firefox.settings.services.mozilla.com/v1/
13.224.132.72200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 13.224.132.72:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 20:05:45 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7a209acee14726bdc56f2b8600564e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: DNN6uvd_kkC-jK8sXHwc_lfJoZnOCFv6VzkA_dXiVO27dZsblHI01g==
Age: 1039
beiabii.onlinecshallenge.com/s/62e95451b954e
178.162.199.80200 OK 1.4 kB URL HTTP/1.1 beiabii.onlinecshallenge.com/s/62e95451b954e
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash dad3e78be0484c8b36c1b9713ead1f3f
1a70b954ca36b3c11c1361d5f18107562b73cd8c
ff9f38487855817ef7533571e74137d6c83dcd5ad425b8d14c55b7903fb2aeb5
GET /s/62e95451b954e HTTP/1.1
Host: beiabii.onlinecshallenge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Sep 2022 20:23:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: SID=96be6083eac729735c3c8560ec1c6878; expires=Tue, 23-Sep-2025 20:23:04 GMT; Max-Age=94608000; path=/; domain=onlinecshallenge.com
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16485
Expires: Sun, 25 Sep 2022 00:57:49 GMT
Date: Sat, 24 Sep 2022 20:23:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
13.224.132.9200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 13.224.132.9:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 62dd378699af6477e51080ae0ea0f9f0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: 9pFyHnJNng4YyrxLof6QbmFPaIaXKIqFS6-u9t1_qGGgGiTBJqwbyg==
age: 58201
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 20:23:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
beiabii.onlinecshallenge.com/js/jquery-2.js
178.162.199.80200 OK 86 kB URL HTTP/1.1 beiabii.onlinecshallenge.com/js/jquery-2.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /js/jquery-2.js HTTP/1.1
Host: beiabii.onlinecshallenge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beiabii.onlinecshallenge.com/s/62e95451b954e
Cookie: SID=96be6083eac729735c3c8560ec1c6878
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Sep 2022 20:23:04 GMT
Content-Type: application/javascript
Content-Length: 85578
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 07:53:33 GMT
Vary: Accept-Encoding
ETag: "631064fd-14e4a"
Accept-Ranges: bytes
beiabii.onlinecshallenge.com/js/fp2.min.js
178.162.199.80200 OK 31 kB URL HTTP/1.1 beiabii.onlinecshallenge.com/js/fp2.min.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (30507)
Hash e7d6b85edb141824af8951e19333337c
76600b2cb1978ca24d9fe39b1412f052da855ddb
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e
GET /js/fp2.min.js HTTP/1.1
Host: beiabii.onlinecshallenge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beiabii.onlinecshallenge.com/s/62e95451b954e
Cookie: SID=96be6083eac729735c3c8560ec1c6878
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Sep 2022 20:23:05 GMT
Content-Type: application/javascript
Content-Length: 30685
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 07:53:33 GMT
Vary: Accept-Encoding
ETag: "631064fd-77dd"
Accept-Ranges: bytes
beiabii.onlinecshallenge.com/favicon.ico
178.162.199.80200 OK 7 B URL HTTP/1.1 beiabii.onlinecshallenge.com/favicon.ico
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with no line terminators
Hash 88183b946cc5f0e8c96b2e66e1c74a7e
bc7819b34ff87570745fbe461e36a16f80e562ce
b764cdc0eab7137467211272fa539f1260d1bf2e71bcf6ff3bdc960f5c16aa14
GET /favicon.ico HTTP/1.1
Host: beiabii.onlinecshallenge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beiabii.onlinecshallenge.com/s/62e95451b954e
Cookie: SID=96be6083eac729735c3c8560ec1c6878; CF=fdyr5D8NG+/eb6aR5nIXOQ__
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Sep 2022 20:23:05 GMT
Content-Type: text/html
Content-Length: 7
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 07:53:33 GMT
ETag: "631064fd-7"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
13.224.132.72200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 13.224.132.72:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 24 Sep 2022 20:20:46 GMT
Expires: Sat, 24 Sep 2022 21:02:43 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d6a4f7a34966a5e0069bb151bf9adb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: J6mB-TqpJGYRep0x3PwPcGcQ3u9RES3I1A3ZQrEgZ_p7MSbYb8TIDg==
Age: 139
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3804
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:05 GMT
Last-Modified: Sat, 24 Sep 2022 19:19:41 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
beiabii.onlinecshallenge.com/click.php?sid=96be6083eac729735c3c8560ec1c6878&fp=JTVCJTdCJTIya2V5JTIyJTNBJTIydXNlckFnZW50JTIyJTJDJTIydmFsdWUlMjIlM0ElMjJNb3ppbGxhJTJGNS4wJTIwKFgxMSUzQiUyMExpbnV4JTIweDg2XzY0JTNCJTIwcnYlM0E5Ni4wKSUyMEdlY2tvJTJGMjAxMDAxMDElMjBGaXJlZm94JTJGOTYuMCUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMndlYmRyaXZlciUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJsYW5ndWFnZSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyZW4tVVMlMjIlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJjb2xvckRlcHRoJTIyJTJDJTIydmFsdWUlMjIlM0EyNCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmRldmljZU1lbW9yeSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIybm90JTIwYXZhaWxhYmxlJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFyZHdhcmVDb25jdXJyZW5jeSUyMiUyQyUyMnZhbHVlJTIyJTNBMTYlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJzY3JlZW5SZXNvbHV0aW9uJTIyJTJDJTIydmFsdWUlMjIlM0ElNUIxMjgwJTJDMTAyNCU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmF2YWlsYWJsZVNjcmVlblJlc29sdXRpb24lMjIlMkMlMjJ2YWx1ZSUyMiUzQSU1QjEyODAlMkMxMDAyJTVEJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydGltZXpvbmVPZmZzZXQlMjIlMkMlMjJ2YWx1ZSUyMiUzQTAlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJ0aW1lem9uZSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyVVRDJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyc2Vzc2lvblN0b3JhZ2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJsb2NhbFN0b3JhZ2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJpbmRleGVkRGIlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJhZGRCZWhhdmlvciUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJvcGVuRGF0YWJhc2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyY3B1Q2xhc3MlMjIlMkMlMjJ2YWx1ZSUyMiUzQSUyMm5vdCUyMGF2YWlsYWJsZSUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMnBsYXRmb3JtJTIyJTJDJTIydmFsdWUlMjIlM0ElMjJMaW51eCUyMHg4Nl82NCUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMndlYmdsVmVuZG9yQW5kUmVuZGVyZXIlMjIlMkMlMjJ2YWx1ZSUyMiUzQSUyMlR5cGVFcnJvciUzQSUyMGNhbid0JTIwYWNjZXNzJTIwcHJvcGVydHklMjAlNUMlMjJnZXRFeHRlbnNpb24lNUMlMjIlMkMlMjBlJTIwaXMlMjBudWxsJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFzTGllZExhbmd1YWdlcyUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJoYXNMaWVkUmVzb2x1dGlvbiUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJoYXNMaWVkT3MlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFzTGllZEJyb3dzZXIlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydG91Y2hTdXBwb3J0JTIyJTJDJTIydmFsdWUlMjIlM0ElNUIwJTJDZmFsc2UlMkNmYWxzZSU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmF1ZGlvJTIyJTJDJTIydmFsdWUlMjIlM0ElMjIzNS43MzgzMzQwMjI0NjIzNyUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMl9faGFzaCUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyMThmMzBiZGY2NzYyZjcyNTQ1ZWJlZjhkN2I3MTJkYmMlMjIlN0QlNUQ%3D
178.162.199.80200 OK 126 B URL HTTP/1.1 beiabii.onlinecshallenge.com/click.php?sid=96be6083eac729735c3c8560ec1c6878&fp=JTVCJTdCJTIya2V5JTIyJTNBJTIydXNlckFnZW50JTIyJTJDJTIydmFsdWUlMjIlM0ElMjJNb3ppbGxhJTJGNS4wJTIwKFgxMSUzQiUyMExpbnV4JTIweDg2XzY0JTNCJTIwcnYlM0E5Ni4wKSUyMEdlY2tvJTJGMjAxMDAxMDElMjBGaXJlZm94JTJGOTYuMCUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMndlYmRyaXZlciUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJsYW5ndWFnZSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyZW4tVVMlMjIlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJjb2xvckRlcHRoJTIyJTJDJTIydmFsdWUlMjIlM0EyNCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmRldmljZU1lbW9yeSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIybm90JTIwYXZhaWxhYmxlJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFyZHdhcmVDb25jdXJyZW5jeSUyMiUyQyUyMnZhbHVlJTIyJTNBMTYlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJzY3JlZW5SZXNvbHV0aW9uJTIyJTJDJTIydmFsdWUlMjIlM0ElNUIxMjgwJTJDMTAyNCU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmF2YWlsYWJsZVNjcmVlblJlc29sdXRpb24lMjIlMkMlMjJ2YWx1ZSUyMiUzQSU1QjEyODAlMkMxMDAyJTVEJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydGltZXpvbmVPZmZzZXQlMjIlMkMlMjJ2YWx1ZSUyMiUzQTAlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJ0aW1lem9uZSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyVVRDJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyc2Vzc2lvblN0b3JhZ2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJsb2NhbFN0b3JhZ2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJpbmRleGVkRGIlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJhZGRCZWhhdmlvciUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJvcGVuRGF0YWJhc2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyY3B1Q2xhc3MlMjIlMkMlMjJ2YWx1ZSUyMiUzQSUyMm5vdCUyMGF2YWlsYWJsZSUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMnBsYXRmb3JtJTIyJTJDJTIydmFsdWUlMjIlM0ElMjJMaW51eCUyMHg4Nl82NCUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMndlYmdsVmVuZG9yQW5kUmVuZGVyZXIlMjIlMkMlMjJ2YWx1ZSUyMiUzQSUyMlR5cGVFcnJvciUzQSUyMGNhbid0JTIwYWNjZXNzJTIwcHJvcGVydHklMjAlNUMlMjJnZXRFeHRlbnNpb24lNUMlMjIlMkMlMjBlJTIwaXMlMjBudWxsJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFzTGllZExhbmd1YWdlcyUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJoYXNMaWVkUmVzb2x1dGlvbiUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJoYXNMaWVkT3MlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFzTGllZEJyb3dzZXIlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydG91Y2hTdXBwb3J0JTIyJTJDJTIydmFsdWUlMjIlM0ElNUIwJTJDZmFsc2UlMkNmYWxzZSU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmF1ZGlvJTIyJTJDJTIydmFsdWUlMjIlM0ElMjIzNS43MzgzMzQwMjI0NjIzNyUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMl9faGFzaCUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyMThmMzBiZGY2NzYyZjcyNTQ1ZWJlZjhkN2I3MTJkYmMlMjIlN0QlNUQ%3D
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 29bbf694ec2b08c63c618f54f928bcd7
e399d6555d219ca6595848b31270e8fc79e65f8a
d576b1bde74be2cecb82f92e0c3da11b08c22f40e26d1e574cd7a1b3773ff2a5
GET /click.php?sid=96be6083eac729735c3c8560ec1c6878&fp=JTVCJTdCJTIya2V5JTIyJTNBJTIydXNlckFnZW50JTIyJTJDJTIydmFsdWUlMjIlM0ElMjJNb3ppbGxhJTJGNS4wJTIwKFgxMSUzQiUyMExpbnV4JTIweDg2XzY0JTNCJTIwcnYlM0E5Ni4wKSUyMEdlY2tvJTJGMjAxMDAxMDElMjBGaXJlZm94JTJGOTYuMCUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMndlYmRyaXZlciUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJsYW5ndWFnZSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyZW4tVVMlMjIlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJjb2xvckRlcHRoJTIyJTJDJTIydmFsdWUlMjIlM0EyNCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmRldmljZU1lbW9yeSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIybm90JTIwYXZhaWxhYmxlJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFyZHdhcmVDb25jdXJyZW5jeSUyMiUyQyUyMnZhbHVlJTIyJTNBMTYlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJzY3JlZW5SZXNvbHV0aW9uJTIyJTJDJTIydmFsdWUlMjIlM0ElNUIxMjgwJTJDMTAyNCU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmF2YWlsYWJsZVNjcmVlblJlc29sdXRpb24lMjIlMkMlMjJ2YWx1ZSUyMiUzQSU1QjEyODAlMkMxMDAyJTVEJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydGltZXpvbmVPZmZzZXQlMjIlMkMlMjJ2YWx1ZSUyMiUzQTAlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJ0aW1lem9uZSUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyVVRDJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyc2Vzc2lvblN0b3JhZ2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJsb2NhbFN0b3JhZ2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJpbmRleGVkRGIlMjIlMkMlMjJ2YWx1ZSUyMiUzQXRydWUlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJhZGRCZWhhdmlvciUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJvcGVuRGF0YWJhc2UlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyY3B1Q2xhc3MlMjIlMkMlMjJ2YWx1ZSUyMiUzQSUyMm5vdCUyMGF2YWlsYWJsZSUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMnBsYXRmb3JtJTIyJTJDJTIydmFsdWUlMjIlM0ElMjJMaW51eCUyMHg4Nl82NCUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMndlYmdsVmVuZG9yQW5kUmVuZGVyZXIlMjIlMkMlMjJ2YWx1ZSUyMiUzQSUyMlR5cGVFcnJvciUzQSUyMGNhbid0JTIwYWNjZXNzJTIwcHJvcGVydHklMjAlNUMlMjJnZXRFeHRlbnNpb24lNUMlMjIlMkMlMjBlJTIwaXMlMjBudWxsJTIyJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFzTGllZExhbmd1YWdlcyUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJoYXNMaWVkUmVzb2x1dGlvbiUyMiUyQyUyMnZhbHVlJTIyJTNBZmFsc2UlN0QlMkMlN0IlMjJrZXklMjIlM0ElMjJoYXNMaWVkT3MlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIyaGFzTGllZEJyb3dzZXIlMjIlMkMlMjJ2YWx1ZSUyMiUzQWZhbHNlJTdEJTJDJTdCJTIya2V5JTIyJTNBJTIydG91Y2hTdXBwb3J0JTIyJTJDJTIydmFsdWUlMjIlM0ElNUIwJTJDZmFsc2UlMkNmYWxzZSU1RCU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMmF1ZGlvJTIyJTJDJTIydmFsdWUlMjIlM0ElMjIzNS43MzgzMzQwMjI0NjIzNyUyMiU3RCUyQyU3QiUyMmtleSUyMiUzQSUyMl9faGFzaCUyMiUyQyUyMnZhbHVlJTIyJTNBJTIyMThmMzBiZGY2NzYyZjcyNTQ1ZWJlZjhkN2I3MTJkYmMlMjIlN0QlNUQ%3D HTTP/1.1
Host: beiabii.onlinecshallenge.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://beiabii.onlinecshallenge.com/s/62e95451b954e
Cookie: SID=96be6083eac729735c3c8560ec1c6878; CF=fdyr5D8NG+/eb6aR5nIXOQ__
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Sep 2022 20:23:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
54.70.239.215101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.70.239.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: q3UTZWYi0hry4/W2qS5GRg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /Fk29PkfDFOxZYVHPZmvrprRQbs=
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash d50ce6f7c030843309bc94f6e33e0d11
b516d3c3d0eb917db3a88c245d4f39c3e9d77389
4dda37f016465831ec50b85e278003c333bab94903ade6874835307203f21218
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3992
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:06 GMT
Last-Modified: Sat, 24 Sep 2022 19:16:34 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 314
cpark.g2afse.com/click?pid=9496&offer_id=2861&sub1=466a571ad1d77a169d8e5d1f0db69564&sub3=62779
34.141.179.97302 Found 0 B URL HTTP/2 cpark.g2afse.com/click?pid=9496&offer_id=2861&sub1=466a571ad1d77a169d8e5d1f0db69564&sub3=62779
IP 34.141.179.97:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=9496&offer_id=2861&sub1=466a571ad1d77a169d8e5d1f0db69564&sub3=62779 HTTP/1.1
Host: cpark.g2afse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beiabii.onlinecshallenge.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 24 Sep 2022 20:23:06 GMT
content-length: 0
location: http://campaignurl.co/?a=2769&oc=31626&c=62894&m=7&s1=9496&s2=632f672aac17940001b8cb3a
set-cookie: afclick=632f672aac17940001b8cb3a; expires=Sun, 24 Sep 2023 20:23:06 GMT; secure; SameSite=None
afoffers={"2861":1664050986}; expires=Sun, 24 Sep 2023 20:23:06 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
campaignurl.co/?a=2769&oc=31626&c=62894&m=7&s1=9496&s2=632f672aac17940001b8cb3a
54.194.68.244302 Found 162 B URL HTTP/1.1 campaignurl.co/?a=2769&oc=31626&c=62894&m=7&s1=9496&s2=632f672aac17940001b8cb3a
IP 54.194.68.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0b450223a42dee9b1734cf224f8dfad3
34933f66c7643b6db85649f23d9a546d15f38271
c16848d9b5f1d55a966524f149b240b2d178868fe7448525a0278aea62cbf0a6
GET /?a=2769&oc=31626&c=62894&m=7&s1=9496&s2=632f672aac17940001b8cb3a HTTP/1.1
Host: campaignurl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://beiabii.onlinecshallenge.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: private
content-type: text/html; charset=utf-8
date: Sat, 24 Sep 2022 20:23:06 GMT
location: https://gr01.net/t/?s6=1&s7=LG&s8=CAK
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
set-cookie: sid=r2zvr0IE+BGi+HDxdTUQNTOCyYzPx1UV5JGUexD0GMkBbiTdyq+qHA==; domain=.campaignurl.co; path=/; HttpOnly
trk=6JP6L+Ik/+VGWozk0j6e8TOCyYzPx1UV5JGUexD0GMkBbiTdyq+qHA==; domain=.campaignurl.co; expires=Tue, 24-Sep-2024 20:23:06 GMT; path=/; HttpOnly
content-length: 162
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e75cf9bedb42960963b6cd30a9712c13
68b13694f48ecf1e7929897cf1a6adb6cc8dc657
570523f03349b4d7bea239620afe298fe3b43f5b1ed0b813da38bf056a836dfa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "570523F03349B4D7BEA239620AFE298FE3B43F5B1ED0B813DA38BF056A836DFA"
Last-Modified: Fri, 23 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 25 Sep 2022 02:23:06 GMT
Date: Sat, 24 Sep 2022 20:23:06 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e75cf9bedb42960963b6cd30a9712c13
68b13694f48ecf1e7929897cf1a6adb6cc8dc657
570523f03349b4d7bea239620afe298fe3b43f5b1ed0b813da38bf056a836dfa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "570523F03349B4D7BEA239620AFE298FE3B43F5B1ED0B813DA38BF056A836DFA"
Last-Modified: Fri, 23 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 25 Sep 2022 02:23:06 GMT
Date: Sat, 24 Sep 2022 20:23:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
142.250.74.138200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32047)
Hash 7a83c39ee44cf30d4e6d9a8d5c74276e
175f5e717c0fd96485d4371234d4c54355753c2b
ab02740b3bd7f47ad3a0ebc2571a67e1d00dfef34bb04e87adb08b0b61381d8e
GET /ajax/libs/jquery/1.11.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gr01.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33495
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 07:59:53 GMT
expires: Thu, 21 Sep 2023 07:59:53 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 303793
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8bf4072dcd610fb06a2e524d6c73796d
23600a8e459298f3f7f493b4f5d4f76098b016af
166acf577f4b3a0edecdd467fee8e0f4d969027596a0f45c781ff4a068859976
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:06 GMT
Server: ECS (amb/6BC8)
Content-Length: 278
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5590
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5590
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5590
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5590
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5590
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:59:08 GMT
age: 80639
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1087dcce202bbbc8c84196bd2050662
670d89082f8da643e1196b11fb64bf71707f0e8d
f6a7b6e07177431d7845e2f2b7b1b3b76088671db32aeef580a72e9bd3ddae00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 3ec3470c-2268-4102-af88-27dcfed76bfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPCGOcoAMF2xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-481aa98b413690636fc3a2f0;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dXqPCGTGK8gW86McTltPuNYKXQgUuSqcL_XbyRQitinH5LsUscmU2w==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:47:49 GMT
age: 81318
etag: "670d89082f8da643e1196b11fb64bf71707f0e8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8d9af95acfc8b9b431eb1e020157f6d
f6f926be6e265a597aaede424f05fcd7c76fcc20
0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:52:36 GMT
age: 81031
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 80957
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NcnEyVD-vG10pOpPCBMjKGqVw-rstkPIt-oqkIc5urAGE934fxL0VQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 04:12:38 GMT
age: 58229
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 80771
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
apidata.info/js
104.21.55.147200 OK 532 B IP 104.21.55.147:0
File type ASCII text, with very long lines (816), with no line terminators
Hash 72b2af825fbea807d30b4d870eee94d0
3366f5cec5f922e9d180f5e95220d176645427e6
23437460161be279868582a6db6c2de76e08e537770da311c5dcae50149b7b07
GET /js HTTP/1.1
Host: apidata.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gr01.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:07 GMT
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: POST, GET
access-control-max-age: 3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UTvx%2FVZvqY03Prcb%2Bv2OJM5yKQGcGtD4BkON0jHUtdI54VSxRK3pH5zlvFC4bhrjrCy1otRxHZy0xuf%2B4d6BxjPjIV8GF7Hhz1mcwITWr41qdEMkWyfSzQ9My05mMJ0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuGQ4mUqJj6izyopp8yhqksk2KbwnuKnipvjxD7cqi; SameSite=Lax; path=/; expires=Sun, 25-Sep-22 19:23:07 GMT; HttpOnly
server: cloudflare
cf-ray: 74fe3c6d2fc2b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
app.logictree.co/9456c9e2-2132-489e-b779-7df0c4acc351?s6=1&s7=LG&s8=CAK&spushon=y
18.158.88.249302 Found 0 B URL HTTP/2 app.logictree.co/9456c9e2-2132-489e-b779-7df0c4acc351?s6=1&s7=LG&s8=CAK&spushon=y
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /9456c9e2-2132-489e-b779-7df0c4acc351?s6=1&s7=LG&s8=CAK&spushon=y HTTP/1.1
Host: app.logictree.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gr01.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 24 Sep 2022 20:23:07 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://secure.newyearspecials.xyz/lp/load/1b/?vsv=UTS&vl=1&vlink=app.logictree.co&country=NO&cep=EJCBauH-x-iJFomvFEm7eYJpzIATLgzJCs6H_Cp1W7-VKCFwu5J0D3pccUng-9Ag1Zi4QV6xkwqBfPteZrSv4pUWBaL_SSlGegtUzAeCoSyadt6uNGugZYMkekhfDtbX-IYcVP6KjAJWPaR3vFB8xFALOF1vavze_Jc74j3SR1kjUmjSnxcqCVd4mY-jLrALKekcfcSi1DwENVCBfWclw7fhTVygwvzoMWaRsvOw7gGq7mNGVm9WIKtOrvb1fqrnZLEaFjLhu29IoB4qTMoPXv3OoGKM16oUyC0eyZlP2VAJHICYUno6xaNaWf8X5APC1gXH7fytLUfnuL8R4EBbUcy2nPfiDGBI6Hz_kof5dcpPNwsvatEhQERKE6MRCr9OK4JkaXy-BTzCYMkXYCMLu2UiLCuPN0cZ8IjjcEeB660&lptoken=16936401059427db87f7&s6=1&s7=LG&s8=CAK&spushon=y
pragma: no-cache
set-cookie: 9456c9e2-2132-489e-b779-7df0c4acc351-v4=cYrxTXi1QveyqQGSfyDFPnMdbzu1LfPoYS7q53Jn5XM; Max-Age=86400; Expires=Sun, 25-Sep-2022 20:23:07 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=NHMcS5Ti3E0qC7-HUp_SwyvQ5jaAtLhiUWfB6J_c5YGCpnUWpRSoc8OMIhzTUXl7VLJ1vUReF7cqYqdtwedayfilX2Cie43dU_S3qLw2_7ZlyVb8OrD-WnIx8Bef2iCV87JuK1aCOAwDfRge87BRNqjzAhOHj85fLp9tY1iB9AsV-DOnZo9FmctIyzQ-WzI5LwiPFk-OOSap18xo_qgzkV4clEmnVak9Sj3wAHfGIw1EWVvmdOyunksv0bymJZw6cajInFYU9AWJVGbDcXnMEYf4UXf9tMbh0HMEsYWCRxbgOBZcXtIeirI2JFoOfpOi8V1Af3AUspLSAQ7BA7YoL6qt5nB7g3oJnDKhrm5cVuFzs650geCwO5kaDJ6F2yu1hyUYlrD7qMbqmTa2AddB_3TwyN0XXWDTe9RIvw3PfwA; Max-Age=86400; Expires=Sun, 25-Sep-2022 20:23:07 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32034)
Hash c54aac7ef64c39b4f384e0d5771d3b46
d3e059104378a3844862a5ed12a13f5d423e86b6
3e1b5002dd64d185f806edeefd333348f423584d876cfc966b5c13884c8fe3da
GET /ajax/libs/jquery/3.0.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 17:06:27 GMT
expires: Tue, 19 Sep 2023 17:06:27 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 443800
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ec3ef0f593f19bd68c38449fd1bb8b78
73ac23487b3bdab76a3e023b0801f5d8f723ef66
4c1cfff5541e0e5b4d8cf7646c68f8c982376c019712528cdda9bbeeba84aa02
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5162
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:07 GMT
Last-Modified: Sat, 24 Sep 2022 18:57:05 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 280
trk-consulatu.com/scripts/push/script/z0grz0mex9?url=secure.newyearspecials.xyz&alturl=/lp/load/1b/
172.64.169.3200 OK 5.0 kB URL HTTP/2 trk-consulatu.com/scripts/push/script/z0grz0mex9?url=secure.newyearspecials.xyz&alturl=/lp/load/1b/
IP 172.64.169.3:0
File type ASCII text, with very long lines (7366), with no line terminators
Hash db8c3517db4d16331125abe695c61ce5
f460a20c9b8f19fc753391ca10d0d01948aac67c
ed680bf7c481bfec481f323fd46c28dab8f54ab4251e89c67e8187db2008e557
GET /scripts/push/script/z0grz0mex9?url=secure.newyearspecials.xyz&alturl=/lp/load/1b/ HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:08 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wI0NxabORUPUF3bLSu%2FjUeBRvoel9oEv0NVKMKD0VYGHL3UtqrV8OHipKlY1%2BPIbE5OaKyNWinYRGszUTWOnReoCmCkLLZbZpnz9E%2FQvr6Av%2FeJROZ40vVsEsSNaSbEU63u%2B%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c71bfff7755-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
app.logictree.co/d/.js?lpref=https%3A%2F%2Fgr01.net%2F&lpurl=https%3A%2F%2Fsecure.newyearspecials.xyz%2Flp%2Fload%2F1b%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26country%3DNO%26cep%3DEJCBauH-x-iJFomvFEm7eYJpzIATLgzJCs6H_Cp1W7-VKCFwu5J0D3pccUng-9Ag1Zi4QV6xkwqBfPteZrSv4pUWBaL_SSlGegtUzAeCoSyadt6uNGugZYMkekhfDtbX-IYcVP6KjAJWPaR3vFB8xFALOF1vavze_Jc74j3SR1kjUmjSnxcqCVd4mY-jLrALKekcfcSi1DwENVCBfWclw7fhTVygwvzoMWaRsvOw7gGq7mNGVm9WIKtOrvb1fqrnZLEaFjLhu29IoB4qTMoPXv3OoGKM16oUyC0eyZlP2VAJHICYUno6xaNaWf8X5APC1gXH7fytLUfnuL8R4EBbUcy2nPfiDGBI6Hz_kof5dcpPNwsvatEhQERKE6MRCr9OK4JkaXy-BTzCYMkXYCMLu2UiLCuPN0cZ8IjjcEeB660%26lptoken%3D16936401059427db87f7%26s6%3D1%26s7%3DLG%26s8%3DCAK%26spushon%3Dy&lpt=Loader&vtm=1664050986606
18.158.88.249200 OK 3.1 kB URL HTTP/2 app.logictree.co/d/.js?lpref=https%3A%2F%2Fgr01.net%2F&lpurl=https%3A%2F%2Fsecure.newyearspecials.xyz%2Flp%2Fload%2F1b%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26country%3DNO%26cep%3DEJCBauH-x-iJFomvFEm7eYJpzIATLgzJCs6H_Cp1W7-VKCFwu5J0D3pccUng-9Ag1Zi4QV6xkwqBfPteZrSv4pUWBaL_SSlGegtUzAeCoSyadt6uNGugZYMkekhfDtbX-IYcVP6KjAJWPaR3vFB8xFALOF1vavze_Jc74j3SR1kjUmjSnxcqCVd4mY-jLrALKekcfcSi1DwENVCBfWclw7fhTVygwvzoMWaRsvOw7gGq7mNGVm9WIKtOrvb1fqrnZLEaFjLhu29IoB4qTMoPXv3OoGKM16oUyC0eyZlP2VAJHICYUno6xaNaWf8X5APC1gXH7fytLUfnuL8R4EBbUcy2nPfiDGBI6Hz_kof5dcpPNwsvatEhQERKE6MRCr9OK4JkaXy-BTzCYMkXYCMLu2UiLCuPN0cZ8IjjcEeB660%26lptoken%3D16936401059427db87f7%26s6%3D1%26s7%3DLG%26s8%3DCAK%26spushon%3Dy&lpt=Loader&vtm=1664050986606
IP 18.158.88.249:0
File type ASCII text, with very long lines (1024)
Hash faacc5e09dff84c134eb527608daf599
db764ce65942757812dd740196bdf32495982aaf
ca4d2478d8a86a6cf6d9d7a13b93c4d399e932a59cb92733086605972d498fda
GET /d/.js?lpref=https%3A%2F%2Fgr01.net%2F&lpurl=https%3A%2F%2Fsecure.newyearspecials.xyz%2Flp%2Fload%2F1b%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26country%3DNO%26cep%3DEJCBauH-x-iJFomvFEm7eYJpzIATLgzJCs6H_Cp1W7-VKCFwu5J0D3pccUng-9Ag1Zi4QV6xkwqBfPteZrSv4pUWBaL_SSlGegtUzAeCoSyadt6uNGugZYMkekhfDtbX-IYcVP6KjAJWPaR3vFB8xFALOF1vavze_Jc74j3SR1kjUmjSnxcqCVd4mY-jLrALKekcfcSi1DwENVCBfWclw7fhTVygwvzoMWaRsvOw7gGq7mNGVm9WIKtOrvb1fqrnZLEaFjLhu29IoB4qTMoPXv3OoGKM16oUyC0eyZlP2VAJHICYUno6xaNaWf8X5APC1gXH7fytLUfnuL8R4EBbUcy2nPfiDGBI6Hz_kof5dcpPNwsvatEhQERKE6MRCr9OK4JkaXy-BTzCYMkXYCMLu2UiLCuPN0cZ8IjjcEeB660%26lptoken%3D16936401059427db87f7%26s6%3D1%26s7%3DLG%26s8%3DCAK%26spushon%3Dy&lpt=Loader&vtm=1664050986606 HTTP/1.1
Host: app.logictree.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 20:23:08 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3052
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
app.logictree.co/click?country=NO
18.158.88.249302 Found 0 B URL HTTP/2 app.logictree.co/click?country=NO
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /click?country=NO HTTP/1.1
Host: app.logictree.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 9456c9e2-2132-489e-b779-7df0c4acc351-v4=cYrxTXi1QveyqQGSfyDFPnMdbzu1LfPoYS7q53Jn5XM; cep-v4=NHMcS5Ti3E0qC7-HUp_SwyvQ5jaAtLhiUWfB6J_c5YGCpnUWpRSoc8OMIhzTUXl7VLJ1vUReF7cqYqdtwedayfilX2Cie43dU_S3qLw2_7ZlyVb8OrD-WnIx8Bef2iCV87JuK1aCOAwDfRge87BRNqjzAhOHj85fLp9tY1iB9AsV-DOnZo9FmctIyzQ-WzI5LwiPFk-OOSap18xo_qgzkV4clEmnVak9Sj3wAHfGIw1EWVvmdOyunksv0bymJZw6cajInFYU9AWJVGbDcXnMEYf4UXf9tMbh0HMEsYWCRxbgOBZcXtIeirI2JFoOfpOi8V1Af3AUspLSAQ7BA7YoL6qt5nB7g3oJnDKhrm5cVuFzs650geCwO5kaDJ6F2yu1hyUYlrD7qMbqmTa2AddB_3TwyN0XXWDTe9RIvw3PfwA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 24 Sep 2022 20:23:08 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://fst.submittrk.com?aff_id=1516&c_id=U2FsdGVkX19yrBO3jvLLMObukPHhnnXQO9MBipqxuW%2BYqhDz&click_id=dcoubb2lvl32kc9j22molkec&s1=a7f48a40-0785-47a8-b3da-aafca3c6d191_&country=NO
pragma: no-cache
set-cookie: cc-v4=ApdTPE0H0S58GXoFwJA5bZCiv1MC%2BvbTB58CKrWmFdYKMLD%2FgvTeoIGCalXmWY8vy%2F7MkVxppgH8PlE0BEELzrwv1vwzKwFx9IP%2B0cW1TuWuB4%2BI%2FRfR6W6UpwNcZlJbew7vCU7kgBYUsnr2uX7jZA%3D%3D; Max-Age=31536000; Expires=Sun, 24-Sep-2023 20:23:08 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
9456c9e2-2132-489e-b779-7df0c4acc351-clk-v4=9456c9e2-2132-489e-b779-7df0c4acc351; Max-Age=86400; Expires=Sun, 25-Sep-2022 20:23:08 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
9456c9e2-2132-489e-b779-7df0c4acc351-v4=T49IiwjmYesj7N_35-zOz9v8ZyP9lfWQBUc9Sa4p74A; Max-Age=86400; Expires=Sun, 25-Sep-2022 20:23:08 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/3mg6vop9d1
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/3mg6vop9d1
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/3mg6vop9d1 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://secure.newyearspecials.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:08 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://secure.newyearspecials.xyz
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9KlAVyTHefijGtuhn3uBsyz44p2ZoBEMixWsWPMET%2Fdqqh%2BuRiKKl3FzkQScVFEKiu71BSTBJvUyPo8Jr52orZQ5xocH30bKTaUD%2FymeIG%2FnGKyPtx5zeq1DZ%2BiUscpNyqr%2FqOrSVJRnfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c767a7be620-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/3mg6vop9d1
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/3mg6vop9d1
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/3mg6vop9d1 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://secure.newyearspecials.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:08 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://secure.newyearspecials.xyz
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z65W1w0q1S9%2BCEV9X9ETsH3y17s900ZRebn1nq8SKAGmFZ4XaHom%2BWzdoxhS69fYi2TNrzzXpUYaLVEiGyXhNnPfek41EEm8Xibii2DBtfy9E2EB%2FaIBQQrhajIucM3RmyFaroSPn0tCVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c767a8ce620-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/3mg6vop9d1
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/3mg6vop9d1
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/3mg6vop9d1 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://secure.newyearspecials.xyz
Content-Length: 148
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:08 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://secure.newyearspecials.xyz
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSrUgUQ2HuL3x74OjCmYtyeZtRRcUcFqccyt5DbKWwF9Vg4Hu3FqzDW3%2FpGfIffpMOb02qjQNHPPxwiCVsdBl647eij1njQ00lulTHEQcgk%2FaZVJP3Xz5VnOIDiRbt1qdqElpiy4hrTc4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c772b23e620-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/3mg6vop9d1
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/3mg6vop9d1
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/3mg6vop9d1 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://secure.newyearspecials.xyz
Content-Length: 109
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:08 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://secure.newyearspecials.xyz
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COjQQeo681dZ33BcuVjgWBn0%2B%2F6Ht78IJQn%2Bh94VB6ZLvJoVnoGe8HxG6jw9jW80aJtbg0D9DbjLlIvHSPpSsDJXTTlfyxtHGtKwF1XbGaH5HdW%2FEy5Ia2b%2FJ7MxbxTORcsCHRE%2BIgdKdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c772b1ce620-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e9e8926c3c2cc927e73efe861cbd8579
f29ff5c315b102b7276606d4dc7ec4725f00b1ab
ca01a77d25bfcd07087c355ab1406e50dbe32e5fef734ddb85793fb483fee831
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA01A77D25BFCD07087C355AB1406E50DBE32E5FEF734DDB85793FB483FEE831"
Last-Modified: Fri, 23 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5643
Expires: Sat, 24 Sep 2022 21:57:11 GMT
Date: Sat, 24 Sep 2022 20:23:08 GMT
Connection: keep-alive
fst.submittrk.com/?aff_id=1516&c_id=U2FsdGVkX19yrBO3jvLLMObukPHhnnXQO9MBipqxuW%2BYqhDz&click_id=dcoubb2lvl32kc9j22molkec&s1=a7f48a40-0785-47a8-b3da-aafca3c6d191_&country=NO
34.78.252.25302 Found 416 B URL HTTP/1.1 fst.submittrk.com/?aff_id=1516&c_id=U2FsdGVkX19yrBO3jvLLMObukPHhnnXQO9MBipqxuW%2BYqhDz&click_id=dcoubb2lvl32kc9j22molkec&s1=a7f48a40-0785-47a8-b3da-aafca3c6d191_&country=NO
IP 34.78.252.25:0
File type HTML document, ASCII text, with very long lines (1428), with no line terminators
Hash d7ca910db16f26a64628d25f0633f1e4
7def0b4d20657e89607e7b2eb82540c4b9487a29
380fa28c91c8e5eedb38d66c3426a2b56b49e2eada69bd82ac053068699e0c03
GET /?aff_id=1516&c_id=U2FsdGVkX19yrBO3jvLLMObukPHhnnXQO9MBipqxuW%2BYqhDz&click_id=dcoubb2lvl32kc9j22molkec&s1=a7f48a40-0785-47a8-b3da-aafca3c6d191_&country=NO HTTP/1.1
Host: fst.submittrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type
Location: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Vary: Accept, Accept-Encoding
Set-Cookie: hexa.sid=s%3AYUvRV0PBTLBm-8cGBDu_w6E8Y7vX-tB8.5oOnSWRc88yRCrrSJ5ZLhML81fa1iEThzo4IFaQ%2FO4o; Path=/; HttpOnly; Secure
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
99.86.249.93200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 99.86.249.93:0
Hash 368aeb16dbc74397be2534dabb560f5d
e7f9904a7695571d39e11c62889d8328d2e34324
91f03283573c69e4ee273dcab1ab99a978fffcc0ae7a524982475cd1d26cbc86
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 20:23:09 GMT
Server: ECS (dcb/7EC6)
X-Cache: Miss from cloudfront
Via: 1.1 f715245c12dc1f6bdadc387db50e442c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: nbptsVnnJd6Izjohx5Mu5qLVlX09UYGayGhKV0qglDmFzCEktX_d0Q==
app.ln5.quiztionnaire.com/n/09/11/assets/css/fonts.css
143.204.191.96200 OK 2.2 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/css/fonts.css
IP 143.204.191.96:0
Hash 95365b9db0bcf478429fde0fa9ebcf0a
a2c579babe63477e63663ec542512e8fc5b7fa4b
e93e66bc746f2d32546cb688b17531f18777a7c827454d8cdc0f0d9f9614578c
GET /n/09/11/assets/css/fonts.css HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 2172
server: nginx/1.19.0
last-modified: Fri, 23 Sep 2022 05:41:33 GMT
accept-ranges: bytes
access-control-allow-origin: *
date: Sat, 24 Sep 2022 10:44:43 GMT
etag: "632d470d-87c"
x-cache: Hit from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: -Bk1b7tiEw4k7gzfjkhfBrayALTLtEVHr-PnkXnYvMrftTlzMN7k7A==
age: 34706
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/css/style_min.css
143.204.191.96200 OK 23 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/css/style_min.css
IP 143.204.191.96:0
File type ASCII text, with very long lines (677)
Hash 33f25dcf6e5bc7a9a634f076778d54ff
e282897854293ff6138bd268ebe5f4a3ba5ccd2c
1c782553c2933e143f41596430dfb1bd418dd460dc09a075db38198271694575
GET /n/09/11/no/iphonexr/css/style_min.css HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 22626
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
last-modified: Fri, 23 Sep 2022 05:41:34 GMT
etag: "632d470e-5862"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: TwW-5kGZ43twwyzbybP7akzo002nDDxAFgiu0rkYh9ek2x5UIDJoIQ==
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32065)
Hash 2bc666a590303ce436c2679bec5d2173
c9835788b85dea43c45890080fe957673a1a1d17
54d0c6a98d70521e5cbe82178740a6c04e05d10c02932192a945d2126678cde0
GET /ajax/libs/jquery/2.2.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30094
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 22:17:13 GMT
expires: Thu, 21 Sep 2023 22:17:13 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 252356
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/top2_no.png
143.204.191.96200 OK 9.7 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/top2_no.png
IP 143.204.191.96:0
Hash b8ec4d0b8192f160e3aee69d1fe815d6
5800bf5027ec11a38b107d51bf472b526e9108fb
5b146af46c12564fbbcc9533682330af9b9c714d79a4883f99b9531e812e099c
GET /n/09/11/assets/images/iphonexr/top2_no.png HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 9185
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
last-modified: Fri, 23 Sep 2022 05:41:33 GMT
etag: "632d470d-23e1"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: 16SWhcpJZa9JBBeQ3tL-x-FkbQB4ECA79YDt9KazvVXlV18dLo6z1w==
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
143.204.191.96200 OK 92 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
IP 143.204.191.96:0
Hash 9777be63b3523b544e4288e6beb82c50
f7f9929f0340c8c4943ddf97541bc03899877dd9
3ba72e7fb124ec4dfac705c29617c3bb450756ae3d5743808d5b89da550b7dc9
GET /n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516 HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf8
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: qSRoEky9C9LvQpQXYgZiNqQcqRmNAndu5jROOHW1OnZHzgbM1aGbSQ==
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/images/nav.svg
143.204.191.96200 OK 954 B URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/images/nav.svg
IP 143.204.191.96:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash ef66f851d16a60f717c042d3cd2678e5
e8ea119cc9a36c192822b35719fa016e673764d8
9d6e0f573ea8892ab9741436df1700cedf3de03fa1372fdef77497c5d1ef4c66
Analyzer Verdict Alert fortinet Phishing
GET /n/09/11/no/iphonexr/images/nav.svg HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 954
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
last-modified: Fri, 23 Sep 2022 05:41:34 GMT
etag: "632d470e-3ba"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: UZrRUjmq1F51KGn7qvGUuAkC11gATtcXikXqwtZUSPWBpTrrK9hB4Q==
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/images/apple.svg
143.204.191.96200 OK 1.6 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/images/apple.svg
IP 143.204.191.96:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 5c78687b52a68c5b73acb79724e1754a
2c81bb387a9b1c72e5d7caca4d915c1c11b8fd26
4c49b4431e9125c85fa773c5a2f00a383f8d606e31cfb81fb8938355060239e7
Analyzer Verdict Alert fortinet Phishing
GET /n/09/11/no/iphonexr/images/apple.svg HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 1635
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
last-modified: Fri, 23 Sep 2022 05:41:34 GMT
etag: "632d470e-663"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: 1h7de3GNtc-f4MxnLqHrLrwMoKqV0VIvOeGMrcE-CEdBglVZRcgqBg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7757577ad7fbeed99b096ae503fb4d5f
b262fa8d2d68dde29341d8ff3d75c53e5ba2e82d
c2812212cee469775277310e44b44ab18f067d2acf7508c31eae3f8b77d27948
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2812212CEE469775277310E44B44AB18F067D2ACF7508C31EAE3F8B77D27948"
Last-Modified: Fri, 23 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21294
Expires: Sun, 25 Sep 2022 02:18:03 GMT
Date: Sat, 24 Sep 2022 20:23:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7757577ad7fbeed99b096ae503fb4d5f
b262fa8d2d68dde29341d8ff3d75c53e5ba2e82d
c2812212cee469775277310e44b44ab18f067d2acf7508c31eae3f8b77d27948
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2812212CEE469775277310E44B44AB18F067D2ACF7508C31EAE3F8B77D27948"
Last-Modified: Fri, 23 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21294
Expires: Sun, 25 Sep 2022 02:18:03 GMT
Date: Sat, 24 Sep 2022 20:23:09 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
99.86.249.93200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 99.86.249.93:0
Hash 9cbb7be581f0d5746eea9c6ab39f592c
fcd8cdb1cfbf43602af96933e1315ad6cfeb4627
68659e4b0db9e96fa234e08ae77bfe280a5c8a30a46ceb2078362f115346d76e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 20:23:09 GMT
Last-Modified: Sat, 24 Sep 2022 20:18:03 GMT
Server: ECS (nyb/1D1C)
X-Cache: Miss from cloudfront
Via: 1.1 0d28fd7b073340c78cdcd5a3e2e0fe5a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: H2-Kh4hV8kIuXqCbFdEvTOU7EuMNjHsh5x4bLhQic88E_wgXIlKwsQ==
Age: 306
st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Light.woff
13.224.132.63200 OK 51 kB URL HTTP/2 st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Light.woff
IP 13.224.132.63:0
File type Web Open Font Format, CFF, length 50836, version 0.0\012- data
Hash 2fa3049613788ce468d3cf3942fef7df
c39a24d21bba273ab8e6de07cf694950a4ab3a19
03232ad9934ac651926b71be790954fd53a9fe10a0dd1b366597df47ebd25382
GET /assets/fonts/myriad-pro/MyriadPro-Light.woff HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 50836
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-c694"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 bfc68ff581bb4e5342af2e46682c1ad0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: mEl2vxD8HFEHl0ck0u2E347m_U2m8qw9hC4kzAl39Hlsh5h-YzGlWQ==
X-Firefox-Spdy: h2
st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Semibold.woff
13.224.132.63200 OK 52 kB URL HTTP/2 st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Semibold.woff
IP 13.224.132.63:0
File type Web Open Font Format, CFF, length 52240, version 0.0\012- data
Hash c44fdb4dfeb70513d7dc871d9fd6ff57
4c755e82ae6069129cf66c0d134aa7ad3263f9ea
32b7afff3dba835735be49655d87b262e55a7099668d297f3d51d449a832b88b
GET /assets/fonts/myriad-pro/MyriadPro-Semibold.woff HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 52240
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-cc10"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 bfc68ff581bb4e5342af2e46682c1ad0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: UjiWMKf72UyxB4RB_7KPd5pT9sAXkdHhUwqtrZzDXaBCq4rIIlrhLg==
X-Firefox-Spdy: h2
st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Bold.woff
13.224.132.63200 OK 53 kB URL HTTP/2 st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Bold.woff
IP 13.224.132.63:0
File type Web Open Font Format, CFF, length 52644, version 0.0\012- data
Hash c905542735ebc800162133d4d1b287f0
310e41e75eae30b80a96d8c9b8e6b46e5b798fcd
801f07cd82df4b98655a2aafd3c8fbb9f6fd1008c933e3ab491aef86e344bb82
GET /assets/fonts/myriad-pro/MyriadPro-Bold.woff HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 52644
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-cda4"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 bfc68ff581bb4e5342af2e46682c1ad0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: rBwZmn2d4lrGwQcw7CEqTGDUUo4jKT6wl50CbpHtGQS1vFmKEqe9XA==
X-Firefox-Spdy: h2
st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Regular.woff
13.224.132.63200 OK 52 kB URL HTTP/2 st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Regular.woff
IP 13.224.132.63:0
File type Web Open Font Format, CFF, length 51572, version 0.0\012- data
Hash 6a324f29ef3efabd2176f8b697ad71ed
dd696f0c713eb491c6e16bec9fda63f3f23999ba
6d64c461708b8f11e06451c96779d22fc2b8de582214c77493ecc57c32ede06e
GET /assets/fonts/myriad-pro/MyriadPro-Regular.woff HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 51572
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:09 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-c974"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 bfc68ff581bb4e5342af2e46682c1ad0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: j-IlEMbrj__5DKqoNZhg1T2UEfgTMyf4lOu6Kk3gbgo_wTGCC8dJfA==
X-Firefox-Spdy: h2
st.formulead.com/assets/img/spinner/apple.gif
13.224.132.63200 OK 207 kB URL HTTP/2 st.formulead.com/assets/img/spinner/apple.gif
IP 13.224.132.63:0
File type GIF image data, version 89a, 290 x 290\012- data
Size 207 kB (207179 bytes)
Hash 9190e2139ac13170290812f50aa6cf8c
6056eed279dc4e058eceeacbd6d12af4b61e9e59
50f1a5f9104a62607b6f94d077ec799f015d3096a7e8b30e29c43401ed4f5b6e
GET /assets/img/spinner/apple.gif HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 207179
server: nginx/1.19.0
date: Sat, 24 Sep 2022 02:51:41 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-3294b"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 ce730d33091c8015848f9f46f438eab2.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: BMgdY99XSf1POjrWxhKUZ_rJX0J8hfN9qIUqbN6-yyWiP_t6damdVQ==
age: 63088
X-Firefox-Spdy: h2
cdn.formulead.com/css/main.min.css
34.78.252.25200 OK 94 kB URL HTTP/1.1 cdn.formulead.com/css/main.min.css
IP 34.78.252.25:0
File type ASCII text, with very long lines (65518)
Hash 5ae2d40550531f853c155a93f5d7d0e0
43b97546ec76da1e9a6ead8c75c8028612aed54d
b753dfbd6eb7e304765465c553e697f1ab438b7a5a4e28c5ba0d432957611e56
GET /css/main.min.css HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:09 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Thu, 22 Sep 2022 14:21:52 GMT
ETag: W/"b20df-18365938c00"
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
99.86.249.93200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 99.86.249.93:0
Hash 9cbb7be581f0d5746eea9c6ab39f592c
fcd8cdb1cfbf43602af96933e1315ad6cfeb4627
68659e4b0db9e96fa234e08ae77bfe280a5c8a30a46ceb2078362f115346d76e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 20:23:09 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 f715245c12dc1f6bdadc387db50e442c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: nVHBhlwuf8mLRgAFMLcHqGHZ3Lwg-os55PzEUyb8XhI17DYb5XVGnA==
cdn.formulead.com/v/country
34.78.252.25200 OK 51 B URL HTTP/1.1 cdn.formulead.com/v/country
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 91440c116c92d75cfc02cd72bd060a82
591d3adc1d1d80e012b0dd0214df1f0438ae37f5
1b35c679adcfb2f8fbf92afcaf9f7a741f3c6273503a54b6c55448e1b2807c80
GET /v/country HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:09 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 51
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"33-WR063B0dgOASsN0CFN8fBDiuN/U"
set-cookie: qst.sid=s%3AotbqWyw9r7J9ViyeOHaSdlQp48w62i8w.rEb2HgTwxSpE6TBb2jUE6MPp50clR3vmlyzrK5NJ50I; Path=/; HttpOnly
Vary: Accept-Encoding
app.ln5.quiztionnaire.com/favicon.ico
143.204.191.96200 OK 1.2 kB URL HTTP/2 app.ln5.quiztionnaire.com/favicon.ico
IP 143.204.191.96:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 2b41416e68dcc31606e749cc9da0e7e4
7801b077f31134407e429aa5d3cfd65ed2197e59
934e627d59f1a7b1d98df885aa0d09603b4027b25d29e5ddeaadd15fdd318c6b
GET /favicon.ico HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 1150
server: nginx/1.19.0
last-modified: Fri, 23 Sep 2022 05:41:28 GMT
accept-ranges: bytes
access-control-allow-origin: *
date: Sat, 24 Sep 2022 10:43:59 GMT
etag: "632d4708-47e"
x-cache: Hit from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: 0s8EFEeE7BBCPBqkr7IGa3MOSYh7GgGjYrEL-tpzzpY8vDPqdqxNTQ==
age: 34751
X-Firefox-Spdy: h2
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/p.js
34.78.252.25200 OK 426 kB URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/p.js
IP 34.78.252.25:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 426 kB (426231 bytes)
Hash 051cbe45314c2867cb5f7c158fcf7109
c21226fac0392eace3b377996f114bf646566d61
c8c363deb36945a0494e2a680dc351751e32606123794f7b01233dab9f215170
GET /p/5cf7e0bd268b230100a5ddf4/p.js HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:09 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
set-cookie: lid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
plc=5cf7e0bd268b230100a5ddf4; Path=/; Expires=Mon, 23 Sep 2024 20:23:09 GMT; Secure; SameSite=None
qst.sid=s%3AImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5.y5DY1Hjwh9%2B3M0XRUvl4D%2FyJG0U4KmNiucFkxVrFQDk; Path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:11 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4de431d1f0b2fb15b71b607b17be7d3d
60f7beb2f1cf28d72cb159ca92a20cfb9105b493
a19c5c057f664ba912b3b7d03f9491cc81336b9e836158b795fd18a1ff1a654f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
142.250.74.164200 OK 586 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash bafc18d30c743925dbcca01193099c3b
d0cb99688d03295c921d0c8029ffa00b722fb76c
78a7eac670353fceb777791ec2bb853d281a09b8dc52a905686dc08927db945a
GET /recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu- HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 24 Sep 2022 20:23:11 GMT
date: Sat, 24 Sep 2022 20:23:11 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 586
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial
34.78.252.25200 OK 4.4 kB URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (18080), with no line terminators
Hash 9890fec94ebed97c067aaa9463c716f2
5860cef5c3bab22596139441b3766b71cfadb90a
cdb426c5836cbb47865c6fbb7da4cc8fe76d9d273f12813428c67477f081ee20
GET /p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5.y5DY1Hjwh9+3M0XRUvl4D/yJG0U4KmNiucFkxVrFQDk
X-Request-Id: 68f5f098c70b485e546d537f
X-iivmxswc: 3c183a95d86b5386221a0bdc1b12bb0369b4ad22022c91bf0527a96ab89a4a8a
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Cookie: plc=5cf7e0bd268b230100a5ddf4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:11 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: stp=1; Path=/; Expires=Mon, 23 Sep 2024 20:23:11 GMT; Secure; SameSite=None
ck_tsp=2022-09-24T20%3A23%3A11.886Z; Path=/; Expires=Mon, 23 Sep 2024 20:23:11 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Mon, 23 Sep 2024 20:23:11 GMT; Secure; SameSite=None
ETag: W/"47a0-8fk2SywqI2sGfnNyt/ObRYb80Gk"
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 267300d587831dda7559c30c40cc614e
d7ff0b9754e61f5d4178eddb5e63c3390ab559c8
ec7aad1a3116ce8ef5258b49de87cf3456c8c4890206fa5d46c8e510ded80ac0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
st.formulead.com/assets/js/bioep.min.js
13.224.132.63200 OK 2.3 kB URL HTTP/2 st.formulead.com/assets/js/bioep.min.js
IP 13.224.132.63:0
Hash f3a65911c6c3d118f181775afd900899
93682d8841cda550d0dac1fc9708a6bdb3736007
7909fb805d9c2c0822a9fce584f5f79b162f2d62d433e6d90421f19a93a698ae
GET /assets/js/bioep.min.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 23 Sep 2022 21:23:03 GMT
etag: W/"6329dbed-14c4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ce730d33091c8015848f9f46f438eab2.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: EhMMfvaiqULODXwKYGgpIF5qedoF1U9bbGDsejXYz0edFwo3osRplw==
age: 82806
X-Firefox-Spdy: h2
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 88 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 9e040edd17bb2e1b8595c5bca9c3781a
cb57e3f304d455c0b252e6a05bc0e55814c8c553
56c21491b74b93d01b73e9f45bde0ad2c392e0b4afbe710b7c324c7c090178e0
GET /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Cookie: plc=5cf7e0bd268b230100a5ddf4; stp=1; ck_tsp=2022-09-24T20%3A23%3A11.886Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 88
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"58-y1fj8wTUVcCyUuagW8DlWBTIxVM"
set-cookie: qst.sid=s%3A2vFLZBGTY0tqGjZND3FCr1GM953eNr4K.KknGB52dFbwu1f9uflG4H5DV%2Fxhu1q7nL8DJ5FeoknI; Path=/; HttpOnly
Vary: Accept-Encoding
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c410d08f290592560241e28db73f247e
6304694de608773b1e148e9b339d0db85b4d6cae
8042d49a25611e5d6ab08b5696266cc862701181037943de7e30f8b209703eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8042D49A25611E5D6AB08B5696266CC862701181037943DE7E30F8B209703EAF"
Last-Modified: Sat, 24 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 25 Sep 2022 02:23:12 GMT
Date: Sat, 24 Sep 2022 20:23:12 GMT
Connection: keep-alive
cdn.formulead.com/v/fingerprint-cache?vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs=803716228
34.78.252.25200 OK 110 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash bad7f8dd7c7e0222df76f8164f37d7f0
e6f37c1e21f83b5e26660d2beee029c5fdfdf447
c167a02d8d16558f88713a894be5587558e1876b822e73e1a9eef21815bd233f
GET /v/fingerprint-cache?vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Cookie: plc=5cf7e0bd268b230100a5ddf4; stp=1; ck_tsp=2022-09-24T20%3A23%3A11.886Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 110
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"6e-5vN8HiH4O14mZg0r7uApxf399Ec"
set-cookie: qst.sid=s%3ANYt9YmzUU3xCR8gtdtEcOnH7YR3T2I_0.5EtX68KBpzBIn3QLctU13TtMcZCW8ghtquVgbMXjvvE; Path=/; HttpOnly
Vary: Accept-Encoding
submittrk.com/clk?aff_id=1516&offer_id=726&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=dcoubb2lvl32kc9j22molkec&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&aff_tt=dp
34.78.252.25200 OK 82 B URL HTTP/1.1 submittrk.com/clk?aff_id=1516&offer_id=726&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=dcoubb2lvl32kc9j22molkec&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&aff_tt=dp
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 27f06431c474e16c0322126f3c9e2112
14feb7be6d755f726bdda48e8c5bdd17e827a309
b8a5fdf4e87eb6f492198755038af76e96e50c06d5b0015f583b033f7d2fcaef
GET /clk?aff_id=1516&offer_id=726&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=dcoubb2lvl32kc9j22molkec&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&aff_tt=dp HTTP/1.1
Host: submittrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 82
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type
ETag: W/"52-FP63vm11X3Jr3aSOjFvdF+gnowk"
Set-Cookie: hexa.sid=s%3Afsyu53y0rgxFca-o726wzi6Q3kx4gEWL.FUGmMSdJIXWEOg88ReWdTO3IZFO7EOSKWFdI0Dw7P7A; Path=/; HttpOnly; Secure
Vary: Accept-Encoding
app.ln5.quiztionnaire.com/service-worker.js
143.204.191.96200 OK 268 B URL HTTP/2 app.ln5.quiztionnaire.com/service-worker.js
IP 143.204.191.96:0
Hash 0e34c6b07be19b99ee9000b6d6eb04ab
7cebf39f882ef947cc95e21aa322e5f235060c12
d3f0e3768a432b0d4b35761375a6f329f4d122eed499c7640708041a9c7dd05f
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
content-length: 268
server: nginx/1.19.0
date: Sat, 24 Sep 2022 04:00:16 GMT
last-modified: Fri, 23 Sep 2022 05:41:56 GMT
etag: "632d4724-10c"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: 4doaxE_9-oiMFS8C1Ijju7pZNUhzcNMa1p84g-6t31BuNP-urOXCXw==
age: 58976
X-Firefox-Spdy: h2
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=ImBbxC1MsV0q6_Sw2m7JuPQLoyEwKeC5&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=07159d973bc34270c91ea37db53faaf6&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_a7f48a40-0785-47a8-b3da-aafca3c6d191_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_a7f48a40-0785-47a8-b3da-aafca3c6d191_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /vl/ql/?qb_country=NO&aff_source=1516_a7f48a40-0785-47a8-b3da-aafca3c6d191_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-flow-id,x-lead-id,x-offer-id,x-ofvuinwk,x-placement-id,x-session-id,x-zqhkygow
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/fonts/Roboto-Bold.ttf
34.78.252.25200 OK 170 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Bold.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size 170 kB (170348 bytes)
Hash e07df86cef2e721115583d61d1fb68a6
3dd713113ff2d79b94d2df343e2e28fa8e7279cf
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a
GET /fonts/Roboto-Bold.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:12 GMT
Content-Type: font/ttf
Content-Length: 170348
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Thu, 22 Sep 2022 14:21:51 GMT
ETag: W/"2996c-18365938818"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (826)
Size 158 kB (158248 bytes)
Hash db1b5789e9915e9c82f5df92e5982980
2e193e502995501c85f45fd89d9f83707a7f9573
db9c82b18117d7cff0f674de758f5bbb39bc6dee969cee679c741090968b9206
GET /recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 07:11:34 GMT
expires: Fri, 22 Sep 2023 07:11:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 04:01:43 GMT
content-type: text/javascript
age: 220298
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=app.ln5.quiztionnaire.com
172.64.169.3200 OK 2.6 kB URL HTTP/2 trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=app.ln5.quiztionnaire.com
IP 172.64.169.3:0
File type ASCII text, with very long lines (6943)
Hash 30c87bd448b126eb1146b6472d767c74
009dc57f804f065cbd9bdcc7f6db11a3c6870f3b
7e3b790aea9a2b1e3298a09ff612787cf2efb56a3794c82a29c5b5295fb03d6c
GET /scripts/push/script/z75dnkdk4q?url=app.ln5.quiztionnaire.com HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:12 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LGJvP1jFKTFQrgQhU1GYbe2sx1h00OOqJYFgzG3eATKdxB4QxavcFmJUaoyFf7ciSV50a3ovlKNIs5%2BseCHrb7IUyZMF%2BGPm1JDd%2FHgULYiIvJFb2KsA693zI075r41DGp8FVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c8ecd067572-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/poe7jxrye0
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/poe7jxrye0
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/poe7jxrye0 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:13 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://app.ln5.quiztionnaire.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Xrv5T8aQGylxfaLtEBsw0V%2BYTo9RI6RM1Oh4Q4EWa%2Bt2cSMudEM%2F9CUQDafsaYaHnQ0sQQZFL%2FLjGEm6H6%2Bic%2FylvTpxlgkkOSHe1jEQQ%2FriYD3sA0snzUA5k4Tfszcejy%2ByNHHONYDcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c922f6471f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
st.formulead.com/assets/js/helpers.js
13.224.132.63200 OK 15 kB URL HTTP/2 st.formulead.com/assets/js/helpers.js
IP 13.224.132.63:0
File type Java source, ASCII text, with very long lines (3113)
Hash 42cabfd5109d5ee4c28a52ef3e499e28
51f900e6492b0f5731f6028cc6b4879f08c94180
c59137a25d159d8d74f7a847e49491319173e50d8c20046098ec71036780f917
GET /assets/js/helpers.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 23 Sep 2022 21:23:04 GMT
etag: W/"6329dbed-fefc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ce730d33091c8015848f9f46f438eab2.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: 23yGEnrhTdLn0k0JlCnukfGIvKgD0_fguKy1gkhhjlq7U_0YHq-lHA==
age: 82805
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/poe7jxrye0
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/poe7jxrye0
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/poe7jxrye0 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.ln5.quiztionnaire.com/
Content-type: application/json
Origin: https://app.ln5.quiztionnaire.com
Content-Length: 141
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:13 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://app.ln5.quiztionnaire.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCNTbpakBKZuhDekqxlQ1my%2BfxFSKnx2DeZ3h10fl%2BIkvW4BXxDJyKYPQ7CbjfdUkxHknjpVJMjTm%2F2eoyOvuVIucD%2Bhmz8uCVehz5Dzgn09LTqEANatU6JG9s0iYECXNWSqReAQzAcRjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c92d87e71f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/poe7jxrye0
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/poe7jxrye0
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/poe7jxrye0 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.ln5.quiztionnaire.com/
Content-type: application/json
Origin: https://app.ln5.quiztionnaire.com
Content-Length: 180
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:13 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://app.ln5.quiztionnaire.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Rezw%2BsaVm0eKRFuABaLbJtE58vstUhVXq6x%2F%2BpDBbIEmNnCByuOAIQgU%2B7ib%2FXK%2Bd3PA5ZcCFuEqjjOn4bD5JBPxLIoiDI5JQicsWRlL8XWwhfoLb%2B7bMD9lyoDC09g3QNPAqeZzV2oCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c92f8ab71f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 12:31:58 GMT
expires: Sun, 24 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 28275
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Sep 2022 00:48:31 GMT
expires: Sat, 23 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 156882
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
secure.newyearspecials.xyz/lp/load/1b/?vsv=UTS&vl=1&vlink=app.logictree.co&country=NO&cep=EJCBauH-x-iJFomvFEm7eYJpzIATLgzJCs6H_Cp1W7-VKCFwu5J0D3pccUng-9Ag1Zi4QV6xkwqBfPteZrSv4pUWBaL_SSlGegtUzAeCoSyadt6uNGugZYMkekhfDtbX-IYcVP6KjAJWPaR3vFB8xFALOF1vavze_Jc74j3SR1kjUmjSnxcqCVd4mY-jLrALKekcfcSi1DwENVCBfWclw7fhTVygwvzoMWaRsvOw7gGq7mNGVm9WIKtOrvb1fqrnZLEaFjLhu29IoB4qTMoPXv3OoGKM16oUyC0eyZlP2VAJHICYUno6xaNaWf8X5APC1gXH7fytLUfnuL8R4EBbUcy2nPfiDGBI6Hz_kof5dcpPNwsvatEhQERKE6MRCr9OK4JkaXy-BTzCYMkXYCMLu2UiLCuPN0cZ8IjjcEeB660&lptoken=16936401059427db87f7&s6=1&s7=LG&s8=CAK&spushon=y
104.21.66.134200 OK 944 B URL HTTP/2 secure.newyearspecials.xyz/lp/load/1b/?vsv=UTS&vl=1&vlink=app.logictree.co&country=NO&cep=EJCBauH-x-iJFomvFEm7eYJpzIATLgzJCs6H_Cp1W7-VKCFwu5J0D3pccUng-9Ag1Zi4QV6xkwqBfPteZrSv4pUWBaL_SSlGegtUzAeCoSyadt6uNGugZYMkekhfDtbX-IYcVP6KjAJWPaR3vFB8xFALOF1vavze_Jc74j3SR1kjUmjSnxcqCVd4mY-jLrALKekcfcSi1DwENVCBfWclw7fhTVygwvzoMWaRsvOw7gGq7mNGVm9WIKtOrvb1fqrnZLEaFjLhu29IoB4qTMoPXv3OoGKM16oUyC0eyZlP2VAJHICYUno6xaNaWf8X5APC1gXH7fytLUfnuL8R4EBbUcy2nPfiDGBI6Hz_kof5dcpPNwsvatEhQERKE6MRCr9OK4JkaXy-BTzCYMkXYCMLu2UiLCuPN0cZ8IjjcEeB660&lptoken=16936401059427db87f7&s6=1&s7=LG&s8=CAK&spushon=y
IP 104.21.66.134:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 47f45dcd27cde97960fd498be4bc8dc9
133715665550f6db5db6f5f85e002629ec256157
6bce6de142b0ce1af8e832ef530e3d78f04e63e7ea167c136114c17915830bc8
GET /lp/load/1b/?vsv=UTS&vl=1&vlink=app.logictree.co&country=NO&cep=EJCBauH-x-iJFomvFEm7eYJpzIATLgzJCs6H_Cp1W7-VKCFwu5J0D3pccUng-9Ag1Zi4QV6xkwqBfPteZrSv4pUWBaL_SSlGegtUzAeCoSyadt6uNGugZYMkekhfDtbX-IYcVP6KjAJWPaR3vFB8xFALOF1vavze_Jc74j3SR1kjUmjSnxcqCVd4mY-jLrALKekcfcSi1DwENVCBfWclw7fhTVygwvzoMWaRsvOw7gGq7mNGVm9WIKtOrvb1fqrnZLEaFjLhu29IoB4qTMoPXv3OoGKM16oUyC0eyZlP2VAJHICYUno6xaNaWf8X5APC1gXH7fytLUfnuL8R4EBbUcy2nPfiDGBI6Hz_kof5dcpPNwsvatEhQERKE6MRCr9OK4JkaXy-BTzCYMkXYCMLu2UiLCuPN0cZ8IjjcEeB660&lptoken=16936401059427db87f7&s6=1&s7=LG&s8=CAK&spushon=y HTTP/1.1
Host: secure.newyearspecials.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gr01.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:07 GMT
content-type: text/html
last-modified: Fri, 23 Sep 2022 13:26:58 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lAHkBRYfMECHBHaPJwp2c%2FQ3vqZV6DWpMGLXJUZB1o8d8WnXEsnJ5nKhNXbiibM6zPNAlRM91to9t3cBQPfntqobeqT1yYTKj7MgTmVUOMdomPJgkfbIQdnBVLuTzZ%2B8ktlQ6dPZdJJKF8d66g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c6f39b6b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/top_no.png
143.204.191.96200 OK 8.6 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/top_no.png
IP 143.204.191.96:0
File type PNG image data, 588 x 189, 8-bit colormap, non-interlaced\012- data
Hash e914b7075a417b2a3816509739c46d4d
72e78715f90b69365c932efedc0dbcf9ea1d61c5
034b7b205673b04f6ab641cf8a5ea0b29372f7e18b2076c2ba53e6f1649750a3
GET /n/09/11/assets/images/iphonexr/top_no.png HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 8641
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:13 GMT
last-modified: Fri, 23 Sep 2022 05:41:33 GMT
etag: "632d470d-21c1"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: so9__dqvCp6Uws3vpbeEwqwij5DpST6ZHbqtWpc3i6J8a8TQ_mNrTg==
X-Firefox-Spdy: h2
cdn.formulead.com/t/page
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 24 Sep 2022 20:23:13 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
gr01.net/t/?s6=1&s7=LG&s8=CAK
172.67.128.117200 OK 0 B URL HTTP/2 gr01.net/t/?s6=1&s7=LG&s8=CAK
IP 172.67.128.117:0
GET /t/?s6=1&s7=LG&s8=CAK HTTP/1.1
Host: gr01.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://beiabii.onlinecshallenge.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:06 GMT
content-type: text/html
last-modified: Fri, 23 Sep 2022 13:39:40 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zl9gFb8YMCWQsC69YligvN7PV9ov6XVc9nyP1VjXQ2Fac3TDkb6NjDuE5jXBRTepgFQ7vp7rQa7nsN8f9moPTOXfXXsY76PSWw0j%2FeJ3u6TRnAFRlsT4A5uD9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fe3c6b2b01b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/silver.png
143.204.191.96200 OK 0 B URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/silver.png
IP 143.204.191.96:0
GET /n/09/11/assets/images/iphonexr/silver.png HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:07159d973bc34270c91ea37db53faaf6;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=dcoubb2lvl32kc9j22molkec&aff_sub=a7f48a40-0785-47a8-b3da-aafca3c6d191_&aff_sub2=dcoubb2lvl32kc9j22molkec&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=07159d973bc34270c91ea37db53faaf6&aff_id=1516
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf8
server: nginx/1.19.0
date: Sat, 24 Sep 2022 20:23:13 GMT
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 cd57ff71ec7390ccb771325e89352660.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C1
x-amz-cf-id: jhAAuUeEpuNlo39D3uoVzjt6m4Koo9DdYFYzOa0fxF6Ym1l7CIBjFA==
X-Firefox-Spdy: h2