newsmartphoneoffer.com/en_uk/cfrdg_uk_s
185.128.34.116302 Found 169 B URL HTTP/1.1 newsmartphoneoffer.com/en_uk/cfrdg_uk_s
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 3a924587a03eb36516ba715c384e5267
a05c222768c2b7049ea9d8a745c582438b748ea3
7b1c95f117802a1767416994cc254fdfd7d2a105b58f25de5f9bd3f4660718cc
Analyzer Verdict Alert fortinet Phishing
GET /en_uk/cfrdg_uk_s HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Connection: close
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Content-Length: 169
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6957
Expires: Sun, 23 Oct 2022 12:55:01 GMT
Date: Sun, 23 Oct 2022 10:59:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 23 Oct 2022 10:52:50 GMT
Expires: Sun, 23 Oct 2022 10:59:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: skzKgjg5aPPzNghgVjLejyRmMyDU9B2BMmLRjJNgUF1tYseYL3_rUw==
Age: 374
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7068
Expires: Sun, 23 Oct 2022 12:56:52 GMT
Date: Sun, 23 Oct 2022 10:59:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga=GA1.2.2071368024.1666517965; _gid=GA1.2.2070426470.1666517965
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: vynYZu7wsp7VahEOCmzp1r79ai2kBPDZst6bF+DHZ5d34L0z+gkz36ZgcluaeD/Eyeqi+sabFQI=
x-amz-request-id: E8CAY2V8W9GVPA9D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 23 Oct 2022 10:08:03 GMT
age: 3061
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 10:59:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 574f0ea081c6850c612629f9c25ffc08
3523928b6ed3a0d777846a9b4c814a18c04d9ce9
bd1736045bab77cd139d38550cb7f05a31a76ca4bd9ce235f39d9dddb0286d99
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD1736045BAB77CD139D38550CB7F05A31A76CA4BD9CE235F39D9DDDB0286D99"
Last-Modified: Sat, 22 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 23 Oct 2022 16:59:04 GMT
Date: Sun, 23 Oct 2022 10:59:04 GMT
Connection: keep-alive
newsmartphoneoffer.com/en_uk/cfrdg_uk_s
185.128.34.116200 OK 27 kB URL HTTP/1.1 newsmartphoneoffer.com/en_uk/cfrdg_uk_s
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13734)
Hash 96d5be43aa836513fdc98df50d8e1ff0
1c0dc4d33236ad2ea4dbc5d73fa430407c238497
b49dd366b1bc7c8b6f0461a274cc7c5e259501368fe4980908ff94ff2c6dbdcb
Analyzer Verdict Alert fortinet Phishing
GET /en_uk/cfrdg_uk_s HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Sun, 23 Oct 2022 10:59:05 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 11:59:05 GMT; Max-Age=3600; path=/
cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D; expires=Sun, 23-Oct-2022 11:59:05 GMT; Max-Age=3600; path=/; httponly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/styles/main.min.css
185.128.34.116200 OK 1.5 kB URL HTTP/1.1 newsmartphoneoffer.com/styles/main.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (7292)
Hash 7e976ab25ce0cdba109ccf316add43f2
451128b9768b2b3356afdbc7b92b9ec7b4a79dc8
2b9d6fe51d6f1b50e777301cba99b4646860726140c4945cbb17ac314c9ae87e
GET /styles/main.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: text/css
Last-Modified: Thu, 20 Oct 2022 14:26:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63515aac-1c7d"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f300c7986684db5ac06374e1cd551f9d
677d05c614773434f56e6e2ef3d62980ff501d21
39a426ddebdcbd4bd497fc0ddc27dd71dd3ac7c387f56965c186ac7381634225
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6554
Cache-Control: max-age=161488
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Etag: "6354d8b0-117"
Expires: Tue, 25 Oct 2022 07:50:33 GMT
Last-Modified: Sun, 23 Oct 2022 06:01:20 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f300c7986684db5ac06374e1cd551f9d
677d05c614773434f56e6e2ef3d62980ff501d21
39a426ddebdcbd4bd497fc0ddc27dd71dd3ac7c387f56965c186ac7381634225
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6554
Cache-Control: max-age=161488
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Etag: "6354d8b0-117"
Expires: Tue, 25 Oct 2022 07:50:33 GMT
Last-Modified: Sun, 23 Oct 2022 06:01:20 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f300c7986684db5ac06374e1cd551f9d
677d05c614773434f56e6e2ef3d62980ff501d21
39a426ddebdcbd4bd497fc0ddc27dd71dd3ac7c387f56965c186ac7381634225
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2242
Cache-Control: max-age=157177
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Etag: "6354d8b0-117"
Expires: Tue, 25 Oct 2022 06:38:42 GMT
Last-Modified: Sun, 23 Oct 2022 06:01:20 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
djjcyqvteia9v.cloudfront.net/EHawkTalon.js
143.204.42.155200 OK 44 kB URL HTTP/2 djjcyqvteia9v.cloudfront.net/EHawkTalon.js
IP 143.204.42.155:0
File type Unicode text, UTF-8 text, with very long lines (31985)
Hash 94e7b422e861ef1c968c81a21965c22d
148f6107b034ea6275f48c8512b5387d183779db
54234f4ebe24f0a0058c5a4301ba3356fa0e138d3adfa12cac7b144667da104d
GET /EHawkTalon.js HTTP/1.1
Host: djjcyqvteia9v.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 44465
date: Tue, 04 Oct 2022 12:27:24 GMT
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Wed, 29 Jul 2020 14:14:29 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 03 Nov 2022 12:27:24 GMT
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CeCLBrKv7ra0M0OxKypjF5pa_60LybBIqJ528m_ZWGTKLRWOaPiAVg==
age: 1636301
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.3.1.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-3.3.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65451)
Hash d549b312f7a7d228b4ec229a6547dfdc
0766794582ad530ec0f8c2595f741086afffa312
f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:05 GMT
content-encoding: gzip
content-length: 30288
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
accept-ranges: bytes
server: nginx
etag: W/"28feccc0-1538f"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1666522745.dop219.sk1.t,1666522745.cds241.sk1.hn,1666522745.cds217.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 05ee461624e2ec37f65e859afe6543ba
b99dcb558535d3d35d140e730aeeb41587622b30
576b3bf619d0a152889cc44165a229ad0100ccc319cf4d9044b2f26d4b676658
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newsmartphoneoffer.com/vendor/select2/select2.min.css
185.128.34.116200 OK 2.2 kB URL HTTP/1.1 newsmartphoneoffer.com/vendor/select2/select2.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (16263)
Hash bd3ea59ca12635e32402ec20cb196249
b1bfdaba4a00c2932245ff9eabea38016f9c9069
b99f8f79de257275fdbf6a8e0eb4652b0d69429552234b1f444c08ae85000341
GET /vendor/select2/select2.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: text/css
Last-Modified: Thu, 20 Oct 2022 14:30:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63515b88-3f88"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/landing-layouts/s/scripts/script.min.js
185.128.34.116200 OK 8.2 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/scripts/script.min.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (343)
Hash 1348b790efe1eb1a5023fa45a1d4741f
4020614fb4d077cd6c2e9f41f11ad5d2ab95add3
cae9186430625158f3e627e1cc93fea612f3438dacf1c41db92e698c6faebf0d
Analyzer Verdict Alert fortinet Phishing
GET /landing-layouts/s/scripts/script.min.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Oct 2022 14:26:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63515aac-a3ae"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f300c7986684db5ac06374e1cd551f9d
677d05c614773434f56e6e2ef3d62980ff501d21
39a426ddebdcbd4bd497fc0ddc27dd71dd3ac7c387f56965c186ac7381634225
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6554
Cache-Control: max-age=161488
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Etag: "6354d8b0-117"
Expires: Tue, 25 Oct 2022 07:50:33 GMT
Last-Modified: Sun, 23 Oct 2022 06:01:20 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 23 Oct 2022 10:43:40 GMT
Expires: Sun, 23 Oct 2022 11:21:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VwWSEt714pA0_3gbxmzXj9NXqvGmna24O-BDW_SK9B82dfa7UOPheA==
Age: 925
newsmartphoneoffer.com/js/app.js
185.128.34.116200 OK 221 kB URL HTTP/1.1 newsmartphoneoffer.com/js/app.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type Unicode text, UTF-8 text, with very long lines (65473)
Size 221 kB (220768 bytes)
Hash d235fc7e88ed8c8a2db5715cb7159ce4
555b116319d2b7d6d63579262c1ce11368fe7c30
47fb993345484b91f7e07adadf7bf2095e4d9e6e6740321c4d4947beba1219cf
Analyzer Verdict Alert fortinet Phishing
GET /js/app.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Oct 2022 14:30:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63515b87-edd28"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
www.googletagmanager.com/gtag/js?id=UA-129693020-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-129693020-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash cb87c76eb75328f20a95028e05282d59
4f473e9a7a468c585956bd0f027f50e3905e7b54
3339c936a37c77fc8e8c0ae72f258eb5261dc46b4baf1ebea65484fa65f97f10
GET /gtag/js?id=UA-129693020-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 23 Oct 2022 10:59:05 GMT
expires: Sun, 23 Oct 2022 10:59:05 GMT
cache-control: private, max-age=900
last-modified: Sun, 23 Oct 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43588
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
newsmartphoneoffer.com/landing-layouts/s/styles/main.min.css
185.128.34.116200 OK 24 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/styles/main.min.css
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4f853aae6f02b8780a21227b5b9cca0a
1d31712efbc5c0de1a4afaa59e72255f0c279b15
c2b9dde77b04a44b8bac9f1ea4b0d5ee6e40fd12ce7c27dafdc976951e2b837a
GET /landing-layouts/s/styles/main.min.css HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: text/css
Last-Modified: Thu, 20 Oct 2022 14:26:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63515aac-3d15f"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
newsmartphoneoffer.com/images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png
185.128.34.116200 OK 6.1 kB URL HTTP/1.1 newsmartphoneoffer.com/images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 240 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 331f6ba1ae14bb60185d9d2626b3acd5
6b7a5e169052686e441d4909d4a98d60dc157db6
d4769dc58bfeadce09cb4e7e6c0958d6602423d020b36ff0be54b60359689b90
GET /images/0c00e03e-3d13-4505-9829-a0dbbff595b8.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: image/png
Content-Length: 6146
Last-Modified: Thu, 20 Oct 2022 14:26:52 GMT
Connection: keep-alive
ETag: "63515aac-1802"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/landing-layouts/s/images/privacy_img.png
185.128.34.116200 OK 6.6 kB URL HTTP/1.1 newsmartphoneoffer.com/landing-layouts/s/images/privacy_img.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 130 x 130, 8-bit colormap, non-interlaced\012- data
Hash 18d7bc31d40e63b3dd7c886c8bc1f5c2
419d4868455728ae20149170066c6b707de0df5a
13f9001dbfe4dfc8be808e3c382c47172604b1eb540db94e9221a13b7841272f
GET /landing-layouts/s/images/privacy_img.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: image/png
Content-Length: 6553
Last-Modified: Thu, 20 Oct 2022 14:26:52 GMT
Connection: keep-alive
ETag: "63515aac-1999"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 60d5d7cce6c32a6bdaf0d4c92ec93a1a
cd29edee660366b41749cfd206bdc08fb421449c
fb90c4cc44b32e4ca4a7d1533bbf4a2fd5c482dda5d232f1be2334f3cefbbb0e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4076
Cache-Control: max-age=166534
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 09:14:39 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 05ee461624e2ec37f65e859afe6543ba
b99dcb558535d3d35d140e730aeeb41587622b30
576b3bf619d0a152889cc44165a229ad0100ccc319cf4d9044b2f26d4b676658
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ea20460028066b7fba2f10b51d883192
a73b8263a4477aceeda349c7beff7050de9df38b
f933a7ff2c6ec9189ba29fdf09da9125ac59d9c03b4a14e14e9f1b5fa5322b1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
newsmartphoneoffer.com/landings/12911/1_052d1782ffa2210f158e0a17ecd74ee7.png
185.128.34.116200 OK 146 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/12911/1_052d1782ffa2210f158e0a17ecd74ee7.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 662 x 323, 8-bit/color RGBA, non-interlaced\012- data
Size 146 kB (145775 bytes)
Hash dbb078cb95b7327a8e63881a4087889d
d9995a6e72670b04181975338d2a6fff731ee9ef
0c809a6bfe0e04b9fa9e356949e81be649971577f343aceff3c35f0255a2e9a0
GET /landings/12911/1_052d1782ffa2210f158e0a17ecd74ee7.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: image/png
Content-Length: 145775
Last-Modified: Wed, 13 Jul 2022 15:14:40 GMT
Connection: keep-alive
ETag: "62cee160-2396f"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/landings/12910/1_052d1782ffa2210f158e0a17ecd74ee7.png
185.128.34.116200 OK 146 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/12910/1_052d1782ffa2210f158e0a17ecd74ee7.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 662 x 323, 8-bit/color RGBA, non-interlaced\012- data
Size 146 kB (145775 bytes)
Hash dbb078cb95b7327a8e63881a4087889d
d9995a6e72670b04181975338d2a6fff731ee9ef
0c809a6bfe0e04b9fa9e356949e81be649971577f343aceff3c35f0255a2e9a0
GET /landings/12910/1_052d1782ffa2210f158e0a17ecd74ee7.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: image/png
Content-Length: 145775
Last-Modified: Wed, 13 Jul 2022 15:14:40 GMT
Connection: keep-alive
ETag: "62cee160-2396f"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/landings/12912/1_052d1782ffa2210f158e0a17ecd74ee7.png
185.128.34.116200 OK 146 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/12912/1_052d1782ffa2210f158e0a17ecd74ee7.png
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 662 x 323, 8-bit/color RGBA, non-interlaced\012- data
Size 146 kB (145775 bytes)
Hash dbb078cb95b7327a8e63881a4087889d
d9995a6e72670b04181975338d2a6fff731ee9ef
0c809a6bfe0e04b9fa9e356949e81be649971577f343aceff3c35f0255a2e9a0
GET /landings/12912/1_052d1782ffa2210f158e0a17ecd74ee7.png HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: image/png
Content-Length: 145775
Last-Modified: Wed, 13 Jul 2022 15:14:40 GMT
Connection: keep-alive
ETag: "62cee160-2396f"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900
142.250.74.10200 OK 1.6 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900
IP 142.250.74.10:0
Hash 6a49b149d0ac62a3e8411b1c939d26d9
0f6332878d151c1b3e0201da2c317a76ba8b5118
7b7b173016b5244d0e53da7890d77b14ecf4e66ed86e1f2bc3fd9a9aa623023f
GET /css?family=Montserrat:300,400,600|Open+Sans:300,500,600,700|Poppins:300,400,500,600,700,800,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 23 Oct 2022 10:59:05 GMT
date: Sun, 23 Oct 2022 10:59:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
newsmartphoneoffer.com/landings/12909/3_fbff53cfbd86681714d7205a1375ade3.jpg
185.128.34.116200 OK 81 kB URL HTTP/1.1 newsmartphoneoffer.com/landings/12909/3_fbff53cfbd86681714d7205a1375ade3.jpg
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", baseline, precision 8, 1920x1080, components 3\012- data
Hash e9a827e77ed69382e89a9322b1bec43c
b47d8c130f03eeb5973a8829c88bf7660a175bba
0d78aa21994f0a2dee498b4a52bf9e4ce7a0d952e8221fde9d6d1d5b0b2431d9
GET /landings/12909/3_fbff53cfbd86681714d7205a1375ade3.jpg HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: image/jpeg
Content-Length: 81324
Last-Modified: Wed, 13 Jul 2022 15:14:40 GMT
Connection: keep-alive
ETag: "62cee160-13dac"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/fonts/Oswald-Heavy/Oswald-Heavy.woff2
185.128.34.116200 OK 31 kB URL HTTP/1.1 newsmartphoneoffer.com/fonts/Oswald-Heavy/Oswald-Heavy.woff2
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash e3c37af374909525ba2e3462bc05540f
127ea8601da9fb256c39c30b3b726f4e37e2df52
33405d243b1d6b59763f933848f7d90ac96b0f820f560ca5f4e37e5dd7bfd261
Analyzer Verdict Alert fortinet Phishing
GET /fonts/Oswald-Heavy/Oswald-Heavy.woff2 HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:05 GMT
Content-Type: application/octet-stream
Content-Length: 30928
Last-Modified: Thu, 20 Oct 2022 14:26:52 GMT
Connection: keep-alive
ETag: "63515aac-78d0"
Expires: Sun, 30 Oct 2022 10:59:05 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.11.207200 OK 21 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (65371)
Hash e8d8aa961a1ea417af46d32fd5057069
82555c33c8d5eb1164333269eb59afef485618e3
e5224959c3de67f2e92501614b6ede35456c7554a87fcdb9c90b427c0da6dfbc
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:05 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 14633082
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 75e9f615bca21c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 9f84a11cd39c014fffc187f2a8b0d8df
1875e117dec3fc707db902e87df9ec691b2cc763
bf0c0ac413147f09128a7af625499402eea897c3efad12828347efaba9b9d3a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Oct 2022 05:42:51 GMT
expires: Fri, 20 Oct 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 278174
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 9f84a11cd39c014fffc187f2a8b0d8df
1875e117dec3fc707db902e87df9ec691b2cc763
bf0c0ac413147f09128a7af625499402eea897c3efad12828347efaba9b9d3a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 23 Oct 2022 10:41:09 GMT
expires: Sun, 23 Oct 2022 12:41:09 GMT
cache-control: public, max-age=7200
age: 1076
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
newsmartphoneoffer.com/en_uk/images/icons/favicon.ico
185.128.34.116404 Not Found 2.1 kB URL HTTP/1.1 newsmartphoneoffer.com/en_uk/images/icons/favicon.ico
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Hash e881f8e66a93d0960ba6fad410094769
7f1bd10fd60815735fad95387ecaed0cfaf3b287
b43a9db67408b4398f147b571163d5b272af8c46eb4dca9f1bc2be44a6ded26d
GET /en_uk/images/icons/favicon.ico HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newsmartphoneoffer.com/en_uk/cfrdg_uk_s
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
date: Sun, 23 Oct 2022 10:59:05 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
push.services.mozilla.com/
44.240.140.78101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.140.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: A4JLkX4TOLR5wv/3HSBwMw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OlgLbZALHjYRF480fhQjqYdibHQ=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f326cd9084e7077d1919f0f6669471e0
759685353a5c459f49ac0420aebe4ac0418cf840
d31a3d857f431d306c054ad57172646e999ae0acc6d53f634ba7dd6a7134c139
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D31A3D857F431D306C054AD57172646E999AE0ACC6D53F634BA7DD6A7134C139"
Last-Modified: Sat, 22 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Sun, 23 Oct 2022 16:58:44 GMT
Date: Sun, 23 Oct 2022 10:59:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e082919080a1a229ac3eec9b7b857933
a5847abc620bd00e87afda17746b0a590e0c9464
ca7fa279357206e9e419d5b80281cc14bc5666b20ef262560dea86d31132c729
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129693020-1&cid=1848940118.1666522762&jid=1531464818&gjid=1717954822&_gid=1741641066.1666522762&_u=aGBAAUACQAAAACAAI~&z=1312744583
173.194.222.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129693020-1&cid=1848940118.1666522762&jid=1531464818&gjid=1717954822&_gid=1741641066.1666522762&_u=aGBAAUACQAAAACAAI~&z=1312744583
IP 173.194.222.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129693020-1&cid=1848940118.1666522762&jid=1531464818&gjid=1717954822&_gid=1741641066.1666522762&_u=aGBAAUACQAAAACAAI~&z=1312744583 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://newsmartphoneoffer.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 23 Oct 2022 10:59:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
productsgiveaway-uk-342.com/en_uk/tr_cfrdg_uk_s?affid=preview
185.128.34.117200 OK 30 kB URL HTTP/1.1 productsgiveaway-uk-342.com/en_uk/tr_cfrdg_uk_s?affid=preview
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type ASCII text, with very long lines (10300)
Hash 78c6aa0ccef3705819ae8e6ede5a8be4
a85826ae223267ba563b2593cc0ed636003d923a
6ad1d8a19920cb86c1977af28e5d3f56046835b33ff67ddade5304c630e1904f
GET /en_uk/tr_cfrdg_uk_s?affid=preview HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: https://newsmartphoneoffer.com
Set-Cookie: advanced-frontend=ounjktbv6vbf1n771rn399592j; path=/; HttpOnly
visitId=e27bbfe6ba37a07fe61b20616db1093b6eaa3c20e635d45bc6c83da15a7d7011a%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22visitId%22%3Bi%3A1%3Bs%3A32%3A%22968fca62d19d1eeccbe40e407f11af8b%22%3B%7D; expires=Tue, 22-Nov-2022 10:59:06 GMT; Max-Age=2592000; path=/; HttpOnly
_csrf-frontend=8499df159b82490243eda35d78455c36f7942e9d2ac288803931e1c4af5d3e46a%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22JM1ccYsbEYEWC1GvNJzCOHXOTPp-WKc0%22%3B%7D; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e082919080a1a229ac3eec9b7b857933
a5847abc620bd00e87afda17746b0a590e0c9464
ca7fa279357206e9e419d5b80281cc14bc5666b20ef262560dea86d31132c729
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 10:59:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
productsgiveaway-uk-342.com/sponsor?externalId=968fca62d19d1eeccbe40e407f11af8b
185.128.34.117200 OK 4.7 kB URL HTTP/1.1 productsgiveaway-uk-342.com/sponsor?externalId=968fca62d19d1eeccbe40e407f11af8b
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type JSON data\012- HTML document, ASCII text, with very long lines (29278), with no line terminators
Hash 94307af810e043bae774204280bee442
04a4621d0376c4efa03e8966e40fbc1d212a3449
0b8c057cabde5811882972fd9a2c326a11d764946d64bbedc4eb7f1129edd34f
GET /sponsor?externalId=968fca62d19d1eeccbe40e407f11af8b HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:06 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: https://newsmartphoneoffer.com
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
productsgiveaway-uk-342.com/images/placeholder.png
185.128.34.117200 OK 30 kB URL HTTP/1.1 productsgiveaway-uk-342.com/images/placeholder.png
IP 185.128.34.117:0
ASN #29396 Eurofiber Nederland BV
File type PNG image data, 2400 x 2400, 8-bit grayscale, non-interlaced\012- data
Hash efecd9d40367ec0d16517eccd2131f51
f62fb8a662c331a24c8f6ad67bdd9c80501b3ea5
93453aeb09ee83e223ec77a93aab60cbcf79be3436401817b49bf11093e6adc1
GET /images/placeholder.png HTTP/1.1
Host: productsgiveaway-uk-342.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:06 GMT
Content-Type: image/png
Content-Length: 30255
Last-Modified: Thu, 20 Oct 2022 12:24:18 GMT
Connection: keep-alive
ETag: "63513df2-762f"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Accept-Ranges: bytes
newsmartphoneoffer.com/service-worker.js
185.128.34.116200 OK 170 B URL HTTP/1.1 newsmartphoneoffer.com/service-worker.js
IP 185.128.34.116:0
ASN #29396 Eurofiber Nederland BV
Hash 6dc9aad8c0a0f0f17a0dd110ab15af19
3f8b295142373a5170b66a6b77f276e9b3e3f9e1
20095487f19c6e5482093159c3f020846dd7f3878ee426b11772ef7cf5a03be5
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: newsmartphoneoffer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkhWSVdWS0ZPUERyNG1Yd2U1SUJkdnc9PSIsInZhbHVlIjoibHVvSTNpNmYxb1l2eEVmWXkwRHI0MjJYaHRGWTNLR3AxbEl6MG9KcnFFQnNPcjZEZHdHaFVFVDFXSkFmZ1QrSXd2bDMreGF5RkdBbTFuSmtGcm9mWGR5UUREQ2x3bWRYRjV1ekxBby9tVXVESndJY3JrVElqZnA4MXlTRWtCdksiLCJtYWMiOiI5ZmYyZTE3OGRkNjk3ZDA4ZDAxNTk1ZDlkZDRlMmUzMjMyOGFmNDYzYjhiYmRmYTU2NTRlNDRiMmI5ZjRhZGM2IiwidGFnIjoiIn0%3D; cors_session=eyJpdiI6IlF6UVZpdmYrOWplWFY3VndJT0EzYmc9PSIsInZhbHVlIjoid3JuZXZXRlFUQ2M3cTQyVlNyRlpSdDd5R0J2bVlscE91eDMyRS9hcTFEUm9TblN1NCs2aFlyeExRVUVWK0EvWjVtcm1FNElnM3p1U1RUejRQdUtjWVNpZUVLOXlRM1h5bnNwVktkcCtGV0xxN1dHWmFyMWNNUzlPU1I2SlYzUFgiLCJtYWMiOiIxNTRlZDI2OTc5Mjk5YWNmZWZkY2JmODM1MGIwMjcyM2I1NmE4NTQ4YTEwZDBiMzRmMjQ4NmZkNzczOWNlNmExIiwidGFnIjoiIn0%3D; _ga=GA1.2.1848940118.1666522762; _gid=GA1.2.1741641066.1666522762; _gat_gtag_UA_129693020_1=1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 10:59:06 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Oct 2022 14:26:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63515aac-10c"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3f9f54043eabf5d28640c0f64cbaf38c
8559c1bd4178e983f98dddcc32dc2a37ed372de9
c8a9b257d364a96ef6c40c6a277ff6984a9a31c6bb0272df99a88aa1cb99464c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=142832
Date: Sun, 23 Oct 2022 10:59:06 GMT
Etag: "63549c17-1d7"
Expires: Tue, 25 Oct 2022 02:39:38 GMT
Last-Modified: Sun, 23 Oct 2022 01:42:47 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wKMwqQIn7JzZPzTkRGMOL1Kw6FmMmbC2vngDdCxFCFNPD3vpVyHwrQ==
Age: 3411
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3f9f54043eabf5d28640c0f64cbaf38c
8559c1bd4178e983f98dddcc32dc2a37ed372de9
c8a9b257d364a96ef6c40c6a277ff6984a9a31c6bb0272df99a88aa1cb99464c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=142890
Date: Sun, 23 Oct 2022 10:59:06 GMT
Etag: "63549c17-1d7"
Expires: Tue, 25 Oct 2022 02:40:36 GMT
Last-Modified: Sun, 23 Oct 2022 01:42:47 GMT
Server: ECS (dcb/7EA7)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1CLBwlpPcb5D43wbUAHvfcup1j7PwT54LMdN4_BcE2LIxtwqhtKPrw==
Age: 3469
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3f9f54043eabf5d28640c0f64cbaf38c
8559c1bd4178e983f98dddcc32dc2a37ed372de9
c8a9b257d364a96ef6c40c6a277ff6984a9a31c6bb0272df99a88aa1cb99464c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=144440
Date: Sun, 23 Oct 2022 10:59:06 GMT
Etag: "63549c17-1d7"
Expires: Tue, 25 Oct 2022 03:06:26 GMT
Last-Modified: Sun, 23 Oct 2022 01:42:47 GMT
Server: ECS (dcb/7EEB)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kRgrHSmpzCHMgfXhkIu83o2Dwb-I8mXhJxTWMMoWtlLvszArQnYuYg==
Age: 5019
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9da84119ecf829987c3622a2316d57e
c40dbc65e168fdf7c6e99cbdf70202eb7af0e0fc
780470d10dafdfe787e229001b6458164607a5c1f87c6258cde957deda5537b7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "780470D10DAFDFE787E229001B6458164607A5C1F87C6258CDE957DEDA5537B7"
Last-Modified: Sun, 23 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11371
Expires: Sun, 23 Oct 2022 14:08:37 GMT
Date: Sun, 23 Oct 2022 10:59:06 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3f9f54043eabf5d28640c0f64cbaf38c
8559c1bd4178e983f98dddcc32dc2a37ed372de9
c8a9b257d364a96ef6c40c6a277ff6984a9a31c6bb0272df99a88aa1cb99464c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139421
Date: Sun, 23 Oct 2022 10:59:06 GMT
Etag: "63549c17-1d7"
Expires: Tue, 25 Oct 2022 01:42:47 GMT
Last-Modified: Sun, 23 Oct 2022 01:42:47 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Qs-iU-cb39MDd1mMtst-HOeZq7j2_Ej218a2yRKsX6vdnhQkbE_DXA==
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3f9f54043eabf5d28640c0f64cbaf38c
8559c1bd4178e983f98dddcc32dc2a37ed372de9
c8a9b257d364a96ef6c40c6a277ff6984a9a31c6bb0272df99a88aa1cb99464c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139421
Date: Sun, 23 Oct 2022 10:59:06 GMT
Etag: "63549c17-1d7"
Expires: Tue, 25 Oct 2022 01:42:47 GMT
Last-Modified: Sun, 23 Oct 2022 01:42:47 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rhaLcrEqQoymdPTWMQZC1mO23fKAxu2g-68Jj14dpoOnBvEyIMdDWQ==
trk-consulatu.com/scripts/ext/script/48epx4xd5x?url=newsmartphoneoffer.com
172.64.168.3200 OK 6.2 kB URL HTTP/2 trk-consulatu.com/scripts/ext/script/48epx4xd5x?url=newsmartphoneoffer.com
IP 172.64.168.3:0
File type ASCII text, with very long lines (7241)
Hash 138e5c7ebf70ef2a158c82f6ff81683f
9e3984b5c6d2bd7216c2535fabed73439fbab745
e18043906d2759bb38d3c46b0927468f0e52e15331719d316ee38f68255ac890
GET /scripts/ext/script/48epx4xd5x?url=newsmartphoneoffer.com HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:06 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=60G%2Fg8plX%2BO62Qv2EfObh7CCw7c5lgL4l2zYgjo50I2392WlO5khoH1FkVLVeKhuB8pUfmZg0mpkJNyx%2BhVDdl8IWJCwh0Rl6I8gGhNjHg%2Fr8HK99Mznakkx1b2tCfFvh4pqzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e9f61dc93f76f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7706
Expires: Sun, 23 Oct 2022 13:07:33 GMT
Date: Sun, 23 Oct 2022 10:59:07 GMT
Connection: keep-alive
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://newsmartphoneoffer.com/
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:07 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sx2nrvie03b1wPlCGnyIKcSbFJVeoWxXQlJC%2FWrg9M5PmjEb7TVAwiUPmoJI%2Fncv35GeA8zln8AwXzcqpNF6m%2BPzb9uPI4ZwOBIYCCNrIYii%2FTSUoJl7Ojc8Z6bpou1WJ8oiCXO4AaqZPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e9f62048cf779d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5b4f416ee10b3.jpg?size=300
54.230.111.76200 OK 5.1 kB URL HTTP/2 cdn.cloudcnt.com/content/image/5b4f416ee10b3.jpg?size=300
IP 54.230.111.76:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 177x117, components 3\012- data
Hash 4cc583ce1e5c37d73c064bad5de7ab64
7f1ce381726710d7044ced63c32e8e965816d4b3
c2d3826dd37aaf6dfcc735ab9cbbd31e325ee1d5e2e06a9168b2ffdc4b30b324
GET /content/image/5b4f416ee10b3.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Sat, 22 Oct 2022 04:21:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3NjN0LDCnR5g2PxcwkQCRORN-tYS9hokADUAMSvBjihfiTX6WaCcVg==
age: 110275
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7706
Expires: Sun, 23 Oct 2022 13:07:33 GMT
Date: Sun, 23 Oct 2022 10:59:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7706
Expires: Sun, 23 Oct 2022 13:07:33 GMT
Date: Sun, 23 Oct 2022 10:59:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bed49abb7a64c9f0717ac283b30bff8b
0f9e4ab8e7ceff21752ea83a243431fc4c78a4e3
ddb5ed6e7b818593ac9819be0a8d376e26ef3b45b417f00ce1d7dbee47465bec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4746
x-amzn-requestid: fa85cf46-7cea-439e-92d5-db3875ff4479
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aIQpNFk5IAMF16Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634cc7d4-245cdd691d0c415d508421ce;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 03:11:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _-h7oz6Zv1P40jltqN71dpyrUJG_HzVJS8gKby0vgdkaNJ4ljXUwCg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 15:25:14 GMT
age: 70433
etag: "0f9e4ab8e7ceff21752ea83a243431fc4c78a4e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd19113d-c1df-4109-b7c9-1d4ed544d9d8.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd19113d-c1df-4109-b7c9-1d4ed544d9d8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97e9c05ece38dedeaa752c612029c78d
715f72710799f828e2c06932c33919d8f23844f5
29408c0bd34660a836f59a7abb61c7c2b1f864b31194787ddf4d178314184b96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd19113d-c1df-4109-b7c9-1d4ed544d9d8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8639
x-amzn-requestid: e598ff88-e152-4b9e-af16-aa30dcf452a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-m5HlMoAMFvjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353115f-7f17a59522afc40e64ac216d;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: b760bBSu62p--j9lUv-AHR8xZKOPskf1LmXb-lJ_DSiM8k_usKOmwA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 22:01:36 GMT
age: 46651
etag: "715f72710799f828e2c06932c33919d8f23844f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7a675ac-f55a-4071-867b-fffb2f9fabed.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7a675ac-f55a-4071-867b-fffb2f9fabed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4df9a6ab2e2874f46f9a26da129ae848
c4c9898711e33fb02374657dd18df8a41c78b4cb
e287d1b63e7644767f573e248f28ee610b2625691e5d42006c0595f7281a07d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7a675ac-f55a-4071-867b-fffb2f9fabed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7762
x-amzn-requestid: 5c275a39-95dc-4329-9483-44ca93719be2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aO1dKGS5oAMFR3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634f6920-2b700b217832bcd257e0f619;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 03:04:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ShsGMLBfS7cs-LpXBQPQHWvf2ppuoPPIEVMDmaEjrGgoSHbz2z03Mg==
via: 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 15:16:26 GMT
age: 70961
etag: "c4c9898711e33fb02374657dd18df8a41c78b4cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0856e94c-65e7-489a-95b5-cc37407bf90f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0856e94c-65e7-489a-95b5-cc37407bf90f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 208445a6f07a7259b8a420c062a81998
50d9f1642c3c47504fb2d4086a40ae8fb9479b50
607a81c5d0210faaa103d09fba1e0b9dde333c5142969272b0b5351a779acfa4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0856e94c-65e7-489a-95b5-cc37407bf90f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12031
x-amzn-requestid: 38ca5b87-35e4-46d5-aa1a-15433660ab86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aZGifEXzIAMFdHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63538476-6c2e5d980616d50c0ef8698a;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 05:49:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DpE5uiagdaNLvVqbkou7bVNaLYPZ9vhYawucSE36lWIp65bga3gN2w==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 08:04:17 GMT
age: 10490
etag: "50d9f1642c3c47504fb2d4086a40ae8fb9479b50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d707e0f-487e-4d60-9095-919220ac939a.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d707e0f-487e-4d60-9095-919220ac939a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ae6442b63de1e40cf33df80434401ad
e9b1889e93d17e11aec51d610b38cbea22937eb3
5caa6653896a6444c22f4b560de7df98be23c1b97d8dbc950095a53fc778ab35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d707e0f-487e-4d60-9095-919220ac939a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5702
x-amzn-requestid: f59514ec-7e53-4f36-a8c2-3db852d24681
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aO4E_F4ooAMF7Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634f6d52-45f71e5f22c0e7377e3b5f44;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 03:21:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1Sn7fE5z70r_tFKM7m8FsxwlFIodu16WI2se84ar1XjzZJnQSng5Pg==
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 09:19:49 GMT
age: 5958
etag: "e9b1889e93d17e11aec51d610b38cbea22937eb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf1513b5-a33f-4b0d-b92b-c82ad8141527.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf1513b5-a33f-4b0d-b92b-c82ad8141527.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5cf985ceb648df52d3cf5eb47c7705bc
8b0c5f567e25d9bf54263bb3c60b12db225feb81
9c8551a2d891562e12b9a30966dbd9221a041669db0cbb4395d6fa56791ef0dc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf1513b5-a33f-4b0d-b92b-c82ad8141527.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8631
x-amzn-requestid: 536a4908-2fd7-4544-9159-ec2acc55a2bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abRJZH2zoAMFYvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6354623b-4d76adc023701d0228f951d1;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:35:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AvTOiWu0BF1Bxb5m_FlJhMqpgoNbJjUfTnZhZePfjqRCL5XVJEglpg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:43:36 GMT
age: 47731
etag: "8b0c5f567e25d9bf54263bb3c60b12db225feb81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://newsmartphoneoffer.com
Content-Length: 109
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:07 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWE2UqS4NNffvZSOI7o5R0lJmOCSgevpmOp0i1k55j4c7pjFl4C3dYZTvb5fZ9j1rqbhKvYObkmAw9sPr%2FrPWkMBaAp2MS1aBdyiS%2BFz5a0S0D7LmWENrLD%2BxujVpbTcsyMzonKxD36TXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e9f620d9cb779d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/4og3r318g3
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/4og3r318g3
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/4og3r318g3 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://newsmartphoneoffer.com
Content-Length: 148
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:07 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://newsmartphoneoffer.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IjgcZ7GjS1K4Gxv%2FfUoAFKo4cc1S%2B736M3%2BifyTe0pZlGp8Tsuc7UtXjnz3biSB%2BUk6fldACyQoHWBxG9bo8aevf1MdEgV5R3GNsMD8P7jVvPg15CcxAWj%2FelOnkEjNM1u4GM5xlrBqfCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e9f6210a1a779d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa49c383b-3fcb-4fc7-a0a7-10e7a2322d2b.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa49c383b-3fcb-4fc7-a0a7-10e7a2322d2b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e0e50c7b6a4d5bdc281cdfebd2e7d5
0ac9f7c724d72f089bd0d1718700d48c7b6baa24
fe21a319ef6970a6f17cad14a7d3bec5d36272c7473bda48a11be5be0ab9d6af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa49c383b-3fcb-4fc7-a0a7-10e7a2322d2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6277
x-amzn-requestid: 2a9f1d03-5f45-4464-882a-3da1cc86dae0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abRJZGAyoAMF12Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6354623b-1ed9e96a38b77b1464ebbfb6;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:35:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 375U2lwL43-vA_rAbMF4dd04YeJPIOEYJYodcRehXI7wGeUeFYRjGg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:58:51 GMT
age: 46822
etag: "0ac9f7c724d72f089bd0d1718700d48c7b6baa24"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fstrk.net/api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js
143.204.55.125200 OK 0 B URL HTTP/2 fstrk.net/api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js
IP 143.204.55.125:0
GET /api/tracker/a48564053b3c7b54800246348c7fa4a0/landing.js HTTP/1.1
Host: fstrk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 15 Jun 2022 07:40:15 GMT
last-modified: Thu, 01 Apr 2021 12:27:02 GMT
etag: W/"9abf9e75ee4858e2302cc352a93a131f"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1ENNJw8jGmeIPuEgaqjlvNEM0aQeNRKncTpcJhZtKyse8Ve6nUt-Zw==
age: 11243932
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com
172.64.168.3200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com
IP 172.64.168.3:0
GET /scripts/push/script/48epx4xd5x?url=newsmartphoneoffer.com HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:06 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lacwshVw%2FsFPPsiI0PHy3hz2NxOSvSskJSAq%2FRtR7zLCwXtLDJIA6S0zBQ%2BDJBpi0d0bcgTFkKiEA5iNouKsOb%2BZO0ttQZS0zagX1e75p6vt6mwA6KBpadY%2FFO9krcdHhbbx1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e9f61c9ebb76f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/602bc70b48ff9.jpg?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/602bc70b48ff9.jpg?size=300
IP 54.230.111.76:0
GET /content/image/602bc70b48ff9.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Sat, 22 Oct 2022 04:21:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EWxzb8BZh1aarizeNS3VbruAwBmrosGD2ONZrhgMVNtM97UEY74GYw==
age: 110275
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5b753b0f22993.jpg?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5b753b0f22993.jpg?size=300
IP 54.230.111.76:0
GET /content/image/5b753b0f22993.jpg?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/JPEG
server: nginx
date: Fri, 21 Oct 2022 05:43:32 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yuXPRXd-7Zky-WhHkqMdh-aHWsFCJLuuaZzQnw9kCICzJY02Gtdrxg==
age: 191734
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5c1cfaf6a3c67.png?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5c1cfaf6a3c67.png?size=300
IP 54.230.111.76:0
GET /content/image/5c1cfaf6a3c67.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Sun, 23 Oct 2022 04:58:39 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YvR7ynzfo-2GNQnc1QVWu-az6K--wCpLL-lXmJnBOaLdyWCgugyJOw==
age: 21627
X-Firefox-Spdy: h2
click.fstrk.net/a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=cfrdg_uk_s&fs_sub_id=null&fs_transaction_id=968fca62d19d1eeccbe40e407f11af8b&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1666523193834
35.190.210.193200 OK 0 B URL HTTP/2 click.fstrk.net/a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=cfrdg_uk_s&fs_sub_id=null&fs_transaction_id=968fca62d19d1eeccbe40e407f11af8b&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1666523193834
IP 35.190.210.193:0
GET /a48564053b3c7b54800246348c7fa4a0/track?http_click_referer=&fingerprint=f37eb7409fe3a4f4f6cf7a3b68fb3a76&fs_affiliate=null&fs_partner=Green%20Flamingo&fs_product=cfrdg_uk_s&fs_sub_id=null&fs_transaction_id=968fca62d19d1eeccbe40e407f11af8b&fs_secure_code=f186bb3a5621d1823bde510d192fdf1b&callback=jsonp1666523193834 HTTP/1.1
Host: click.fstrk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.1
date: Sun, 23 Oct 2022 10:59:06 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
set-cookie: fs_cr=1666522746000; Path=/; Domain=fstrk.net
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/5d8dd415ec4fa.png?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/5d8dd415ec4fa.png?size=300
IP 54.230.111.76:0
GET /content/image/5d8dd415ec4fa.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Sat, 22 Oct 2022 04:21:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: i7rBJtP5WHdHqyYu3HmrsznVPgQsYJJ3ewLBui0_0F7UvjSv2RN3sw==
age: 110275
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:05 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 722, 617
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 2021-03-10 20:26:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 121d365db7a9aba3915641185d93b963
cdn-cache: HIT
cf-cache-status: HIT
age: 15833552
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 75e9f615cca41c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://newsmartphoneoffer.com
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 23 Oct 2022 10:59:05 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 08/20/2022 02:31:21
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 756
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 1c21528a99edc1d166b23315116ef42e
cdn-cache: HIT
cf-cache-status: HIT
age: 55527
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 75e9f615ca84b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudcnt.com/content/image/605d9d6a66c60.png?size=300
54.230.111.76200 OK 0 B URL HTTP/2 cdn.cloudcnt.com/content/image/605d9d6a66c60.png?size=300
IP 54.230.111.76:0
GET /content/image/605d9d6a66c60.png?size=300 HTTP/1.1
Host: cdn.cloudcnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newsmartphoneoffer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/PNG
server: nginx
date: Sun, 23 Oct 2022 04:58:39 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=259200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SJkRrpF4TF7ZDAfbI56fXZ3UYM__ohmP8WOGfsfcIDH4Y3Ca0lre6g==
age: 21627
X-Firefox-Spdy: h2