Report - tap.tetherinvestor.com/pscheatsheet-confirm/58c5343ae950aa348011440a09a84b5a/48/24587/1993110305/132492/EBOOKProduct/71004

Report Overview

Visited public
2023-12-10 03:03:28
Tags
URL
tap.tetherinvestor.com/pscheatsheet-confirm/58c5343ae950aa348011440a09a84b5a/48/24587/1993110305/132492/EBOOKProduct/71004
Finishing URL
subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Welcome Flow

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.dropbox.com	1994	1995-06-28	2012-05-21 22:31:28	2023-12-07 18:12:32	1.1 kB	428 kB	162.125.71.18
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-09 05:09:03	990 B	49 kB	151.101.65.229
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-09 07:44:59	439 B	94 kB	142.250.74.168
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-09 07:42:19	443 B	1.6 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-09 06:06:20	535 B	17 kB	216.58.207.227
s3.us-east-1.amazonaws.com	4041	2005-08-18	2017-11-22 15:47:32	2023-12-08 15:00:32	5.0 kB	1.9 MB	52.217.197.32
uca206627e56e95da7200f56b19f.dl.dropboxusercontent.com	unknown	unknown	No data	No data	640 B	214 kB	162.125.71.15
tap.tetherinvestor.com	unknown	2020-04-06	2022-09-30 07:01:57	2023-03-06 13:32:51	1.2 kB	36 kB	188.114.96.1
subscriberwelcome.com	unknown	2022-11-16	2022-11-16 14:05:54	2023-12-09 09:11:25	4.9 kB	3.0 MB	104.21.66.20
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-09 10:52:39	450 B	97 kB	142.250.74.10
verifiedwebpage.com	unknown	2022-03-23	2022-03-23 19:03:14	2023-12-09 05:16:04	623 B	32 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-10 03:03:12	high	162.125.71.18	Client IP	ET POLICY Dropbox.com Offsite File Backup in Use
2023-12-10 03:03:13	low	162.125.71.15	Client IP	ET INFO DropBox User Content Download Access over SSL M2

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 142.250.74.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:18 Times Seen25105 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	subscriberwelcome.com/jquery.mobilePhoneNumber.js	ScriptElement	26 kB	2023-05-08	2024-08-21
Pretty URL subscriberwelcome.com/jquery.mobilePhoneNumber.js IP 172.67.155.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 07:32 Times Seen504 Hash 0dbbb5873b895ea3be425af219cf85de 7b9dba563376d7dbd1c5b9b7064ab87eadad5591 02cbbdeb2244fd2855c49ab964c15001bde126c21cc5890d176c537878d6152b Loading...

	subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6	ScriptElement	152 B	2023-03-12	2024-08-21
Pretty URL subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 IP 104.21.66.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:39 Last Seen2024-08-21 06:57 Times Seen43 Hash 6ef009f777d8be8b8d8cf450c8233ba6 f8a6126546f3eb01021bd468b339e4ef41a01a3f 57727e625d84664c848b10554f6ae717e66845605ce4ee21e1ba6dd5034e6c33 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js	ScriptElement	60 kB	2023-03-08	2025-04-29
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:35 Last Seen2025-04-29 17:26 Times Seen795 Hash c5236e5d6a5d0ff97ff8c8e5102c6c03 6fbfdbddbe85c578de559adcc8d07cccbc16d514 87538c4b7e488f5a49d12f98d6a04afc61d00f26a790f319569799acd434eb65 Loading...

	subscriberwelcome.com/jquery.caret.js	ScriptElement	2.4 kB	2023-05-08	2024-08-21
Pretty URL subscriberwelcome.com/jquery.caret.js IP 104.21.66.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen502 Hash 35c3ec8db4ff6e862db42516436216a1 7d9d7731403868cc34edaad1d9e17311541a6f77 adef482d97f599ba0e720ecf2aba0581ea1591ba1bb1eb271f1d98b279ff81ba Loading...

	subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6	ScriptElement	194 B	2023-05-08	2024-08-21
Pretty URL subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 IP 104.21.66.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen501 Hash d7ae17d684ddcfa308369e402855826d d6da811e60cab233619e114e823ab9db7242bd5d e42a64d5a754498cd56f9079fd8e341c480ea2a15a6060e00924814586f8c44f Loading...

	subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6	ScriptElement	641 B	2023-05-08	2024-08-21
Pretty URL subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 IP 104.21.66.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen501 Hash c2855664f7a14ee99090a0366d9d1e03 35ba8e0f5b5181a8df832c0e12774a761d465dda bf66df111d26d4ef5b3e5df0f4df141fe5d7632260cb83308bfed72caf323af0 Loading...

	subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6	ScriptElement	1.3 kB	2024-08-20	2024-08-20
Pretty URL subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 IP 104.21.66.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:13 Last Seen2024-08-20 16:13 Times Seen1 Hash fa4c24d56725e9791aded0c3be3051a0 283b1948baf76f390c96183c1fb61f903cd7b21d 533f2cbca517eaa8cd11b6944222b7986288ffa7d813f702d5e0655cd5f944f6 Loading...

	www.googletagmanager.com/gtag/js?id=G-KRLHQG30NJ	ScriptElement	280 kB	2023-12-10	2023-12-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-KRLHQG30NJ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 04:03 Last Seen2023-12-10 04:03 Times Seen1 Hash 33e56afb240694f3f62ec62d4a62f39d 4ee42851ed98ff2520f12d0d2a9629c090313e14 26563071f21d8e1992307d79639773f51d5ab062949fc888d1f8608eceead8d9 Loading...

HTTP Transactions (31)

	URL	IP	Response	Size
	tap.tetherinvestor.com/	188.114.96.1		0 B
URL tap.tetherinvestor.com/ IP 188.114.96.1:0 ASN #13335 CLOUDFLARENET File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET / HTTP/1.1 Host: tap.tetherinvestor.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 301 Moved Permanently Date: Sun, 10 Dec 2023 03:03:02 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Sun, 10 Dec 2023 04:03:02 GMT Location: https://tap.tetherinvestor.com/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D6NBd8bJycqSZxL%2BH69RVRNHtJjobuLsKL9Fl8nhdFdHfXkHhA4mUSk5gbHivN%2F2v1R2spjXIDrZU5sW%2FYOhmSc9ywu0lIf%2FYv4RGNHMrksXR5Q7J%2BTBuh6i%2FPD%2BEXaLZCFipxvkzBZU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 833240a1afe456be-OSL alt-svc: h2=":443"; ma=60

	subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6	104.21.66.20	200 OK	7.3 kB
URL User Request GET HTTP/1.1 subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 IP 104.21.66.20:80 ASN #13335 CLOUDFLARENET File type HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document text - exported SGML document, Unicode text, UTF-8 text, with very long lines (393) Size 7.3 kB (7307 bytes) Hash 9626cee73b53099644eb6a924d484d3e 334b3561285a9394ffa3dbc650616cc58b34af75 3e57a65d4d83e7a1f539acbdef40f6e27065c21a3fa9b57a265cdff2732a2fd2 HTTP Headers GET /?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Date: Sun, 10 Dec 2023 03:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5QnZUb3lfhHc%2FfFiG74fceSIO75Jvc%2BzVFNKiJ33HGBF0bOf51m7%2BX0wX%2FGP7%2F94zVoLkjEmCszGjFhXszC%2FeGsrn3kfkKNDBxaER4BGvzRgwiOr2ux9UAc4SIEVgcpjSq9cpTs1to%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 833240a5190e56be-OSL Content-Encoding: gzip alt-svc: h2=":443"; ma=60

	subscriberwelcome.com/jquery.caret.js	104.21.66.20	200 OK	716 B
URL GET HTTP/1.1 subscriberwelcome.com/jquery.caret.js IP 104.21.66.20:80 ASN #13335 CLOUDFLARENET Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 File type ASCII text, with CRLF line terminators Size 716 B (716 bytes) Hash 35c3ec8db4ff6e862db42516436216a1 7d9d7731403868cc34edaad1d9e17311541a6f77 adef482d97f599ba0e720ecf2aba0581ea1591ba1bb1eb271f1d98b279ff81ba HTTP Headers `GET /jquery.caret.js HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Date: Sun, 10 Dec 2023 03:03:04 GMT Content-Type: application/javascript Content-Length: 716 Connection: keep-alive Last-Modified: Tue, 21 Feb 2023 09:39:45 GMT Cache-Control: max-age=2592000 Expires: Fri, 29 Dec 2023 11:32:24 GMT Vary: Accept-Encoding,User-Agent Content-Encoding: gzip CF-Cache-Status: HIT Age: 919840 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HEVivusHbmtHHFwLCsHmqBoasgswcV7CTdzHbelDXcJyg2F%2FHFjdAAkg8xzvieGlrBPMznhcFLRJgQQWv%2B2eyzROpEKdidWkLlsfZJTxYXZ%2FDLk8eSbgrN8d4sFAh0JbmgNd0N%2Bid3s%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 833240af9cd856be-OSL alt-svc: h2=":443"; ma=60

	subscriberwelcome.com/jquery.mobilePhoneNumber.js	172.67.155.79	200 OK	4.4 kB
URL GET HTTP/1.1 subscriberwelcome.com/jquery.mobilePhoneNumber.js IP 172.67.155.79:80 ASN #13335 CLOUDFLARENET Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 File type ASCII text Size 4.4 kB (4430 bytes) Hash 0dbbb5873b895ea3be425af219cf85de 7b9dba563376d7dbd1c5b9b7064ab87eadad5591 02cbbdeb2244fd2855c49ab964c15001bde126c21cc5890d176c537878d6152b HTTP Headers GET /jquery.mobilePhoneNumber.js HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Date: Sun, 10 Dec 2023 03:03:04 GMT Content-Type: application/javascript Content-Length: 4430 Connection: keep-alive Last-Modified: Tue, 21 Feb 2023 09:39:45 GMT Cache-Control: max-age=2592000 Expires: Fri, 29 Dec 2023 11:32:24 GMT Vary: Accept-Encoding,User-Agent Content-Encoding: gzip CF-Cache-Status: HIT Age: 919839 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XdgF%2F7LbrBDavI8ltFDuDvWExtW4sMGL3iyk7yIGRSzJRqZFfa%2F%2FNpkSTytPGMuKLW2%2BxGVAgnm9bQ8jT6l97s5BVGZ6Wj43AxG%2FOC9Pdpn60dF3MV7MkJDipMYWMuV51sPBvBKoj3w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 833240af9a1c7127-OSL alt-svc: h2=":443"; ma=60

	subscriberwelcome.com/uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg	104.21.66.20	200 OK	144 kB
URL GET HTTP/2 subscriberwelcome.com/uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg IP 104.21.66.20:443 ASN #13335 CLOUDFLARENET Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGoogle Trust Services LLC Subjectsubscriberwelcome.com FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12 ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 966x1449, components 3 - data Size 144 kB (144253 bytes) Hash e7eb0da863b2d3ead5846cdc3263a233 138225ea3d8ff08f07b046b858bf46bf2bba2e96 ff19a64983ac2748d6b8361212f1fc41814e1acd0d157ee9c736bbd2a4a03180 HTTP Headers GET /uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Sun, 10 Dec 2023 03:03:04 GMT content-type: image/jpeg content-length: 144253 last-modified: Mon, 20 Feb 2023 15:41:11 GMT cache-control: max-age=2592000 expires: Sun, 07 Jan 2024 11:41:54 GMT cf-cache-status: HIT age: 141670 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dJh9GjdC2zAEgf6AqXefwftRFT7X%2BuqjN9i3ofPXYN0t1J4%2FkdhVdJz8gjFosQJhwdasBJfMa8eUGcW1NUOOK6eIW3XXhkmNk5hlgoyESPRPDGlifnPpii5zx9992c1vNktml9co68%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 833240afeb101c02-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	subscriberwelcome.com/uploads/0.204734001673521892LifeAfterUkraine.jpeg	104.21.66.20	200 OK	400 kB
URL GET HTTP/2 subscriberwelcome.com/uploads/0.204734001673521892LifeAfterUkraine.jpeg IP 104.21.66.20:443 ASN #13335 CLOUDFLARENET Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGoogle Trust Services LLC Subjectsubscriberwelcome.com FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12 ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2550x3300, components 3 - data Size 400 kB (400505 bytes) Hash b9a9621a927a5b9a9c71fdbb53bf8991 9c4cc398edb33da6a79e62701867cbf7fed4056d d0342e1b39e1c9b80bfb574b18e0a5d9f9cf00e00ca7cf3b2ce1ded70f3bb9ab HTTP Headers GET /uploads/0.204734001673521892LifeAfterUkraine.jpeg HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Sun, 10 Dec 2023 03:03:04 GMT content-type: image/jpeg content-length: 400505 last-modified: Thu, 12 Jan 2023 11:11:32 GMT cache-control: max-age=2592000 expires: Tue, 26 Dec 2023 04:19:52 GMT cf-cache-status: HIT age: 1204991 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYJD3xugUt7eFt6zxgekqy6u9XUEhxxNurEhGGLsKh6UAbk9SX1LRh0v%2BvnIvqC3xwnmbPiEn2gmmJInA7M7iTOfNfs6L9YJZ9Lc0wLk8fUzWNVjYySoCjT%2FptvDjVmm8gXAbmx5SZ4%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 833240afeb0d1c02-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css	151.101.65.229	200 OK	30 kB
URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css IP 151.101.65.229:443 ASN #54113 FASTLY Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT File type Unicode text, UTF-8 text, with very long lines (65305) Size 30 kB (30336 bytes) Hash 025df1ec88740cad5ff14bb3380da6dd 7abed070e37ce060c0a561575f1d41a7f248fc74 2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a HTTP Headers `GET /npm/bootstrap@5.2.2/dist/css/bootstrap.min.css HTTP/1.1 Host: cdn.jsdelivr.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: http://subscriberwelcome.com DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: * timing-allow-origin: * cache-control: public, max-age=31536000, s-maxage=31536000, immutable cross-origin-resource-policy: cross-origin x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload content-type: text/css; charset=utf-8 x-jsd-version: 5.2.2 x-jsd-version-type: version etag: W/"2f955-er7QcON84GDApWFXXx1Bp/JI/HQ" content-encoding: br accept-ranges: bytes date: Sun, 10 Dec 2023 03:03:04 GMT age: 23292198 x-served-by: cache-fra-eddf8230072-FRA, cache-bma1665-BMA x-cache: HIT, HIT vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 30336 X-Firefox-Spdy: h2

	tap.tetherinvestor.com/	188.114.96.1		471 B
URL tap.tetherinvestor.com/ IP 188.114.96.1:0 ASN #13335 CLOUDFLARENET File type data Size 471 B (471 bytes) Hash 850dd4609c88cb52d7c98aedb0272f47 8265722cc56b988adfd902544cab000ef00ed8b2 cfaa5399b4f49beaf8864949a518cb37a2467b9925ddb70c43eff3ed8a312b7e HTTP Headers `GET / HTTP/1.1 Host: tap.tetherinvestor.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found date: Sun, 10 Dec 2023 03:03:03 GMT content-type: text/html; charset=UTF-8 location: index.html cache-control: max-age=600 expires: Sun, 10 Dec 2023 03:13:02 GMT vary: User-Agent cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NfNyd%2BgClKbTbMHJ4e59vzrclm8xA8uGlRW%2FXX0tpzbZtTNY5uB5rUCUzzWxNkrcg4S4YlnOcashjU0oH6gei7g4Ti3XwNSgXwtRFOu7QuCQ8yF7hFnc1tviGazBxJ%2FqXXlFD%2FCREltJ"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 833240a1ec745693-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js	151.101.65.229	200 OK	17 kB
URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js IP 151.101.65.229:443 ASN #54113 FASTLY Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT File type ASCII text, with very long lines (60201) Size 17 kB (17366 bytes) Hash c5236e5d6a5d0ff97ff8c8e5102c6c03 6fbfdbddbe85c578de559adcc8d07cccbc16d514 87538c4b7e488f5a49d12f98d6a04afc61d00f26a790f319569799acd434eb65 HTTP Headers `GET /npm/bootstrap@5.2.2/dist/js/bootstrap.min.js HTTP/1.1 Host: cdn.jsdelivr.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: http://subscriberwelcome.com DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: * timing-allow-origin: * cache-control: public, max-age=31536000, s-maxage=31536000, immutable cross-origin-resource-policy: cross-origin x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload content-type: application/javascript; charset=utf-8 x-jsd-version: 5.2.2 x-jsd-version-type: version etag: W/"ec40-b7/b3b6FxXjeVZrcyNB8zLwW1RQ" content-encoding: br accept-ranges: bytes date: Sun, 10 Dec 2023 03:03:04 GMT age: 8890711 x-served-by: cache-fra-etou8220032-FRA, cache-bma1665-BMA x-cache: HIT, HIT vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 17366 X-Firefox-Spdy: h2

	subscriberwelcome.com/uploads/0.1663680016738854302D2(1).jpg	104.21.66.20	200 OK	1.1 MB
URL GET HTTP/2 subscriberwelcome.com/uploads/0.1663680016738854302D2(1).jpg IP 104.21.66.20:443 ASN #13335 CLOUDFLARENET Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGoogle Trust Services LLC Subjectsubscriberwelcome.com FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12 ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.0 (Windows), datetime=2023:01:10 16:36:41], baseline, precision 8, 1800x2700, components 3 - data Size 1.1 MB (1114284 bytes) Hash b02e84cdcd5a3e55ded5e64dfd307124 bfaad4b8b4b1b1fafffeda314b8868c94e7280c8 d67985993c18e2a7b22a4193c0613a65096b3376d64539feb646739798d2cf5c HTTP Headers GET /uploads/0.1663680016738854302D2(1).jpg HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Sun, 10 Dec 2023 03:03:04 GMT content-type: image/jpeg content-length: 1114284 last-modified: Mon, 16 Jan 2023 16:10:30 GMT cache-control: max-age=2592000 expires: Sun, 31 Dec 2023 20:39:28 GMT cf-cache-status: HIT age: 714216 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2BTnBkkGLNZizzRN%2BI0hxdZ5DKs3BqxoZpGb1gvqT%2FixZGEFuqSxYYipgbb4%2FqnhO7V91mjBMccy9BurU%2F48gDYt3jwAKnhyA7o%2F2SM%2FI0wl%2FPfQxqStSAKB8DteKeiC%2BWSWLT2%2BOvo%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 833240afeb0e1c02-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	subscriberwelcome.com/uploads/0.1721950016738853872D1(1).jpg	104.21.66.20	200 OK	1.3 MB
URL GET HTTP/2 subscriberwelcome.com/uploads/0.1721950016738853872D1(1).jpg IP 104.21.66.20:443 ASN #13335 CLOUDFLARENET Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGoogle Trust Services LLC Subjectsubscriberwelcome.com FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12 ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.0 (Windows), datetime=2023:01:07 00:05:06 DIY-Thermocam raw data - (Lepton 2.x), scale 10000-0, spot sensor temperature 0.000000, unit fahrenheit, color scheme 0, calibration: offset 0.000000, slope 795520.062500], baseline, precision 8, 1800x2700, components 3 - data Size 1.3 MB (1288007 bytes) Hash 91e68c3d20f4e55b01fdbaa834b4e4e6 e54e4ea7f042d2124aa1be976a6fe9d708bb4f9f 3cab775e25b68c23b905d547373476f046b0101e7cfdbd6f016e302f5a429988 HTTP Headers GET /uploads/0.1721950016738853872D1(1).jpg HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Sun, 10 Dec 2023 03:03:04 GMT content-type: image/jpeg content-length: 1288007 last-modified: Mon, 16 Jan 2023 16:09:47 GMT cache-control: max-age=2592000 expires: Sun, 07 Jan 2024 11:41:54 GMT cf-cache-status: HIT age: 141670 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoVlIOJp%2F9HY3SwqhoVuisM8Obi12RbOIuZgRRYR8xWY7dcBd4cvOGWm39HfR%2F4u6polhxeiylBYfrJl0QOjv2q4vB0jOtYs91AElA29WTRp4XVJwVO9CgCZcxfAyh8uUvAE6pKd%2FVI%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 833240afeb0f1c02-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	tap.tetherinvestor.com/pscheatsheet-confirm/58c5343ae950aa348011440a09a84b5a/48/24587/1993110305/132492/EBOOKProduct/71004	188.114.96.1	302 Found	33 kB
URL User Request GET HTTP/2 tap.tetherinvestor.com/pscheatsheet-confirm/58c5343ae950aa348011440a09a84b5a/48/24587/1993110305/132492/EBOOKProduct/71004 IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:47:5C:B2:2F:4A:F9:27:56:90:FF:14:32:5A:9B:B6:B4:4B:E8:26 ValiditySun, 19 Mar 2023 00:00:00 GMT - Mon, 18 Mar 2024 23:59:59 GMT File type gzip compressed data, max compression - data Size 33 kB (33434 bytes) Hash 430e927c980ad4079de727fa59dd93f2 891aaada9a55a91292999f6d50fd300439905982 e8728df8617340bd8c10bc8d27d3a725a48871a269c850e8598689938ec6e2ed HTTP Headers GET /pscheatsheet-confirm/58c5343ae950aa348011440a09a84b5a/48/24587/1993110305/132492/EBOOKProduct/71004 HTTP/1.1 Host: tap.tetherinvestor.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Sun, 10 Dec 2023 03:03:00 GMT content-type: text/html; charset=UTF-8 location: https://verifiedwebpage.com/go?ehash=58c5343ae950aa348011440a09a84b5a&product=24587&ar=48&cid=1993110305&lid=132492&slhash=EBOOKProduct&redirect_id=24587&bid=[s10] cache-control: max-age=600 expires: Sun, 10 Dec 2023 03:12:59 GMT vary: User-Agent cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JOxM3Ekx0f5egoBJmtvH2GiUjQRLkc0bxnkzGKR8BPOtxGaN4z%2BZCn6XpIUDrxrRNJLzOjUgn6zaFgPt62UdidWQqgIjxD2j8ubvPfKfJR8wfW8ZIPxUDNcOvfaIdYdPAKSaKSGLP%2Fj%2B"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8332408f19ba56a4-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=G-KRLHQG30NJ	142.250.74.168	200 OK	93 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-KRLHQG30NJ IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com FingerprintC1:58:7C:BF:5A:61:79:08:CB:C2:00:63:60:07:86:BD:EA:0A:45:8A ValidityMon, 20 Nov 2023 08:02:50 GMT - Mon, 12 Feb 2024 08:02:49 GMT File type ASCII text, with very long lines (5955) Size 93 kB (93094 bytes) Hash 33e56afb240694f3f62ec62d4a62f39d 4ee42851ed98ff2520f12d0d2a9629c090313e14 26563071f21d8e1992307d79639773f51d5ab062949fc888d1f8608eceead8d9 HTTP Headers `GET /gtag/js?id=G-KRLHQG30NJ HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Sun, 10 Dec 2023 03:03:05 GMT expires: Sun, 10 Dec 2023 03:03:05 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 93094 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.googleapis.com/css?family=Roboto	142.250.74.106	200 OK	1.0 kB
URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto IP 142.250.74.106:443 ASN #15169 GOOGLE Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT File type gzip compressed data, max compression - data Size 1.0 kB (1014 bytes) Hash a18723025b587d5c63aad9440238f443 47ae123e271e02e813c521de9f917f0c9daa99b5 ab0c1218735920526b51316b05b4088ca994dae8b2c416fd4b42ec39dc5fbf68 HTTP Headers `GET /css?family=Roboto HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Sun, 10 Dec 2023 03:03:05 GMT date: Sun, 10 Dec 2023 03:03:05 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2	216.58.207.227	200 OK	16 kB
URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1 ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0 - data Size 16 kB (15744 bytes) Hash 15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 HTTP Headers GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: http://subscriberwelcome.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 15744 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 07 Dec 2023 04:57:34 GMT expires: Fri, 06 Dec 2024 04:57:34 GMT cache-control: public, max-age=31536000 age: 252331 last-modified: Wed, 11 May 2022 19:24:48 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	s3.us-east-1.amazonaws.com/autonewsuploads/Flexafen0923.jpg24105fea5d2cbc4f99663ebf8efb1965169771410322b1d7795f57a8bff650154b90857b9c	52.217.197.32	200 OK	120 kB
URL GET HTTP/1.1 s3.us-east-1.amazonaws.com/autonewsuploads/Flexafen0923.jpg24105fea5d2cbc4f99663ebf8efb1965169771410322b1d7795f57a8bff650154b90857b9c IP 52.217.197.32:443 ASN #16509 AMAZON-02 Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1024x683, components 3 - data Size 120 kB (120079 bytes) Hash 147bcbb296c532e91d8ba5f5fa0776bc e1d6b7e5283813469e76d4f006e356d46380c231 0cf3b94b4135f6ed622b0a35696018ce664ef0edb7cfde8925b59bf30ebcaef0 HTTP Headers GET /autonewsuploads/Flexafen0923.jpg24105fea5d2cbc4f99663ebf8efb1965169771410322b1d7795f57a8bff650154b90857b9c HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: HaNBpYlzOQlJZMPhHXmT0ctY5PFYJNJwdbl9KMbw8o33SoBMF8QWxHb+EFKfDgdQfiRmaeWxr/A= x-amz-request-id: V50VG46BW1E8D7AW Date: Sun, 10 Dec 2023 03:03:06 GMT Last-Modified: Thu, 19 Oct 2023 11:15:02 GMT ETag: "147bcbb296c532e91d8ba5f5fa0776bc" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 120079`

	s3.us-east-1.amazonaws.com/autonewsuploads/BioComplete11231.jpg6471c195d79d29068773ef1f45f2a6e81701260831af28d1f510bac22d9ce0ee94a2d460db	52.217.197.32	200 OK	31 kB
URL GET HTTP/1.1 s3.us-east-1.amazonaws.com/autonewsuploads/BioComplete11231.jpg6471c195d79d29068773ef1f45f2a6e81701260831af28d1f510bac22d9ce0ee94a2d460db IP 52.217.197.32:443 ASN #16509 AMAZON-02 Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 728x486, components 3 - data Size 31 kB (31148 bytes) Hash 7fb2f8f581663a0e573c66ad0597d0ba a7f1ab970ce626a582e2e278c679ffad6d54cfa6 4596be2b7dc04469d0037ba9877e7beade69f745b17c52d3b92196ad1495dc30 HTTP Headers GET /autonewsuploads/BioComplete11231.jpg6471c195d79d29068773ef1f45f2a6e81701260831af28d1f510bac22d9ce0ee94a2d460db HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: 3MKP/1vxhpw98fXx2XVvPyi1c+32ug9NMz/82ykaL49jHqFkaGsDIgQv7zravov2r2L0nyB01TU= x-amz-request-id: V50JMWKZVS43ZVQR Date: Sun, 10 Dec 2023 03:03:06 GMT Last-Modified: Wed, 29 Nov 2023 12:27:10 GMT ETag: "7fb2f8f581663a0e573c66ad0597d0ba" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 31148`

	s3.us-east-1.amazonaws.com/autonewsuploads/bankruptcy.jpgc8e87b4f2ea0fc73f0d7a52f1a18ed1416974589526a5c35805b876c95b2e3c9b1cf513b82	52.217.197.32	200 OK	285 kB
URL GET HTTP/1.1 s3.us-east-1.amazonaws.com/autonewsuploads/bankruptcy.jpgc8e87b4f2ea0fc73f0d7a52f1a18ed1416974589526a5c35805b876c95b2e3c9b1cf513b82 IP 52.217.197.32:443 ASN #16509 AMAZON-02 Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1500x1000, components 3 - data Size 285 kB (284877 bytes) Hash 5944e9b20057f0070780b18bd420af9c 16be65f84fc5117d9087502404fe9d621fc9b503 0d6502794542a7984a096d5209002fd6667e02f3223e15dd8d1ab39fd27408d5 HTTP Headers GET /autonewsuploads/bankruptcy.jpgc8e87b4f2ea0fc73f0d7a52f1a18ed1416974589526a5c35805b876c95b2e3c9b1cf513b82 HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: 6sdy6CEvSRFpxyabuJBs4jaslQAZhGwfWyj4dc5ZtuuyKu+aDNJYxfYU+0KghglHiipeuHMb8ck= x-amz-request-id: V50XKYRX75NQGPCN Date: Sun, 10 Dec 2023 03:03:06 GMT Last-Modified: Mon, 16 Oct 2023 12:22:34 GMT ETag: "5944e9b20057f0070780b18bd420af9c" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 284877`

	s3.us-east-1.amazonaws.com/autonewsuploads/6113249083_c4897d4d26_b.jpgedc47e0b215871c243eb5cd4c05f658e16971999207efe880183ffa7e938e512d5ae698154	52.217.197.32	200 OK	132 kB
URL GET HTTP/1.1 s3.us-east-1.amazonaws.com/autonewsuploads/6113249083_c4897d4d26_b.jpgedc47e0b215871c243eb5cd4c05f658e16971999207efe880183ffa7e938e512d5ae698154 IP 52.217.197.32:443 ASN #16509 AMAZON-02 Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type JPEG image data, baseline, precision 8, 1024x683, components 3 - data Size 132 kB (132289 bytes) Hash 5c7ee292cc6ee583183a747ee633a2c5 3501dc74290adba0f4bf1be172e9007414befcc7 0beb6a437780888b236b0b769449e5bb99d4afbacf17fe26539759932d33654f HTTP Headers GET /autonewsuploads/6113249083_c4897d4d26_b.jpgedc47e0b215871c243eb5cd4c05f658e16971999207efe880183ffa7e938e512d5ae698154 HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: YawDG1HruRZUG0m0FMgZrV4Lrez7UtDCDcdqbr+h4OO9jWMPPjXYBhyEE5r6kCuv2dGXDSaigEU= x-amz-request-id: V50X1FHA2XXBS05E Date: Sun, 10 Dec 2023 03:03:06 GMT Last-Modified: Fri, 13 Oct 2023 12:25:21 GMT ETag: "5c7ee292cc6ee583183a747ee633a2c5" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 132289`

	s3.us-east-1.amazonaws.com/autonewsuploads/48840943791_d5e5b61c77_b.jpg1297b512d8662dfc3d25bd3ed04913e4170126007173095a81318d6711280b20d78087dea6	52.217.197.32	200 OK	238 kB
URL GET HTTP/1.1 s3.us-east-1.amazonaws.com/autonewsuploads/48840943791_d5e5b61c77_b.jpg1297b512d8662dfc3d25bd3ed04913e4170126007173095a81318d6711280b20d78087dea6 IP 52.217.197.32:443 ASN #16509 AMAZON-02 Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1024x683, components 3 - data Size 238 kB (238484 bytes) Hash 7cd76f96de3fb0e688dbfdafb56a0f6b c4bad117d40060ed4283626d1f653d755e21d372 0972fe50db49f3f941e277442292331790f6ee7c1d4ba0c746d8914b3a6ffe42 HTTP Headers GET /autonewsuploads/48840943791_d5e5b61c77_b.jpg1297b512d8662dfc3d25bd3ed04913e4170126007173095a81318d6711280b20d78087dea6 HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: XdwyT8uNXX5MyBdMGtEddLQODQ8NO/TcTchH32pemC58AT0ukYJLzOHKzVTt5iBbQZ8cTz5lhYY= x-amz-request-id: V50HS37YEGD5MABR Date: Sun, 10 Dec 2023 03:03:06 GMT Last-Modified: Wed, 29 Nov 2023 12:14:29 GMT ETag: "7cd76f96de3fb0e688dbfdafb56a0f6b" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 238484`

	s3.us-east-1.amazonaws.com/autonewsuploads/pexels-nicol%C3%A1s-langellotti-16093858.jpgaa5bdb65b789d3388e3471c09d0783d21696936803944791abbaa6acdbba8c51086aa6966a	52.217.197.32	200 OK	405 kB
URL GET HTTP/1.1 s3.us-east-1.amazonaws.com/autonewsuploads/pexels-nicol%C3%A1s-langellotti-16093858.jpgaa5bdb65b789d3388e3471c09d0783d21696936803944791abbaa6acdbba8c51086aa6966a IP 52.217.197.32:443 ASN #16509 AMAZON-02 Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 3872x2581, components 3 - data Size 405 kB (405284 bytes) Hash aad4b5008027fe26042995aaaf5497f7 fed8e901465ee5ce1135920c6c989dcb23dc481b 980dde509a198907da1cf8aea935ce8e3a9a0a4bf387e8eacddb48e5c75835a5 HTTP Headers GET /autonewsuploads/pexels-nicol%C3%A1s-langellotti-16093858.jpgaa5bdb65b789d3388e3471c09d0783d21696936803944791abbaa6acdbba8c51086aa6966a HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: IlSPqrfacVk3yHLNaHfGhReIFgC97jzAxuXJaqjOjKL2KhMIVCUUMumDML1ODcztLrFGTsqA+VA= x-amz-request-id: V50J0T6J999SRDJN Date: Sun, 10 Dec 2023 03:03:06 GMT Last-Modified: Tue, 10 Oct 2023 11:20:02 GMT ETag: "aad4b5008027fe26042995aaaf5497f7" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 405284`

	s3.us-east-1.amazonaws.com/autonewsuploads/AICrownJ10234.jpg7a7c5a477f1c4286e2ebc94e4d86a3dd1698405877cd294a7de345f602744d31355844abcd	52.217.197.32	200 OK	154 kB
URL GET HTTP/1.1 s3.us-east-1.amazonaws.com/autonewsuploads/AICrownJ10234.jpg7a7c5a477f1c4286e2ebc94e4d86a3dd1698405877cd294a7de345f602744d31355844abcd IP 52.217.197.32:443 ASN #16509 AMAZON-02 Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type JPEG image data, baseline, precision 8, 1024x819, components 3 - data Size 154 kB (153947 bytes) Hash f740f3150b868edfdb685a5552b4bcb4 adc8fc7c10199e486e5b5dbc3d8bf6d1ab9e1ec1 1808f503d5b9374463e1522f4dd53a6a430e4b2d279de467b1e5a16ea6632602 HTTP Headers GET /autonewsuploads/AICrownJ10234.jpg7a7c5a477f1c4286e2ebc94e4d86a3dd1698405877cd294a7de345f602744d31355844abcd HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: IvrkBkNXZap/dkSDgTNecUyndO6tSSWqHVSjjk6yJY59eJ0mNeKFx0QMfNkWkJ9o7r9soEg8mHY= x-amz-request-id: B3Y5KG1YX89NH1D1 Date: Sun, 10 Dec 2023 03:03:07 GMT Last-Modified: Fri, 27 Oct 2023 11:24:36 GMT ETag: "f740f3150b868edfdb685a5552b4bcb4" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 153947`

	s3.us-east-1.amazonaws.com/autonewsuploads/ww3.jpge4c83d88b5e74a8e76b4d4ae718f478d1695206490ebbfb40550876982952b0c06f268bc4b	52.217.197.32	200 OK	331 kB
URL GET HTTP/1.1 s3.us-east-1.amazonaws.com/autonewsuploads/ww3.jpge4c83d88b5e74a8e76b4d4ae718f478d1695206490ebbfb40550876982952b0c06f268bc4b IP 52.217.197.32:443 ASN #16509 AMAZON-02 Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=2, GPS-Data], baseline, precision 8, 1024x640, components 3 - data Size 331 kB (330989 bytes) Hash adbc986182b51982e79a948e0a616dd3 051fc3ad2b23a2ca3c261e10592b73eca33b6617 4ce607c0663adc4219a456c271b63de083aba641a8afd10599510d0f9c0d71bc HTTP Headers GET /autonewsuploads/ww3.jpge4c83d88b5e74a8e76b4d4ae718f478d1695206490ebbfb40550876982952b0c06f268bc4b HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: pbZ7hYldxwT3RiClPUeEuwdVpDwooA0MBXnsMbKUgB9pMsHc191+caJfwA6GSJxRlAYZOWkNmVc= x-amz-request-id: V50QK6ZVPBXMV77K Date: Sun, 10 Dec 2023 03:03:06 GMT Last-Modified: Wed, 20 Sep 2023 10:41:31 GMT ETag: "adbc986182b51982e79a948e0a616dd3" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 330989`

	subscriberwelcome.com/favicon.ico	172.67.155.79	404 Not Found	238 B
URL GET HTTP/1.1 subscriberwelcome.com/favicon.ico IP 172.67.155.79:80 ASN #13335 CLOUDFLARENET Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 File type HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text Size 238 B (238 bytes) Hash a34ac19f4afae63adc5d2f7bc970c07f a82190fc530c265aa40a045c21770d967f4767b8 d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 HTTP Headers GET /favicon.ico HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde; _ga_KRLHQG30NJ=GS1.1.1702177392.1.0.1702177392.0.0.0; _ga=GA1.1.857492206.1702177393 Pragma: no-cache Cache-Control: no-cache HTTP/1.1 404 Not Found Date: Sun, 10 Dec 2023 03:03:06 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cEH3hWOcONmEXCWnyOeGMfhzT%2BtTat9eEtLNvvzGWlgEJkCGjIo4G6BSuxICuL6rkmdZAjIrCD0LMz2m%2BXYA5WnOyQWJ9fhBH4qdjzQcOReunhgRU9s9yJCrbKxcbmNjwaAO6SUHpeo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 833240b9edc97127-OSL Content-Encoding: gzip alt-svc: h2=":443"; ma=60

	s3.us-east-1.amazonaws.com/autonewsuploads/MWLDark11231.png05e169c244ee73c9146485c1094a75c41701177138d8e903bca5ca5023879538c4f672ec1a	52.217.197.32		231 kB
URL s3.us-east-1.amazonaws.com/autonewsuploads/MWLDark11231.png05e169c244ee73c9146485c1094a75c41701177138d8e903bca5ca5023879538c4f672ec1a IP 52.217.197.32:0 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subjects3.amazonaws.com FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT File type PNG image data, 1782 x 531, 8-bit/color RGB, non-interlaced - data Size 231 kB (230697 bytes) Hash ffcc0938460c10b288e32060977a8eb2 2717fa86974c516b46f54ec978473ea78ff66179 6414a8bcdf55e29557d06a716e8b54797735bc415e781d457d6b146eabccbe03 HTTP Headers GET /autonewsuploads/MWLDark11231.png05e169c244ee73c9146485c1094a75c41701177138d8e903bca5ca5023879538c4f672ec1a HTTP/1.1 Host: s3.us-east-1.amazonaws.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK x-amz-id-2: l6YcJlIeQEEmARIkZ5v3gO4Og9XGBIsz6jOXmtlzrP8aR8hiXxHnXppJ8JlrS5II5K//PnADqOc= x-amz-request-id: V50GRE2YMVM6RNEN Date: Sun, 10 Dec 2023 03:03:06 GMT Last-Modified: Tue, 28 Nov 2023 13:12:20 GMT ETag: "ffcc0938460c10b288e32060977a8eb2" x-amz-storage-class: REDUCED_REDUNDANCY x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: application/octet-stream Server: AmazonS3 Content-Length: 230697`

	www.dropbox.com/s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg	162.125.71.18	302 Found	213 kB
URL GET HTTP/2 www.dropbox.com/s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg IP 162.125.71.18:443 ASN #19679 DROPBOX Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerDigiCert Inc Subject.dropbox.com Fingerprint17:55:A3:E8:7A:9A:D8:FF:86:5A:8E:81:2C:30:73:6B:8A:88:10:43 ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT File type gzip compressed data, from Unix - data Size 213 kB (213088 bytes) Hash b536d5c1502bb6d35f18af68372e3b0e 7e44a68f35b30af280e48c4f6ced8d099d30625d ecdf0ada549f4fb0e9971cbca08f0b077485646595328b8f86194e0b51007c04 HTTP Headers GET /s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg HTTP/1.1 Host: www.dropbox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://subscriberwelcome.com/ DNT: 1 Connection: keep-alive Cookie: gvc=ODcxNzAyMTIzMDM2MTI3ODY0MDU4NTEyNjY0MDM3MjM1NjA3MDg=; t=CjFXIvdfKog-FM2nbID9UBLg; __Host-js_csrf=CjFXIvdfKog-FM2nbID9UBLg Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 302 Found content-security-policy: sandbox location: https://uca206627e56e95da7200f56b19f.dl.dropboxusercontent.com/cd/0/get/CJGFw3rP_DbwjDFKxtHpKBXr0Q88jVL1tCE-cHhO_FUhBcLwJ7tqv30KZ7UgOj11RvrnwA04tJsntMbowUCMw19hkJhfeDY4ZywH4jEzvbFpreh4gLRvVAmGeE0qozQDKZeDdf5uGmuf3Ob2Gb0wrqzF/file?dl=1# referrer-policy: strict-origin-when-cross-origin set-cookie: t=CjFXIvdfKog-FM2nbID9UBLg; Domain=dropbox.com; expires=Wed, 09 Dec 2026 03:03:06 GMT; HttpOnly; Path=/; SameSite=None; Secure __Host-js_csrf=CjFXIvdfKog-FM2nbID9UBLg; expires=Wed, 09 Dec 2026 03:03:06 GMT; Path=/; SameSite=None; Secure __Host-ss=GEyvlQ2fEw; expires=Wed, 09 Dec 2026 03:03:06 GMT; HttpOnly; Path=/; SameSite=Strict; Secure __Host-logged-out-session=ChDnHp7JsKbCYwyk11e6DMmfEOnU1KsGGi5BSWI5Z1dxVWphTzdsNFZFc1JuNU5mVEg1SnZ3SGtlUmVGSlRvWl9PY216YWd3; HttpOnly; Path=/; SameSite=None; Secure locale=en; Domain=dropbox.com; expires=Fri, 08 Dec 2028 03:03:06 GMT; Path=/; SameSite=None; Secure x-content-type-options: nosniff x-frame-options: DENY x-permitted-cross-domain-policies: none x-xss-protection: 1; mode=block content-type: text/html; charset=utf-8 date: Sun, 10 Dec 2023 03:03:06 GMT server: envoy strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store content-encoding: gzip vary: Accept-Encoding x-dropbox-response-origin: far_remote x-dropbox-request-id: cd6c1a11016e4495934ee6631533261b X-Firefox-Spdy: h2

	subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]	172.67.155.79	302 Found	30 kB
URL User Request GET HTTP/2 subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10] IP 172.67.155.79:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services LLC Subjectsubscriberwelcome.com FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12 ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT File type Size 30 kB (30437 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10] HTTP/1.1 Host: subscriberwelcome.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Sun, 10 Dec 2023 03:03:03 GMT content-type: text/html; charset=UTF-8 location: http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 access-control-allow-origin: * access-control-allow-methods: GET, POST access-control-allow-headers: X-Requested-With expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: PHPSESSID=aa2f659fa1aeda27764b6513d5799bde; path=/ vary: Accept-Encoding,User-Agent cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aJXRlHFF9weoypqQ1Qqm176yeTXLmiQZU32jsvtg7WNW1wIaTXJcbzAo9kq9Z1ECJoP039RQDnISZIpxzCKs%2Fp%2FLiWmpaqlInKgyb%2BWKEBqo6QRW4RG%2B0tVvm2en1Z97nby5EnjGjKA%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8332409d08b3569c-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	uca206627e56e95da7200f56b19f.dl.dropboxusercontent.com/cd/0/get/CJGFw3rP_DbwjDFKxtHpKBXr0Q88jVL1tCE-cHhO_FUhBcLwJ7tqv30KZ7UgOj11RvrnwA04tJsntMbowUCMw19hkJhfeDY4ZywH4jEzvbFpreh4gLRvVAmGeE0qozQDKZeDdf5uGmuf3Ob2Gb0wrqzF/file?dl=1	162.125.71.15	200 OK	213 kB
URL GET HTTP/2 uca206627e56e95da7200f56b19f.dl.dropboxusercontent.com/cd/0/get/CJGFw3rP_DbwjDFKxtHpKBXr0Q88jVL1tCE-cHhO_FUhBcLwJ7tqv30KZ7UgOj11RvrnwA04tJsntMbowUCMw19hkJhfeDY4ZywH4jEzvbFpreh4gLRvVAmGeE0qozQDKZeDdf5uGmuf3Ob2Gb0wrqzF/file?dl=1 IP 162.125.71.15:443 ASN #19679 DROPBOX Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerDigiCert Inc Subjectdl.dropbox.com FingerprintF7:BA:5F:D1:73:A5:04:E6:AC:52:C4:92:6F:20:23:8D:FD:B3:3F:D0 ValidityTue, 14 Feb 2023 00:00:00 GMT - Sat, 16 Mar 2024 23:59:59 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3 - data Size 213 kB (212787 bytes) Hash 670520755720fa053a763b3c20791e04 7dc82546a7444f1e3ed621b703024e560869fb67 eb16e6d2538f2306436b16cb9df8141305667c8c85bccea6be19ce148f1e23d0 HTTP Headers GET /cd/0/get/CJGFw3rP_DbwjDFKxtHpKBXr0Q88jVL1tCE-cHhO_FUhBcLwJ7tqv30KZ7UgOj11RvrnwA04tJsntMbowUCMw19hkJhfeDY4ZywH4jEzvbFpreh4gLRvVAmGeE0qozQDKZeDdf5uGmuf3Ob2Gb0wrqzF/file?dl=1 HTTP/1.1 Host: uca206627e56e95da7200f56b19f.dl.dropboxusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://subscriberwelcome.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes cache-control: max-age=60 content-disposition: attachment; filename="BidenBucks07#7.jpg"; filename*=UTF-8''BidenBucks07%237.jpg content-security-policy: sandbox etag: 1675266162900395d pragma: public referrer-policy: no-referrer vary: Origin x-content-security-policy: sandbox x-content-type-options: nosniff x-robots-tag: noindex, nofollow, noimageindex x-server-response-time: 145 x-webkit-csp: sandbox content-type: application/binary date: Sun, 10 Dec 2023 03:03:06 GMT server: envoy strict-transport-security: max-age=31536000; includeSubDomains; preload content-length: 212787 x-dropbox-response-origin: far_remote x-dropbox-request-id: 3c286d96d3b94a8b9ee08db5e65e72f9 X-Firefox-Spdy: h2

	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	142.250.74.10	200 OK	96 kB
URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 142.250.74.10:443 ASN #15169 GOOGLE Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT File type ASCII text, with very long lines (32086) Size 96 kB (95786 bytes) Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 HTTP Headers `GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1 Host: ajax.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers" report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} timing-allow-origin: * content-length: 33434 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Fri, 08 Dec 2023 14:46:38 GMT expires: Sat, 07 Dec 2024 14:46:38 GMT cache-control: public, max-age=31536000, stale-while-revalidate=2592000 last-modified: Tue, 03 Mar 2020 19:15:00 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding age: 130587 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.dropbox.com/s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1	162.125.71.18	302 Found	213 kB
URL GET HTTP/2 www.dropbox.com/s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1 IP 162.125.71.18:443 ASN #19679 DROPBOX Requested by http://subscriberwelcome.com/?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10]&ses_id=e96dc6fa08d0703f9ce1a9f3be9467a6 Certificate IssuerDigiCert Inc Subject.dropbox.com Fingerprint17:55:A3:E8:7A:9A:D8:FF:86:5A:8E:81:2C:30:73:6B:8A:88:10:43 ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT File type Size 213 kB (212787 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1 HTTP/1.1 Host: www.dropbox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://subscriberwelcome.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found content-type: text/html; charset=utf-8 location: /s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg pragma: no-cache referrer-policy: strict-origin-when-cross-origin set-cookie: gvc=ODcxNzAyMTIzMDM2MTI3ODY0MDU4NTEyNjY0MDM3MjM1NjA3MDg=; Path=/; Expires=Fri, 08 Dec 2028 03:03:05 GMT; HttpOnly; Secure; SameSite=None t=CjFXIvdfKog-FM2nbID9UBLg; Path=/; Domain=dropbox.com; Expires=Wed, 09 Dec 2026 03:03:05 GMT; HttpOnly; Secure; SameSite=None __Host-js_csrf=CjFXIvdfKog-FM2nbID9UBLg; Path=/; Expires=Wed, 09 Dec 2026 03:03:05 GMT; Secure; SameSite=None __Host-ss=GEyvlQ2fEw; Path=/; Expires=Wed, 09 Dec 2026 03:03:05 GMT; HttpOnly; Secure; SameSite=Strict locale=en; Path=/; Domain=dropbox.com; Expires=Fri, 08 Dec 2028 03:03:05 GMT x-content-type-options: nosniff x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow, noimageindex x-xss-protection: 1; mode=block date: Sun, 10 Dec 2023 03:03:05 GMT strict-transport-security: max-age=31536000; includeSubDomains server: envoy cache-control: no-cache, no-store content-encoding: gzip vary: Accept-Encoding x-dropbox-response-origin: far_remote x-dropbox-request-id: f153b8238d6d4ebfae1f5bc2ada78ea8 X-Firefox-Spdy: h2

	verifiedwebpage.com/go?ehash=58c5343ae950aa348011440a09a84b5a&product=24587&ar=48&cid=1993110305&lid=132492&slhash=EBOOKProduct&redirect_id=24587&bid=[s10]	188.114.96.1	302 Found	30 kB
URL User Request GET HTTP/2 verifiedwebpage.com/go?ehash=58c5343ae950aa348011440a09a84b5a&product=24587&ar=48&cid=1993110305&lid=132492&slhash=EBOOKProduct&redirect_id=24587&bid=[s10] IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services LLC Subjectverifiedwebpage.com Fingerprint0D:F8:EF:F4:23:CD:FB:7E:DE:C7:29:3C:B4:F7:A4:CE:6A:FB:89:AB ValiditySat, 14 Oct 2023 13:52:56 GMT - Fri, 12 Jan 2024 13:52:55 GMT File type Size 30 kB (30437 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /go?ehash=58c5343ae950aa348011440a09a84b5a&product=24587&ar=48&cid=1993110305&lid=132492&slhash=EBOOKProduct&redirect_id=24587&bid=[s10] HTTP/1.1 Host: verifiedwebpage.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Sun, 10 Dec 2023 03:03:01 GMT content-type: text/html; charset=UTF-8 location: https://subscriberwelcome.com?email=david.freitag@daumcommercial.com&redirect_id=24587&bid=[s10] expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: PHPSESSID=ee1d802078fab49051fa7635011ca1df; path=/ pixel_session_hash_24587=3415259331988477475; expires=Tue, 09-Jan-2024 03:03:00 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None bt_tracking_product_24587=b3d9884f761955c1591d123460f7945b39e4b89c1956f2a25edda0c071ae51b1; expires=Tue, 12-Dec-2023 03:03:00 GMT; Max-Age=172800 vary: User-Agent cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XsrsBHt2Nb3PipuQEo7bRtJPU0KdwyyYhfn3E1s3I6aC6SNbKI1zNPaX7xkAHA2%2BNgVO4y%2FZgCiSSzeJLlVjYdXp1zQBjo2WKU3mdLLf%2FeEDwLz1Oj1Qxn1u7nMIEWvbCFEDo6io"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 833240972c5e56a5-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (31)

URL

IP

ASN