR0c3plbHdIWlRcL210UkRxOTlYMmhRPT0iLCJ2YWx1ZSI6Imk3aWVPQWh3QmxLSHNQT2J0dmtjdXdvQk1scTFTb1VDVEg0bzNoNE13WmJWOGhSK3M2WWkrcXo2eVhRckVvTXUiLCJtYWMiOiI0MTU0YzU5MGZlNWY2MmJmM2EyZTQxNmViZjA1OWQyZTBkMTM0MTQ1OWQ3NDYzM2M1NTA1ODZhNTljMmQ4Mzc0In0%3D; expires=Sat, 10-Sep-2022 16:03:54 GMT; Max-Age=604800; path=/
rk_payments_session=eyJpdiI6IjFHR0JlRzYzOE53c1NCXC9Wam5ERU1RPT0iLCJ2YWx1ZSI6InQ3QjA5R016ZDhGZjFCNUNNbjlRcWQycTQxMXJuNFdxNUZiYWhCcVwvRUhtUnJ6RWRUSFdac2lMXC9Wd3U4VmdGYyIsIm1hYyI6ImY1M2U2NzUwZWNmMTIzMjc0Njk2MzVjYzVlYzMyNThjZTkzNjE2ZmRlNDQxYWY4NTUwNDViZTc2Y2FhNTNjNmYifQ%3D%3D; expires=Sat, 10-Sep-2022 16:03:54 GMT; Max-Age=604800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
payments.pointmultiply.com/landing-page/campaign-logs
18.194.3.144200 OK 20 B URL HTTP/2 payments.pointmultiply.com/landing-page/campaign-logs
IP 18.194.3.144:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /landing-page/campaign-logs HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 957
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 03 Sep 2022 16:03:54 GMT
access-control-allow-origin: https://pointmultiply.com
vary: Accept-Encoding, Origin
set-cookie: XSRF-TOKEN=eyJpdiI6ImJGbWF3OE1TcnJRZmZJNGthbVJaTmc9PSIsInZhbHVlIjoiWjJzbGN6QkRcL3liSW9INFdSSUtBdWdVZFQrTGNpS0FLd2pOQzR4QUpsa2RzaUF0aFFETDBDZ1VxcnBCME1Qa2EiLCJtYWMiOiI5OWNhMWM4ZjgzNDdjZTY0NzdhOTM2NmJhZjJhYWQ4NDA1YjU4MzhiNjk2ZDBiNzg5ZGIyNjU0NDljYTI2N2NhIn0%3D; expires=Sat, 10-Sep-2022 16:03:54 GMT; Max-Age=604800; path=/
rk_payments_session=eyJpdiI6IjR0dUhJWktwV3JlYnk1VXNOYU5hZUE9PSIsInZhbHVlIjoicXU3dWZvN2ZvNlpOd0xMYnVqM1g5M1FtK05jV3lETWlVRVlMa1wvWTJza3BWYTJsd3VGdHk4VTg0Qk56UnFiZUEiLCJtYWMiOiJjNjk1MjVkNTkzZGZlYTkyMTNjZWM2YzQxYmUxNjliY2NjZDY2YjEzN2I1Y2UyNjgzMDVjODQwNDc1NTViZjgyIn0%3D; expires=Sat, 10-Sep-2022 16:03:54 GMT; Max-Age=604800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.106200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 03 Sep 2022 16:03:54 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f6d9674a0a2b4887d6c6d04fa8e084c
ac31080b6eb2bf3b6b7d94df94c79394a2721026
ce66b4299293498a050c05bdd7c1e2261bcab782a32bd37f59800a64770ccf62
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fb935f05e6aaba744f686e2bb3928f9
5b8211247e237b44ddd5bc3df47063bfcac84b0e
a998f91aa98aee49510e973a892dd630395bb1af087c7dbc77b61d29bef2bf68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.106200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.106:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash b37e26069103f28c86e7b913016e0870
b4c831132a66e57058281b324de0f5813fb512ab
69f43fa43b09223c4591d6d1219fb87f69289a03a927ddcab8faf4c167e3cf68
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 03 Sep 2022 16:03:54 GMT
server: ESF
cache-control: private
content-length: 30738
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6b6b5ffecd53193507458fbe6e66d3f0
c96009132e435078cd79e19b19eeb0dbcf9abef3
229806893f073d6d725880c375c2f72ab09221a46095e1203d7379c1a29b8bef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/zv6PJMU-0ukxHAKoJU32K0_TjePDWjguQMfttAD48sg.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/zv6PJMU-0ukxHAKoJU32K0_TjePDWjguQMfttAD48sg.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (35604)
Hash 6896daaf5d26e249347c9ea9734306f6
8f6cdb11eabd7aaa9188374f4a3baa23c2269294
ea6bbf623e7799025d83ac44af8beda2d7c68ad18ce6fdea862ab354977bab35
GET /js/th/zv6PJMU-0ukxHAKoJU32K0_TjePDWjguQMfttAD48sg.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14002
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 05:03:18 GMT
expires: Thu, 31 Aug 2023 05:03:18 GMT
cache-control: public, max-age=31536000
age: 298836
last-modified: Mon, 15 Aug 2022 09:00:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ded42556ce79b32d319ae8518175ee2d
d16605bff3d911741f4ba990c57de74ea63aa0c7
0344a3cdd47e3d994cb3d39a32e4de1cddc2134794b31d0eee537d65e081c8bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/dEBM7szD9Kg/maxresdefault.webp
142.250.74.22200 OK 10 kB URL HTTP/2 i.ytimg.com/vi_webp/dEBM7szD9Kg/maxresdefault.webp
IP 142.250.74.22:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9853810ed835e9d9ea08754f8a41763a
496e4000ea12b7086843404734430332b9504c04
9eeda2680b5791b5113c2b90d4fbd5ef13c99129ce6053477e253b97208c68ca
GET /vi_webp/dEBM7szD9Kg/maxresdefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 9978
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 16:03:54 GMT
expires: Sat, 03 Sep 2022 18:03:54 GMT
cache-control: public, max-age=7200
etag: "1619164161"
content-type: image/webp
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.106200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.106:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 83de20818629c8253dcd4c2b7e462a80
830d83f5fc068dd81cf452fdc065c63733d8fcb2
43012337dee31b6f5e024ef94246b7b4d716b5843265a641e95094523357aca2
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 03 Sep 2022 16:03:54 GMT
server: ESF
cache-control: private
content-length: 30737
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 998b9005291d8db01ddce1b04779e5cd
1647a295775cd1b26ceb8e8a8ae169a6fc33f9b8
f72d00e63b77eb486c76207b015d0d246bece9c002d1ade66c3963813b64b09e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b543e3a59e90c26c48a819e091f81f1e
37a1ed0df585a84b0790b1ef463ee4945f9087ad
c6e46687b404ce9848cb5a1a62f36d859f736e675662336da62578696c9ced1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu_wFx7HYpsHz2uB8iN_pyOXoU1k_Wj4xepbGQ=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 643 B URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu_wFx7HYpsHz2uB8iN_pyOXoU1k_Wj4xepbGQ=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash e989e0541f159658bfb7bc0d7fde47d5
cdf94075516b6c51084d7103e88e1191ea6712d5
914e1f5b155441ec8660aa7cd17a2b17f05947ad68223247a96ccf301841fca5
GET /ytc/AMLnZu_wFx7HYpsHz2uB8iN_pyOXoU1k_Wj4xepbGQ=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 643
x-xss-protection: 0
date: Sat, 03 Sep 2022 15:45:37 GMT
expires: Sun, 04 Sep 2022 15:45:37 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/jpeg
age: 1097
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b543e3a59e90c26c48a819e091f81f1e
37a1ed0df585a84b0790b1ef463ee4945f9087ad
c6e46687b404ce9848cb5a1a62f36d859f736e675662336da62578696c9ced1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 16:03:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.jukminung.com/rc/a91581ead4?affclick=63137ae6af91a70001157c07&pubid=503
104.21.28.174200 OK 0 B URL HTTP/2 www.jukminung.com/rc/a91581ead4?affclick=63137ae6af91a70001157c07&pubid=503
IP 104.21.28.174:0
GET /rc/a91581ead4?affclick=63137ae6af91a70001157c07&pubid=503 HTTP/1.1
Host: www.jukminung.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 16:03:50 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=yWcNPOVUtePuGXig5GBA8JeMepHx+eRdN6m00IG32g5OR/C/9Pn21ho1ylPQHtrLgL8hkMnhEudESm0ysc8Mh+XA7Xp1T2gB4P0RhlyayDZ8pLQQW1nyDzXbSC0y; Expires=Sat, 10 Sep 2022 16:03:50 GMT; Path=/
AWSALBCORS=yWcNPOVUtePuGXig5GBA8JeMepHx+eRdN6m00IG32g5OR/C/9Pn21ho1ylPQHtrLgL8hkMnhEudESm0ysc8Mh+XA7Xp1T2gB4P0RhlyayDZ8pLQQW1nyDzXbSC0y; Expires=Sat, 10 Sep 2022 16:03:50 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OAbd3IqK9IXudiW3He5goqCy16k0Rh5LS01bjFavt1IGSibZH5EKuENv65C5f7OtzA4SeETBlGcOIPynJeag5fLMw6u5MasRUnyDEKY3rCrCXzpTX%2B%2Fpjqfeq17J4PNon1Kd8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744fb7bef91f1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP 142.250.74.10:0
GET /css?family=Montserrat:400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 16:03:53 GMT
date: Sat, 03 Sep 2022 16:03:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
IP 142.250.74.10:0
GET /css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 16:03:53 GMT
date: Sat, 03 Sep 2022 16:03:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
99deals.cyou/clk/NmdRdEcxOXJqaTJWclFybjlLZWxkd2trS0JpdU9QOFU0QWczMjh5U00rOD0?uc=pubb55464fc32a24a0592e043cc649de905&tsid=2aa40cd7
172.67.135.115200 OK 0 B URL HTTP/2 99deals.cyou/clk/NmdRdEcxOXJqaTJWclFybjlLZWxkd2trS0JpdU9QOFU0QWczMjh5U00rOD0?uc=pubb55464fc32a24a0592e043cc649de905&tsid=2aa40cd7
IP 172.67.135.115:0
GET /clk/NmdRdEcxOXJqaTJWclFybjlLZWxkd2trS0JpdU9QOFU0QWczMjh5U00rOD0?uc=pubb55464fc32a24a0592e043cc649de905&tsid=2aa40cd7 HTTP/1.1
Host: 99deals.cyou
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mobs.thatconvertingoffer.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 16:03:52 GMT
content-type: text/html; charset=UTF-8
set-cookie: GEO_ba7dd249df48592d568d58e03cc2c1026ccc319c=6b2392; expires=Sat, 03-Sep-2022 17:03:52 GMT; Max-Age=3600
msv-28c2-6b2392-0-a0-2-0=5b5a2a9a; expires=Sun, 04-Sep-2022 16:03:52 GMT; Max-Age=86400
click-2b0-6b2392=20090321_2f_2_28c2_6b2392_22b6_160_63137ae8_5b5a2a9a_0_0_0_64_64_0_2_2_0_0; expires=Thu, 02-Mar-2023 16:03:52 GMT; Max-Age=15552000; path=/conversion
charset: UTF-8
content-encoding: UTF-8
p3p: CP="NOI CURa ADMa PSA OUR NOR OTC"
pragma: no-cache
cache-control: no-cache, no-cache, must-revalidate, max-age=0
x-robots-tag: noindex, nofollow, nocache, noarchive
googlebot: noindex, nofollow, nocache, noarchive
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BIFOAdHnkt8%2FwJTHwMiLl%2FfgsdgVRvjwRdgxAWoc32GGvEA9BF1jCV6wt63HbEKL8MIEii7X9eYEtnQQjkXC2ELaZ%2Btve6Fj%2BlGnlGztwU6XT80J4UKJ6QKBjFxl0b8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744fb7c78b1bb50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.youtube.com/embed/dEBM7szD9Kg
142.250.74.46200 OK 0 B URL HTTP/2 www.youtube.com/embed/dEBM7szD9Kg
IP 142.250.74.46:0
GET /embed/dEBM7szD9Kg HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 16:03:53 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=r5NCPTAeWA4; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=kPIM6cYNmnc; Domain=.youtube.com; Expires=Thu, 02-Mar-2023 16:03:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+445; expires=Mon, 02-Sep-2024 16:03:53 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
payments.pointmultiply.com/js/payments.js
18.194.3.144200 OK 0 B URL HTTP/2 payments.pointmultiply.com/js/payments.js
IP 18.194.3.144:0
GET /js/payments.js HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 03 Sep 2022 16:03:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 01 Sep 2022 05:28:38 GMT
vary: Accept-Encoding
etag: W/"63104306-1ef8d"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
payments.pointmultiply.com/css/landing_page.css
18.194.3.144200 OK 0 B URL HTTP/2 payments.pointmultiply.com/css/landing_page.css
IP 18.194.3.144:0
GET /css/landing_page.css HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 03 Sep 2022 16:03:53 GMT
content-type: text/css
last-modified: Thu, 01 Sep 2022 05:28:32 GMT
vary: Accept-Encoding
etag: W/"63104300-18248"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
IP 142.250.74.10:0
GET /css?family=Source+Sans+Pro:300,400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 16:03:53 GMT
date: Sat, 03 Sep 2022 16:03:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
shipit.reddragon.bond/?utm_medium=46976c9417daea047dd2980f4bd93e7dd1938f40&utm_campaign=BackButton_All_Camps&cid=wlocf25inntadgpi2fo87oc8
184.154.10.250200 OK 0 B URL HTTP/2 shipit.reddragon.bond/?utm_medium=46976c9417daea047dd2980f4bd93e7dd1938f40&utm_campaign=BackButton_All_Camps&cid=wlocf25inntadgpi2fo87oc8
IP 184.154.10.250:0
GET /?utm_medium=46976c9417daea047dd2980f4bd93e7dd1938f40&utm_campaign=BackButton_All_Camps&cid=wlocf25inntadgpi2fo87oc8 HTTP/1.1
Host: shipit.reddragon.bond
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: u=0cf0dfe5e6286f0264e7ae5807fb6972
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 16:03:48 GMT
content-type: text/html; charset=UTF-8
location: https://shipit.reddragon.bond/?utm_term=7139184954000277617&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
shipit.reddragon.bond/?utm_term=7139184954000277617&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52
184.154.10.250200 OK 0 B URL HTTP/2 shipit.reddragon.bond/?utm_term=7139184954000277617&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52
IP 184.154.10.250:0
GET /?utm_term=7139184954000277617&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52 HTTP/1.1
Host: shipit.reddragon.bond
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shipit.reddragon.bond/?utm_medium=46976c9417daea047dd2980f4bd93e7dd1938f40&utm_campaign=BackButton_All_Camps&cid=wlocf25inntadgpi2fo87oc8
Cookie: u=0cf0dfe5e6286f0264e7ae5807fb6972
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 16:03:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
172.67.191.221200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 172.67.191.221:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.jukminung.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 16:03:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 5900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MPqMdZHSPZNzfOsyEP4jjeh2nt4Vqo2oy5Zy9WtBzQQOsawvaJBKOE8SjmVh%2FFkJ48N%2BMvh52LSpcuIyBfe4JskS1A3G6rrf4mr%2Bje%2BMxcOu0BC5G6sEFS%2F9z7Oo3xYwoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 744fb7c03bfbb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mobs.thatconvertingoffer.com/rc/6a43da6ccf?affclick=affclick=70610f46d85878ae8c880e6752128771&pubid=
172.67.131.126200 OK 0 B URL HTTP/2 mobs.thatconvertingoffer.com/rc/6a43da6ccf?affclick=affclick=70610f46d85878ae8c880e6752128771&pubid=
IP 172.67.131.126:0
GET /rc/6a43da6ccf?affclick=affclick=70610f46d85878ae8c880e6752128771&pubid= HTTP/1.1
Host: mobs.thatconvertingoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.jukminung.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 16:03:51 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=mDUFmSHQVrjqDCGrDhhuKsg6yIFp6jfv/wfmXSzGb2FG/teoD49pmxMcuVToLlDoS5WFMTogbxKijSTnp1JRrqR/o37AF1xvTCnAZNIfduLtPABIVRRHeJAH3fgd; Expires=Sat, 10 Sep 2022 16:03:51 GMT; Path=/
AWSALBCORS=mDUFmSHQVrjqDCGrDhhuKsg6yIFp6jfv/wfmXSzGb2FG/teoD49pmxMcuVToLlDoS5WFMTogbxKijSTnp1JRrqR/o37AF1xvTCnAZNIfduLtPABIVRRHeJAH3fgd; Expires=Sat, 10 Sep 2022 16:03:51 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OxoXoW6fShCNkH%2Fa2B%2F%2B99nxUm5ry8ndPCXiDttMxHVucZA6FX2txg0G3wDGxYJ6tI6LGXglxKzTw4La4Qsug7xmPiWwIchF4JHb3drVWQb2BQz53uaKSYvlPzp8YrYv%2BgCLMXxNmyeqGzNijs%2B3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744fb7c49e661bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
payments.pointmultiply.com/landing-page/campaign-logs
18.194.3.144200 OK 0 B URL HTTP/2 payments.pointmultiply.com/landing-page/campaign-logs
IP 18.194.3.144:0
POST /landing-page/campaign-logs HTTP/1.1
Host: payments.pointmultiply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 957
Origin: https://pointmultiply.com
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 03 Sep 2022 16:03:57 GMT
access-control-allow-origin: https://pointmultiply.com
vary: Accept-Encoding, Origin
set-cookie: XSRF-TOKEN=eyJpdiI6IlJ1ZFlycnNQK0I1VUpmVkJZXC9lSFNRPT0iLCJ2YWx1ZSI6ImpITUJGRWR6d2xRSENUVXJMMTJUc1dUamVscjhmWWpVUWhIeHRSUFdrdmJrTXlFa0tUbm1uMW95MjA4bk9SbmEiLCJtYWMiOiJkZTdiNDhlNzVmNmMwYmE4NGJiOWM3Nzg2YWI3ODNkNmU5NGVjNTc5MDI3ZWQxMWY3ODhkYjZlOTlmYzllYWQ5In0%3D; expires=Sat, 10-Sep-2022 16:03:57 GMT; Max-Age=604800; path=/
rk_payments_session=eyJpdiI6IkZYWG1kQjljaVBIeThFeUFTTkxFZ3c9PSIsInZhbHVlIjoiTzQ1a0x5SkljUUhiTCt2UEIxeHhyYXpZTnp1YmJRcE1scFlERmZGRHpDaDFDV3NpaFZxc25QVjRqVEpkeHBaViIsIm1hYyI6IjI1ZTgwZDk2MDI3YmEyZjFiNzZjMDM0NjM0OTgyMWJkODk2NTFmYzIyNzVjNjYyYjBhZGVkOWI0Zjc2YjcwNDkifQ%3D%3D; expires=Sat, 10-Sep-2022 16:03:57 GMT; Max-Age=604800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Satisfy
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Satisfy
IP 142.250.74.10:0
GET /css?family=Satisfy HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 16:03:53 GMT
date: Sat, 03 Sep 2022 16:03:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
shipit.reddragon.bond/proc.php?5330bef6b85bcd2acf5f90f5d52c50fdf728d8ba
184.154.10.250200 OK 0 B URL HTTP/2 shipit.reddragon.bond/proc.php?5330bef6b85bcd2acf5f90f5d52c50fdf728d8ba
IP 184.154.10.250:0
Analyzer Verdict Alert fortinet Phishing
GET /proc.php?5330bef6b85bcd2acf5f90f5d52c50fdf728d8ba HTTP/1.1
Host: shipit.reddragon.bond
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shipit.reddragon.bond/?utm_term=7139184954000277617&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f097979b8790cacbf9c9fffdf4fdc2f2f0f3f2c7c4c5dadbebecece9e8eae4eae8e7e5e1eced191a52
Cookie: u=0cf0dfe5e6286f0264e7ae5807fb6972
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 16:03:49 GMT
content-type: text/html; charset=UTF-8
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7139184954000277617&website=1636-6f97946z&placement=1636
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
flagcdn.com/no.svg
172.67.136.180200 OK 0 B IP 172.67.136.180:0
GET /no.svg HTTP/1.1
Host: flagcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pointmultiply.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 16:03:53 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Nov 2020 12:03:20 GMT
vary: Accept-Encoding
etag: W/"5fb65f08-123"
access-control-allow-origin: *
cache-control: public, max-age=2678400, s-maxage=2678400
cf-cache-status: HIT
age: 1679197
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Z5IDygmfa4a7mszCqDP%2BK8rcq3QJQY7C6WDOijcaF%2F8G2KH5YZnDFdycwReKCBf8QjHo0l5dC0zF865ZnVhE4yXIhpLmD7q3SqxggeTbHv3gb54oTx92t9S3Ih%2FTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 744fb7d4ac3ab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2