lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
18.165.201.17200 OK 24 kB URL HTTP/1.1 lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
IP 18.165.201.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (857)
Hash 911c1c4b429352b70b9a9ee68b2b3c9c
e7a422a5b6e39c5d500e59e9e03ac4627b11b120
cb5dd5e21862be1e0f60d0e96f7fdfe9da2039d55c0fd1242a5c532018fe9ba4
GET /n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339 HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:15 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 25bae94046433e736c44a6c37f27c7c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: XDM5pNjWbjkh_uFj_g3nTJVI-32MlMNv-VC5iV7xEVDhxsjNAcuyHQ==
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6397
Expires: Fri, 04 Nov 2022 08:11:52 GMT
Date: Fri, 04 Nov 2022 06:25:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2842f538168981f07b56e2c69379841a
0cc4ad0a78c1407bc9b7850eb0fb1a02130e3b22
3f9e8fb02409a19ceb54fee3f0f7f73eeed9e0ad63fa778eac7b3e4633d7d682
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2700
Cache-Control: max-age=100253
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 06:25:15 GMT
Etag: "63638a5c-1d7"
Expires: Sat, 05 Nov 2022 10:16:08 GMT
Last-Modified: Thu, 03 Nov 2022 09:31:08 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2842f538168981f07b56e2c69379841a
0cc4ad0a78c1407bc9b7850eb0fb1a02130e3b22
3f9e8fb02409a19ceb54fee3f0f7f73eeed9e0ad63fa778eac7b3e4633d7d682
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2700
Cache-Control: max-age=100253
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 06:25:15 GMT
Etag: "63638a5c-1d7"
Expires: Sat, 05 Nov 2022 10:16:08 GMT
Last-Modified: Thu, 03 Nov 2022 09:31:08 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5855
Expires: Fri, 04 Nov 2022 08:02:50 GMT
Date: Fri, 04 Nov 2022 06:25:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: h3FrJoUi0F6zhb3XxEfvKxdjV9FP0+RK/hyLWteJhYKgzrMwpBc4JmhACQlh3pao8bGpDNL0V6o=
x-amz-request-id: SNRMYCKBKA57A0GD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 05:46:40 GMT
age: 2315
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 06:25:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
lp.clientoffer.site/n/27/4/tktk/au/css/main.css
18.165.201.17200 OK 6.1 kB URL HTTP/1.1 lp.clientoffer.site/n/27/4/tktk/au/css/main.css
IP 18.165.201.17:0
Hash c71575f9e436a32dfac89256b2a304e9
8e7804dfb0028ce93ddab298536b265d634aab81
1b00cb6cef484dc995cfc5192da670cd93b8e21c65cf4e2b4e181e73d8927e57
GET /n/27/4/tktk/au/css/main.css HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:15 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:38 GMT
ETag: W/"6363fcda-867c"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 25bae94046433e736c44a6c37f27c7c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: bqi3DNALaxGNN71NWAzCBGrOHlVHp2GokVE4eLEX-ZbAtsnDzjQnqQ==
lp.clientoffer.site/n/27/assets/css/fonts.css
18.165.201.17200 OK 315 B URL HTTP/1.1 lp.clientoffer.site/n/27/assets/css/fonts.css
IP 18.165.201.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bf204738cc45ba40ddbc1833f7e3fd08
c1cd4d940ed2679bf940e09e5048c914d224cf52
f5e322bbdb5b74a13a08dbe967d05a3554e3547d48aa1789663d677056921ad8
GET /n/27/assets/css/fonts.css HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:15 GMT
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 936c7ee6d0620cb8a766a50c04b3fa30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ekQ3ZbJie7SexQTCvHD9t1iZpnxP4pANk4uP8MsOLlWO5iIZCslNqg==
lp.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
18.165.201.17200 OK 828 B URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
IP 18.165.201.17:0
Hash ee995f01cddcc3b3c717067caec705c3
088cec3db9935a70070a50b5db5e41eccff6520c
e75f19dace54b1fd8e08a5743d9ee3413be9aadc8b9df423e6db0875075487b1
GET /ssi/elements/base/comments/fbcoms.min.css HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 828
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:15 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-33c"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: qqL35o_pfEaLDpdmmxqrElYjW2DtfdZwGkz04B8cCFyYkJ_veXyjmg==
lp.clientoffer.site/n/27/4/tktk/au/css/style.min.css
18.165.201.17200 OK 2.8 kB URL HTTP/1.1 lp.clientoffer.site/n/27/4/tktk/au/css/style.min.css
IP 18.165.201.17:0
Hash be7d7615c0a15f19e33322c386e3aa78
2b296b2841320bcfb7ef295464a2c3fe4dfc4bfa
d5c3026f2dd1ffae439832d043bd9f9661a96abc776c9e1a88d13c3d5f05f5ea
GET /n/27/4/tktk/au/css/style.min.css HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:15 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:38 GMT
ETag: W/"6363fcda-3330"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 1a6cd18714da9809fa8cb07ad66fd4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: tCTxFMyiSUgz9xgF86dOqO_0Y17_Pw-ouIQavV3dpTCp8kUrTtzqFg==
lp.clientoffer.site/n/27/assets/css/animate.css
18.165.201.17200 OK 713 B URL HTTP/1.1 lp.clientoffer.site/n/27/assets/css/animate.css
IP 18.165.201.17:0
Hash 3f0e9a3ba22aab79dc39633012731da4
10348a8f8574d4363b6a27c1c80a3e7b7155c592
08a2c832afbf78e1f4ea55db23b8aad97aa506486e356a7c44724da0d5226497
GET /n/27/assets/css/animate.css HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:15 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: W/"6363fcdb-1578"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 65cbd6c4094454b31bc32d6426b92cf2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: Uyd0UoW38kgNARk85ygFASw7huec84AxJO6xx0IY60ICdATm5lag_Q==
lp.clientoffer.site/n/27/assets/js/script_nojquery.js
18.165.201.17200 OK 674 B URL HTTP/1.1 lp.clientoffer.site/n/27/assets/js/script_nojquery.js
IP 18.165.201.17:0
File type ASCII text, with very long lines (674), with no line terminators
Hash 72c950f44a922395aa1a719c75885db3
8f7e2da3a0d67d332563959763221f1c9cdd3300
47380c1b38187099528acecbd0b8d70589af99c03f8fddf7bfdb5c4cde353377
Analyzer Verdict Alert fortinet Phishing
GET /n/27/assets/js/script_nojquery.js HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Content-Length: 674
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:15 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: "6363fcdb-2a2"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 8XnwiCqt-NULpkt8G2Zq4kSA3x0jFYc4nOcMwOw9RBBU348ECoRRnw==
lp.clientoffer.site/ssi/elements/base/comments/fbcom.js
18.165.201.17200 OK 362 B URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/fbcom.js
IP 18.165.201.17:0
Hash d91c65ab07c7b659532f735bc3266d35
e04379a0f107ef0639cfb9bb85448e091d4242b4
36bec173b109104f5817846a3d09bcdb07bf1c0c85c8ad6be8577861258a0b90
Analyzer Verdict Alert fortinet Phishing
GET /ssi/elements/base/comments/fbcom.js HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: W/"6363fce2-4de"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 25bae94046433e736c44a6c37f27c7c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 7vVegenYJBO_B3wwvNRZMQSM01HZ8BznrftOc0I8w4vwcTlVgsc6gw==
lp.clientoffer.site/ssi/elements/base/comments/style.css
18.165.201.17200 OK 1.7 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/style.css
IP 18.165.201.17:0
Hash 0b47857fc0393ac1d7658317c7aedeaf
7c8a9bc67c9c908f56696dd814ec492153bafa02
c91e25ec9e83a6d9fb4e12ea55a487e932cf814af38db29c618a8fb2da8bbdc6
GET /ssi/elements/base/comments/style.css HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: W/"6363fce2-14cc"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 936c7ee6d0620cb8a766a50c04b3fa30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 3jrjdVxFxEwm6VDyfa4iP_ziDumYJAIaZgrCx4qBMBcfg5Q8JGdVXA==
lp.clientoffer.site/n/27/assets/js/stepsCounter_nojquery.js
18.165.201.17200 OK 485 B URL HTTP/1.1 lp.clientoffer.site/n/27/assets/js/stepsCounter_nojquery.js
IP 18.165.201.17:0
Hash f90bbcb6886b6e69c678d778267a565c
3d76b63193c5ed4d1b4c0f76f927d244850b37c6
d9dca77d126bc779712c2337d89883d2c7bc2397aa0ee38af2ae9cbd570b6dd1
Analyzer Verdict Alert fortinet Phishing
GET /n/27/assets/js/stepsCounter_nojquery.js HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf8
Content-Length: 485
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:39 GMT
ETag: "6363fcdb-1e5"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: SWZ8NB_6lH8Lr7Izz8d2SXzgouGV_DSrHiIC0--obU9t1KkAItzRhg==
lp.clientoffer.site/n/27/4/tktk/au/css/normalize.css
18.165.201.17200 OK 897 B URL HTTP/1.1 lp.clientoffer.site/n/27/4/tktk/au/css/normalize.css
IP 18.165.201.17:0
File type ASCII text, with very long lines (1880)
Hash 8ca792972dc5202bd0a1ffd73769645f
d24a12992541a21bd6552ef17184ff6951c6e9cf
e7507a2706c28513cc4fc8a05c85ae7eea9e2a5937c2fcfd7a2e75b59390d605
GET /n/27/4/tktk/au/css/normalize.css HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/css/style.min.css
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:38 GMT
ETag: W/"6363fcda-75b"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 1a6cd18714da9809fa8cb07ad66fd4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 0J4cn0TZpJd5bVTCWzet1cCWKlGMEdg8mUUIs9YK5WqGHNCy44vygg==
lp.clientoffer.site/ssi/elements/base/comments/comment10.jpg
18.165.201.17200 OK 1.4 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/comment10.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 733b1af1054c6b374e7a2e283c0488c3
1f98a33203a064b43b101966e5b5c439d65b1d18
48771158b0cefed12d509da968dc6ad98fed75d6317982854f012d68bb6b7755
GET /ssi/elements/base/comments/comment10.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1383
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-567"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 1a6cd18714da9809fa8cb07ad66fd4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: W4h-1pkA5PukV7hDX8aW3YsES5VKwIAe8fHSPEmm-CJFba9xWXUpWA==
lp.clientoffer.site/ssi/elements/base/comments/girl5.jpg
18.165.201.17200 OK 1.4 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/girl5.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b3aba087230e9009ab500a2c3cd32f67
180ba2ba0f3a41dc96c3d4266db37d96adc0b248
e9e064bbaab7738127c4966595fb2dadfe872941f64e0c04e60914c074e66f82
GET /ssi/elements/base/comments/girl5.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1412
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-584"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: dphdPhEZFLYMHEmWw_4rjLlv2ppTXdjXSpwdi9CrZ1-8pywBm0A71w==
lp.clientoffer.site/ssi/elements/base/comments/rev1-a.jpg
18.165.201.17200 OK 1.7 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/rev1-a.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash db2bd208a83dd1e61d8c5eb29d17fc5e
e0bd1558f696d871213fb6e7366bb737c9a7dfdf
247aa5d457438d0701a6985631b571826d33a719e0c1b38535ea1e9c023f91e9
GET /ssi/elements/base/comments/rev1-a.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1683
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-693"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 936c7ee6d0620cb8a766a50c04b3fa30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: yzvQqYTiEArPUE_RfUQ14rUoLeTGHO3Xg4jB2cE3G0mIYxnOJoViJw==
lp.clientoffer.site/ssi/elements/base/comments/comment1.jpg
18.165.201.17200 OK 1.4 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/comment1.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 8a7c43a73eddd2e9ece5f84986c8d38a
4ee82a68568735d8d55cd23573a02a27e250766a
701f4a6b59464cd1c4d3d5a4a3a03b7b325e9e05e5c40b895857e9a53b24172f
GET /ssi/elements/base/comments/comment1.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1405
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-57d"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 65cbd6c4094454b31bc32d6426b92cf2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: L_7OzEFzmKQNZelEkcaQeMj60SQC1tIa273y1MTfHNOTbHl6hRaPSw==
lp.clientoffer.site/ssi/elements/base/comments/comment5.jpg
18.165.201.17200 OK 1.6 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/comment5.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash e1e1c4d1673d0daca69e4d04bcffe826
22a7bafb65fc73960b19cbaa172d76a2c72892cf
de8bfe8399e33d61c93d69aa93632a5bbfc49600d8b9a9a970278141bcaf11b2
GET /ssi/elements/base/comments/comment5.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1589
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-635"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: T9hP7QqUevFspuqR1qUZYQc_h0Zh32HENaifs7ulrACo0jChwEzmtg==
lp.clientoffer.site/ssi/elements/base/comments/guy4.jpg
18.165.201.17200 OK 1.7 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/guy4.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b5170ef71e82c3b9dd3cb0de6b06d36d
c36c6365a983ce3e211817f3edb0260e500b87af
207761ada2128a5b781713077cf76116149b47ba3222c3b6cf88e99dd58857ec
GET /ssi/elements/base/comments/guy4.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1728
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-6c0"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 25bae94046433e736c44a6c37f27c7c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: kna2fb_2UEF2J7RqMMajNJbMBQx3D2TVKDvXzKWgSZOAPloFtQM-GQ==
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18ac6b4bfcfd39ead329117a6263d37e
84128e4292502138c73dd54389a5dc9a2f80d614
bc86a59c6ba4b4dc78efb83d48cfab8dc3a10bcf67229a96e1bb9b3384f6c682
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC86A59C6BA4B4DC78EFB83D48CFAB8DC3A10BCF67229A96E1BB9B3384F6C682"
Last-Modified: Wed, 02 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14938
Expires: Fri, 04 Nov 2022 10:34:14 GMT
Date: Fri, 04 Nov 2022 06:25:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18ac6b4bfcfd39ead329117a6263d37e
84128e4292502138c73dd54389a5dc9a2f80d614
bc86a59c6ba4b4dc78efb83d48cfab8dc3a10bcf67229a96e1bb9b3384f6c682
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC86A59C6BA4B4DC78EFB83D48CFAB8DC3A10BCF67229A96E1BB9B3384F6C682"
Last-Modified: Wed, 02 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5883
Expires: Fri, 04 Nov 2022 08:03:19 GMT
Date: Fri, 04 Nov 2022 06:25:16 GMT
Connection: keep-alive
cdn.formulead.com/v/country
34.78.252.25200 OK 51 B URL HTTP/1.1 cdn.formulead.com/v/country
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 91440c116c92d75cfc02cd72bd060a82
591d3adc1d1d80e012b0dd0214df1f0438ae37f5
1b35c679adcfb2f8fbf92afcaf9f7a741f3c6273503a54b6c55448e1b2807c80
GET /v/country HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 51
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"33-WR063B0dgOASsN0CFN8fBDiuN/U"
set-cookie: qst.sid=s%3A32tR8uTRbAoqjp68tc4Fu-_DfbDQxWvz.7FzaQfKq01eJE1v8cn1Ru7CKOHhvvGRU3yb%2BZ3C9R1s; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/css/main.min.css
34.78.252.25200 OK 94 kB URL HTTP/1.1 cdn.formulead.com/css/main.min.css
IP 34.78.252.25:0
File type ASCII text, with very long lines (65518)
Hash 5ae2d40550531f853c155a93f5d7d0e0
43b97546ec76da1e9a6ead8c75c8028612aed54d
b753dfbd6eb7e304765465c553e697f1ab438b7a5a4e28c5ba0d432957611e56
GET /css/main.min.css HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Thu, 03 Nov 2022 13:18:05 GMT
ETag: W/"b20df-1843da43ec8"
Vary: Accept-Encoding
Content-Encoding: gzip
lp.clientoffer.site/assets/img/logo/qzt_white.png
18.165.201.17200 OK 5.2 kB URL HTTP/1.1 lp.clientoffer.site/assets/img/logo/qzt_white.png
IP 18.165.201.17:0
File type PNG image data, 132 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash bb16bbfca8cdaa042353a79845eeba47
d9bd97b057f4434ecf041129ab978ecf2bec51ce
1639d12a6a23397077fe402a82cad1f71e15e811d621bc235f60a65960d38869
GET /assets/img/logo/qzt_white.png HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5187
Connection: keep-alive
Server: nginx/1.19.0
Date: Thu, 03 Nov 2022 07:16:27 GMT
Last-Modified: Tue, 01 Nov 2022 13:04:28 GMT
ETag: "6361195c-1443"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: FyB_pwdNE_mlhoObB1lcjQg-wym9MLFZdnIVWZuSEzbbGE_lX_zz3A==
Age: 83329
lp.clientoffer.site/ssi/elements/base/comments/like.png
18.165.201.17200 OK 532 B URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/like.png
IP 18.165.201.17:0
File type PNG image data, 15 x 14, 8-bit colormap, non-interlaced\012- data
Hash ff41d4d4197e3de85a1e23a8e0052229
ae524f976c87dff8e73869f1b41cbf49836f56ef
8759cc524e5fc84eed43ac2b300f9c9af83629f464a6eac33805e1bf1866cd6d
GET /ssi/elements/base/comments/like.png HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/ssi/elements/base/comments/fbcoms.min.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 532
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-214"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 1a6cd18714da9809fa8cb07ad66fd4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: q_MlXBr9tstbVasxG-t9oVyrqElRK9uckl_sdF0p0WP1MO9NouDilA==
lp.clientoffer.site/n/27/4/tktk/au/images/header.png
18.165.201.17200 OK 12 kB URL HTTP/1.1 lp.clientoffer.site/n/27/4/tktk/au/images/header.png
IP 18.165.201.17:0
File type PNG image data, 1068 x 255, 8-bit colormap, non-interlaced\012- data
Hash 5beffa2881dab958dffdbd2aceaf2406
8c2fc8dc17cfa744a61cd56d9e5d6aaebcb95f9d
5a57906fa9dae8ba69268252a71ff309042fc1a770b1a4b999439ba915962460
GET /n/27/4/tktk/au/images/header.png HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11725
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:38 GMT
ETag: "6363fcda-2dcd"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 65cbd6c4094454b31bc32d6426b92cf2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: tscBv5QY1kRX9anlLGr9wR8GjFkxmG-YxM1fOJbeeBcgXbQjp5yI7A==
cdn.formulead.com/p/574ff3a738b1020100a8dbe1/p.js
34.78.252.25200 OK 427 kB URL HTTP/1.1 cdn.formulead.com/p/574ff3a738b1020100a8dbe1/p.js
IP 34.78.252.25:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 427 kB (426886 bytes)
Hash 2d07c9b6cf995adb1c60e55a237f664b
0ea2ca9340fccb8d8398cc693581984fcba340ab
c1b6750b897f8227f55ff363fb0fb8b4b9277b4ea13987ff221e240f6c98ac6b
GET /p/574ff3a738b1020100a8dbe1/p.js HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
set-cookie: lid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
plc=574ff3a738b1020100a8dbe1; Path=/; Expires=Sun, 03 Nov 2024 06:25:16 GMT; Secure; SameSite=None
qst.sid=s%3ATUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk.WbO1K%2FuyscLsPXK1S6FvveFcFk%2BM%2F%2BtXlUuYcUXtlzA; Path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
lp.clientoffer.site/assets/img/spinner/puff.svg
18.165.201.17200 OK 405 B URL HTTP/1.1 lp.clientoffer.site/assets/img/spinner/puff.svg
IP 18.165.201.17:0
File type exported SGML document, ASCII text
Hash c4ec734440f7a070300d7abdf0c4c7f1
2365e00004d700d404c75e26eadd2546fe2ce34b
152e553506e5c65f330b3416f70a72863fccd6f243a712e9e89d4eb9b2cc7756
Analyzer Verdict Alert fortinet Phishing
GET /assets/img/spinner/puff.svg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:38:25 GMT
ETag: W/"6363fc91-5b4"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 936c7ee6d0620cb8a766a50c04b3fa30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: -hU93oNkPHKxio8eEvilkTtbpPacjAExMffa4NxMT7qeEuAfftSCKw==
lp.clientoffer.site/n/27/4/tktk/au/images/background.jpg
18.165.201.17200 OK 67 kB URL HTTP/1.1 lp.clientoffer.site/n/27/4/tktk/au/images/background.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x1067, components 3\012- data
Hash 8a2cf99b78bbde85a801d79a25e8409a
fded5710e72f3a72fa22bfb5faad80b3461898d6
4b750c7c2c42cc050221db8d6cc0ff530ab22a4c2fc88af491c399e5aa743735
GET /n/27/4/tktk/au/images/background.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/css/style.min.css
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 66725
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:38 GMT
ETag: "6363fcda-104a5"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 22agznMiceWcZhQ2n0p4kbPk2SVK3zxLVLN0QBFjvxExdmsbcUxicA==
lp.clientoffer.site/n/27/4/tktk/au/images/prize.png
18.165.201.17200 OK 45 kB URL HTTP/1.1 lp.clientoffer.site/n/27/4/tktk/au/images/prize.png
IP 18.165.201.17:0
File type PNG image data, 580 x 494, 8-bit colormap, non-interlaced\012- data
Hash caf346e957a1ad3d54848eb70fb85efd
a0d1a9206649c39f2c77cc3beda557ae73222b8b
b0fb79acb1ddec559ceaf762d863943484bf8293ba765cafbe3fdff1fa0f65f6
GET /n/27/4/tktk/au/images/prize.png HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 45325
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:38 GMT
ETag: "6363fcda-b10d"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: WfjZZYpvzRiZYglKbhEe4xXxpyMCqVptxh_WMTKWMN99NdHmmX5d5g==
lp.clientoffer.site/ssi/elements/base/comments/guyiphone.jpg
18.165.201.17200 OK 137 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/guyiphone.jpg
IP 18.165.201.17:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=720, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], progressive, precision 8, 960x720, components 3\012- data
Size 137 kB (136915 bytes)
Hash dd8774375e394460704d201cc9183468
9b17b330fae8a45162e594f1e6e20668079f75f6
7537819dfcae5087f73030b210f9ecb6e9561593e656162973c214af01bbf492
GET /ssi/elements/base/comments/guyiphone.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 136915
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-216d3"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 25bae94046433e736c44a6c37f27c7c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: qTHdHLewigPKMgVyyrVeXodYY0R-VObk6huMJsZdazzzlE1PfM_mwA==
lp.clientoffer.site/ssi/elements/base/comments/comment7.jpg
18.165.201.17200 OK 1.5 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/comment7.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 13e3863ddf9ec66e74794a43955a82aa
176abd806ea55961d5f035d0589861864752eaa5
a98374e6ddf8e424cf2e60899912358531a04e42f74943f717730dc8349fe096
GET /ssi/elements/base/comments/comment7.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1461
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-5b5"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 65cbd6c4094454b31bc32d6426b92cf2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: HJ6pExV9bdT7RX9CYwVOm2E2Fd-ccZEXYFiuo6Ji0St3dEYDAktIYg==
lp.clientoffer.site/ssi/elements/base/comments/comment6.jpg
18.165.201.17200 OK 1.6 kB URL HTTP/1.1 lp.clientoffer.site/ssi/elements/base/comments/comment6.jpg
IP 18.165.201.17:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 1547bb14a090e26493220e1ac226c956
1f6a7c79b3b167810acf4cf0ee291b08ec9f019b
3f39d61ca486889335b7d2327da4d0c5fa5f5631899a7f020ff7992b40eed55f
GET /ssi/elements/base/comments/comment6.jpg HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1631
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:46 GMT
ETag: "6363fce2-65f"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 1a6cd18714da9809fa8cb07ad66fd4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: QGA45YWacU7Q7uqC2dV8Cs8Nu5meY6ctkLCLCf7WDNPzlWa6zUzqjQ==
cdn.formulead.com/fonts/Roboto-Regular.ttf
34.78.252.25200 OK 171 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Regular.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Size 171 kB (171272 bytes)
Hash 11eabca2251325cfc5589c9c6fb57b46
096c9245b6a192d1403a82848e104a65f578a8ec
017c0be9aaa6d0359737e1fa762ad304c0e0107927faff5a6c1f415c7f5244ed
GET /fonts/Roboto-Regular.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Content-Type: font/ttf
Content-Length: 171272
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Thu, 03 Nov 2022 13:18:05 GMT
ETag: W/"29d08-1843da43ec8"
lp.clientoffer.site/n/27/4/tktk/au/images/header-wap.png
18.165.201.17200 OK 7.9 kB URL HTTP/1.1 lp.clientoffer.site/n/27/4/tktk/au/images/header-wap.png
IP 18.165.201.17:0
File type PNG image data, 760 x 277, 8-bit colormap, non-interlaced\012- data
Hash 7875d36ff1bb3b722c6f54f05f458824
ad61aa90274a1160539a2b3c3a50795599da501e
94c7b0ec73540a999c923a403e301329e9bcd7090a438dc1f1c2063037018b3e
GET /n/27/4/tktk/au/images/header-wap.png HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 7875
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:38 GMT
ETag: "6363fcda-1ec3"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 936c7ee6d0620cb8a766a50c04b3fa30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: xP4LayhVzOySOegy_cZbO_9evJuMghR7syb_FOdc4aU4vc561JC-jg==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 670d0b2f341e8ff1e4ee9fe4fe21e210
dcd277daebf63623b985a81a96bcdc6a6f67c518
75029ab8db44811ac539aa3e2f1f8e015a45b80cb5a1099cec7d64e55e2a72a6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1371
Cache-Control: max-age=93863
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 06:25:16 GMT
Etag: "63637698-1d7"
Expires: Sat, 05 Nov 2022 08:29:39 GMT
Last-Modified: Thu, 03 Nov 2022 08:06:48 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
cdn.formulead.com/fonts/Roboto-Bold.ttf
34.78.252.25200 OK 170 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Bold.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size 170 kB (170348 bytes)
Hash e07df86cef2e721115583d61d1fb68a6
3dd713113ff2d79b94d2df343e2e28fa8e7279cf
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a
GET /fonts/Roboto-Bold.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Content-Type: font/ttf
Content-Length: 170348
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Thu, 03 Nov 2022 13:18:05 GMT
ETag: W/"2996c-1843da43ec8"
lp.clientoffer.site/favicon.ico
18.165.201.17200 OK 1.2 kB URL HTTP/1.1 lp.clientoffer.site/favicon.ico
IP 18.165.201.17:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 2b41416e68dcc31606e749cc9da0e7e4
7801b077f31134407e429aa5d3cfd65ed2197e59
934e627d59f1a7b1d98df885aa0d09603b4027b25d29e5ddeaadd15fdd318c6b
GET /favicon.ico HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/no_teaser.html?p_id=574ff3a738b1020100a8dbe1&_c_id=aff_code:LDA;request_id:70195ce9d1dee724880981dbe0075324;aff_tid:;aff_goal_id:9216;aff_goal_id2:9217;aff_id:1339;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:1890;aff_inc:tiktok&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=70195ce9d1dee724880981dbe0075324&aff_id=1339
HTTP/1.1 200 OK
Content-Type: image/x-icon
Content-Length: 1150
Connection: keep-alive
Server: nginx/1.19.0
Last-Modified: Tue, 01 Nov 2022 13:04:57 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Date: Thu, 03 Nov 2022 18:09:11 GMT
ETag: "63611979-47e"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 0bX3uKumpQxsIJHqYZdtup9G2VhtMcrCIbH0rW0USh1268YdUW9O1Q==
Age: 44165
cdn.formulead.com/p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=initial
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://lp.clientoffer.site/
Origin: http://lp.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4e07861c1447376729f17ea09b72ca90
dd3f1d68fd87b4ba20c03e2f31ddc6a294b38cd3
d8953ad7676624da5b08bc21e4e68a647a636709f5fc9c4b0a4e8914f37adfc0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 06:25:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=initial
34.78.252.25200 OK 4.8 kB URL HTTP/1.1 cdn.formulead.com/p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (20641), with no line terminators
Hash c5fe45d446ab6a17d24ba18e85741fd2
3b364eef7a62da1639eeaae1991f297645136e9d
7249e1ed9903d778ad222eb3bec72a50b409829562f6ece46eed9adc43925866
GET /p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk.WbO1K/uyscLsPXK1S6FvveFcFk+M/+tXlUuYcUXtlzA
X-Request-Id: 02fd27256c0f8bec6ede135a
X-iivmxswc: a893493f227e038c0b63b9990707da2e5c3f4fa7829043cde9fff080589f4644
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Cookie: plc=574ff3a738b1020100a8dbe1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:16 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: stp=1; Path=/; Expires=Sun, 03 Nov 2024 06:25:16 GMT; Secure; SameSite=None
ck_tsp=2022-11-04T06%3A25%3A16.931Z; Path=/; Expires=Sun, 03 Nov 2024 06:25:16 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Sun, 03 Nov 2024 06:25:16 GMT; Secure; SameSite=None
ETag: W/"517c-Y1QgJ7j5TfcIIbSoTGHQqM3QDjM"
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
35.162.125.72101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.125.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ++eGwSh9UDzCM8Ug32m4dg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +rjSBeza2iCx5Nw9GR4+rITTxTg=
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://lp.clientoffer.site/
Origin: http://lp.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:17 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
lp.clientoffer.site/n/assets/fonts/myriad-pro/MyriadPro-Regular.woff
18.165.201.17200 OK 52 kB URL HTTP/1.1 lp.clientoffer.site/n/assets/fonts/myriad-pro/MyriadPro-Regular.woff
IP 18.165.201.17:0
File type Web Open Font Format, CFF, length 51572, version 0.0\012- data
Hash 6a324f29ef3efabd2176f8b697ad71ed
dd696f0c713eb491c6e16bec9fda63f3f23999ba
6d64c461708b8f11e06451c96779d22fc2b8de582214c77493ecc57c32ede06e
Analyzer Verdict Alert fortinet Phishing
GET /n/assets/fonts/myriad-pro/MyriadPro-Regular.woff HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/css/style.min.css
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 51572
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 04:31:48 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:40 GMT
ETag: "6363fcdc-c974"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: tz2gDp7u0LNe5bb3dp32rsg0CAI_hR0vyRppuYe_Arq9wXU4K3yvlw==
Age: 6809
cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-lead-id
Referer: http://lp.clientoffer.site/
Origin: http://lp.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:17 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: 02fd27256c0f8bec6ede135a
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Cookie: plc=574ff3a738b1020100a8dbe1; stp=1; ck_tsp=2022-11-04T06%3A25%3A16.931Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
set-cookie: qst.sid=s%3AxLdWJgpo32IE36whMtnRyhiRWrui9OA1.DLpCX3Tfuk5GYADuhhOVp36ApV5ilbpjwOJ1TbLEOk4; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /v/fingerprint-cache?vl_fp=9233aa210fa7da7061a624224377a2bb&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Lead-Id: 02fd27256c0f8bec6ede135a
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Cookie: plc=574ff3a738b1020100a8dbe1; stp=1; ck_tsp=2022-11-04T06%3A25%3A16.931Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
set-cookie: qst.sid=s%3A8f43qyHrXeS1DtR7qdDKbOAjFDXuRsIU.m6JSj6HBwgPGl855l3yRHcSroair6bRCaZXVUrczzFk; Path=/; HttpOnly
Vary: Accept-Encoding
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18246
Expires: Fri, 04 Nov 2022 11:29:23 GMT
Date: Fri, 04 Nov 2022 06:25:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18246
Expires: Fri, 04 Nov 2022 11:29:23 GMT
Date: Fri, 04 Nov 2022 06:25:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18246
Expires: Fri, 04 Nov 2022 11:29:23 GMT
Date: Fri, 04 Nov 2022 06:25:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18246
Expires: Fri, 04 Nov 2022 11:29:23 GMT
Date: Fri, 04 Nov 2022 06:25:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
age: 30737
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: w5Nv6yf06dCHv6q9wt8-guOfQSMywfZFoXxwWvcLc9FtdwgRIqPcUQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 18:32:15 GMT
age: 42782
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c45c5ed-4fd2-4e66-a47f-772395ce0860.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c45c5ed-4fd2-4e66-a47f-772395ce0860.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2de2d97028ee074a101930b1eb702cdd
8755ead9d94462f54cda2899213091587536e5c5
41de8ff5d34fabc0860286540f5c2c8e9b1aa80c1b62ed5de9ea64d99822e28f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c45c5ed-4fd2-4e66-a47f-772395ce0860.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9866
x-amzn-requestid: a0aa9bd7-1d42-409c-b474-92be9fca9957
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0RrFzIoAMFTCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364340a-592d43a27b2ee494424770a4;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qNdNbORoi1KNd4r11LTrjUG6cRkz0T7mwTE24VVLQqPpGc9w_fRFUw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:08 GMT
age: 30729
etag: "8755ead9d94462f54cda2899213091587536e5c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a631333-54a4-458c-b54b-2dd96d4ede5a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a631333-54a4-458c-b54b-2dd96d4ede5a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5aedde5b1d003651d773c89833460868
29ca25963b777fd7463c65d8cde6d65172c996e1
04b95b954d7d992e6547d05d052c6f3f8a4cfb4a5988f9e6c6629969053bf7b3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a631333-54a4-458c-b54b-2dd96d4ede5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11188
x-amzn-requestid: 72e0a128-e0c4-4a93-8e29-01a574b2d1c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0XNHPcoAMFkNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364342d-341a40d37b7bcc9153749d67;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eo3FBGjoivBN1-4xP1UiTocKbLd87acRtOX2AQrPr1a4yDboDrXYRA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:19 GMT
age: 30718
etag: "29ca25963b777fd7463c65d8cde6d65172c996e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02641b8c-1dd8-435a-974c-742ebe42dc8e.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02641b8c-1dd8-435a-974c-742ebe42dc8e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6eeadc4cf94026430250d497b18c2106
65d7de9f2853ba1d8241cebe1ebbff20a5bef0ba
437ec5e94b9cefc7ca77c9644e25ce9ead169811d1ca283bbf83bd5231c02366
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02641b8c-1dd8-435a-974c-742ebe42dc8e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9914
x-amzn-requestid: e2f28365-7a43-4007-8d3c-4180a1dae3cb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0RpErIIAMFxcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364340a-5fd7e5cc6adf0bcb3c0a46cb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QFxp29djOiEPeU2dejoc0qpDWhNz-CTAPTpgFcy55yyZ-tAvcUz9QQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
etag: "65d7de9f2853ba1d8241cebe1ebbff20a5bef0ba"
content-type: image/jpeg
age: 30737
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48ed2916-30a1-46c8-8937-a8213ca50702.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48ed2916-30a1-46c8-8937-a8213ca50702.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 068891a060bfab0650cbe836d18b7184
b8b782747dca705f0424e1a272bd703951400c62
518f9d4db49210907c2665c6f2284aa295db63fcc9dfaad99664e6fefea16e75
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48ed2916-30a1-46c8-8937-a8213ca50702.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11070
x-amzn-requestid: 6f465257-3152-4701-b43a-ce54947f4294
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC04lEtXoAMFzcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63643503-7c9f9c7457cc974c3b112467;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:39:15 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YFSbIgg-pW_AuzGhFGVGNYUEhXMoElFGn5C_4hAUB0df1VZ2P9R2qA==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:10 GMT
age: 30727
etag: "b8b782747dca705f0424e1a272bd703951400c62"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.formulead.com/p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=full
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=full
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: http://lp.clientoffer.site/
Origin: http://lp.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:17 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55e2ff475dde0bcd1c49d94ce79596b8
f90c358abe388e4c29fa4e317dc04de9ecf95d63
8a80013a12639402e5073ce314d615ef032025791cd836945fc8212613792fb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A80013A12639402E5073CE314D615EF032025791CD836945FC8212613792FB9"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 04 Nov 2022 12:25:17 GMT
Date: Fri, 04 Nov 2022 06:25:17 GMT
Connection: keep-alive
submittrk.com/clk?aff_id=1339&offer_id=1890&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&aff_tt=dp
34.78.252.25200 OK 82 B URL HTTP/1.1 submittrk.com/clk?aff_id=1339&offer_id=1890&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&aff_tt=dp
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 2956f7b25d7e1db5ef67f142ca1595ea
6d7184464f36e56b1d5a86e7067813770523d005
e2a98a6fb28db87926a1dac4566adb6cd3e51124a1ca9e98a7e52889157df677
GET /clk?aff_id=1339&offer_id=1890&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&aff_tt=dp HTTP/1.1
Host: submittrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 82
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type
ETag: W/"52-bXGERk825WsdWobnBngTdwUj0AU"
Set-Cookie: hexa.sid=s%3ACF-HVplJrvy0JuE9PzCAHThVCMiCPTt6.w2Ms%2F9l%2FW2UrXM%2FrX5n8icwJ2UiZ7rOz1q4UVSMe5rc; Path=/; HttpOnly; Secure
Vary: Accept-Encoding
lp.clientoffer.site/n/assets/fonts/myriad-pro/MyriadPro-Light.woff
18.165.201.17200 OK 51 kB URL HTTP/1.1 lp.clientoffer.site/n/assets/fonts/myriad-pro/MyriadPro-Light.woff
IP 18.165.201.17:0
File type Web Open Font Format, CFF, length 50836, version 0.0\012- data
Hash 2fa3049613788ce468d3cf3942fef7df
c39a24d21bba273ab8e6de07cf694950a4ab3a19
03232ad9934ac651926b71be790954fd53a9fe10a0dd1b366597df47ebd25382
Analyzer Verdict Alert fortinet Phishing
GET /n/assets/fonts/myriad-pro/MyriadPro-Light.woff HTTP/1.1
Host: lp.clientoffer.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://lp.clientoffer.site/n/27/4/tktk/au/css/style.min.css
HTTP/1.1 200 OK
Content-Type: application/font-woff
Content-Length: 50836
Connection: keep-alive
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:17 GMT
Last-Modified: Thu, 03 Nov 2022 17:39:40 GMT
ETag: "6363fcdc-c694"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: vxWeyusGmqYosVBgPDvt1F9v6j4d9dHV3EFl7Ikfap4xIDXf-7JdTw==
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d4b1c4f4ea108a54eede061341551664
5d1e43b958318beb0df239919ca5bb49bd2b1e72
7d50b947fc4961ffd2dc04ee43aaf1d14808c0a97de4a2154087af788bbbc618
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=123089
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 06:25:17 GMT
Etag: "6363ee1e-118"
Expires: Sat, 05 Nov 2022 16:36:46 GMT
Last-Modified: Thu, 03 Nov 2022 16:36:46 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d4b1c4f4ea108a54eede061341551664
5d1e43b958318beb0df239919ca5bb49bd2b1e72
7d50b947fc4961ffd2dc04ee43aaf1d14808c0a97de4a2154087af788bbbc618
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=123089
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 06:25:18 GMT
Etag: "6363ee1e-118"
Expires: Sat, 05 Nov 2022 16:36:47 GMT
Last-Modified: Thu, 03 Nov 2022 16:36:46 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
cdn.formulead.com/t/errors
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/t/errors
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/errors HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://lp.clientoffer.site/
Origin: http://lp.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:18 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/errors
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/t/errors
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/errors HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk.WbO1K/uyscLsPXK1S6FvveFcFk+M/+tXlUuYcUXtlzA
Content-Type: application/json
Content-Length: 149
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:18 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
cdn.formulead.com/t/validator
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/t/validator
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/validator HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://lp.clientoffer.site/
Origin: http://lp.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:18 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/validator
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/t/validator
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/validator HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk.WbO1K/uyscLsPXK1S6FvveFcFk+M/+tXlUuYcUXtlzA
Content-Type: application/json
Content-Length: 1854
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:18 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
cdn.formulead.com/t/page
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: http://lp.clientoffer.site/
Origin: http://lp.clientoffer.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:18 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=full
34.78.252.25200 OK 13 kB URL HTTP/1.1 cdn.formulead.com/p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=full
IP 34.78.252.25:0
File type Unicode text, UTF-8 text, with very long lines (65329), with no line terminators
Hash 20d5e32f839bf5ec71091a3ea5acfa63
82eeee5150958f18646d8a741d0e1aa0e33155e5
f73d26b949460a2f59a0bd9c83cb2f9248f42bd46958b15fbe5bcce795a21314
GET /p/574ff3a738b1020100a8dbe1/feed?sc_domain=lp.clientoffer.site&cl_ip=91.90.42.154&qb_placement_id=574ff3a738b1020100a8dbe1&qb_offer_id=5b0695aa302f8c0100bc17d7&qb_flow_id=5b0695aa302f8c0100bc17d7&qb_vendor_id=570e5c924ce290010026cc24&qb_country=AU&ql_session_id=TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk&p_id=574ff3a738b1020100a8dbe1&aff_code=LDA&request_id=70195ce9d1dee724880981dbe0075324&aff_goal_id=9216&aff_goal_id2=9217&aff_id=1339&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=1890&aff_inc=tiktok&aff_tt=dp&sc_url=http%3A%2F%2Flp.clientoffer.site%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F27%2F4%2Ftktk%2Fau%2F&sc_campaign_domain=http%3A%2F%2Flp.clientoffer.site&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F27%2F4%2Ftktk%2Fau%2Fno_teaser.html&stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk.WbO1K/uyscLsPXK1S6FvveFcFk+M/+tXlUuYcUXtlzA
X-Request-Id: 02fd27256c0f8bec6ede135a
X-iivmxswc: a893493f227e038c0b63b9990707da2e5c3f4fa7829043cde9fff080589f4644
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Cookie: plc=574ff3a738b1020100a8dbe1; stp=1; ck_tsp=2022-11-04T06%3A25%3A16.931Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:19 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: stp=1; Path=/; Expires=Sun, 03 Nov 2024 06:25:17 GMT; Secure; SameSite=None
ck_tsp=2022-11-04T06%3A25%3A17.880Z; Path=/; Expires=Sun, 03 Nov 2024 06:25:17 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Sun, 03 Nov 2024 06:25:17 GMT; Secure; SameSite=None
ETag: W/"10a80-8J+v1NbnqjUjdQZ9SZQk8zO62tQ"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/t/page
34.78.252.25200 OK 16 B IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:TUduKdnyeBH-hfWVTmmzvuQm6l6BQOCk.WbO1K/uyscLsPXK1S6FvveFcFk+M/+tXlUuYcUXtlzA
Content-Type: application/json
Content-Length: 105
Origin: http://lp.clientoffer.site
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 04 Nov 2022 06:25:22 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: http://lp.clientoffer.site
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=lp.clientoffer.site
172.64.168.3200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=lp.clientoffer.site
IP 172.64.168.3:0
GET /scripts/push/script/z75dnkdk4q?url=lp.clientoffer.site HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 06:25:18 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HcRO4c5EUraIibIEd923pSeGhOFGSG03urLy4%2FwiRAPgSL%2BRn7BKdESxR5yK5uwTeeB4XsWf5OraYzaV7JAj3LmzDCPXDY5mEgGlSbv9PkJpV9C%2FmGqRBnkLyZe4%2FZnIWfSRRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 764b4587692788b0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
st.formulead.com/assets/js/helpers.js
108.138.233.93200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/helpers.js
IP 108.138.233.93:0
GET /assets/js/helpers.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
date: Thu, 03 Nov 2022 17:29:41 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: W/"6329dbed-fefc"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2578e6e980a79ec5ab861167c666f8be.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P4
x-amz-cf-id: lZPni0BG-XuclXKyZGOM_U22XMWa6FpoDIVZJg8OpiKTk3c3pdiPzw==
age: 46535
X-Firefox-Spdy: h2
st.formulead.com/assets/js/bioep.min.js
108.138.233.93200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/bioep.min.js
IP 108.138.233.93:0
GET /assets/js/bioep.min.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://lp.clientoffer.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
date: Thu, 03 Nov 2022 17:29:42 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: W/"6329dbed-14c4"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2578e6e980a79ec5ab861167c666f8be.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P4
x-amz-cf-id: 9dxwk6vFmHgIUJc84Zm3x4b08bxdp8eUjDPQaHWfm2C4fziVbnFs6Q==
age: 46534
X-Firefox-Spdy: h2