newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
185.128.34.116302 Found 169 B URL HTTP/1.1 newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 3a924587a03eb36516ba715c384e5267
a05c222768c2b7049ea9d8a745c582438b748ea3
7b1c95f117802a1767416994cc254fdfd7d2a105b58f25de5f9bd3f4660718cc
Analyzer Verdict Alert fortinet Phishing
GET /en_uk/iphn14_uk_s_gf HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Connection: close
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Content-Length: 169
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 10:13:33 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Pdb3buKhBYveAIqGbThOpoZ8Bn5DAGgx4ikLXzpjcYQypyZWFwnMiw==
Age: 517
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9601
Expires: Wed, 21 Sep 2022 13:02:11 GMT
Date: Wed, 21 Sep 2022 10:22:10 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TJgnYLjRELKNmoTLIj7mnIM8n_oNtQhXMX0toMOy-wdD86rAI65tow==
age: 20817
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Sep 2022 10:22:10 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b271b74293ba436b7118ecdc1680112
d6e20240e36264dcd2483cffdb9e79e7c252589f
c358a49ffba024de5c6597c7ac9c811f35b2119883a535a63b581de261c70d95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C358A49FFBA024DE5C6597C7AC9C811F35B2119883A535A63B581DE261C70D95"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21557
Expires: Wed, 21 Sep 2022 16:21:27 GMT
Date: Wed, 21 Sep 2022 10:22:10 GMT
Connection: keep-alive
newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
185.128.34.116200 OK 27 kB URL HTTP/1.1 newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13754)
Hash 3d1a43cf2eef83ebd443a589c22a3ab0
371a3612612cd3195e1a477a564aa5837749b19b
d8eb48abd2d5089c2915dc8b8666ff1dbf62ad89e47bf89c29f22240fe74e2dd
Analyzer Verdict Alert fortinet Phishing
GET /en_uk/iphn14_uk_s_gf HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Wed, 21 Sep 2022 10:22:11 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; expires=Wed, 21-Sep-2022 11:22:11 GMT; Max-Age=3600; path=/
cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D; expires=Wed, 21-Sep-2022 11:22:11 GMT; Max-Age=3600; path=/; httponly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/styles/main.min.css
185.128.34.116200 OK 1.5 kB URL HTTP/1.1 newsmartphoneoffer.com/styles/main.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (7292)
Hash 7e976ab25ce0cdba109ccf316add43f2
451128b9768b2b3356afdbc7b92b9ec7b4a79dc8
2b9d6fe51d6f1b50e777301cba99b4646860726140c4945cbb17ac314c9ae87e
GET /styles/main.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: text/css
Last-Modified: Mon, 19 Sep 2022 20:01:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6328cab5-1c7d"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/landing-layouts/s/styles/main.min.css
185.128.34.116200 OK 24 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/styles/main.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (65536), with no line terminators
Hash 710e9ae8e2c814e3ce27419c7e3e8e0f
8e582b98e687dcebd974048afdf374654adfe333
2c80a337b9a27a5a8b495d6fe6a090a1c0541a5b4edda13689d8e86cb585aaae
GET /landing-layouts/s/styles/main.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: text/css
Last-Modified: Mon, 19 Sep 2022 20:01:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6328cab5-3c63d"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
djjcyqvteia9v.cloudfront.net/EHawkTalon.js
143.204.42.155200 OK 44 kB URL HTTP/2 djjcyqvteia9v.cloudfront.net/EHawkTalon.js
IP 143.204.42.155:0
File type Unicode text, UTF-8 text, with very long lines (31985)
Hash 94e7b422e861ef1c968c81a21965c22d
148f6107b034ea6275f48c8512b5387d183779db
54234f4ebe24f0a0058c5a4301ba3356fa0e138d3adfa12cac7b144667da104d
GET /EHawkTalon.js HTTP/1.1
Host: djjcyqvteia9v.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 44465
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Wed, 29 Jul 2020 14:14:29 GMT
accept-ranges: bytes
date: Fri, 26 Aug 2022 05:54:53 GMT
expires: Sun, 25 Sep 2022 05:54:53 GMT
cache-control: max-age=2592000
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2Z3rI81S-ZzjRfZN6DZGG645z3hceGP8bBf0bAMcp9AU9d9LhjIRIA==
age: 2262438
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a79e3fb6006915f9224684bbf94e54f6
8634c28b2be5a6ee744fa4627853f5fc9a8547f8
500e68bbfc37e3b9f22201367dad6c84dad258d60d3fd38b52555a413bb5b73e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4334
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Last-Modified: Wed, 21 Sep 2022 09:09:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a79e3fb6006915f9224684bbf94e54f6
8634c28b2be5a6ee744fa4627853f5fc9a8547f8
500e68bbfc37e3b9f22201367dad6c84dad258d60d3fd38b52555a413bb5b73e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6084
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Last-Modified: Wed, 21 Sep 2022 08:40:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
code.jquery.com/jquery-3.3.1.min.js
69.16.175.10200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-3.3.1.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (65451)
Hash d549b312f7a7d228b4ec229a6547dfdc
0766794582ad530ec0f8c2595f741086afffa312
f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:11 GMT
content-encoding: gzip
content-length: 30288
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1538f"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1663755731.dop018.sk1.t,1663755731.cds257.sk1.hn,1663755731.cds072.sk1.c
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a79e3fb6006915f9224684bbf94e54f6
8634c28b2be5a6ee744fa4627853f5fc9a8547f8
500e68bbfc37e3b9f22201367dad6c84dad258d60d3fd38b52555a413bb5b73e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4334
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Last-Modified: Wed, 21 Sep 2022 09:09:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
newsmartphoneoffer.com/vendor/select2/select2.min.css
185.128.34.116200 OK 2.2 kB URL HTTP/1.1 newsmartphoneoffer.com/vendor/select2/select2.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (16263)
Hash bd3ea59ca12635e32402ec20cb196249
b1bfdaba4a00c2932245ff9eabea38016f9c9069
b99f8f79de257275fdbf6a8e0eb4652b0d69429552234b1f444c08ae85000341
GET /vendor/select2/select2.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: text/css
Last-Modified: Mon, 19 Sep 2022 20:05:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6328cb9f-3f88"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 596ea0e7cffcb12819c214fd7e55e6b5
fdf581b35743d7693bf8c7f6154471a1b2646f06
a78eee2be3725b096407fde832e7762dad74ac69165f57a10b1ef76b5b2d9874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newsmartphoneoffer.com/landing-layouts/s/scripts/script.min.js
185.128.34.116200 OK 8.1 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/scripts/script.min.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (343)
Hash 520d196e2e2943a9ae0a92e31a74edc5
d28ee656c956ef4997eb2102ce7cc52b56c5282f
23f22134f948270bf57cc144d9113cf46c02e27333095cde292491b8e9800a05
Analyzer Verdict Alert fortinet Phishing
GET /landing-layouts/s/scripts/script.min.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 19 Sep 2022 20:01:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6328cab5-a0d8"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.11.207200 OK 20 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (65371)
Hash b062b1720c353c31c6638f4e9e7490be
18cee0b888c21f6eb65e89e56944fd595d5edc4f
29d87fba42f93589e4f4b1b61b05bdd215c0cfa725101f3bdf6d657a31e575aa
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:11 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 11866068
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74e21408cb3b0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-129693020-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-129693020-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash 6add2070891713c812c74b55a4676bd8
5a8ed45d7112a22c5af2eb349851cd0a73b0d809
c9515bb4c7b245904026c6cc9e8cd1536bc2bbe0851faef765ed5ce0f50e5084
GET /gtag/js?id=UA-129693020-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 21 Sep 2022 10:22:11 GMT
expires: Wed, 21 Sep 2022 10:22:11 GMT
cache-control: private, max-age=900
last-modified: Wed, 21 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ff6d50919e56aed75c47feb45ee2f2ec
98f558a4b2d4f3c271abc93d0b74ece4ad7a59ef
b1b6f0e78b5a1e2092cba6d71d0d5a918066c0486176cef0a19f51e2d5a9962e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2015
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Last-Modified: Wed, 21 Sep 2022 09:48:36 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
newsmartphoneoffer.com/js/app.js
185.128.34.116200 OK 221 kB URL HTTP/1.1 newsmartphoneoffer.com/js/app.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type Unicode text, UTF-8 text, with very long lines (65473)
Size 221 kB (220735 bytes)
Hash b5fc8042bc68dc89a684b431638321cd
bc3b6056b39c229edac736caaedea8dba3080c44
4efc72a6455341aae1e547abc155b3b15d56aa115d07dfbeaad1af9d2b6ad996
Analyzer Verdict Alert fortinet Phishing
GET /js/app.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 19 Sep 2022 20:05:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6328cb9f-edce7"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/landing-layouts/s/images/privacy_img.png
185.128.34.116200 OK 6.6 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/images/privacy_img.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 130 x 130, 8-bit colormap, non-interlaced\012- data
Hash 18d7bc31d40e63b3dd7c886c8bc1f5c2
419d4868455728ae20149170066c6b707de0df5a
13f9001dbfe4dfc8be808e3c382c47172604b1eb540db94e9221a13b7841272f
GET /landing-layouts/s/images/privacy_img.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: image/png
Content-Length: 6553
Last-Modified: Mon, 19 Sep 2022 20:01:57 GMT
Connection: keep-alive
ETag: "6328cab5-1999"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png
185.128.34.116200 OK 6.1 kB URL HTTP/1.1 newsmartphoneoffer.com/images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 240 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 331f6ba1ae14bb60185d9d2626b3acd5
6b7a5e169052686e441d4909d4a98d60dc157db6
d4769dc58bfeadce09cb4e7e6c0958d6602423d020b36ff0be54b60359689b90
GET /images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: image/png
Content-Length: 6146
Last-Modified: Mon, 19 Sep 2022 20:01:57 GMT
Connection: keep-alive
ETag: "6328cab5-1802"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/landings/14981/iphn14.png
185.128.34.116200 OK 178 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/14981/iphn14.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 650 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 178 kB (178407 bytes)
Hash 833b8a60ef839d0a55018014aeb38c75
0fe58282351ab640530c408a1a21d63bb3af954f
c18f8488fa2fb17f1715551dc35a4b51e9d6c214645c181ddb7934efa22dc389
GET /landings/14981/iphn14.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: image/png
Content-Length: 178407
Last-Modified: Thu, 08 Sep 2022 10:34:29 GMT
Connection: keep-alive
ETag: "6319c535-2b8e7"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900
216.58.211.10200 OK 1.6 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900
IP 216.58.211.10:0
Hash ba48fc95544cedeabcdf4f39459d8f64
739a5411e2b1f00db7a4058f281645e8e7897fc7
259fda069c65462fb11a87c0f1e9873444c30d076c6df95c94222260d8a35474
GET /css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 21 Sep 2022 10:22:11 GMT
date: Wed, 21 Sep 2022 10:22:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 21 Sep 2022 10:03:22 GMT
Expires: Wed, 21 Sep 2022 10:46:06 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RSTi4GkpP3hZeOhGPPXIYuSqNpLt2tTcXcJWgqSPl5_yfH2yd-ZCPQ==
Age: 1129
newsmartphoneoffer.com/landings/14979/iphn14.png
185.128.34.116200 OK 178 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/14979/iphn14.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 650 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 178 kB (178407 bytes)
Hash 833b8a60ef839d0a55018014aeb38c75
0fe58282351ab640530c408a1a21d63bb3af954f
c18f8488fa2fb17f1715551dc35a4b51e9d6c214645c181ddb7934efa22dc389
GET /landings/14979/iphn14.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: image/png
Content-Length: 178407
Last-Modified: Thu, 08 Sep 2022 10:34:29 GMT
Connection: keep-alive
ETag: "6319c535-2b8e7"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/landings/14980/iphn14.png
185.128.34.116200 OK 178 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/14980/iphn14.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 650 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 178 kB (178407 bytes)
Hash 833b8a60ef839d0a55018014aeb38c75
0fe58282351ab640530c408a1a21d63bb3af954f
c18f8488fa2fb17f1715551dc35a4b51e9d6c214645c181ddb7934efa22dc389
GET /landings/14980/iphn14.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: image/png
Content-Length: 178407
Last-Modified: Thu, 08 Sep 2022 10:34:29 GMT
Connection: keep-alive
ETag: "6319c535-2b8e7"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newsmartphoneoffer.com/landings/14978/background-(28).jpg
185.128.34.116200 OK 72 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/14978/background-(28).jpg
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3\012- data
Hash 43dece2887d205065e141d19bc991732
fd93b9ee6e21d1c722fa87602bb90a98c63e1502
e7c4d93b66a306ad30cfddd6b061221faea4f64295dd3614dfa3242cfdf0b002
GET /landings/14978/background-(28).jpg HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: image/jpeg
Content-Length: 72157
Last-Modified: Thu, 08 Sep 2022 10:34:29 GMT
Connection: keep-alive
ETag: "6319c535-119dd"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/fonts/Oswald-Heavy/Oswald-Heavy.woff2
185.128.34.116200 OK 31 kB URL HTTP/1.1 newsmartphoneoffer.com/fonts/Oswald-Heavy/Oswald-Heavy.woff2
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash e3c37af374909525ba2e3462bc05540f
127ea8601da9fb256c39c30b3b726f4e37e2df52
33405d243b1d6b59763f933848f7d90ac96b0f820f560ca5f4e37e5dd7bfd261
Analyzer Verdict Alert fortinet Phishing
GET /fonts/Oswald-Heavy/Oswald-Heavy.woff2 HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:11 GMT
Content-Type: application/octet-stream
Content-Length: 30928
Last-Modified: Mon, 19 Sep 2022 20:01:57 GMT
Connection: keep-alive
ETag: "6328cab5-78d0"
Expires: Wed, 28 Sep 2022 10:22:11 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 08:31:01 GMT
expires: Wed, 20 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
age: 93070
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.101.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.101.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EFuNCvAXgI7+qLnkYl28IQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2fsR1Kx13nCiViaNuKa81Hh0oUs=
newsmartphoneoffer.com/en_uk/images/icons/favicon.ico
185.128.34.116404 Not Found 2.1 kB URL HTTP/1.1 newsmartphoneoffer.com/en_uk/images/icons/favicon.ico
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Hash e881f8e66a93d0960ba6fad410094769
7f1bd10fd60815735fad95387ecaed0cfaf3b287
b43a9db67408b4398f147b571163d5b272af8c46eb4dca9f1bc2be44a6ded26d
GET /en_uk/images/icons/favicon.ico HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/iphn14_uk_s_gf
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
date: Wed, 21 Sep 2022 10:22:11 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
216.239.32.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.32.178:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 21 Sep 2022 08:41:12 GMT
expires: Wed, 21 Sep 2022 10:41:12 GMT
cache-control: public, max-age=7200
age: 6060
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0304f4f364b9890dfd818a05023bac43
54ee83e80e4ef47bd182dee9e6dc7f9b5de22a75
e7c6f569b52780b16ced802b0cf8e127d4f1ab85687a9cc2fb6f6b9d3b741dd0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E7C6F569B52780B16CED802B0CF8E127D4F1AB85687A9CC2FB6F6B9D3B741DD0"
Last-Modified: Mon, 19 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 21 Sep 2022 16:22:12 GMT
Date: Wed, 21 Sep 2022 10:22:12 GMT
Connection: keep-alive
productsgiveaway-uk-342.com/en_uk/tr_iphn14_uk_s_gf?affid=preview
185.128.34.117200 OK 30 kB URL HTTP/1.1 productsgiveaway-uk-342.com/en_uk/tr_iphn14_uk_s_gf?affid=preview
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (10300)
Hash 5d2d6ffe862f7f502087049e052eb30a
d225050a1f2aee0ee7cbafea24fefea7bd78cc56
e797983ebbe675389a5fcb169075d9d23067ba94ec5e36344cb84f81719ea79f
GET /en_uk/tr_iphn14_uk_s_gf?affid=preview HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: https://newsmartphoneoffer.com
Set-Cookie: advanced-frontend=3prmrifti7vejj817vfapvi1kj; path=/; HttpOnly
visitId=8b48eeb71d163d99fe825b8659675b40f701d51f465941f265a99b5e1885f5d2a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22visitId%22%3Bi%3A1%3Bs%3A32%3A%22addab22f24a5cd1eb1cf35b3b51795e2%22%3B%7D; expires=Fri, 21-Oct-2022 10:22:12 GMT; Max-Age=2592000; path=/; HttpOnly
_csrf-frontend=1413359ea0200990eb520449dbfa38885f4bc1c1441af186c5492390bea053dda%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22YC67ftN-nRN9YObp6MZ8woDR9t7ybztu%22%3B%7D; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
productsgiveaway-uk-342.com/sponsor?externalId=addab22f24a5cd1eb1cf35b3b51795e2
185.128.34.117200 OK 4.9 kB URL HTTP/1.1 productsgiveaway-uk-342.com/sponsor?externalId=addab22f24a5cd1eb1cf35b3b51795e2
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type JSON data\012- HTML document, ASCII text, with very long lines (29476), with no line terminators
Hash 7c072489c08e210ac7b07770e986ce55
2ad0f69d2f324b5137b38af134e9a917c65bb491
afebe26cdd9d0f6fd485636e588076b6fb62da62febd847478c3de30d5950f8a
GET /sponsor?externalId=addab22f24a5cd1eb1cf35b3b51795e2 HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:12 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: https://newsmartphoneoffer.com
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b82fdd7387145ec9a754d93f092277cf
467455c155cce26e0c0acbb36ed8be8b8abba0c6
adf30daa8ef9d2b5dd4d9d5245ddd26f59ab3c626b430652b00103ae5e2c262a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4412
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:12 GMT
Last-Modified: Wed, 21 Sep 2022 09:08:40 GMT
Server: ECS (amb/6B8B)
X-Cache: HIT
Content-Length: 278
productsgiveaway-uk-342.com/images/placeholder.png
185.128.34.117200 OK 30 kB URL HTTP/1.1 productsgiveaway-uk-342.com/images/placeholder.png
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 2400 x 2400, 8-bit grayscale, non-interlaced\012- data
Hash efecd9d40367ec0d16517eccd2131f51
f62fb8a662c331a24c8f6ad67bdd9c80501b3ea5
93453aeb09ee83e223ec77a93aab60cbcf79be3436401817b49bf11093e6adc1
GET /images/placeholder.png HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:12 GMT
Content-Type: image/png
Content-Length: 30255
Last-Modified: Mon, 19 Sep 2022 12:19:34 GMT
Connection: keep-alive
ETag: "63285e56-762f"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 0766ca935fa969e98957d70648683ef6
69c6d43329f7bae2f2094a18838de3a704920d40
756297916a27831b8760afc727ea6eb6ac0cd47011904970a5dfa050b92a0554
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 10:22:12 GMT
Last-Modified: Wed, 21 Sep 2022 09:25:44 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: c3Ibazn70BThEHOM2CwvUsx5FzWKOWBYvoepsjamiqIxiT3Q2wKIzA==
Age: 3389
cdn.cloudcnt.com/content/image/5d8dd415ec4fa.png?size=300
54.230.111.120200 OK 7.7 kB URL HTTP/2 cdn.cloudcnt.com/content/image/5d8dd415ec4fa.png?size=300
IP 54.230.111.120:0
File type PNG image data, 225 x 37, 8-bit/color RGBA, non-interlaced\012- data
Hash 53b95496ea713cac3954693b8f3b50d5
c622ac30e8dbd7b178dfc2a09fa95a740367b0c2
2f611884dd3584195b879992b9dd4918f1ac87ac06c64dc86f387f504b962093
GET /content/image/5d8dd415ec4fa.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Mon, 19 Sep 2022 02:21:34 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -sHlSgCyp9vwnr9LDgkJ0qWxJXQkt9lQEJYD7UwhLTRCKMJyPh85Jw==
age: 201638
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b82fdd7387145ec9a754d93f092277cf
467455c155cce26e0c0acbb36ed8be8b8abba0c6
adf30daa8ef9d2b5dd4d9d5245ddd26f59ab3c626b430652b00103ae5e2c262a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4412
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:12 GMT
Last-Modified: Wed, 21 Sep 2022 09:08:40 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
newsmartphoneoffer.com/service-worker.js
185.128.34.116200 OK 170 B URL HTTP/1.1 newsmartphoneoffer.com/service-worker.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
Hash 6dc9aad8c0a0f0f17a0dd110ab15af19
3f8b295142373a5170b66a6b77f276e9b3e3f9e1
20095487f19c6e5482093159c3f020846dd7f3878ee426b11772ef7cf5a03be5
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpLTm85M0ppYWpHaXEvV3VkaFFGRVE9PSIsInZhbHVlIjoidVBLYmVFVzlSQUV6L3F0YkxJWWg4a0hWWVRWVGhldUg2ZDgyczBvTHhaMncyZDU3NHBza0s4bmg3ejVxR05XUWVrVUtrZVBlYW5CTkwwYXpubVJhQkFMRlBEaU9FckprTURWYTVuY0pPaXF4cGxlQmpTMEw5czBTWmE5RUZVV3UiLCJtYWMiOiJmYWE4NmE1YTllYjM3NjI1YTM0NjQ2Y2VkNTk3MjlhNjM4NjRhOWIzN2M1Mjg2ZDMxNjE5MDM0YTYzYzQyZmM0IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6ImRMWjZiTmV5MlNtL3F2MnhFWUVLUkE9PSIsInZhbHVlIjoiTitWRXJhOUtXS04waVdGK1VsYXRKTXhyOGhkVmg1U015UHpacFhpU2p6bUVnOHFaZzg0MkFodEJRblpWeGFyUlh6ZVBGOGhaeTZ4RW8yRzF0Mmp3V3RqbnF0bEYvRUZLb3NoMUVpRWQvTHZ6Q0NNa2R2dVF4amVaRnVxTEUwSzgiLCJtYWMiOiI0YTZjODhlYTAyNTE4ZWEwMjA0NTE0MmY3YzY2MWUzNGFkMjBhMTYzNTg2YzIwZTdmZWNmZjg0Mjk0NTM4NjUwIiwidGFnIjoiIn0%3D; _ga=GA1.2.2070488949.1663755732; _gid=GA1.2.850503461.1663755732; _gat_gtag_UA_129693020_1=1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Sep 2022 10:22:12 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 19 Sep 2022 20:01:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6328cab5-10c"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 338b2be5d768278b60661f07d91164b7
689d06849b9de2ae6205d08093c4d0a48c3e8e9c
36db64c86998f5a89285759fb93d2b14079cc8b27e1bd3aafb6330b07e70f4a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36DB64C86998F5A89285759FB93D2B14079CC8B27E1BD3AAFB6330B07E70F4A3"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4246
Expires: Wed, 21 Sep 2022 11:32:58 GMT
Date: Wed, 21 Sep 2022 10:22:12 GMT
Connection: keep-alive
click.fstrk.net/a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=iphn14_uk_s_gf&fs_sub_id=null&fs_transaction_id=addab22f24a5cd1eb1cf35b3b51795e2&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1663756681878
35.190.210.193200 OK 976 B URL HTTP/2 click.fstrk.net/a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=iphn14_uk_s_gf&fs_sub_id=null&fs_transaction_id=addab22f24a5cd1eb1cf35b3b51795e2&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1663756681878
IP 35.190.210.193:0
Hash 42e542c1a99048ae6336cba640f312d7
44909a54672f32abb7121bdc1fc84d81bb01041f
4e231223641332f316e93bb197fa927ac2c7ac0b86cb209bbf1974b23d34a7f4
GET /a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=iphn14_uk_s_gf&fs_sub_id=null&fs_transaction_id=addab22f24a5cd1eb1cf35b3b51795e2&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1663756681878 HTTP/1.1
Host: click.fstrk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.1
date: Wed, 21 Sep 2022 10:22:12 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
set-cookie: fs_cr=1663755732000; Path=/; Domain=fstrk.net
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5b4f416ee10b3.jpg?size=300
54.230.111.120200 OK 4.6 kB URL HTTP/2 cdn.cloudcnt.com/content/image/5b4f416ee10b3.jpg?size=300
IP 54.230.111.120:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 177x117, components 3\012- data
Hash df77ec0b1507df64fa3e985d250fa51c
4b9b85b156911c3b0696f71c07e8622b9ae6b184
a72b9b5c78126c1a15a6e1494da500d759cded2126713b0705f9fbbe173eaaea
GET /content/image/5b4f416ee10b3.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Mon, 19 Sep 2022 03:29:51 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iCtdnQSp3A81XKgeJhEC2kEjBFWl7L_b5OWqEzY7BO6pG9Hk8JG_UQ==
age: 197541
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9baaa3878151bf5d83c8d7014da17e5d
d8952bdd01ddec1d9a5a480f17ff5e39f6bdb037
1734ff9035c0a9c965cb5047e9fdbc2c1184b6c568066e856c6dbf0b8dc51df3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 10:22:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10281
Expires: Wed, 21 Sep 2022 13:13:34 GMT
Date: Wed, 21 Sep 2022 10:22:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10281
Expires: Wed, 21 Sep 2022 13:13:34 GMT
Date: Wed, 21 Sep 2022 10:22:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10281
Expires: Wed, 21 Sep 2022 13:13:34 GMT
Date: Wed, 21 Sep 2022 10:22:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10281
Expires: Wed, 21 Sep 2022 13:13:34 GMT
Date: Wed, 21 Sep 2022 10:22:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10281
Expires: Wed, 21 Sep 2022 13:13:34 GMT
Date: Wed, 21 Sep 2022 10:22:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4d98acc059a69d51165fb5e0c7430ea3
09bd3300d710c3212483159f8398b84cde09da26
6e38bbb5c79c4f714973e10961d7bad9e7ae8711cf24d68b13a77206f474d2a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7507
x-amzn-requestid: 2a40c792-8b1b-4476-92de-1fce3df48fc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCmaHefoAMF4Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e28-6b05350006b7f3fb73d1e37a;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rq4QHCD4EubBKHyCj7jyKqpct5d7U33TvNufqj_w8mWunqQsouoh7w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:21:54 GMT
age: 43219
etag: "09bd3300d710c3212483159f8398b84cde09da26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14e6ddceb639a5f4875aecb796f95c79
b1cd04a66852694284eeef16a1cde38896e33c03
4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10244
x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYwBkGqjIAMFz0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7FaZfI_iYUANPdxGBld5NfneWwKJeX2nYA_gmvF9NjML5YOVhZIIoA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 14:38:21 GMT
age: 71032
etag: "b1cd04a66852694284eeef16a1cde38896e33c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6b35a1c-f445-4b05-b56e-ce2ad0ef2a9a.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6b35a1c-f445-4b05-b56e-ce2ad0ef2a9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8bae3a7a80ff40df1d701dfc925ddeff
91df60162a8322469cada0dd8eb93619f28aec1a
fab10c7ad4658bc191621d9f2042236a7b6e34448ce5215dde5b8d6a64b52952
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6b35a1c-f445-4b05-b56e-ce2ad0ef2a9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6897
x-amzn-requestid: 280a2e44-c21a-4d78-991b-3328e816d045
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwWSpE0SoAMFaxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63299daa-55cb53491be78c4d5bed0462;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 11:02:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eNkM22Xu--qgJdsrH-UrTG5-Ie4nAsyLjiMaJ5ZKIz0bbw7cYrvFjw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 02:18:26 GMT
age: 29027
etag: "91df60162a8322469cada0dd8eb93619f28aec1a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a692964324dbb9c460a1b855808d02e6
1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54
3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9201
x-amzn-requestid: 6dbfae76-f9ab-4f31-9b62-bcf5d9ce4515
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YxzxlEYcoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a333d-7d147481402cc46a751b72ed;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:40:13 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hI3FlJJRAUfr0EAcSvvuJajmyQDwBpTxuQIhYfA0Mtp9JyQgKnoDvA==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:43:18 GMT
age: 45535
etag: "1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4eb6d1b35f680bfec656941b6167fd23
344c6000dbdafdb5105edc93a082d640c3e95ddc
67fc85fa0f1a55d57ab9db6f4c723fb9116ef3b2c5282dbdd42d9c37396bd7b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8826
x-amzn-requestid: cf0c711e-4ec9-4f87-a60f-41374262a114
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYweUHIyoAMFYQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202df5-17ad5d4e25a754586e531d05;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:15:01 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OEbpCQXLpTCDZH4OlzVvvsc-bSgbsIoXRgX6f-nKVwJTL5-SVTCHeA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:56:09 GMT
age: 44764
etag: "344c6000dbdafdb5105edc93a082d640c3e95ddc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7b780d39877eea116277625aaa01f1b
d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db
ca9d59056e0a3f512d36db11f4a4bd3109c2ce1e13b29b5f40dce84df079e71f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12654
x-amzn-requestid: efc99152-2b51-462d-b48b-67ba8263b1cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJOGVYoAMFcvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-00eeb6913e06ac151f293263;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wK03Lqow6u4lrQ3QI21klXXHGZqbKYathhCO87k0rZWBbF8o5YYjXw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 07:05:16 GMT
age: 11817
etag: "d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://newsmartphoneoffer.com/
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:19 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVtyyTsXjW29ZFpynN6Ig731jG2N26udheyx6SGTdJkXwQ%2FnWhqT87ft3RmoZ9kP3fyXKU7Bh7qBoV71LOcRvDnt28I2GzLcSkPc1X6EmhEKpQTzuPVwVzTH6Va%2ByDUJwmz7wtIyd8wCTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e2143a5ae206aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://newsmartphoneoffer.com/
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:19 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A80nIin9kc0IxBMQTNX%2FC3MaRkqEYedOgV1hyWbf649%2F34fDnw5lR0JcVefsI6Q3%2Bu7yFxW1RjT9pePMFJtVoBZOjZBs2TICDULIW64VDvA%2FnboKxriUROBMNIXbFFdJN4yZmXDImvA%2FQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e2143a5ae506aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://newsmartphoneoffer.com
Content-Length: 109
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:19 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8nPRaemPLRFxZYHDDps8qgYrBer7qKgirB171PnszvWLU0Q900Wa%2F%2F5lJnLPC6m1cvLDD2biKVdopLrkRJU2c53bvjTCLLMGZNIc0Ud%2BicvoTrzYae6jra2tx3QCM3PbzQJ5fUnCRXlag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e2143afbb206aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://newsmartphoneoffer.com
Content-Length: 148
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:19 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8IeSncwBLIfkajFkDndOHZAp2bQ0FcLARaaAAQPTYEqYYyyS47100o0%2FI2ALIif%2B%2BiDigBSMdUoQqUs8lcjpo3BKBo70t9%2FeF6ZlZpyIZ1oOXn2GigyeLLagPCGwud2zpNyM8Id2SQNHiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e2143b8c3706aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:11 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 722, 617
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 2021-03-10 20:26:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 121d365db7a9aba3915641185d93b963
cdn-cache: HIT
cf-cache-status: HIT
age: 13066538
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74e21408aafd0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:11 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 05/12/2022 03:05:27
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 863
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 8995e66ba49ec2453930854af59429fe
cdn-cache: HIT
cf-cache-status: HIT
age: 7730055
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74e21408ab090b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5b753b0f22993.jpg?size=300
54.230.111.120200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5b753b0f22993.jpg?size=300
IP 54.230.111.120:0
GET /content/image/5b753b0f22993.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Wed, 21 Sep 2022 05:01:58 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IsFc8IBuHpDQE4sZsx2yDr-kCiNyZCGyKpiRfOoEKN15HR1jkgting==
age: 19214
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/605d9d6a66c60.png?size=300
54.230.111.120200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/605d9d6a66c60.png?size=300
IP 54.230.111.120:0
GET /content/image/605d9d6a66c60.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Tue, 20 Sep 2022 03:50:12 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IsfjRzYOqB3FnGs1xRmZxfM2SLKpbbswSArx1xjTcbXg-FV8cqUiRw==
age: 109919
X-Firefox-Spdy: h2
fstrk.net/api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js
143.204.55.125200 OK 0 B URL HTTP/2 fstrk.net/api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js
IP 143.204.55.125:0
GET /api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js HTTP/1.1
Host: fstrk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 15 Jun 2022 07:40:15 GMT
last-modified: Thu, 01 Apr 2021 12:27:02 GMT
etag: W/"9abf9e75ee4858e2302cc352a93a131f"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5uxSo3zZqKiMneHexsApxkaxc4dlyx4UGu6ikg4X_pxMKGhSAziCSA==
age: 8476918
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/602bc70b48ff9.jpg?size=300
54.230.111.120200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/602bc70b48ff9.jpg?size=300
IP 54.230.111.120:0
GET /content/image/602bc70b48ff9.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Mon, 19 Sep 2022 02:21:34 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I5sncTEGT_iYS0dnheqj2VdrVPDHRQObmPPV7xXx4u7ykHfhf9qqaw==
age: 201638
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/622f468f2ddb6.png?size=300
54.230.111.120200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/622f468f2ddb6.png?size=300
IP 54.230.111.120:0
GET /content/image/622f468f2ddb6.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Mon, 19 Sep 2022 05:33:28 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: P2ZxU11wZMI6Uxt1ze0TJHjZzqVpxtN-pa6SZcPjEDPyiXk_lKjMiw==
age: 190124
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5c1cfaf6a3c67.png?size=300
54.230.111.120200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5c1cfaf6a3c67.png?size=300
IP 54.230.111.120:0
GET /content/image/5c1cfaf6a3c67.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Tue, 20 Sep 2022 03:50:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: R2kLYJYubIpSymoL_nnUwfeO2TsKX3N4zrFpt7_BJBlJKCDJhzf2Iw==
age: 109920
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com
172.64.168.3200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com
IP 172.64.168.3:0
GET /scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 10:22:12 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JwEfTKDutV9FeYn3wbHzaNaMACnqX4pO0VRWENr2hkf%2Bnf0BwtT%2FRyfbGDAkZ0fWww%2BeApROhut3%2F5%2FzQRqL0sy%2BosBWBh7dDgJLKbodcC%2BpA62GPFpJjd3qm%2BbqWR3efgagEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e2140f38da74c1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2