997.novitrk4.com/smartlink?mongo_id=6321062cb3f62c54250f96fd&mongo_grouped_id=6320fe796eb6cf520c52fe72&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
188.240.52.20302 Found 718 B URL HTTP/1.1 997.novitrk4.com/smartlink?mongo_id=6321062cb3f62c54250f96fd&mongo_grouped_id=6320fe796eb6cf520c52fe72&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
IP 188.240.52.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f3ea67c44658c0d964b4a98b3d00e483
0395318947e80bba20ea25494120c48d2d0ddec8
fac5dd1ca26e80bb82ae5cde837d2588bc6a2e8144068ae927100ec83dc0c342
GET /smartlink?mongo_id=6321062cb3f62c54250f96fd&mongo_grouped_id=6320fe796eb6cf520c52fe72&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript HTTP/1.1
Host: 997.novitrk4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Tue, 13 Sep 2022 22:37:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
Location: https://997.novitrk4.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjltM3dXV1lOaTQwYU5sMTFuR09sdkE9PSIsInZhbHVlIjoiZFM1MmdrQWNSVW0xdmRFZ1hqdEN5NkREb3FncHhDRlRoYldDeGFIeER3QW9HTE1YRHcvMEx5dm1iaVBEaUpTMU5UelNucnU4SEVRS1FrQ2hjNlk4RkIrMzdzUDdweW4ydkFrQVVzQ0xoUEU3blBzREtkYThJQXVtcU9PWDdQeFIiLCJtYWMiOiJiYWUxZWEwMzY1NDM5ZjNiYTE5MjU5ZDdmMTMyYjRlNWRmYjQyMDMzYjBlMGViN2UwYmY0Y2UxNzNhOTE4OWYwIiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:42 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjJJYUtsNmJacXo5ZDlGNFVLNlNIVnc9PSIsInZhbHVlIjoieThjWSt0R09XeWk1OGppUHFtN1pRWGh0SVR6cHJ1dFBDY2x4SHR6UThOa3I2eExYVHRHMk8zWmdPc0h3N1kzaERHRzZxZVlrT05RWnRkbUoyVmNqU0Jvd21maTBoMFlRYTdBOURJd2R6NFUxR2xndlFCZ055MXJpN2orbzV6NHEiLCJtYWMiOiJjYTg2OTg3MDhiODllMGRiZjZkNzEwN2QzMGJhNWQyMjM2NjZmNGY2M2FiMjc3MmI3YzU4MzYxZWEwNGE5N2U2IiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 13 Sep 2022 22:09:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6xIaRQZHu4FAXnJqHTetQtCZic4yEOZiZW-9JZ9KmX3BYs9r-L7Kfw==
Age: 1712
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7977
Expires: Wed, 14 Sep 2022 00:50:39 GMT
Date: Tue, 13 Sep 2022 22:37:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 13 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DdFtkH4YQxg57pDjuFnqio9MtI7Ut_VA_hAdZ1kFXbSDi6TJTIZ2Og==
age: 64948
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 22:37:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 13 Sep 2022 22:03:22 GMT
Expires: Tue, 13 Sep 2022 22:53:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vnvaViTuyrzylfJELbWAlJmY1P0rO-lOlgVj_4jdWa4fY47mx-BZ_w==
Age: 2060
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e96dbe1b54932c8f447bbbfc9d31cfb0
b15d4a54fbdf95b0af8bd34b6f8ef03055eef0cd
427326963ac1ef6ddeeaf52ab07807c694b82effa6111671ada8270b1faecdae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2447
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 22:37:42 GMT
Last-Modified: Tue, 13 Sep 2022 21:56:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.6.128101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.6.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ieMiInxWjkdw+Om7u72yuw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VFlQBRM7WoPn5O2gSVE3axrpgXw=
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142997317296062484&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
51.68.82.147200 OK 5.2 kB URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142997317296062484&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84
IP 51.68.82.147:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3760)
Hash cda0f42d78e3c517e46b3d700ee5f4ee
48ea70b5d99e3006a7c5f04da522a862e032d551
66a77aea7e79a64c35b734af139cb36e4d18edc843052e4c35cd5d859cbbd114
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142997317296062484&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84 HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 22:37:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
m.news-page.net/proc.php?4cab4a35191a8db6db58274734c5fc83b7cc6c3a
99.198.108.195200 OK 1.6 kB URL HTTP/2 m.news-page.net/proc.php?4cab4a35191a8db6db58274734c5fc83b7cc6c3a
IP 99.198.108.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3620), with no line terminators
Hash 31f2f8a7b4f0185b8d1c441449136201
ee10b8bab1e6e56634c022f9d46a27d85a08edcf
5b3b28e0e48b2b37417ba6ecb3af163abf110cab9528fd0b8eb0e0a3374a4140
GET /proc.php?4cab4a35191a8db6db58274734c5fc83b7cc6c3a HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_term=7142997317296062484&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
Cookie: u=ab1fe27a84e1800f48e05b1d07d42b82
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 22:37:43 GMT
content-type: text/html; charset=UTF-8
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142997317296062484&website=4472-bfdf314f-6f01772b&placement=4472
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142997317296062484&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.5662837036740809&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
51.68.82.147302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142997317296062484&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.5662837036740809&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
IP 51.68.82.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142997317296062484&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b280b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b84&eyeg=3&eyer=0.5662837036740809&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 13 Sep 2022 22:37:43 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000cf7ca3ba7fdf682df5a29c3745662c870913-202209-flb*5467509-4538f*M7142997317296062484*sl_5467509-4538f*9c52597508ac39dceb29b9e4e4d284f7de2dc450*4472-bfdf314f-6f01772b*4472
www.wewillserv.com/favicon.ico
51.68.82.147204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.82.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Tue, 13 Sep 2022 22:37:44 GMT
Connection: keep-alive
997.novitrk4.com/smartlink?mongo_id=63210636f977d13216499c10&mongo_grouped_id=63210633f977d13216499c0f&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D902949680%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6OTc3LCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjM4fQ==&js=1
188.240.52.20302 Found 2.6 kB URL HTTP/2 997.novitrk4.com/smartlink?mongo_id=63210636f977d13216499c10&mongo_grouped_id=63210633f977d13216499c0f&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D902949680%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6OTc3LCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjM4fQ==&js=1
IP 188.240.52.20:0
Hash 7b8ba46ff63b08a3640a46991e775d91
55c1cb45243b9eb851e2e4d04993b4387e57f854
3a05d2fd021c16e519e23cb0dde49a54ce3c78840fd8bdf442b17424bbed7ecd
GET /smartlink?mongo_id=63210636f977d13216499c10&mongo_grouped_id=63210633f977d13216499c0f&redirect_url=https%3A%2F%2Fm.news-page.net%2F%3Futm_medium%3D98774ae3068a24906aeee5af1282751e21ca5683%26utm_campaign%3Dmainstream_np%261%3D3%262%3D%7Bsubid%7D%26cid%3D902949680%26np%3D1&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6OTc3LCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjM4fQ==&js=1 HTTP/1.1
Host: 997.novitrk4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjFLSmE3TnJqcmh3c2lNdnYxK1ZGUmc9PSIsInZhbHVlIjoiU2tCeUlpZ3o1Z29ERjJ3Q2FKcnZZYlBDRWtiQ2orNng1enI0Rk01ekxrV2YzRWdkSm8rdWl3cUhaQ0Jnekk5N2Rod2xNbnpSSXV5R2xjeDN6OWZCVDduVlJ1NzJuZzhsNzlPQnBZdWlJdHpGWUhncys4TE4zVzYxTTJXdmpvYmMiLCJtYWMiOiI1ZWYxZGJmMTE5NTMwOTliYjZhMzAyNTRiMjllMjYzNmQyMTRhM2I5ZGViNzE5NGYzNWFmYTI0OWI1MjEwNmIwIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ik5ES3pENk9neWo0UEtBU2NTTVlNZVE9PSIsInZhbHVlIjoiSmUyeW44RHo5RE5iUXpvNXU0anBJWGVUMzdGdlVuNWNaQ29GTE9uVy9UNzUvRFRPTW83T0lSUXlSdm1PWURkaEl6QVdtTklyUnlQdmZkc3dqc2RJME9NRU4yVTJhdStyNmtrRklTbVBEcWs0TWtkdFBqNGl1NThHdHlQOWwxb0QiLCJtYWMiOiI2YWJlODI5OTk1Y2NiODhjYmNiNmZmNjM5NTAyODhmOWQ0OTQ4OWEwZDYxODA4MTdkM2ZkNWE1YTc4OGU4ZTFjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.10
date: Tue, 13 Sep 2022 22:37:42 GMT
content-type: text/html; charset=UTF-8
location: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=902949680&np=1
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IkZpMzY2WGlNTmwybSt1anE5d0UrcHc9PSIsInZhbHVlIjoiZ2tCZVZRemlYWU1xMy9UdjhLQXBpNkZxWXZhakk4ajExcnk2bWp3T0FINUhnbmNxdlJzenVRSnhtN2hmMlByUzdjbGRLSGp4OGg0WW9NaHpuQUc3ZjZOdGtxTmx0M0NMSjRZNHh2VzRSM0V4Y25GWWJ3VVhoeFU1cmVqV3kxMFYiLCJtYWMiOiJiOTIxNTg2YTQ4OWRkZjhjMTgwYWJhODIzMTM2YTdhNGQ1YjVjZDkxZjYxNGM4M2VhZGMyNmZhNjE0MmQ1YzM0IiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:42 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InNDZzhjVndjTldQU0YzcVNOV0tGK2c9PSIsInZhbHVlIjoiRU50V0FOa0NNU3BYVzNSSFdIUVNuaXMzVE5KdU4zYitVTW5JakRidTliZkc3ZUJ1Z1o0TW1TMVhkWmdHWkJpL2daa1RLd0hrVHlneURsSDBXbHYyWC9Rd0JaSmd3OG9Qd0srWWtEanRaRkp0eERMV1R2TGxVK1RhRzF4RjFXTGwiLCJtYWMiOiJmNzVlODM1YzgzMjI3ODg1OTdjZGRjOTUxY2Y4NmNhNzM5NzE2ZDU4NGZlMTI2MTMyNmVhZjJkZjM5ZmMwMmIyIiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000cf7ca3ba7fdf682df5a29c3745662c870913-202209-flb*5467509-4538f*M7142997317296062484*sl_5467509-4538f*9c52597508ac39dceb29b9e4e4d284f7de2dc450*4472-bfdf314f-6f01772b*4472
34.147.1.177302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000cf7ca3ba7fdf682df5a29c3745662c870913-202209-flb*5467509-4538f*M7142997317296062484*sl_5467509-4538f*9c52597508ac39dceb29b9e4e4d284f7de2dc450*4472-bfdf314f-6f01772b*4472
IP 34.147.1.177:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000cf7ca3ba7fdf682df5a29c3745662c870913-202209-flb*5467509-4538f*M7142997317296062484*sl_5467509-4538f*9c52597508ac39dceb29b9e4e4d284f7de2dc450*4472-bfdf314f-6f01772b*4472 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 13 Sep 2022 22:37:44 GMT
content-length: 0
location: https://7a99a36e.myofferplus.com/rc/a91581ead4?affclick=632106388dd1a90001f16168&pubid=503
set-cookie: afclick=632106388dd1a90001f16168; expires=Wed, 13 Sep 2023 22:37:44 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10047
Expires: Wed, 14 Sep 2022 01:25:11 GMT
Date: Tue, 13 Sep 2022 22:37:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10047
Expires: Wed, 14 Sep 2022 01:25:11 GMT
Date: Tue, 13 Sep 2022 22:37:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10047
Expires: Wed, 14 Sep 2022 01:25:11 GMT
Date: Tue, 13 Sep 2022 22:37:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10047
Expires: Wed, 14 Sep 2022 01:25:11 GMT
Date: Tue, 13 Sep 2022 22:37:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10047
Expires: Wed, 14 Sep 2022 01:25:11 GMT
Date: Tue, 13 Sep 2022 22:37:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa480f096-89f3-415c-b9a8-76b981146555.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa480f096-89f3-415c-b9a8-76b981146555.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 34b74681f6d64ca1c010044535056275
ef6cd4bdd5ddbdb92b25816dc82796f857d29cce
d3ffb558a261fd982989931ed8bd8e8f132735bb99fa5a42a032efdbdfbf6ce5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa480f096-89f3-415c-b9a8-76b981146555.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4482
x-amzn-requestid: e9a99ad0-f093-4c9b-87b4-13ebac164413
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv5FIUoAMFcUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-4438ced526ebec8e7819b700;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _et90o-4_I8qkmQuwvLolMCtcidFgElQfg9KcHeCgMiaDvxndleAgg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:41:20 GMT
age: 3384
etag: "ef6cd4bdd5ddbdb92b25816dc82796f857d29cce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5befd5bb8e6d5dad2465be69d5a33e4
e5b46c3ca439a09950290cada1af5e27cede10f2
4dc0a3373fb4c1830c4e2420dddbcbe8dceecf10e969cbe8d02368e41207832c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5988
x-amzn-requestid: a0d81c7a-14e3-443d-8fb7-19241f06d3c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yaux0H77IAMF2_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f80b-0fe6fbbe75e891b925f88dc2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 1X79jBMZa4UQmWsLdg_QIg5MQeersp1O3iSgpKd6R2f8Kl7PAJh0hQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:49:32 GMT
etag: "e5b46c3ca439a09950290cada1af5e27cede10f2"
content-type: image/jpeg
age: 2892
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eee5b4d617dab6f10d7053f5c4f4e98e
6c728c56797ba921e8001919df4d36e56dd37e54
76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8171
x-amzn-requestid: a3eb931f-cd71-4738-acb1-4398fc09f453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOa7QGqoIAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c0b7b-2a6ed8ca00a0a0640110cf5d;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:58:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QuUPVSWCQk9z9xI03trHifaWzOi5TqBZHLena93lrxhjlAG1PICKKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 14:15:42 GMT
age: 30122
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363e6209-41ce-41be-bd4b-698c502410aa.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363e6209-41ce-41be-bd4b-698c502410aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 69d287fa3fde0ea0ad5ac42fc708fb7d
e93a0bcbb4d394a087a6fd2a95e31cd371186433
5bb5a92d6498fee73ada8b2b8cf79ca4f6a7cd7ce35bab9b877870a847f212cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363e6209-41ce-41be-bd4b-698c502410aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8523
x-amzn-requestid: facc0fcf-fc31-4c49-bf47-4992b0496f5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yav8AG1cIAMFmiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f9e6-3a07501574e592610dcd9d83;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:45:10 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: wcReDELKUTdZfqKTbFNpzczrdUcvdH4XZGvajfVlcNduwLyHPfFpiw==
via: 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 22:00:47 GMT
etag: "e93a0bcbb4d394a087a6fd2a95e31cd371186433"
content-type: image/jpeg
age: 2217
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F923219e0-bf93-45fb-b13b-a042dcc43321.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F923219e0-bf93-45fb-b13b-a042dcc43321.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b572acee6d029736391b0e6e9b4be8c7
3a8476c691541944da22bd3fb9cb10bb518e86c1
c393bb87b2c7b311feb208d2c42d493f9497ea2b548380f701cbb719ef2f83d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F923219e0-bf93-45fb-b13b-a042dcc43321.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9117
x-amzn-requestid: d741a11c-f3c3-40dd-977f-c1b8526d9c8c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv5FYJoAMF7IQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-42779d08729385f47899fb05;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wDYacuPrsaFrPfTUDTeUYMOjuTF_upWvQ50OyPNb3v7PphmMFoNmrw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:41:20 GMT
age: 3384
etag: "3a8476c691541944da22bd3fb9cb10bb518e86c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9cb9807-03d5-4b00-9a0f-61f9c12f0e63.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9cb9807-03d5-4b00-9a0f-61f9c12f0e63.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5f85dd3f15d0c55c06f712bbfb6f55fa
2c053f4774c450e42effdc440e89fb2ce232bad3
0035f6235d012f4c2ffbc8e414e82bbba3235c51e20f7b1ebebcdff47be285fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9cb9807-03d5-4b00-9a0f-61f9c12f0e63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8836
x-amzn-requestid: cae5f1fa-005b-4819-900e-e0cec381e450
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YavYxGUCoAMF5Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f904-1be4cae92b407bed2a128109;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:41:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Edqp_EdPzoXt6xQtd24wiBzLSdqQ2HYzOGExvqkcJCUwSN5Kn7lZcQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 22:00:47 GMT
age: 2217
etag: "2c053f4774c450e42effdc440e89fb2ce232bad3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9bc48bb0b62061303b36ca096070c6f2
d73ccb017379a6bbcb42ce7d4532d34a6178938f
797411d43cb420a224169286dc3b8b1ddbadb429e0ee4556b5cf2590e72b30e2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "797411D43CB420A224169286DC3B8B1DDBADB429E0EE4556B5CF2590E72B30E2"
Last-Modified: Mon, 12 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2990
Expires: Tue, 13 Sep 2022 23:27:35 GMT
Date: Tue, 13 Sep 2022 22:37:45 GMT
Connection: keep-alive
intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pub674b7be62e114a3795bb2d9ced70a5ae&sub_id=8063a697
104.248.110.148302 Found 790 B URL HTTP/1.1 intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pub674b7be62e114a3795bb2d9ced70a5ae&sub_id=8063a697
IP 104.248.110.148:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (311)
Hash 38b179c619184b1db8e253708d7c9ac1
0634aa9012c5f962ef374b8edc1831bc048166ff
3b759bffc1136a6326797acfa3216ae5c20b4208147c936e32fee6910e8ac92d
GET /redirects?offer_id=13&affiliate_id=9&click_id=pub674b7be62e114a3795bb2d9ced70a5ae&sub_id=8063a697 HTTP/1.1
Host: intrap.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7a99a36e.myofferplus.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx/1.18.0 (Ubuntu)
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
date: Tue, 13 Sep 2022 22:37:45 GMT
location: https://125f6fc0faa1.clicks4tc.com/?p=8005&media_type=mainstream&click_id=1_22fc2e51d599ab1d7840203a5b07c986&sub_id=8063a697
expires: Tue, 13 Sep 2022 22:37:45 GMT
transfer-encoding: chunked
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6647dabd7bbfd8c14fce617763d98a6b
757cce5be04955bc294e68b60d3fb8df5f9634fd
e5ef28550a47d6cdd256efa12179d5410c843e89a48770179dc2d3d3d563a47b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5EF28550A47D6CDD256EFA12179D5410C843E89A48770179DC2D3D3D563A47B"
Last-Modified: Tue, 13 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Wed, 14 Sep 2022 04:37:31 GMT
Date: Tue, 13 Sep 2022 22:37:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7c280d41f01c74f73ec47d1fc6b03700
202192e6460c50c4033cbcdf534e0fc0c25e297d
59ab7b87ac5ccc5a2870df0231a6e1ef97f528dea577bacd0d94e3264fc9385e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59AB7B87AC5CCC5A2870DF0231A6E1EF97F528DEA577BACD0D94E3264FC9385E"
Last-Modified: Tue, 13 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20060
Expires: Wed, 14 Sep 2022 04:12:05 GMT
Date: Tue, 13 Sep 2022 22:37:45 GMT
Connection: keep-alive
1d6ce08e2f5.turboprizes.net/img/prizes/iphone-13-pro-max/default@0.5x.png
94.237.93.242200 OK 6.3 kB URL HTTP/2 1d6ce08e2f5.turboprizes.net/img/prizes/iphone-13-pro-max/default@0.5x.png
IP 94.237.93.242:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash ed7b235df3c61de8c73af6f3baad0f75
99d4d19fa3e034fbc6fea56fae2f7930cdcdbf9a
3f353422651766fc84c1be953bead3b92e7c7bfbf794f8277bff2cd12d0d1ebd
GET /img/prizes/iphone-13-pro-max/default@0.5x.png HTTP/1.1
Host: 1d6ce08e2f5.turboprizes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce08e2f5.turboprizes.net/push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D
Cookie: XSRF-TOKEN=eyJpdiI6IjB4K284eDBRRUtQMml4WHptU2t5dkE9PSIsInZhbHVlIjoickwyY0w3dDdVZWZiUVR5UWUvMUxuSW84T0hGSUcyMG5CQUVwQmUyUVVlbVhoS2VOQW5sQzZiZmFhY240dVQrU3dkYkVMbW5vU3R4c1p4cFk0TU5sQjIzZ0YxMlR0WnJzU2NpVGZxRW1HeXhEdDgyWXp6bHlPRHhIOEZUM3ZTenoiLCJtYWMiOiI4N2NkMTJlOTA5YzdkNTk2OTllNjc4MjAwYWMwZGE0OTI1OTJmYWZkMDU0YmFjNDVhMWM2NDg4ZDQ4MTZjYTY4IiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlRyY3kzQ3hDVk56bXgrTlJvd2cwdnc9PSIsInZhbHVlIjoiNGJzZnByT3RUMk1Rcm1ISXdwZ1Q2elNnN2VzOGt2aGVidmd4akMwVVNPNWJuQlZrNDNaa3lyeWErMlQ3T1lOd2xlZzZ2cTZXNDBFOERzWHJhNUdrV0JnUWtRQ2pEZGxUU09tOHdVcUhvY0MvaXhPS0dOK0xiWkY1QlgrY0s4NjUiLCJtYWMiOiJjNzVlZWJhYmIxNzRkODI0ODVjNjZlMGM2ZjJmOTQyNjZlODRhY2RlZjIxOGY1ODcwY2UwYTc4ZjUxZGJlYjZiIiwidGFnIjoiIn0%3D; xHflGZ9fEOK7TIWf5YmIIeQ0AQswbXVjGIfPH0ZI=eyJpdiI6IitYZlg5YUlSWUszV0Q5WkRnb0wrTVE9PSIsInZhbHVlIjoibEpXRnY1dm9QV3RIeUtmczV0VW1LVXRGdHBLSm5FazF0ZEo3TWtjZi9pYm1XME44ZEdaY0RteUUxSVVkRTI3bm5Fa3FkbmZ4L3VXM1NKMEN0ejlibjNnODRzbE01dys1Z0dCSlREaFFxZ2dZRk9GbzJkeVFDNlpGSS9vODFMV0hQVU9rc2h0eVBSalRsOFBsY290QWpWTEFaRXIrOUZmZU1IVGJSZ1lOMzNtTnFrcFZodE9obmNadWVlaG9ZejlPSmlZbGRGeFZXVTQrS05ZYUZnTTAyd1U2ZDlPL1laaC9pM1U1NjJJUC9QcHFaWStwQVh0Vi8yUExJVmFpVmNVTXM3dzl0djdHN2ZXQzc5RXJsWUxoSFdGRW9XSTA0NDkvWE53eEk2R3FIQnovWVl6dkdzMFdoa1M4cjlYcTdxSi85dDd2ZHFrRG4wK2xTOEg3WElVQTMwOThSV2RaZFFzRUhBQmJtSFJ0NWJZeDd5b3lKQmJjVityZGNBWUs2VzVNUyt0aVdsY3FWbFNTN25wL29WR0hZU2VCOU1mNGUwVis1aXVXRWR0bTFlNmQvZ3paN3V6WkNmaEpNWnN6WnZOeGRHNVFpeFR3R1NabWF1Wkc5amlHaEN0eVZYb2V5cG1kUzJ1VldTc1BjZE5SakxuaWI0NHNTaEhTUGZoU0NjNEVKZVVOZmRYUXUybDNRaXRVc1NtT2d6Wi9pU253ZnNlWDlyTWZubWVDQkhYZ0hWOGJWYUh1R1JZNmxlQXZuSG5uVEF3a3lyWFpKZHdFOGFxWFRGMlg2MFJkdG15cVFPTWkwWlZUV3JNd1p3NmF5V2l0UktEWGd0c3RwOEQ5a1d3eXQvOFNuc3VxK29uV3BQWmRyTUR4Z3pJT2V6Q0dOSVVkcmF3OXhMaUZKaWhKTTZBZVNpOFhoRmlGL21tekVBL0NHK3h0NGNqSUxHa1RNQjdnSXpCNExia2hzYmYvYTBQUEdPOHZVYmo4dUV5ejFLVHNFWnlWN1c4eURTRWNselMvelVLdzFsOWc1eGZUZ0R2eFFCUTd6QURPWUYwcTZ4YURBZTdXVm5KM3QzSGFxSE1OeEJ3QXZRVzJmVjRkRUtHejByNUNXUm04VjI5bEFlVlM0Q0xSRE1IaFpuMmZTUm1aWmJjRWVvTzUyKzMwZFZXSWxxVTQ1Z3haaDM0azZGS1JlakQ4bUZDS1I1aVo4OW43SERKdVdGbE83Tk93RWd6TFBUd1Fmd01MaDVSdmRpL3hMWFhZTmRSQ3RqYmxsTlZYdTVtM0llOUtnVTBtSkZ5ZW52MlJmZm82QnVMbWNSS3lFb1AwTW5nMnE4dlJwU1BxNExTMWRvNGg4VGJkR2U5SnltT1BsWUhETFB5WHBCdE5wc0ZScnRjTXE2UFZCNjZkSVRFSUJBclpOZVBPTWFKZDg3cmFKOTY2S0JFRDNvT2ptZ0s1emNmelhnT2FqcGJSRHF4RldMMXRwT0lXL2xLdlFyc2lmZk1aWTlXUmthdmxxdDVhTmRMWXJtWVJEWWtFZEloS3hzcWN1ejFJa3NXcG1ZUGpnNXlrOVlubDQrcTZPV2xBSFRCbG00WGtrZG11c2xMWTRsbS9FeEpMODExazdVdEFiSzJSdmV6V0R0c0ptMlR2K0E9PSIsIm1hYyI6IjFlNmQ0Njk1OWNjOWEyODI5OWZjMzZlZDM0OTI4NmQyZjNlZGE1OTIzOGNhY2QyMmMzNTU0ZThhNTM2MzcwYzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:45 GMT
content-type: image/png
content-length: 6321
last-modified: Tue, 06 Sep 2022 07:03:15 GMT
etag: "6316f0b3-18b1"
expires: Wed, 13 Sep 2023 22:37:45 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
1d6ce08e2f5.turboprizes.net/img/prizes/iphone-13-pro-max/background.jpg
94.237.93.242200 OK 11 kB URL HTTP/2 1d6ce08e2f5.turboprizes.net/img/prizes/iphone-13-pro-max/background.jpg
IP 94.237.93.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 600x900, components 3\012- data
Hash a64b4bac5c45b4e84164d60256d9a8b9
5c832a606ed6b39543c63ce9588f08af25af45f1
a09d3ee1b6d0abdc486199a3c27af0072b49f1997c8fd53719c75902bfce940a
GET /img/prizes/iphone-13-pro-max/background.jpg HTTP/1.1
Host: 1d6ce08e2f5.turboprizes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce08e2f5.turboprizes.net/push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D
Cookie: XSRF-TOKEN=eyJpdiI6IjB4K284eDBRRUtQMml4WHptU2t5dkE9PSIsInZhbHVlIjoickwyY0w3dDdVZWZiUVR5UWUvMUxuSW84T0hGSUcyMG5CQUVwQmUyUVVlbVhoS2VOQW5sQzZiZmFhY240dVQrU3dkYkVMbW5vU3R4c1p4cFk0TU5sQjIzZ0YxMlR0WnJzU2NpVGZxRW1HeXhEdDgyWXp6bHlPRHhIOEZUM3ZTenoiLCJtYWMiOiI4N2NkMTJlOTA5YzdkNTk2OTllNjc4MjAwYWMwZGE0OTI1OTJmYWZkMDU0YmFjNDVhMWM2NDg4ZDQ4MTZjYTY4IiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlRyY3kzQ3hDVk56bXgrTlJvd2cwdnc9PSIsInZhbHVlIjoiNGJzZnByT3RUMk1Rcm1ISXdwZ1Q2elNnN2VzOGt2aGVidmd4akMwVVNPNWJuQlZrNDNaa3lyeWErMlQ3T1lOd2xlZzZ2cTZXNDBFOERzWHJhNUdrV0JnUWtRQ2pEZGxUU09tOHdVcUhvY0MvaXhPS0dOK0xiWkY1QlgrY0s4NjUiLCJtYWMiOiJjNzVlZWJhYmIxNzRkODI0ODVjNjZlMGM2ZjJmOTQyNjZlODRhY2RlZjIxOGY1ODcwY2UwYTc4ZjUxZGJlYjZiIiwidGFnIjoiIn0%3D; xHflGZ9fEOK7TIWf5YmIIeQ0AQswbXVjGIfPH0ZI=eyJpdiI6IitYZlg5YUlSWUszV0Q5WkRnb0wrTVE9PSIsInZhbHVlIjoibEpXRnY1dm9QV3RIeUtmczV0VW1LVXRGdHBLSm5FazF0ZEo3TWtjZi9pYm1XME44ZEdaY0RteUUxSVVkRTI3bm5Fa3FkbmZ4L3VXM1NKMEN0ejlibjNnODRzbE01dys1Z0dCSlREaFFxZ2dZRk9GbzJkeVFDNlpGSS9vODFMV0hQVU9rc2h0eVBSalRsOFBsY290QWpWTEFaRXIrOUZmZU1IVGJSZ1lOMzNtTnFrcFZodE9obmNadWVlaG9ZejlPSmlZbGRGeFZXVTQrS05ZYUZnTTAyd1U2ZDlPL1laaC9pM1U1NjJJUC9QcHFaWStwQVh0Vi8yUExJVmFpVmNVTXM3dzl0djdHN2ZXQzc5RXJsWUxoSFdGRW9XSTA0NDkvWE53eEk2R3FIQnovWVl6dkdzMFdoa1M4cjlYcTdxSi85dDd2ZHFrRG4wK2xTOEg3WElVQTMwOThSV2RaZFFzRUhBQmJtSFJ0NWJZeDd5b3lKQmJjVityZGNBWUs2VzVNUyt0aVdsY3FWbFNTN25wL29WR0hZU2VCOU1mNGUwVis1aXVXRWR0bTFlNmQvZ3paN3V6WkNmaEpNWnN6WnZOeGRHNVFpeFR3R1NabWF1Wkc5amlHaEN0eVZYb2V5cG1kUzJ1VldTc1BjZE5SakxuaWI0NHNTaEhTUGZoU0NjNEVKZVVOZmRYUXUybDNRaXRVc1NtT2d6Wi9pU253ZnNlWDlyTWZubWVDQkhYZ0hWOGJWYUh1R1JZNmxlQXZuSG5uVEF3a3lyWFpKZHdFOGFxWFRGMlg2MFJkdG15cVFPTWkwWlZUV3JNd1p3NmF5V2l0UktEWGd0c3RwOEQ5a1d3eXQvOFNuc3VxK29uV3BQWmRyTUR4Z3pJT2V6Q0dOSVVkcmF3OXhMaUZKaWhKTTZBZVNpOFhoRmlGL21tekVBL0NHK3h0NGNqSUxHa1RNQjdnSXpCNExia2hzYmYvYTBQUEdPOHZVYmo4dUV5ejFLVHNFWnlWN1c4eURTRWNselMvelVLdzFsOWc1eGZUZ0R2eFFCUTd6QURPWUYwcTZ4YURBZTdXVm5KM3QzSGFxSE1OeEJ3QXZRVzJmVjRkRUtHejByNUNXUm04VjI5bEFlVlM0Q0xSRE1IaFpuMmZTUm1aWmJjRWVvTzUyKzMwZFZXSWxxVTQ1Z3haaDM0azZGS1JlakQ4bUZDS1I1aVo4OW43SERKdVdGbE83Tk93RWd6TFBUd1Fmd01MaDVSdmRpL3hMWFhZTmRSQ3RqYmxsTlZYdTVtM0llOUtnVTBtSkZ5ZW52MlJmZm82QnVMbWNSS3lFb1AwTW5nMnE4dlJwU1BxNExTMWRvNGg4VGJkR2U5SnltT1BsWUhETFB5WHBCdE5wc0ZScnRjTXE2UFZCNjZkSVRFSUJBclpOZVBPTWFKZDg3cmFKOTY2S0JFRDNvT2ptZ0s1emNmelhnT2FqcGJSRHF4RldMMXRwT0lXL2xLdlFyc2lmZk1aWTlXUmthdmxxdDVhTmRMWXJtWVJEWWtFZEloS3hzcWN1ejFJa3NXcG1ZUGpnNXlrOVlubDQrcTZPV2xBSFRCbG00WGtrZG11c2xMWTRsbS9FeEpMODExazdVdEFiSzJSdmV6V0R0c0ptMlR2K0E9PSIsIm1hYyI6IjFlNmQ0Njk1OWNjOWEyODI5OWZjMzZlZDM0OTI4NmQyZjNlZGE1OTIzOGNhY2QyMmMzNTU0ZThhNTM2MzcwYzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:45 GMT
content-type: image/jpeg
content-length: 11278
last-modified: Tue, 06 Sep 2022 07:03:15 GMT
etag: "6316f0b3-2c0e"
expires: Wed, 13 Sep 2023 22:37:45 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1302e02558820ffa33d0c4acf7982381
6555b5c8af78d8dd8d63d0c4b7bd7848875d507c
d187460321999ba927d8aab2c1cb78120b326a58aceed705780d3a894ab9c9e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D187460321999BA927D8AAB2C1CB78120B326A58ACEED705780D3A894AB9C9E4"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1154
Expires: Tue, 13 Sep 2022 22:57:00 GMT
Date: Tue, 13 Sep 2022 22:37:46 GMT
Connection: keep-alive
7a99a36e.myofferplus.com/rc/a91581ead4?affclick=632106388dd1a90001f16168&pubid=503
172.67.217.200200 OK 0 B URL HTTP/2 7a99a36e.myofferplus.com/rc/a91581ead4?affclick=632106388dd1a90001f16168&pubid=503
IP 172.67.217.200:0
GET /rc/a91581ead4?affclick=632106388dd1a90001f16168&pubid=503 HTTP/1.1
Host: 7a99a36e.myofferplus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:44 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=86eynFTij40of8Ck2i1/z4VDA97iUjpiSxBJg+Y4gZZpNt2fqZI0ABE4QAKIMWv3UyW3mh12heOzGgM+6wMNy8hqvaoKqZNtbx3wjsztxn7VVEdru4tcr9YUhsOj; Expires=Tue, 20 Sep 2022 22:37:44 GMT; Path=/
AWSALBCORS=86eynFTij40of8Ck2i1/z4VDA97iUjpiSxBJg+Y4gZZpNt2fqZI0ABE4QAKIMWv3UyW3mh12heOzGgM+6wMNy8hqvaoKqZNtbx3wjsztxn7VVEdru4tcr9YUhsOj; Expires=Tue, 20 Sep 2022 22:37:44 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8v9Qmn9ESzM7BL6KESOe8KRytt9gWeoS5doTCZERXgs%2B4SRk%2BCX7CKheb5rwIpoPtRZSxy1A9VPkm5%2FW04JFP3CEmJ6jBawXbva7HMdeYP2JgtPJ2mcByvXE%2BJpQvxbT65EVryrkxeTfKeg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74a45e7f6ac8b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
m.news-page.net/?utm_term=7142997317296062484&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
99.198.108.195200 OK 0 B URL HTTP/2 m.news-page.net/?utm_term=7142997317296062484&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
IP 99.198.108.195:0
GET /?utm_term=7142997317296062484&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=902949680&np=1
Cookie: u=ab1fe27a84e1800f48e05b1d07d42b82
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 22:37:43 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
125f6fc0faa1.clicks4tc.com/?p=8005&media_type=mainstream&click_id=1_22fc2e51d599ab1d7840203a5b07c986&sub_id=8063a697
94.237.99.118200 OK 0 B URL HTTP/2 125f6fc0faa1.clicks4tc.com/?p=8005&media_type=mainstream&click_id=1_22fc2e51d599ab1d7840203a5b07c986&sub_id=8063a697
IP 94.237.99.118:0
GET /?p=8005&media_type=mainstream&click_id=1_22fc2e51d599ab1d7840203a5b07c986&sub_id=8063a697 HTTP/1.1
Host: 125f6fc0faa1.clicks4tc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://7a99a36e.myofferplus.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: rts-trck=1; expires=Tue, 13-Sep-2022 22:47:45 GMT; Max-Age=600; path=/; domain=125f6fc0faa1.clicks4tc.com
t-uuid=5w87rlbt7d1if69lwx9cgkcs4; expires=Mon, 13-Sep-2032 22:37:45 GMT; Max-Age=315619200; path=/; domain=.clicks4tc.com
rts-trck=1; expires=Tue, 13-Sep-2022 22:47:45 GMT; Max-Age=600; path=/; domain=125f6fc0faa1.clicks4tc.com
traffic-visited-offers=%7C%7C164450%7Cunspecified; expires=Wed, 14-Sep-2022 22:37:45 GMT; Max-Age=86400; path=/; domain=.clicks4tc.com
traffic-back=ok; expires=Tue, 13-Sep-2022 22:38:15 GMT; Max-Age=30; path=/; domain=.clicks4tc.com
last-modified: Tue, 13 Sep 2022 22:37:45 GMT
expires: Tue, 13 Sep 2022 22:37:45 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow
content-encoding: gzip
X-Firefox-Spdy: h2
1d6ce08e2f5.turboprizes.net/js/landers/push-win/app.js?id=67bf27b1cad5ae49729a
94.237.93.242200 OK 0 B URL HTTP/2 1d6ce08e2f5.turboprizes.net/js/landers/push-win/app.js?id=67bf27b1cad5ae49729a
IP 94.237.93.242:0
GET /js/landers/push-win/app.js?id=67bf27b1cad5ae49729a HTTP/1.1
Host: 1d6ce08e2f5.turboprizes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce08e2f5.turboprizes.net/push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D
Cookie: XSRF-TOKEN=eyJpdiI6IjB4K284eDBRRUtQMml4WHptU2t5dkE9PSIsInZhbHVlIjoickwyY0w3dDdVZWZiUVR5UWUvMUxuSW84T0hGSUcyMG5CQUVwQmUyUVVlbVhoS2VOQW5sQzZiZmFhY240dVQrU3dkYkVMbW5vU3R4c1p4cFk0TU5sQjIzZ0YxMlR0WnJzU2NpVGZxRW1HeXhEdDgyWXp6bHlPRHhIOEZUM3ZTenoiLCJtYWMiOiI4N2NkMTJlOTA5YzdkNTk2OTllNjc4MjAwYWMwZGE0OTI1OTJmYWZkMDU0YmFjNDVhMWM2NDg4ZDQ4MTZjYTY4IiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlRyY3kzQ3hDVk56bXgrTlJvd2cwdnc9PSIsInZhbHVlIjoiNGJzZnByT3RUMk1Rcm1ISXdwZ1Q2elNnN2VzOGt2aGVidmd4akMwVVNPNWJuQlZrNDNaa3lyeWErMlQ3T1lOd2xlZzZ2cTZXNDBFOERzWHJhNUdrV0JnUWtRQ2pEZGxUU09tOHdVcUhvY0MvaXhPS0dOK0xiWkY1QlgrY0s4NjUiLCJtYWMiOiJjNzVlZWJhYmIxNzRkODI0ODVjNjZlMGM2ZjJmOTQyNjZlODRhY2RlZjIxOGY1ODcwY2UwYTc4ZjUxZGJlYjZiIiwidGFnIjoiIn0%3D; xHflGZ9fEOK7TIWf5YmIIeQ0AQswbXVjGIfPH0ZI=eyJpdiI6IitYZlg5YUlSWUszV0Q5WkRnb0wrTVE9PSIsInZhbHVlIjoibEpXRnY1dm9QV3RIeUtmczV0VW1LVXRGdHBLSm5FazF0ZEo3TWtjZi9pYm1XME44ZEdaY0RteUUxSVVkRTI3bm5Fa3FkbmZ4L3VXM1NKMEN0ejlibjNnODRzbE01dys1Z0dCSlREaFFxZ2dZRk9GbzJkeVFDNlpGSS9vODFMV0hQVU9rc2h0eVBSalRsOFBsY290QWpWTEFaRXIrOUZmZU1IVGJSZ1lOMzNtTnFrcFZodE9obmNadWVlaG9ZejlPSmlZbGRGeFZXVTQrS05ZYUZnTTAyd1U2ZDlPL1laaC9pM1U1NjJJUC9QcHFaWStwQVh0Vi8yUExJVmFpVmNVTXM3dzl0djdHN2ZXQzc5RXJsWUxoSFdGRW9XSTA0NDkvWE53eEk2R3FIQnovWVl6dkdzMFdoa1M4cjlYcTdxSi85dDd2ZHFrRG4wK2xTOEg3WElVQTMwOThSV2RaZFFzRUhBQmJtSFJ0NWJZeDd5b3lKQmJjVityZGNBWUs2VzVNUyt0aVdsY3FWbFNTN25wL29WR0hZU2VCOU1mNGUwVis1aXVXRWR0bTFlNmQvZ3paN3V6WkNmaEpNWnN6WnZOeGRHNVFpeFR3R1NabWF1Wkc5amlHaEN0eVZYb2V5cG1kUzJ1VldTc1BjZE5SakxuaWI0NHNTaEhTUGZoU0NjNEVKZVVOZmRYUXUybDNRaXRVc1NtT2d6Wi9pU253ZnNlWDlyTWZubWVDQkhYZ0hWOGJWYUh1R1JZNmxlQXZuSG5uVEF3a3lyWFpKZHdFOGFxWFRGMlg2MFJkdG15cVFPTWkwWlZUV3JNd1p3NmF5V2l0UktEWGd0c3RwOEQ5a1d3eXQvOFNuc3VxK29uV3BQWmRyTUR4Z3pJT2V6Q0dOSVVkcmF3OXhMaUZKaWhKTTZBZVNpOFhoRmlGL21tekVBL0NHK3h0NGNqSUxHa1RNQjdnSXpCNExia2hzYmYvYTBQUEdPOHZVYmo4dUV5ejFLVHNFWnlWN1c4eURTRWNselMvelVLdzFsOWc1eGZUZ0R2eFFCUTd6QURPWUYwcTZ4YURBZTdXVm5KM3QzSGFxSE1OeEJ3QXZRVzJmVjRkRUtHejByNUNXUm04VjI5bEFlVlM0Q0xSRE1IaFpuMmZTUm1aWmJjRWVvTzUyKzMwZFZXSWxxVTQ1Z3haaDM0azZGS1JlakQ4bUZDS1I1aVo4OW43SERKdVdGbE83Tk93RWd6TFBUd1Fmd01MaDVSdmRpL3hMWFhZTmRSQ3RqYmxsTlZYdTVtM0llOUtnVTBtSkZ5ZW52MlJmZm82QnVMbWNSS3lFb1AwTW5nMnE4dlJwU1BxNExTMWRvNGg4VGJkR2U5SnltT1BsWUhETFB5WHBCdE5wc0ZScnRjTXE2UFZCNjZkSVRFSUJBclpOZVBPTWFKZDg3cmFKOTY2S0JFRDNvT2ptZ0s1emNmelhnT2FqcGJSRHF4RldMMXRwT0lXL2xLdlFyc2lmZk1aWTlXUmthdmxxdDVhTmRMWXJtWVJEWWtFZEloS3hzcWN1ejFJa3NXcG1ZUGpnNXlrOVlubDQrcTZPV2xBSFRCbG00WGtrZG11c2xMWTRsbS9FeEpMODExazdVdEFiSzJSdmV6V0R0c0ptMlR2K0E9PSIsIm1hYyI6IjFlNmQ0Njk1OWNjOWEyODI5OWZjMzZlZDM0OTI4NmQyZjNlZGE1OTIzOGNhY2QyMmMzNTU0ZThhNTM2MzcwYzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-217cb"
expires: Wed, 13 Sep 2023 22:37:45 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2
997.novitrk4.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
188.240.52.20200 OK 0 B URL HTTP/2 997.novitrk4.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
IP 188.240.52.20:0
GET /smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source= HTTP/1.1
Host: 997.novitrk4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Tue, 13 Sep 2022 22:37:42 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IldQTzBWTkM1UlZmZ0trY0VCL1JyaWc9PSIsInZhbHVlIjoiSjgwSG5KOFJ4d2gxa3QyWUJLVzd3MnNLKzhCR1JRNHV3SjEwSjhsZEM4UUFlSmNhSlphdGdESXViTjJSYnlaeDBrTTlxSzJIeUtLYUFxc2FEc0tXQm1HbUVFRE1pVEhGcEpLcU9qVHNaMitKYUp4Z0E1Z0ZPb2NlVS9XS1l0VXEiLCJtYWMiOiI3NTQxOTI0MGRiNWVkNzgwNDFkMWI4NzFiZjRjMDIyNThjODc1MmZlNzE5YmFhYWMxN2E0OWQwNGYyM2FkMTdkIiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:42 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlRTV1VOQXc1enZjOTdxWlNDTEhkYlE9PSIsInZhbHVlIjoiYXhwS1lyZHh4N2Q4dUlyRUJIcFFac0dxS3V4akhPWU9UWEtzVjUyZklmbExGRGpxdWwxWU4rU2dLL3pDdytVMnA4N1J6ampIM1RCSUZGS1g3ZkwvYUtJUFhCTjVVM1QzbVl2WkhVM09mcGg3T1M0SkVzdDUzOWdOVzFLRHBnUGoiLCJtYWMiOiI1MWYwMzRhNDc3ZGFhMWYzYTZmMzRlMWJmNzQyNTIxZjM5Njg0NTE1ZjJmMjc5ZjI5ZTcyZDZlMTVhZjVmN2I1IiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=902949680&np=1
99.198.108.195200 OK 0 B URL HTTP/2 m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=902949680&np=1
IP 99.198.108.195:0
GET /?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=902949680&np=1 HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 22:37:43 GMT
content-type: text/html; charset=UTF-8
location: https://m.news-page.net/?utm_term=7142997317296062484&ver=4viyaptcjo
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=ab1fe27a84e1800f48e05b1d07d42b82; expires=Wed, 13-Sep-2023 22:37:43 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
172.67.191.221200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 172.67.191.221:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7a99a36e.myofferplus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:44 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 5707
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5tNyYFfRlKfcg6wSSX0F1O2jEQ1QmPQRKxRQQbi5jI7O9G%2BJ7yulLQtFwsPgWCWeqchcp24nk3wIK9D%2Fvt%2BccTqisWvqBbC6hA7gNWvZjaGEnL45fT0ehR5NMrHP%2FoJkdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a45e807e1bb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
1d6ce08e2f5.turboprizes.net/push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D
94.237.93.242200 OK 0 B URL HTTP/2 1d6ce08e2f5.turboprizes.net/push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D
IP 94.237.93.242:0
GET /push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D HTTP/1.1
Host: 1d6ce08e2f5.turboprizes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Tue, 13 Sep 2022 22:37:45 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6IjB4K284eDBRRUtQMml4WHptU2t5dkE9PSIsInZhbHVlIjoickwyY0w3dDdVZWZiUVR5UWUvMUxuSW84T0hGSUcyMG5CQUVwQmUyUVVlbVhoS2VOQW5sQzZiZmFhY240dVQrU3dkYkVMbW5vU3R4c1p4cFk0TU5sQjIzZ0YxMlR0WnJzU2NpVGZxRW1HeXhEdDgyWXp6bHlPRHhIOEZUM3ZTenoiLCJtYWMiOiI4N2NkMTJlOTA5YzdkNTk2OTllNjc4MjAwYWMwZGE0OTI1OTJmYWZkMDU0YmFjNDVhMWM2NDg4ZDQ4MTZjYTY4IiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:45 GMT; Max-Age=7200; path=/
traffic_prelanders_session=eyJpdiI6IlRyY3kzQ3hDVk56bXgrTlJvd2cwdnc9PSIsInZhbHVlIjoiNGJzZnByT3RUMk1Rcm1ISXdwZ1Q2elNnN2VzOGt2aGVidmd4akMwVVNPNWJuQlZrNDNaa3lyeWErMlQ3T1lOd2xlZzZ2cTZXNDBFOERzWHJhNUdrV0JnUWtRQ2pEZGxUU09tOHdVcUhvY0MvaXhPS0dOK0xiWkY1QlgrY0s4NjUiLCJtYWMiOiJjNzVlZWJhYmIxNzRkODI0ODVjNjZlMGM2ZjJmOTQyNjZlODRhY2RlZjIxOGY1ODcwY2UwYTc4ZjUxZGJlYjZiIiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:45 GMT; Max-Age=7200; path=/; httponly
xHflGZ9fEOK7TIWf5YmIIeQ0AQswbXVjGIfPH0ZI=eyJpdiI6IitYZlg5YUlSWUszV0Q5WkRnb0wrTVE9PSIsInZhbHVlIjoibEpXRnY1dm9QV3RIeUtmczV0VW1LVXRGdHBLSm5FazF0ZEo3TWtjZi9pYm1XME44ZEdaY0RteUUxSVVkRTI3bm5Fa3FkbmZ4L3VXM1NKMEN0ejlibjNnODRzbE01dys1Z0dCSlREaFFxZ2dZRk9GbzJkeVFDNlpGSS9vODFMV0hQVU9rc2h0eVBSalRsOFBsY290QWpWTEFaRXIrOUZmZU1IVGJSZ1lOMzNtTnFrcFZodE9obmNadWVlaG9ZejlPSmlZbGRGeFZXVTQrS05ZYUZnTTAyd1U2ZDlPL1laaC9pM1U1NjJJUC9QcHFaWStwQVh0Vi8yUExJVmFpVmNVTXM3dzl0djdHN2ZXQzc5RXJsWUxoSFdGRW9XSTA0NDkvWE53eEk2R3FIQnovWVl6dkdzMFdoa1M4cjlYcTdxSi85dDd2ZHFrRG4wK2xTOEg3WElVQTMwOThSV2RaZFFzRUhBQmJtSFJ0NWJZeDd5b3lKQmJjVityZGNBWUs2VzVNUyt0aVdsY3FWbFNTN25wL29WR0hZU2VCOU1mNGUwVis1aXVXRWR0bTFlNmQvZ3paN3V6WkNmaEpNWnN6WnZOeGRHNVFpeFR3R1NabWF1Wkc5amlHaEN0eVZYb2V5cG1kUzJ1VldTc1BjZE5SakxuaWI0NHNTaEhTUGZoU0NjNEVKZVVOZmRYUXUybDNRaXRVc1NtT2d6Wi9pU253ZnNlWDlyTWZubWVDQkhYZ0hWOGJWYUh1R1JZNmxlQXZuSG5uVEF3a3lyWFpKZHdFOGFxWFRGMlg2MFJkdG15cVFPTWkwWlZUV3JNd1p3NmF5V2l0UktEWGd0c3RwOEQ5a1d3eXQvOFNuc3VxK29uV3BQWmRyTUR4Z3pJT2V6Q0dOSVVkcmF3OXhMaUZKaWhKTTZBZVNpOFhoRmlGL21tekVBL0NHK3h0NGNqSUxHa1RNQjdnSXpCNExia2hzYmYvYTBQUEdPOHZVYmo4dUV5ejFLVHNFWnlWN1c4eURTRWNselMvelVLdzFsOWc1eGZUZ0R2eFFCUTd6QURPWUYwcTZ4YURBZTdXVm5KM3QzSGFxSE1OeEJ3QXZRVzJmVjRkRUtHejByNUNXUm04VjI5bEFlVlM0Q0xSRE1IaFpuMmZTUm1aWmJjRWVvTzUyKzMwZFZXSWxxVTQ1Z3haaDM0azZGS1JlakQ4bUZDS1I1aVo4OW43SERKdVdGbE83Tk93RWd6TFBUd1Fmd01MaDVSdmRpL3hMWFhZTmRSQ3RqYmxsTlZYdTVtM0llOUtnVTBtSkZ5ZW52MlJmZm82QnVMbWNSS3lFb1AwTW5nMnE4dlJwU1BxNExTMWRvNGg4VGJkR2U5SnltT1BsWUhETFB5WHBCdE5wc0ZScnRjTXE2UFZCNjZkSVRFSUJBclpOZVBPTWFKZDg3cmFKOTY2S0JFRDNvT2ptZ0s1emNmelhnT2FqcGJSRHF4RldMMXRwT0lXL2xLdlFyc2lmZk1aWTlXUmthdmxxdDVhTmRMWXJtWVJEWWtFZEloS3hzcWN1ejFJa3NXcG1ZUGpnNXlrOVlubDQrcTZPV2xBSFRCbG00WGtrZG11c2xMWTRsbS9FeEpMODExazdVdEFiSzJSdmV6V0R0c0ptMlR2K0E9PSIsIm1hYyI6IjFlNmQ0Njk1OWNjOWEyODI5OWZjMzZlZDM0OTI4NmQyZjNlZGE1OTIzOGNhY2QyMmMzNTU0ZThhNTM2MzcwYzgiLCJ0YWciOiIifQ%3D%3D; expires=Wed, 14-Sep-2022 00:37:45 GMT; Max-Age=7200; path=/; httponly
content-encoding: gzip
X-Firefox-Spdy: h2
1d6ce08e2f5.turboprizes.net/css/landers/push-win/app.css?id=f7b4762fa5748dd37913
94.237.93.242200 OK 0 B URL HTTP/2 1d6ce08e2f5.turboprizes.net/css/landers/push-win/app.css?id=f7b4762fa5748dd37913
IP 94.237.93.242:0
GET /css/landers/push-win/app.css?id=f7b4762fa5748dd37913 HTTP/1.1
Host: 1d6ce08e2f5.turboprizes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce08e2f5.turboprizes.net/push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D
Cookie: XSRF-TOKEN=eyJpdiI6IjB4K284eDBRRUtQMml4WHptU2t5dkE9PSIsInZhbHVlIjoickwyY0w3dDdVZWZiUVR5UWUvMUxuSW84T0hGSUcyMG5CQUVwQmUyUVVlbVhoS2VOQW5sQzZiZmFhY240dVQrU3dkYkVMbW5vU3R4c1p4cFk0TU5sQjIzZ0YxMlR0WnJzU2NpVGZxRW1HeXhEdDgyWXp6bHlPRHhIOEZUM3ZTenoiLCJtYWMiOiI4N2NkMTJlOTA5YzdkNTk2OTllNjc4MjAwYWMwZGE0OTI1OTJmYWZkMDU0YmFjNDVhMWM2NDg4ZDQ4MTZjYTY4IiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlRyY3kzQ3hDVk56bXgrTlJvd2cwdnc9PSIsInZhbHVlIjoiNGJzZnByT3RUMk1Rcm1ISXdwZ1Q2elNnN2VzOGt2aGVidmd4akMwVVNPNWJuQlZrNDNaa3lyeWErMlQ3T1lOd2xlZzZ2cTZXNDBFOERzWHJhNUdrV0JnUWtRQ2pEZGxUU09tOHdVcUhvY0MvaXhPS0dOK0xiWkY1QlgrY0s4NjUiLCJtYWMiOiJjNzVlZWJhYmIxNzRkODI0ODVjNjZlMGM2ZjJmOTQyNjZlODRhY2RlZjIxOGY1ODcwY2UwYTc4ZjUxZGJlYjZiIiwidGFnIjoiIn0%3D; xHflGZ9fEOK7TIWf5YmIIeQ0AQswbXVjGIfPH0ZI=eyJpdiI6IitYZlg5YUlSWUszV0Q5WkRnb0wrTVE9PSIsInZhbHVlIjoibEpXRnY1dm9QV3RIeUtmczV0VW1LVXRGdHBLSm5FazF0ZEo3TWtjZi9pYm1XME44ZEdaY0RteUUxSVVkRTI3bm5Fa3FkbmZ4L3VXM1NKMEN0ejlibjNnODRzbE01dys1Z0dCSlREaFFxZ2dZRk9GbzJkeVFDNlpGSS9vODFMV0hQVU9rc2h0eVBSalRsOFBsY290QWpWTEFaRXIrOUZmZU1IVGJSZ1lOMzNtTnFrcFZodE9obmNadWVlaG9ZejlPSmlZbGRGeFZXVTQrS05ZYUZnTTAyd1U2ZDlPL1laaC9pM1U1NjJJUC9QcHFaWStwQVh0Vi8yUExJVmFpVmNVTXM3dzl0djdHN2ZXQzc5RXJsWUxoSFdGRW9XSTA0NDkvWE53eEk2R3FIQnovWVl6dkdzMFdoa1M4cjlYcTdxSi85dDd2ZHFrRG4wK2xTOEg3WElVQTMwOThSV2RaZFFzRUhBQmJtSFJ0NWJZeDd5b3lKQmJjVityZGNBWUs2VzVNUyt0aVdsY3FWbFNTN25wL29WR0hZU2VCOU1mNGUwVis1aXVXRWR0bTFlNmQvZ3paN3V6WkNmaEpNWnN6WnZOeGRHNVFpeFR3R1NabWF1Wkc5amlHaEN0eVZYb2V5cG1kUzJ1VldTc1BjZE5SakxuaWI0NHNTaEhTUGZoU0NjNEVKZVVOZmRYUXUybDNRaXRVc1NtT2d6Wi9pU253ZnNlWDlyTWZubWVDQkhYZ0hWOGJWYUh1R1JZNmxlQXZuSG5uVEF3a3lyWFpKZHdFOGFxWFRGMlg2MFJkdG15cVFPTWkwWlZUV3JNd1p3NmF5V2l0UktEWGd0c3RwOEQ5a1d3eXQvOFNuc3VxK29uV3BQWmRyTUR4Z3pJT2V6Q0dOSVVkcmF3OXhMaUZKaWhKTTZBZVNpOFhoRmlGL21tekVBL0NHK3h0NGNqSUxHa1RNQjdnSXpCNExia2hzYmYvYTBQUEdPOHZVYmo4dUV5ejFLVHNFWnlWN1c4eURTRWNselMvelVLdzFsOWc1eGZUZ0R2eFFCUTd6QURPWUYwcTZ4YURBZTdXVm5KM3QzSGFxSE1OeEJ3QXZRVzJmVjRkRUtHejByNUNXUm04VjI5bEFlVlM0Q0xSRE1IaFpuMmZTUm1aWmJjRWVvTzUyKzMwZFZXSWxxVTQ1Z3haaDM0azZGS1JlakQ4bUZDS1I1aVo4OW43SERKdVdGbE83Tk93RWd6TFBUd1Fmd01MaDVSdmRpL3hMWFhZTmRSQ3RqYmxsTlZYdTVtM0llOUtnVTBtSkZ5ZW52MlJmZm82QnVMbWNSS3lFb1AwTW5nMnE4dlJwU1BxNExTMWRvNGg4VGJkR2U5SnltT1BsWUhETFB5WHBCdE5wc0ZScnRjTXE2UFZCNjZkSVRFSUJBclpOZVBPTWFKZDg3cmFKOTY2S0JFRDNvT2ptZ0s1emNmelhnT2FqcGJSRHF4RldMMXRwT0lXL2xLdlFyc2lmZk1aWTlXUmthdmxxdDVhTmRMWXJtWVJEWWtFZEloS3hzcWN1ejFJa3NXcG1ZUGpnNXlrOVlubDQrcTZPV2xBSFRCbG00WGtrZG11c2xMWTRsbS9FeEpMODExazdVdEFiSzJSdmV6V0R0c0ptMlR2K0E9PSIsIm1hYyI6IjFlNmQ0Njk1OWNjOWEyODI5OWZjMzZlZDM0OTI4NmQyZjNlZGE1OTIzOGNhY2QyMmMzNTU0ZThhNTM2MzcwYzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:45 GMT
content-type: text/css
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-30c"
expires: Wed, 13 Sep 2023 22:37:45 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2
1d6ce08e2f5.turboprizes.net/js/app.js?id=d75b4cfe9b4f0f2f3a56
94.237.93.242200 OK 0 B URL HTTP/2 1d6ce08e2f5.turboprizes.net/js/app.js?id=d75b4cfe9b4f0f2f3a56
IP 94.237.93.242:0
GET /js/app.js?id=d75b4cfe9b4f0f2f3a56 HTTP/1.1
Host: 1d6ce08e2f5.turboprizes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce08e2f5.turboprizes.net/push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D
Cookie: XSRF-TOKEN=eyJpdiI6IjB4K284eDBRRUtQMml4WHptU2t5dkE9PSIsInZhbHVlIjoickwyY0w3dDdVZWZiUVR5UWUvMUxuSW84T0hGSUcyMG5CQUVwQmUyUVVlbVhoS2VOQW5sQzZiZmFhY240dVQrU3dkYkVMbW5vU3R4c1p4cFk0TU5sQjIzZ0YxMlR0WnJzU2NpVGZxRW1HeXhEdDgyWXp6bHlPRHhIOEZUM3ZTenoiLCJtYWMiOiI4N2NkMTJlOTA5YzdkNTk2OTllNjc4MjAwYWMwZGE0OTI1OTJmYWZkMDU0YmFjNDVhMWM2NDg4ZDQ4MTZjYTY4IiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlRyY3kzQ3hDVk56bXgrTlJvd2cwdnc9PSIsInZhbHVlIjoiNGJzZnByT3RUMk1Rcm1ISXdwZ1Q2elNnN2VzOGt2aGVidmd4akMwVVNPNWJuQlZrNDNaa3lyeWErMlQ3T1lOd2xlZzZ2cTZXNDBFOERzWHJhNUdrV0JnUWtRQ2pEZGxUU09tOHdVcUhvY0MvaXhPS0dOK0xiWkY1QlgrY0s4NjUiLCJtYWMiOiJjNzVlZWJhYmIxNzRkODI0ODVjNjZlMGM2ZjJmOTQyNjZlODRhY2RlZjIxOGY1ODcwY2UwYTc4ZjUxZGJlYjZiIiwidGFnIjoiIn0%3D; xHflGZ9fEOK7TIWf5YmIIeQ0AQswbXVjGIfPH0ZI=eyJpdiI6IitYZlg5YUlSWUszV0Q5WkRnb0wrTVE9PSIsInZhbHVlIjoibEpXRnY1dm9QV3RIeUtmczV0VW1LVXRGdHBLSm5FazF0ZEo3TWtjZi9pYm1XME44ZEdaY0RteUUxSVVkRTI3bm5Fa3FkbmZ4L3VXM1NKMEN0ejlibjNnODRzbE01dys1Z0dCSlREaFFxZ2dZRk9GbzJkeVFDNlpGSS9vODFMV0hQVU9rc2h0eVBSalRsOFBsY290QWpWTEFaRXIrOUZmZU1IVGJSZ1lOMzNtTnFrcFZodE9obmNadWVlaG9ZejlPSmlZbGRGeFZXVTQrS05ZYUZnTTAyd1U2ZDlPL1laaC9pM1U1NjJJUC9QcHFaWStwQVh0Vi8yUExJVmFpVmNVTXM3dzl0djdHN2ZXQzc5RXJsWUxoSFdGRW9XSTA0NDkvWE53eEk2R3FIQnovWVl6dkdzMFdoa1M4cjlYcTdxSi85dDd2ZHFrRG4wK2xTOEg3WElVQTMwOThSV2RaZFFzRUhBQmJtSFJ0NWJZeDd5b3lKQmJjVityZGNBWUs2VzVNUyt0aVdsY3FWbFNTN25wL29WR0hZU2VCOU1mNGUwVis1aXVXRWR0bTFlNmQvZ3paN3V6WkNmaEpNWnN6WnZOeGRHNVFpeFR3R1NabWF1Wkc5amlHaEN0eVZYb2V5cG1kUzJ1VldTc1BjZE5SakxuaWI0NHNTaEhTUGZoU0NjNEVKZVVOZmRYUXUybDNRaXRVc1NtT2d6Wi9pU253ZnNlWDlyTWZubWVDQkhYZ0hWOGJWYUh1R1JZNmxlQXZuSG5uVEF3a3lyWFpKZHdFOGFxWFRGMlg2MFJkdG15cVFPTWkwWlZUV3JNd1p3NmF5V2l0UktEWGd0c3RwOEQ5a1d3eXQvOFNuc3VxK29uV3BQWmRyTUR4Z3pJT2V6Q0dOSVVkcmF3OXhMaUZKaWhKTTZBZVNpOFhoRmlGL21tekVBL0NHK3h0NGNqSUxHa1RNQjdnSXpCNExia2hzYmYvYTBQUEdPOHZVYmo4dUV5ejFLVHNFWnlWN1c4eURTRWNselMvelVLdzFsOWc1eGZUZ0R2eFFCUTd6QURPWUYwcTZ4YURBZTdXVm5KM3QzSGFxSE1OeEJ3QXZRVzJmVjRkRUtHejByNUNXUm04VjI5bEFlVlM0Q0xSRE1IaFpuMmZTUm1aWmJjRWVvTzUyKzMwZFZXSWxxVTQ1Z3haaDM0azZGS1JlakQ4bUZDS1I1aVo4OW43SERKdVdGbE83Tk93RWd6TFBUd1Fmd01MaDVSdmRpL3hMWFhZTmRSQ3RqYmxsTlZYdTVtM0llOUtnVTBtSkZ5ZW52MlJmZm82QnVMbWNSS3lFb1AwTW5nMnE4dlJwU1BxNExTMWRvNGg4VGJkR2U5SnltT1BsWUhETFB5WHBCdE5wc0ZScnRjTXE2UFZCNjZkSVRFSUJBclpOZVBPTWFKZDg3cmFKOTY2S0JFRDNvT2ptZ0s1emNmelhnT2FqcGJSRHF4RldMMXRwT0lXL2xLdlFyc2lmZk1aWTlXUmthdmxxdDVhTmRMWXJtWVJEWWtFZEloS3hzcWN1ejFJa3NXcG1ZUGpnNXlrOVlubDQrcTZPV2xBSFRCbG00WGtrZG11c2xMWTRsbS9FeEpMODExazdVdEFiSzJSdmV6V0R0c0ptMlR2K0E9PSIsIm1hYyI6IjFlNmQ0Njk1OWNjOWEyODI5OWZjMzZlZDM0OTI4NmQyZjNlZGE1OTIzOGNhY2QyMmMzNTU0ZThhNTM2MzcwYzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-4891"
expires: Wed, 13 Sep 2023 22:37:45 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2
1d6ce08e2f5.turboprizes.net/js/private.js?id=3bbacd180255e91f507b
94.237.93.242200 OK 0 B URL HTTP/2 1d6ce08e2f5.turboprizes.net/js/private.js?id=3bbacd180255e91f507b
IP 94.237.93.242:0
GET /js/private.js?id=3bbacd180255e91f507b HTTP/1.1
Host: 1d6ce08e2f5.turboprizes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce08e2f5.turboprizes.net/push-win?ctrack=1663108665.51134435&traffic=eyJpdiI6InFZTUpIWTRZSWw0eDJ4YUlWUHZHQUE9PSIsInZhbHVlIjoielFmR0RmQ3d6bVwvUFV3Z1wvVWVNM21rVFdGOVFFOUFNY00rSnpnS2QxUW1PWlI5WExNTEYwMWhudTVJUWdQZlwvMiIsIm1hYyI6IjhjOGEzNzhjZjc1ZjRiNTliMDk0YjZlNmJkYzMyYjQ2MjM5YWU0MjU2ZWVjNTZkMmI5NDU5NWUwYTNkYmY4NjQifQ%3D%3D&out=eyJpdiI6Imx5NDZ3aWJqMHhXcXpqZEVURTZycXc9PSIsInZhbHVlIjoiZ0oxY1Y3WndaUjNIUkc4ZXp4dDRCQjJlSkJIZ0VCVXEzdVUzbEhKNGRKVFBCeW5BK1l3ZmRlXC81ODdmRm9CbXNwQWtXand1K1V5U3krTHc2VDZUMVF1cHZvaUlRb1VGTVBFc2djdGQrWkJHVUpqOWcwc1p1SmxrT25nZFwvTkJyNCIsIm1hYyI6IjhiY2RhNzEzMDVlMTY5N2U4M2Q3ZWY4OWNiYjA0MzZmMGZlN2E5ZjM1NmU2YmRkMTUwZjUwNTQ1NmRjYTA0OTAifQ%3D%3D
Cookie: XSRF-TOKEN=eyJpdiI6IjB4K284eDBRRUtQMml4WHptU2t5dkE9PSIsInZhbHVlIjoickwyY0w3dDdVZWZiUVR5UWUvMUxuSW84T0hGSUcyMG5CQUVwQmUyUVVlbVhoS2VOQW5sQzZiZmFhY240dVQrU3dkYkVMbW5vU3R4c1p4cFk0TU5sQjIzZ0YxMlR0WnJzU2NpVGZxRW1HeXhEdDgyWXp6bHlPRHhIOEZUM3ZTenoiLCJtYWMiOiI4N2NkMTJlOTA5YzdkNTk2OTllNjc4MjAwYWMwZGE0OTI1OTJmYWZkMDU0YmFjNDVhMWM2NDg4ZDQ4MTZjYTY4IiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlRyY3kzQ3hDVk56bXgrTlJvd2cwdnc9PSIsInZhbHVlIjoiNGJzZnByT3RUMk1Rcm1ISXdwZ1Q2elNnN2VzOGt2aGVidmd4akMwVVNPNWJuQlZrNDNaa3lyeWErMlQ3T1lOd2xlZzZ2cTZXNDBFOERzWHJhNUdrV0JnUWtRQ2pEZGxUU09tOHdVcUhvY0MvaXhPS0dOK0xiWkY1QlgrY0s4NjUiLCJtYWMiOiJjNzVlZWJhYmIxNzRkODI0ODVjNjZlMGM2ZjJmOTQyNjZlODRhY2RlZjIxOGY1ODcwY2UwYTc4ZjUxZGJlYjZiIiwidGFnIjoiIn0%3D; xHflGZ9fEOK7TIWf5YmIIeQ0AQswbXVjGIfPH0ZI=eyJpdiI6IitYZlg5YUlSWUszV0Q5WkRnb0wrTVE9PSIsInZhbHVlIjoibEpXRnY1dm9QV3RIeUtmczV0VW1LVXRGdHBLSm5FazF0ZEo3TWtjZi9pYm1XME44ZEdaY0RteUUxSVVkRTI3bm5Fa3FkbmZ4L3VXM1NKMEN0ejlibjNnODRzbE01dys1Z0dCSlREaFFxZ2dZRk9GbzJkeVFDNlpGSS9vODFMV0hQVU9rc2h0eVBSalRsOFBsY290QWpWTEFaRXIrOUZmZU1IVGJSZ1lOMzNtTnFrcFZodE9obmNadWVlaG9ZejlPSmlZbGRGeFZXVTQrS05ZYUZnTTAyd1U2ZDlPL1laaC9pM1U1NjJJUC9QcHFaWStwQVh0Vi8yUExJVmFpVmNVTXM3dzl0djdHN2ZXQzc5RXJsWUxoSFdGRW9XSTA0NDkvWE53eEk2R3FIQnovWVl6dkdzMFdoa1M4cjlYcTdxSi85dDd2ZHFrRG4wK2xTOEg3WElVQTMwOThSV2RaZFFzRUhBQmJtSFJ0NWJZeDd5b3lKQmJjVityZGNBWUs2VzVNUyt0aVdsY3FWbFNTN25wL29WR0hZU2VCOU1mNGUwVis1aXVXRWR0bTFlNmQvZ3paN3V6WkNmaEpNWnN6WnZOeGRHNVFpeFR3R1NabWF1Wkc5amlHaEN0eVZYb2V5cG1kUzJ1VldTc1BjZE5SakxuaWI0NHNTaEhTUGZoU0NjNEVKZVVOZmRYUXUybDNRaXRVc1NtT2d6Wi9pU253ZnNlWDlyTWZubWVDQkhYZ0hWOGJWYUh1R1JZNmxlQXZuSG5uVEF3a3lyWFpKZHdFOGFxWFRGMlg2MFJkdG15cVFPTWkwWlZUV3JNd1p3NmF5V2l0UktEWGd0c3RwOEQ5a1d3eXQvOFNuc3VxK29uV3BQWmRyTUR4Z3pJT2V6Q0dOSVVkcmF3OXhMaUZKaWhKTTZBZVNpOFhoRmlGL21tekVBL0NHK3h0NGNqSUxHa1RNQjdnSXpCNExia2hzYmYvYTBQUEdPOHZVYmo4dUV5ejFLVHNFWnlWN1c4eURTRWNselMvelVLdzFsOWc1eGZUZ0R2eFFCUTd6QURPWUYwcTZ4YURBZTdXVm5KM3QzSGFxSE1OeEJ3QXZRVzJmVjRkRUtHejByNUNXUm04VjI5bEFlVlM0Q0xSRE1IaFpuMmZTUm1aWmJjRWVvTzUyKzMwZFZXSWxxVTQ1Z3haaDM0azZGS1JlakQ4bUZDS1I1aVo4OW43SERKdVdGbE83Tk93RWd6TFBUd1Fmd01MaDVSdmRpL3hMWFhZTmRSQ3RqYmxsTlZYdTVtM0llOUtnVTBtSkZ5ZW52MlJmZm82QnVMbWNSS3lFb1AwTW5nMnE4dlJwU1BxNExTMWRvNGg4VGJkR2U5SnltT1BsWUhETFB5WHBCdE5wc0ZScnRjTXE2UFZCNjZkSVRFSUJBclpOZVBPTWFKZDg3cmFKOTY2S0JFRDNvT2ptZ0s1emNmelhnT2FqcGJSRHF4RldMMXRwT0lXL2xLdlFyc2lmZk1aWTlXUmthdmxxdDVhTmRMWXJtWVJEWWtFZEloS3hzcWN1ejFJa3NXcG1ZUGpnNXlrOVlubDQrcTZPV2xBSFRCbG00WGtrZG11c2xMWTRsbS9FeEpMODExazdVdEFiSzJSdmV6V0R0c0ptMlR2K0E9PSIsIm1hYyI6IjFlNmQ0Njk1OWNjOWEyODI5OWZjMzZlZDM0OTI4NmQyZjNlZGE1OTIzOGNhY2QyMmMzNTU0ZThhNTM2MzcwYzgiLCJ0YWciOiIifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 22:37:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-30d39"
expires: Wed, 13 Sep 2023 22:37:45 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2
997.novitrk4.com/smartlink-css/63210636f977d13216499c10
188.240.52.20200 OK 0 B URL HTTP/2 997.novitrk4.com/smartlink-css/63210636f977d13216499c10
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
GET /smartlink-css/63210636f977d13216499c10 HTTP/1.1
Host: 997.novitrk4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://997.novitrk4.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
Cookie: XSRF-TOKEN=eyJpdiI6IldQTzBWTkM1UlZmZ0trY0VCL1JyaWc9PSIsInZhbHVlIjoiSjgwSG5KOFJ4d2gxa3QyWUJLVzd3MnNLKzhCR1JRNHV3SjEwSjhsZEM4UUFlSmNhSlphdGdESXViTjJSYnlaeDBrTTlxSzJIeUtLYUFxc2FEc0tXQm1HbUVFRE1pVEhGcEpLcU9qVHNaMitKYUp4Z0E1Z0ZPb2NlVS9XS1l0VXEiLCJtYWMiOiI3NTQxOTI0MGRiNWVkNzgwNDFkMWI4NzFiZjRjMDIyNThjODc1MmZlNzE5YmFhYWMxN2E0OWQwNGYyM2FkMTdkIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IlRTV1VOQXc1enZjOTdxWlNDTEhkYlE9PSIsInZhbHVlIjoiYXhwS1lyZHh4N2Q4dUlyRUJIcFFac0dxS3V4akhPWU9UWEtzVjUyZklmbExGRGpxdWwxWU4rU2dLL3pDdytVMnA4N1J6ampIM1RCSUZGS1g3ZkwvYUtJUFhCTjVVM1QzbVl2WkhVM09mcGg3T1M0SkVzdDUzOWdOVzFLRHBnUGoiLCJtYWMiOiI1MWYwMzRhNDc3ZGFhMWYzYTZmMzRlMWJmNzQyNTIxZjM5Njg0NTE1ZjJmMjc5ZjI5ZTcyZDZlMTVhZjVmN2I1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Tue, 13 Sep 2022 22:37:42 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjFLSmE3TnJqcmh3c2lNdnYxK1ZGUmc9PSIsInZhbHVlIjoiU2tCeUlpZ3o1Z29ERjJ3Q2FKcnZZYlBDRWtiQ2orNng1enI0Rk01ekxrV2YzRWdkSm8rdWl3cUhaQ0Jnekk5N2Rod2xNbnpSSXV5R2xjeDN6OWZCVDduVlJ1NzJuZzhsNzlPQnBZdWlJdHpGWUhncys4TE4zVzYxTTJXdmpvYmMiLCJtYWMiOiI1ZWYxZGJmMTE5NTMwOTliYjZhMzAyNTRiMjllMjYzNmQyMTRhM2I5ZGViNzE5NGYzNWFmYTI0OWI1MjEwNmIwIiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:42 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ik5ES3pENk9neWo0UEtBU2NTTVlNZVE9PSIsInZhbHVlIjoiSmUyeW44RHo5RE5iUXpvNXU0anBJWGVUMzdGdlVuNWNaQ29GTE9uVy9UNzUvRFRPTW83T0lSUXlSdm1PWURkaEl6QVdtTklyUnlQdmZkc3dqc2RJME9NRU4yVTJhdStyNmtrRklTbVBEcWs0TWtkdFBqNGl1NThHdHlQOWwxb0QiLCJtYWMiOiI2YWJlODI5OTk1Y2NiODhjYmNiNmZmNjM5NTAyODhmOWQ0OTQ4OWEwZDYxODA4MTdkM2ZkNWE1YTc4OGU4ZTFjIiwidGFnIjoiIn0%3D; expires=Wed, 14-Sep-2022 00:37:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2