join.fun4mob.cc/lpx/uwytnvtr0q?aff=fm-cb6bd3ef-f581-4276-a2b6-6a899b08d567&affid=cb6bd3ef-f581-4276-a2b6-6a899b08d567&oid=513f2321-8f97-48eb-a68e-faa0c96bee96&reqid=w7t2t8jsmflmc6odi8a4g6gk&s1&s3&s4
172.67.221.35301 Moved Permanently 0 B URL HTTP/1.1 join.fun4mob.cc/lpx/uwytnvtr0q?aff=fm-cb6bd3ef-f581-4276-a2b6-6a899b08d567&affid=cb6bd3ef-f581-4276-a2b6-6a899b08d567&oid=513f2321-8f97-48eb-a68e-faa0c96bee96&reqid=w7t2t8jsmflmc6odi8a4g6gk&s1&s3&s4
IP 172.67.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /lpx/uwytnvtr0q?aff=fm-cb6bd3ef-f581-4276-a2b6-6a899b08d567&affid=cb6bd3ef-f581-4276-a2b6-6a899b08d567&oid=513f2321-8f97-48eb-a68e-faa0c96bee96&reqid=w7t2t8jsmflmc6odi8a4g6gk&s1&s3&s4 HTTP/1.1
Host: join.fun4mob.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 07 Oct 2022 04:21:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 07 Oct 2022 05:21:31 GMT
Location: https://join.fun4mob.cc/lpx/uwytnvtr0q?aff=fm-cb6bd3ef-f581-4276-a2b6-6a899b08d567&affid=cb6bd3ef-f581-4276-a2b6-6a899b08d567&oid=513f2321-8f97-48eb-a68e-faa0c96bee96&reqid=w7t2t8jsmflmc6odi8a4g6gk&s1&s3&s4
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlfVmfA%2B62safX2axVZ4lrtfapkcKc1LRwgxtJjXBJQxu69wtgDoii3LJKdy3bNsvBXouVODiLVkHAsYXMW05RL8l%2F0ThB6CS5zSZ7aQib9DUZXAIVw8vM7VfXSHyGkOVag%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7563d9b669430b61-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9773
Expires: Fri, 07 Oct 2022 07:04:24 GMT
Date: Fri, 07 Oct 2022 04:21:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
54.230.111.7200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9GRYDKJjOYxn_sPexjWgPOhBjIpTEOhdPBTJdGgELt3X2-hwHv1Dyg==
Age: 131653
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ab7d8709d334de0e46dcb86aabfbff1
f221138a8ad9d0bfa3c054370dcdb363a67dc310
b91d37f606eaf448b9c7dfc05566a11de004ce44503409e1a776288ee2622805
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B91D37F606EAF448B9C7DFC05566A11DE004CE44503409E1A776288EE2622805"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5620
Expires: Fri, 07 Oct 2022 05:55:11 GMT
Date: Fri, 07 Oct 2022 04:21:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 935geeltMQuTTNqmzVkre7K+rl4Bp1Q2EZYEBGqykBOoGId2MIM9Kwm0hxgMmW1vjdpCwOYmQI8=
x-amz-request-id: TBGX758KEGN4EBJ8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 03:59:01 GMT
age: 1350
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 04:21:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e22dff2098a2ca7744ff5d9d2fa18c6e
9513cbb3578b29bd7faf978b4696f2f39bfdb6da
1890c24fbd12439b8ab05d059cddbb16628103de2753a1430f30146626b50978
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1890C24FBD12439B8AB05D059CDDBB16628103DE2753A1430F30146626B50978"
Last-Modified: Fri, 07 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Fri, 07 Oct 2022 10:21:17 GMT
Date: Fri, 07 Oct 2022 04:21:31 GMT
Connection: keep-alive
join.fun4mob.cc/lpx/uwytnvtr0q?aff=fm-cb6bd3ef-f581-4276-a2b6-6a899b08d567&affid=cb6bd3ef-f581-4276-a2b6-6a899b08d567&oid=513f2321-8f97-48eb-a68e-faa0c96bee96&reqid=w7t2t8jsmflmc6odi8a4g6gk&s1&s3&s4
172.67.221.35302 Found 0 B URL HTTP/2 join.fun4mob.cc/lpx/uwytnvtr0q?aff=fm-cb6bd3ef-f581-4276-a2b6-6a899b08d567&affid=cb6bd3ef-f581-4276-a2b6-6a899b08d567&oid=513f2321-8f97-48eb-a68e-faa0c96bee96&reqid=w7t2t8jsmflmc6odi8a4g6gk&s1&s3&s4
IP 172.67.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /lpx/uwytnvtr0q?aff=fm-cb6bd3ef-f581-4276-a2b6-6a899b08d567&affid=cb6bd3ef-f581-4276-a2b6-6a899b08d567&oid=513f2321-8f97-48eb-a68e-faa0c96bee96&reqid=w7t2t8jsmflmc6odi8a4g6gk&s1&s3&s4 HTTP/1.1
Host: join.fun4mob.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 07 Oct 2022 04:21:31 GMT
content-length: 0
location: https://gr01.net/l/?s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=
access-control-allow-origin: *
access-control-allow-methods: POST, GET
access-control-max-age: 3600
content-language: en
cache-control: public, no-transform
content-security-policy: default-src https:; form-action https:; connect-src https: wss:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.googleapis.com cdnjs.cloudflare.com; frame-src *; object-src 'none'; upgrade-insecure-requests
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kD2oqomP1cPzNq46dJYxyw3P9s61OMlLV9fSIY1enUuKdQj3oyAFtYVIu0IR6o9veeVvrjZYha0CO7%2F8SJQivofbYg4FMSt4AxqvJlHHPgAacZXVLyoNN%2BMEGCEgLkPhC2E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: JSESSIONID=2AE8630FA4D427C2E9F8B7E371A12719; Path=/lpx; Secure; HttpOnly
__cflb=02DiuGQ4mUqJj6izyopp8yhqksk2KbwnujRZuY2zSm3TA; SameSite=None; Secure; path=/; expires=Sat, 08-Oct-22 03:21:31 GMT; HttpOnly
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7563d9b96ee2fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e22dff2098a2ca7744ff5d9d2fa18c6e
9513cbb3578b29bd7faf978b4696f2f39bfdb6da
1890c24fbd12439b8ab05d059cddbb16628103de2753a1430f30146626b50978
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1890C24FBD12439B8AB05D059CDDBB16628103DE2753A1430F30146626B50978"
Last-Modified: Fri, 07 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Fri, 07 Oct 2022 10:21:17 GMT
Date: Fri, 07 Oct 2022 04:21:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.7200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Fri, 07 Oct 2022 03:29:41 GMT
Expires: Fri, 07 Oct 2022 04:14:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WzkNqbesc0EjHZPZ9kDO5pWytqP2LjDE7uOyD59qltCRIh39Jx2eSw==
Age: 3110
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94872ef5b2c1257640a0ee4ae8b4d929
11acf1f859eea0bc4cc9dc8a8e15c7195cd2eab4
2b14c2a608663cb387d3231620755617b84583fdc5c5a15eecce9ae02880543b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2B14C2A608663CB387D3231620755617B84583FDC5C5A15EECCE9AE02880543B"
Last-Modified: Wed, 05 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 07 Oct 2022 10:21:32 GMT
Date: Fri, 07 Oct 2022 04:21:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94872ef5b2c1257640a0ee4ae8b4d929
11acf1f859eea0bc4cc9dc8a8e15c7195cd2eab4
2b14c2a608663cb387d3231620755617b84583fdc5c5a15eecce9ae02880543b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2B14C2A608663CB387D3231620755617B84583FDC5C5A15EECCE9AE02880543B"
Last-Modified: Wed, 05 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 07 Oct 2022 10:21:32 GMT
Date: Fri, 07 Oct 2022 04:21:32 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1808
Cache-Control: max-age=101725
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:32 GMT
Etag: "633e8c9a-1d7"
Expires: Sat, 08 Oct 2022 08:36:57 GMT
Last-Modified: Thu, 06 Oct 2022 08:06:50 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
142.250.74.10200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (32047)
Hash 7a83c39ee44cf30d4e6d9a8d5c74276e
175f5e717c0fd96485d4371234d4c54355753c2b
ab02740b3bd7f47ad3a0ebc2571a67e1d00dfef34bb04e87adb08b0b61381d8e
GET /ajax/libs/jquery/1.11.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gr01.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33495
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 03:08:02 GMT
expires: Wed, 04 Oct 2023 03:08:02 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 263610
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
44.237.239.70101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.239.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kp+6UL4wegHtTmbEcm2dGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Mlxn1ANY/awNBGd4rf6Qyn0pGH4=
app.logictree.co/af398655-aba0-440c-8dc9-50bd7c0fba4d?s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=&spushon=y
18.158.88.249302 Found 0 B URL HTTP/2 app.logictree.co/af398655-aba0-440c-8dc9-50bd7c0fba4d?s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=&spushon=y
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /af398655-aba0-440c-8dc9-50bd7c0fba4d?s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=&spushon=y HTTP/1.1
Host: app.logictree.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gr01.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 07 Oct 2022 04:21:32 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://secure.newyearspecials.xyz/lp/load/1b/?vsv=UTS&vl=1&vlink=app.logictree.co&country=NO&cep=lin58ZYs9u5QW7qCjw0QC-TvXLdCfbUCpsrblUgdU3xE5c7tcyxN0LDKFxqtW---XRPqMRjO6Fd9X4zifR-c3ibtOV1Ac8jp5YL9MOt7k1mPrfzHds1m8qu7usPk2W1lbbxFfptFs1npoSmoCQu946v_cnFiT-V-dgJ0YVaotoOBJsbnT3pXSSCNqiZ7DwUKgFLC5Fudtxyy-t0hEEopws7uqrU_HErFwvnuyvjLR7-RdNIVTv4gFKDnBHGx0TxntY5ygw_eI8C1e3DjrD_TG-IDN9BT6BeP3jsWeXssr-GQz3eslGW6gJNLCFVweJJPHunCzm__gu84lk3XuYkDMxJGP31D0PVcUoExT1y9MWpOefSz9_ifDa-UYpPQBRGWsEKlZoM7a9XswN6KbC5kEdnrA5xosYHoyn3CnDHDegNkVPRL7pYwBNRDQOqoP_JLc6VauQ5EH5wfM3qbAGO59LpW42m_0vXeGKDxkrTppKQ&lptoken=16216550114d829e9274&s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=&spushon=y
pragma: no-cache
set-cookie: af398655-aba0-440c-8dc9-50bd7c0fba4d-v4=Fe8Np5OtUH1aBKzzCaz1LWWdq5Q0HPl63Vn7tY1D2x4; Max-Age=86400; Expires=Sat, 08-Oct-2022 04:21:32 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=J9DLfrqfaTrdp-UnVO6I7b78jLVIR6_G-hn37qCl4_108XAYksJWLw7FfdXOtB9ML7wSFGoX43zB8ZHt0umGtlFQs7bUj9_2NyDjHjiNFBiiMq-cajzeM4uwO67aw0U5rCrR7vIHLv25AdWapthNLSiCgoYJWRIxeIhsx8ZJypctge2NurixYUhS-4KDDOqqK1WLnkBmTdMcoooyUcQtf5p5smmloEYdlawaAx2EihRPiXXWTdkbS2J5GBwwvrbgqDGKuIei1lmOlQqGTJ2LRKqUN8bQ28HjqPPBtFPH5kXGeQWbbSvZdlKLqxmPKH800SsqtqfUjMYMrsYuWBfn-mc-v-Cmsig_NdC7rSQw8RFSTA11ZrB_m2ZDDQkTwwJNHc4uOQ8-HEWVJ1XPdDrdqIMjWL5PZDegYp8WHtjRhvGdaI3RmZO815Qjt7S6gFlLDflMDo3ApS6OmyuqrIG5HcpdQrp0vXWqDb875KMuoXY; Max-Age=86400; Expires=Sat, 08-Oct-2022 04:21:32 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secure.newyearspecials.xyz/lp/load/1b/img/loader.gif
104.21.66.134200 OK 52 kB URL HTTP/2 secure.newyearspecials.xyz/lp/load/1b/img/loader.gif
IP 104.21.66.134:0
File type GIF image data, version 89a, 146 x 146\012- data
Hash 272535ae9e66d3c902d8695ec3f415a8
67bbe74c2982e598819affc6b98c10b655b93f56
78ec6fb90696be9a847580501ec42909638107b35ff31f3780b24499a2fefa83
GET /lp/load/1b/img/loader.gif HTTP/1.1
Host: secure.newyearspecials.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:32 GMT
content-type: image/gif
content-length: 52249
last-modified: Thu, 06 Oct 2022 10:38:18 GMT
etag: "633eb01a-cc19"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4HdsXJRTfdKwv3ORRxcN0SYSLLJKydQFukpoxfJCZ37yiacuqCKgjN9thlNSoNl6UI%2FU7rvBewXs%2BueXUJbhx4%2BxjH3AOsSKHaFNj6Esi8hB26IOxhnnjURzswdgEDcN4bBHnAAMeGZ1kCLfwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7563d9c01ba40b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
142.250.74.10200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (32034)
Hash c54aac7ef64c39b4f384e0d5771d3b46
d3e059104378a3844862a5ed12a13f5d423e86b6
3e1b5002dd64d185f806edeefd333348f423584d876cfc966b5c13884c8fe3da
GET /ajax/libs/jquery/3.0.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 11:05:10 GMT
expires: Wed, 04 Oct 2023 11:05:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 234982
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
secure.newyearspecials.xyz/lp/load/1b/url-pixel.png
104.21.66.134200 OK 95 B URL HTTP/2 secure.newyearspecials.xyz/lp/load/1b/url-pixel.png
IP 104.21.66.134:0
File type PNG image data, 4 x 5, 1-bit colormap, non-interlaced\012- data
Hash 32249e8485385e2764a825a1491067bd
972027e050b50154b271c3f21d633c7c87f5397b
a13a0af892f283e422697ebc2c5c84b6ab173989701ef72329ebd6af59e93685
GET /lp/load/1b/url-pixel.png HTTP/1.1
Host: secure.newyearspecials.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:32 GMT
content-type: image/png
content-length: 95
last-modified: Thu, 06 Oct 2022 10:38:18 GMT
etag: "633eb01a-5f"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aPu5J5KNvokNeIiZzrGRsbHSewbj16KN%2BJqbn8abVqakIFroUMrVRf1SK4ZkJkd8jx3gOS9OSlGxirkNmAG3UN8Wk0NoXvZLqU9Y7%2BHe8FlisrH1OflnAky2aLIkXlpgpB%2Bf%2Bb3rBuec5eiqlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7563d9c01ba50b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e3454d100a6561609eda860c38bbb438
def0307772733d234bb0849213e399727c334fe8
a3dfeda36a6e2582561a378581f7af796ab064e00a5297a26f2e6574d477b8ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3DFEDA36A6E2582561A378581F7AF796AB064E00A5297A26F2E6574D477B8AD"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13148
Expires: Fri, 07 Oct 2022 08:00:41 GMT
Date: Fri, 07 Oct 2022 04:21:33 GMT
Connection: keep-alive
notix.io/settings?appId=1004e05c0628e2395124a3dabc0d9c0
139.45.240.92200 OK 71 B URL HTTP/2 notix.io/settings?appId=1004e05c0628e2395124a3dabc0d9c0
IP 139.45.240.92:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3750cb2e77ecf8804ef6a7645385764d
57526fa92295585d7d364a782e8b0fa99f31d926
08451bfcb6de880bd249cfd43a4c71e40c8fbc51e29d04a6629d34caeb01bba7
GET /settings?appId=1004e05c0628e2395124a3dabc0d9c0 HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://secure.newyearspecials.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 04:21:27 GMT
content-type: application/json; charset=utf-8
content-length: 71
access-control-allow-origin: https://secure.newyearspecials.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
app.logictree.co/d/.js?lpref=https%3A%2F%2Fgr01.net%2F&lpurl=https%3A%2F%2Fsecure.newyearspecials.xyz%2Flp%2Fload%2F1b%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26country%3DNO%26cep%3Dlin58ZYs9u5QW7qCjw0QC-TvXLdCfbUCpsrblUgdU3xE5c7tcyxN0LDKFxqtW---XRPqMRjO6Fd9X4zifR-c3ibtOV1Ac8jp5YL9MOt7k1mPrfzHds1m8qu7usPk2W1lbbxFfptFs1npoSmoCQu946v_cnFiT-V-dgJ0YVaotoOBJsbnT3pXSSCNqiZ7DwUKgFLC5Fudtxyy-t0hEEopws7uqrU_HErFwvnuyvjLR7-RdNIVTv4gFKDnBHGx0TxntY5ygw_eI8C1e3DjrD_TG-IDN9BT6BeP3jsWeXssr-GQz3eslGW6gJNLCFVweJJPHunCzm__gu84lk3XuYkDMxJGP31D0PVcUoExT1y9MWpOefSz9_ifDa-UYpPQBRGWsEKlZoM7a9XswN6KbC5kEdnrA5xosYHoyn3CnDHDegNkVPRL7pYwBNRDQOqoP_JLc6VauQ5EH5wfM3qbAGO59LpW42m_0vXeGKDxkrTppKQ%26lptoken%3D16216550114d829e9274%26s1%3D%26s2%3D%26s3%3D%26s4%3D%26s5%3D%26s6%3D3%26s7%3D%26s8%3D%26s9%3D%26s10%3D%26spushon%3Dy&lpt=Loader&vtm=1665116492998
18.158.88.249200 OK 3.2 kB URL HTTP/2 app.logictree.co/d/.js?lpref=https%3A%2F%2Fgr01.net%2F&lpurl=https%3A%2F%2Fsecure.newyearspecials.xyz%2Flp%2Fload%2F1b%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26country%3DNO%26cep%3Dlin58ZYs9u5QW7qCjw0QC-TvXLdCfbUCpsrblUgdU3xE5c7tcyxN0LDKFxqtW---XRPqMRjO6Fd9X4zifR-c3ibtOV1Ac8jp5YL9MOt7k1mPrfzHds1m8qu7usPk2W1lbbxFfptFs1npoSmoCQu946v_cnFiT-V-dgJ0YVaotoOBJsbnT3pXSSCNqiZ7DwUKgFLC5Fudtxyy-t0hEEopws7uqrU_HErFwvnuyvjLR7-RdNIVTv4gFKDnBHGx0TxntY5ygw_eI8C1e3DjrD_TG-IDN9BT6BeP3jsWeXssr-GQz3eslGW6gJNLCFVweJJPHunCzm__gu84lk3XuYkDMxJGP31D0PVcUoExT1y9MWpOefSz9_ifDa-UYpPQBRGWsEKlZoM7a9XswN6KbC5kEdnrA5xosYHoyn3CnDHDegNkVPRL7pYwBNRDQOqoP_JLc6VauQ5EH5wfM3qbAGO59LpW42m_0vXeGKDxkrTppKQ%26lptoken%3D16216550114d829e9274%26s1%3D%26s2%3D%26s3%3D%26s4%3D%26s5%3D%26s6%3D3%26s7%3D%26s8%3D%26s9%3D%26s10%3D%26spushon%3Dy&lpt=Loader&vtm=1665116492998
IP 18.158.88.249:0
File type ASCII text, with very long lines (1152)
Hash 8da65723949ad3f1d4ae57534f77e08a
4b36a72c1becddcb0f6bef420f21458b3b54a41b
297d95eccdb596ff5f887bd8c817b2a921e6b5dd24213acac99aa86241e95b88
GET /d/.js?lpref=https%3A%2F%2Fgr01.net%2F&lpurl=https%3A%2F%2Fsecure.newyearspecials.xyz%2Flp%2Fload%2F1b%2F%3Fvsv%3DUTS%26vl%3D1%26vlink%3Dapp.logictree.co%26country%3DNO%26cep%3Dlin58ZYs9u5QW7qCjw0QC-TvXLdCfbUCpsrblUgdU3xE5c7tcyxN0LDKFxqtW---XRPqMRjO6Fd9X4zifR-c3ibtOV1Ac8jp5YL9MOt7k1mPrfzHds1m8qu7usPk2W1lbbxFfptFs1npoSmoCQu946v_cnFiT-V-dgJ0YVaotoOBJsbnT3pXSSCNqiZ7DwUKgFLC5Fudtxyy-t0hEEopws7uqrU_HErFwvnuyvjLR7-RdNIVTv4gFKDnBHGx0TxntY5ygw_eI8C1e3DjrD_TG-IDN9BT6BeP3jsWeXssr-GQz3eslGW6gJNLCFVweJJPHunCzm__gu84lk3XuYkDMxJGP31D0PVcUoExT1y9MWpOefSz9_ifDa-UYpPQBRGWsEKlZoM7a9XswN6KbC5kEdnrA5xosYHoyn3CnDHDegNkVPRL7pYwBNRDQOqoP_JLc6VauQ5EH5wfM3qbAGO59LpW42m_0vXeGKDxkrTppKQ%26lptoken%3D16216550114d829e9274%26s1%3D%26s2%3D%26s3%3D%26s4%3D%26s5%3D%26s6%3D3%26s7%3D%26s8%3D%26s9%3D%26s10%3D%26spushon%3Dy&lpt=Loader&vtm=1665116492998 HTTP/1.1
Host: app.logictree.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 04:21:33 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3180
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
secure.newyearspecials.xyz/script/swgfonts.js
104.21.66.134200 OK 476 B URL HTTP/2 secure.newyearspecials.xyz/script/swgfonts.js
IP 104.21.66.134:0
File type ASCII text, with very long lines (965), with no line terminators
Hash fe5e1ae7dbd07055815615ad6f05a44a
f756abd8125eed6be5a87159ff38480d0880beaa
520435cb7d6e8b9e3a3b5087253e378436186b594726eeeeff7633cbc82fd549
GET /script/swgfonts.js HTTP/1.1
Host: secure.newyearspecials.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:33 GMT
content-type: application/javascript
last-modified: Thu, 06 Oct 2022 10:51:16 GMT
etag: W/"633eb324-3c5"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3oTLapkuKStNOITAMNzK1fjZjxuEFbd2D6Jnf5zQ8uTCfbQo39uphZsjTr5EVFb6XBfqWjRKXrXbWKJt6Stld%2FeI2FbAmhFgXvaNBeYF0fpwZJawok98oztfvGkyFgQb1Yte0uemYqdT2OcRSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7563d9c1bc720b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
notix.io/event
139.45.240.92200 OK 15 B IP 139.45.240.92:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
POST /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 62
Origin: https://secure.newyearspecials.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 04:21:27 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-origin: https://secure.newyearspecials.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
notix.io/event
139.45.240.92200 OK 15 B IP 139.45.240.92:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
POST /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1478
Origin: https://secure.newyearspecials.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 04:21:28 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-origin: https://secure.newyearspecials.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
notix.io/event
139.45.240.92200 OK 15 B IP 139.45.240.92:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
POST /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 75
Origin: https://secure.newyearspecials.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 04:21:28 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-origin: https://secure.newyearspecials.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
notix.io/event
139.45.240.92200 OK 15 B IP 139.45.240.92:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
POST /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 84
Origin: https://secure.newyearspecials.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 04:21:28 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-origin: https://secure.newyearspecials.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9675
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 04:21:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9675
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 04:21:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9675
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 04:21:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9675
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 04:21:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9675
Expires: Fri, 07 Oct 2022 07:02:48 GMT
Date: Fri, 07 Oct 2022 04:21:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90f323a3b73cab85abdce9b6631e8d93
36e42d12a193c90fbc03a7d13a1711f24bf6f2a2
259aecd4212d5c91c4eeb930d99e28ce420af50d987e93d99974f6db1127ff28
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8351
x-amzn-requestid: 8e8e58e6-a6d5-41ef-8246-bb276b882852
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmihYGo2oAMFXYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4ad5-06b81112046a7b2b3b898a3d;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: kctKeNa9LqP47hiCMEj7tkJFZVjgLi0LEJD_gGsCTjJ5lF4RC-UvHA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:07:00 GMT
age: 22473
etag: "36e42d12a193c90fbc03a7d13a1711f24bf6f2a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F773e2560-6c32-4224-8404-2794a40799cd.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F773e2560-6c32-4224-8404-2794a40799cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39cf77bd6009d3c538455b3846680278
ad0ed304e5173bdb8f08254c2e4a5032e8fcafa5
792997f1f9a485ca57d274c7899e4f526476bf15ed564a8b74d248c4458b188f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F773e2560-6c32-4224-8404-2794a40799cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9564
x-amzn-requestid: 38d87e57-3600-4e0e-bd24-a8f857800bc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmhkGHtZIAMFz0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f494d-21b041d97b406dea36b9f35b;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: rqw7Z-JNaRJZf8828i9HPcP-J3mn3ROnnXRJwD6dCiRvFSZAKp3WDw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 57bd3a2d9e0e4cbf89d9eb3d7dfb916e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 23873
etag: "ad0ed304e5173bdb8f08254c2e4a5032e8fcafa5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e30ca5022768294665070cafc9d489c
c6ebf53c21206cfcf8e70279d3ae43f0170ade3a
6b834cdae692318a114c0d82ebff4fa8f4e65526983758e08ffb130d4d86020f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9046
x-amzn-requestid: d560c8ba-6e81-46f7-a451-30c40fbfce6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_F7qIAMFkQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-012e65d675558ec8544a1f30;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Vy9jQu1a8BGypY4C4u_9gao5wPEkVHgArhG2zMNdH8KfBS0lfmyHBA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57bd3a2d9e0e4cbf89d9eb3d7dfb916e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 23873
etag: "c6ebf53c21206cfcf8e70279d3ae43f0170ade3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed3fa86bbe319c9a2f81ff625e677cb0
e3d5210207f6ff922bc28e328285059c19a523a4
5919694bd942a4f25d5b7ffc3f8aee1af6cdb8461d4ba3dba9a2e72cf19164c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38d969a0-82cd-4d27-8f25-f1b95cacc89f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7261
x-amzn-requestid: e1bdf299-b29e-4f58-9c8a-33f5dacdb081
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmirBELYoAMFfgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4b13-1969b32c6f4f7e5749e7caa0;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: FO5iGJFmDfdklhzIVOxp4x3AV7ltFqBDDlYBz39Zzx99t7oykNR2WQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a4479a6315f90864adc6175b280f8f44.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 23873
etag: "e3d5210207f6ff922bc28e328285059c19a523a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cfb29b1-34eb-4ec3-8390-1145a644534c.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cfb29b1-34eb-4ec3-8390-1145a644534c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06283ec49d3981b60b28731fd8a9940d
10c0d991f7ad234557792c175fdbf81e3356416a
0d8d932cd46fa377ce3dfe5fe1287ab1cd0daad0ef52a42baad2462d10e5a80f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cfb29b1-34eb-4ec3-8390-1145a644534c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6052
x-amzn-requestid: 6c8abd32-7499-4636-bf8a-3baaa88bf1ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi-HWOoAMFalA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-464364630dd2dbfa0d69f6f5;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 4EEoZVMtDaWUiCVvGW_0w4BSa1f1KDudnzPEoSIVF_ckE9MdhiflOw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:45:54 GMT
age: 23739
etag: "10c0d991f7ad234557792c175fdbf81e3356416a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90038edb-d110-41cd-98e0-d47715e9135b.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90038edb-d110-41cd-98e0-d47715e9135b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2ac0ed19ef64f2f765ce7adb2a8fa7c
b6ea582befd01324dd456d59d3f610101dcf910c
d324c9f67b0efc38a935195076488dd0a62f61b893706ecf40ad1f2c5550a7d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90038edb-d110-41cd-98e0-d47715e9135b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11492
x-amzn-requestid: 7ac7e364-5204-4101-87f6-89fbdf3c5cb0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_GKSoAMFdkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-4ae692e2617657225c88e5fb;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: trKPg7J7s_BuMlog8HXU2ipo4dQlR3RAJ93KqFxf0BhcrzB8FDx3_A==
via: 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 21:43:40 GMT
age: 23873
etag: "b6ea582befd01324dd456d59d3f610101dcf910c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
app.logictree.co/click?country=NO
18.158.88.249302 Found 0 B URL HTTP/2 app.logictree.co/click?country=NO
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /click?country=NO HTTP/1.1
Host: app.logictree.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: af398655-aba0-440c-8dc9-50bd7c0fba4d-v4=Fe8Np5OtUH1aBKzzCaz1LWWdq5Q0HPl63Vn7tY1D2x4; cep-v4=J9DLfrqfaTrdp-UnVO6I7b78jLVIR6_G-hn37qCl4_108XAYksJWLw7FfdXOtB9ML7wSFGoX43zB8ZHt0umGtlFQs7bUj9_2NyDjHjiNFBiiMq-cajzeM4uwO67aw0U5rCrR7vIHLv25AdWapthNLSiCgoYJWRIxeIhsx8ZJypctge2NurixYUhS-4KDDOqqK1WLnkBmTdMcoooyUcQtf5p5smmloEYdlawaAx2EihRPiXXWTdkbS2J5GBwwvrbgqDGKuIei1lmOlQqGTJ2LRKqUN8bQ28HjqPPBtFPH5kXGeQWbbSvZdlKLqxmPKH800SsqtqfUjMYMrsYuWBfn-mc-v-Cmsig_NdC7rSQw8RFSTA11ZrB_m2ZDDQkTwwJNHc4uOQ8-HEWVJ1XPdDrdqIMjWL5PZDegYp8WHtjRhvGdaI3RmZO815Qjt7S6gFlLDflMDo3ApS6OmyuqrIG5HcpdQrp0vXWqDb875KMuoXY
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 07 Oct 2022 04:21:33 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://fst.submittrk.com?aff_id=1516&c_id=U2FsdGVkX19yrBO3jvLLMObukPHhnnXQO9MBipqxuW%2BYqhDz&click_id=djvdvomj5mholkijiae43l18&s1=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&country=NO
pragma: no-cache
set-cookie: cc-v4=5vY4LSF7U35fGP7yDCGaswnE96SJhmtcnGbxVPF%2BfCGRTBKYjuuv0WKCbzC0IRbnbfcMyAJ31FXopasliC1WLmh95PxOi4xT6tgLFKoN8puoJNgGN%2FSAUeBd3cUw%2BVO%2FDLThUCPTcuHY3L7afvDmLA%3D%3D; Max-Age=31536000; Expires=Sat, 07-Oct-2023 04:21:33 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
af398655-aba0-440c-8dc9-50bd7c0fba4d-clk-v4=af398655-aba0-440c-8dc9-50bd7c0fba4d; Max-Age=86400; Expires=Sat, 08-Oct-2022 04:21:33 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
af398655-aba0-440c-8dc9-50bd7c0fba4d-v4=EtJA3jjocXqZGpnAKoUF5gMHda2BvjH2au9OE3IMe3A; Max-Age=86400; Expires=Sat, 08-Oct-2022 04:21:33 GMT; Domain=app.logictree.co; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b2a2d7a77355a93a1b481c5ac2ea73c9
f1d267b588634409833c63032bec5ac062b7499a
0c771d4259414dbd8f634aab78159d9e522628ace518ec558b844a9656ffa336
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C771D4259414DBD8F634AAB78159D9E522628ACE518EC558B844A9656FFA336"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2571
Expires: Fri, 07 Oct 2022 05:04:24 GMT
Date: Fri, 07 Oct 2022 04:21:33 GMT
Connection: keep-alive
fst.submittrk.com/?aff_id=1516&c_id=U2FsdGVkX19yrBO3jvLLMObukPHhnnXQO9MBipqxuW%2BYqhDz&click_id=djvdvomj5mholkijiae43l18&s1=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&country=NO
34.78.252.25302 Found 417 B URL HTTP/1.1 fst.submittrk.com/?aff_id=1516&c_id=U2FsdGVkX19yrBO3jvLLMObukPHhnnXQO9MBipqxuW%2BYqhDz&click_id=djvdvomj5mholkijiae43l18&s1=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&country=NO
IP 34.78.252.25:0
File type HTML document, ASCII text, with very long lines (1428), with no line terminators
Hash d2677b61adf83ecd00e8a94fd05c18c9
70181c79de32765d339124719bce33f81cf74f0b
f5940649c44391c1d90b74ce91d73cf7905a983ebfb4dba8e02b213acc6ce078
GET /?aff_id=1516&c_id=U2FsdGVkX19yrBO3jvLLMObukPHhnnXQO9MBipqxuW%2BYqhDz&click_id=djvdvomj5mholkijiae43l18&s1=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&country=NO HTTP/1.1
Host: fst.submittrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type
Location: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Vary: Accept, Accept-Encoding
Set-Cookie: hexa.sid=s%3AwsguPq2JiGViQiDhmeYLOizAwVNIK3dq.jEQ1wkzeHgzSYqOJ89JAW7Zj395k72WnFpezkmaZI2s; Path=/; HttpOnly; Secure
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 010c4b7f46ce394d5ec328c2d41e3764
78df6bbdec302179b2ec80695a9365bae355489a
df7379a87c86d7049d7c4263fc0c6a9f49c3df533e97c10a362a8e8653822761
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 04:21:34 GMT
Server: ECS (dcb/7F82)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4rkuZU3ikzuK-TY-A9qEVZyjZ4zZtaqWLHIxYfabi1f_NKfBhf6UEA==
app.ln5.quiztionnaire.com/n/09/11/assets/css/fonts.css
54.230.111.71200 OK 2.2 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/css/fonts.css
IP 54.230.111.71:0
Hash 95365b9db0bcf478429fde0fa9ebcf0a
a2c579babe63477e63663ec542512e8fc5b7fa4b
e93e66bc746f2d32546cb688b17531f18777a7c827454d8cdc0f0d9f9614578c
GET /n/09/11/assets/css/fonts.css HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 2172
server: nginx/1.19.0
date: Thu, 06 Oct 2022 15:57:15 GMT
last-modified: Thu, 06 Oct 2022 07:57:49 GMT
etag: "633e8a7d-87c"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tyHs2je6r1rQqVlw-W8mYpMY9uqERkoDpRK_oiXpaBqQkS40ViL7kQ==
age: 44659
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 18e0e019cd697bb16806d8f00408a319
60ceb13c31595e6cf9bb6800657e4593a1fbd670
7cb0778c80be637b67a5d198ca180a76bbfa4c32e502a0fa472a4c6946ffb56e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
54.230.111.71200 OK 55 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
IP 54.230.111.71:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (846)
Hash d96fab0a43190621e31ecc8ad386da07
d707cb2e4637d9abe06c5bd2f8476b705f104725
a453d1bc4547cb3b5ad8c21565657c12b0b000ff227fe8b79194d0d0c81e4760
GET /n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516 HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf8
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FdAfgsftY8mdqP5QDAvhFgkjz4q1A84rt5FchDmcWr6kJVrPA--2fA==
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js
142.250.74.10200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (32065)
Hash 2bc666a590303ce436c2679bec5d2173
c9835788b85dea43c45890080fe957673a1a1d17
54d0c6a98d70521e5cbe82178740a6c04e05d10c02932192a945d2126678cde0
GET /ajax/libs/jquery/2.2.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30094
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 15:57:13 GMT
expires: Thu, 05 Oct 2023 15:57:13 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 131061
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/top2_no.png
54.230.111.71200 OK 9.2 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/top2_no.png
IP 54.230.111.71:0
File type PNG image data, 650 x 232, 8-bit colormap, non-interlaced\012- data
Hash 8d7157a086f33c3cba8ce1f80a8582d6
6a2f3399032577e6c53cf9e2805d79b792fa0879
90f02ea6faab7d9b9dcfbfb8aa371a617eab101b9bb532691be0f226943860a4
GET /n/09/11/assets/images/iphonexr/top2_no.png HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 9185
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
last-modified: Thu, 06 Oct 2022 07:57:49 GMT
etag: "633e8a7d-23e1"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hiGOx8xWrsOOVXxxvIeUsccP12QbZny01dj5GprD3MIJr3kkN8ztqA==
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/blue.png
54.230.111.71200 OK 60 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/blue.png
IP 54.230.111.71:0
File type PNG image data, 460 x 551, 8-bit colormap, non-interlaced\012- data
Hash 92c95fb44675a6174809fa1a795b6618
8b1e7ae97764c05b6141a6e226565c95796ae771
1e5bc55cc0909688533fe9f24b7b9f9ea9bf068c4999c577b3e7041f951d379e
GET /n/09/11/assets/images/iphonexr/blue.png HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 60272
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
last-modified: Thu, 06 Oct 2022 07:57:49 GMT
etag: "633e8a7d-eb70"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zPvAOncz7d9hKYNReqKwKlGVlk41dwsw7YUkRn1cFYjUNrzqNTK2Og==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 9c925f8a45bb648e9bf8d5d2a7cdcc41
a7111c3b3dd17ab1141c23b017fc8275f6c32e8a
8dcab24e05e1e65ceeb594becab65d0b1d7cdc4213998ef9e7db89b571762940
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 04:21:34 GMT
Last-Modified: Fri, 07 Oct 2022 03:37:35 GMT
Server: ECS (dcb/7F5C)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YHqKc_cdvegbvAM6195e_hSBT6Jnay404iJ2xM0l_HCNChcJFdQGaw==
Age: 2640
st.formulead.com/assets/img/spinner/apple.gif
54.230.111.123200 OK 207 kB URL HTTP/2 st.formulead.com/assets/img/spinner/apple.gif
IP 54.230.111.123:0
File type GIF image data, version 89a, 290 x 290\012- data
Size 207 kB (207179 bytes)
Hash 9190e2139ac13170290812f50aa6cf8c
6056eed279dc4e058eceeacbd6d12af4b61e9e59
50f1a5f9104a62607b6f94d077ec799f015d3096a7e8b30e29c43401ed4f5b6e
GET /assets/img/spinner/apple.gif HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 207179
server: nginx/1.19.0
date: Thu, 06 Oct 2022 06:45:42 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-3294b"
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: f6hsZvDiXHarNv3rZ-oiO6cr3IlIyJkIOp-55rFWQIp_s-sNf1d-TQ==
age: 77752
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/images/apple.svg
54.230.111.71200 OK 1.6 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/images/apple.svg
IP 54.230.111.71:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 5c78687b52a68c5b73acb79724e1754a
2c81bb387a9b1c72e5d7caca4d915c1c11b8fd26
4c49b4431e9125c85fa773c5a2f00a383f8d606e31cfb81fb8938355060239e7
Analyzer Verdict Alert fortinet Phishing
GET /n/09/11/no/iphonexr/images/apple.svg HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 1635
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
last-modified: Thu, 06 Oct 2022 07:57:50 GMT
etag: "633e8a7e-663"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hT6VN32qsbzW2oeDJFD0Cdlv6hsecHArtHm4_JJFW9HAOUARCIC4uA==
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/images/nav.svg
54.230.111.71200 OK 954 B URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/images/nav.svg
IP 54.230.111.71:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash ef66f851d16a60f717c042d3cd2678e5
e8ea119cc9a36c192822b35719fa016e673764d8
9d6e0f573ea8892ab9741436df1700cedf3de03fa1372fdef77497c5d1ef4c66
Analyzer Verdict Alert fortinet Phishing
GET /n/09/11/no/iphonexr/images/nav.svg HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 954
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
last-modified: Thu, 06 Oct 2022 07:57:50 GMT
etag: "633e8a7e-3ba"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7-NoYJyPbrbZnn4rNN5bOpJjqiQI8RenocmOIED_nKYxANUFmd_jLg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6482773ee19b0abc75db6cfa21b2b24c
6378af1c7ae99e06cfb919a4077093e851fd6440
7d690c14e579b6e25928d7a2b490cc54a999c78ff9ee099cb6c09ca036e6b08a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D690C14E579B6E25928D7A2B490CC54A999C78FF9EE099CB6C09CA036E6B08A"
Last-Modified: Thu, 06 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2593
Expires: Fri, 07 Oct 2022 05:04:47 GMT
Date: Fri, 07 Oct 2022 04:21:34 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 9c925f8a45bb648e9bf8d5d2a7cdcc41
a7111c3b3dd17ab1141c23b017fc8275f6c32e8a
8dcab24e05e1e65ceeb594becab65d0b1d7cdc4213998ef9e7db89b571762940
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 04:21:34 GMT
Last-Modified: Fri, 07 Oct 2022 03:37:35 GMT
Server: ECS (dcb/7F5C)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1C1xD9huvtw7yF5HmOESWkcL255YUSSpc0Fduk5Qdv6T5Wxph3RYrg==
Age: 2640
st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Semibold.woff
54.230.111.123200 OK 52 kB URL HTTP/2 st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Semibold.woff
IP 54.230.111.123:0
File type Web Open Font Format, CFF, length 52240, version 0.0\012- data
Hash c44fdb4dfeb70513d7dc871d9fd6ff57
4c755e82ae6069129cf66c0d134aa7ad3263f9ea
32b7afff3dba835735be49655d87b262e55a7099668d297f3d51d449a832b88b
GET /assets/fonts/myriad-pro/MyriadPro-Semibold.woff HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 52240
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-cc10"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 93D7OhNVRotSUBxQHtBnPKNnldYpcDWQ5OlCx6io1CFwYgAe4MB4WA==
X-Firefox-Spdy: h2
st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Bold.woff
54.230.111.123200 OK 53 kB URL HTTP/2 st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Bold.woff
IP 54.230.111.123:0
File type Web Open Font Format, CFF, length 52644, version 0.0\012- data
Hash c905542735ebc800162133d4d1b287f0
310e41e75eae30b80a96d8c9b8e6b46e5b798fcd
801f07cd82df4b98655a2aafd3c8fbb9f6fd1008c933e3ab491aef86e344bb82
GET /assets/fonts/myriad-pro/MyriadPro-Bold.woff HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 52644
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-cda4"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: t099XP-o8dnK9JvSTsysmV84Qo7ewTCfP__sDjOmJ2QSA0eFYaXlLQ==
X-Firefox-Spdy: h2
st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Regular.woff
54.230.111.123200 OK 52 kB URL HTTP/2 st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Regular.woff
IP 54.230.111.123:0
File type Web Open Font Format, CFF, length 51572, version 0.0\012- data
Hash 6a324f29ef3efabd2176f8b697ad71ed
dd696f0c713eb491c6e16bec9fda63f3f23999ba
6d64c461708b8f11e06451c96779d22fc2b8de582214c77493ecc57c32ede06e
GET /assets/fonts/myriad-pro/MyriadPro-Regular.woff HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 51572
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-c974"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gEbKYVfhgk9kbYK7tkhknPW9hZjzzKNKL7mwsvTXS1dViiEG0R9a3Q==
X-Firefox-Spdy: h2
st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Light.woff
54.230.111.123200 OK 51 kB URL HTTP/2 st.formulead.com/assets/fonts/myriad-pro/MyriadPro-Light.woff
IP 54.230.111.123:0
File type Web Open Font Format, CFF, length 50836, version 0.0\012- data
Hash 2fa3049613788ce468d3cf3942fef7df
c39a24d21bba273ab8e6de07cf694950a4ab3a19
03232ad9934ac651926b71be790954fd53a9fe10a0dd1b366597df47ebd25382
GET /assets/fonts/myriad-pro/MyriadPro-Light.woff HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 50836
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:34 GMT
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
etag: "6329dbed-c694"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5noz0N2L8fUFaOCjtfDYkl86UDB_Kce8XbQTl-gkGYBGwb5OEOFZpg==
X-Firefox-Spdy: h2
cdn.formulead.com/css/main.min.css
34.78.252.25200 OK 94 kB URL HTTP/1.1 cdn.formulead.com/css/main.min.css
IP 34.78.252.25:0
File type ASCII text, with very long lines (65518)
Hash 5ae2d40550531f853c155a93f5d7d0e0
43b97546ec76da1e9a6ead8c75c8028612aed54d
b753dfbd6eb7e304765465c553e697f1ab438b7a5a4e28c5ba0d432957611e56
GET /css/main.min.css HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:34 GMT
Content-Type: text/css; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Wed, 05 Oct 2022 13:35:03 GMT
ETag: W/"b20df-183a85b5b58"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/p.js
34.78.252.25200 OK 427 kB URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/p.js
IP 34.78.252.25:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 427 kB (426862 bytes)
Hash c23cf837f2c13457e34ebb0473583e80
457ec69667c4ca2255b6496ceffc2c784c2e71d1
b4678f8c8bfc25fbf5f278e81fba76cd4878ad3e38a6c6339f69b2a2b3d4f512
GET /p/5cf7e0bd268b230100a5ddf4/p.js HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:34 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
set-cookie: lid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
plc=5cf7e0bd268b230100a5ddf4; Path=/; Expires=Sun, 06 Oct 2024 04:21:34 GMT; Secure; SameSite=None
qst.sid=s%3A22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b.fRSU1Kiyxk8Wkh4AOnbGJWiuLpxWxF%2BE5zO%2BLce2080; Path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 9c925f8a45bb648e9bf8d5d2a7cdcc41
a7111c3b3dd17ab1141c23b017fc8275f6c32e8a
8dcab24e05e1e65ceeb594becab65d0b1d7cdc4213998ef9e7db89b571762940
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 04:21:34 GMT
Server: ECS (dcb/7EEF)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: eKPPDjVQJiiHXlX2gQX7qBq2E2VZ2ghIxBI2F46HtQ0I6BjITPu7vw==
app.ln5.quiztionnaire.com/favicon.ico
54.230.111.71200 OK 16 kB URL HTTP/2 app.ln5.quiztionnaire.com/favicon.ico
IP 54.230.111.71:0
File type gzip compressed data, from Unix\012- data
Hash cce22e114042e8461ad6a0e962fa32eb
adbc847daa77e3bea0be3160fde7cec7b6ea2654
2f593dd862a3895c307d3ad209c4d7821ce38df3debc81275f73106ed229974d
GET /favicon.ico HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 1150
server: nginx/1.19.0
date: Thu, 06 Oct 2022 15:26:43 GMT
last-modified: Thu, 06 Oct 2022 07:57:45 GMT
etag: "633e8a79-47e"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WZEfumW58u7ttqJafrPRcoem2gxoXM35wJL1FiBaEbvd3O23nr_3uw==
age: 46492
X-Firefox-Spdy: h2
cdn.formulead.com/v/country
34.78.252.25200 OK 51 B URL HTTP/1.1 cdn.formulead.com/v/country
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 91440c116c92d75cfc02cd72bd060a82
591d3adc1d1d80e012b0dd0214df1f0438ae37f5
1b35c679adcfb2f8fbf92afcaf9f7a741f3c6273503a54b6c55448e1b2807c80
GET /v/country HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 51
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"33-WR063B0dgOASsN0CFN8fBDiuN/U"
set-cookie: qst.sid=s%3AqahEMYCGHBcny8nGfpkZWnp6x5XpLF6P.FpMpXux05TOutfo1HX4l%2FtlwWhjoXH63NfoseqZeQMo; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 38c8ed81c69d2af0003394c9fb9274c5
a71c6fb6d685275f8a8c7d9d87860df08a450038
fdff30d374603ecd62c6d244a1175731787725dba48777122802055969be28f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
142.250.74.164200 OK 584 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu-
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash c475547be48c811ea37712879cef43ab
5314259f13618f0d7bea58223136a81296be91ef
625634395afe005e934d63abcc1a8d61756bc536813a17510776c9d49f08f297
GET /recaptcha/api.js?render=6Le28S4hAAAAAA_HM_1PgW6fsQqLb2dZORF4Hbu- HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 07 Oct 2022 04:21:35 GMT
date: Fri, 07 Oct 2022 04:21:35 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 87465c15992fe10c24c62a185f8c171d
fa938b624d06d1e2927c8eda6a44b2a32d930f59
239ef7fe5df8c396d96a928c20d66c842a5ec3e9ff71a3cd7c0068906fc3e537
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial
34.78.252.25200 OK 4.4 kB URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (18080), with no line terminators
Hash feabeb85ebb82c23194592e6906b6651
e987ba9d69812a9ea862bf5ca9e7d65ed3f437ed
7ba32c6473a7b4c24cfc234f10f2afeef51138c698eb2f2e5e5700ed97332354
GET /p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=initial HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b.fRSU1Kiyxk8Wkh4AOnbGJWiuLpxWxF+E5zO+Lce2080
X-Request-Id: 31613139695dd2fdce339b99
X-iivmxswc: f9ea625d5c39658be5a52ce4ed6fc32c74e38decb2d426bf63646c1005b30025
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Cookie: plc=5cf7e0bd268b230100a5ddf4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:35 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: stp=1; Path=/; Expires=Sun, 06 Oct 2024 04:21:35 GMT; Secure; SameSite=None
ck_tsp=2022-10-07T04%3A21%3A35.338Z; Path=/; Expires=Sun, 06 Oct 2024 04:21:35 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Sun, 06 Oct 2024 04:21:35 GMT; Secure; SameSite=None
ETag: W/"47a0-JREe009XJWcvZ4lUijOdpAZDC+Y"
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 371b0d6e7d6cd3fb41461366df083671
6363451a41a51352208d94863927d7bb3bb78428
f277d833e916677e9e6c5ab3a250ef81870f3160bb9a392126d9d5557c24ae90
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F277D833E916677E9E6C5AB3A250EF81870F3160BB9A392126D9D5557C24AE90"
Last-Modified: Wed, 05 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2555
Expires: Fri, 07 Oct 2022 05:04:10 GMT
Date: Fri, 07 Oct 2022 04:21:35 GMT
Connection: keep-alive
submittrk.com/clk?aff_id=1516&offer_id=726&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=djvdvomj5mholkijiae43l18&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&aff_tt=dp
34.78.252.25200 OK 82 B URL HTTP/1.1 submittrk.com/clk?aff_id=1516&offer_id=726&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=djvdvomj5mholkijiae43l18&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&aff_tt=dp
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash a599a4dc6964b89fe818766ea31b3be1
892712311a3d1506f1c14fad68b53c9b4232690b
0a44563c5ede692df06e2ecc4433012c615a8d385703617f0d2493de40405e98
GET /clk?aff_id=1516&offer_id=726&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_click_id=djvdvomj5mholkijiae43l18&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&aff_tt=dp HTTP/1.1
Host: submittrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 82
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type
ETag: W/"52-iScSMRo9FQbxwU+taLU8m0IyaQs"
Set-Cookie: hexa.sid=s%3ASgHyy6VxVJ7-olQtagg4PhNT6i2JgVh3.y4v1LetUlDJgc6DK0cvdwG8XtnR7rP8M%2FMpYmc2B%2Fs8; Path=/; HttpOnly; Secure
Vary: Accept-Encoding
cdn.formulead.com/v/fingerprint-cache?vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs=803716228
34.78.252.25200 OK 110 B URL HTTP/1.1 cdn.formulead.com/v/fingerprint-cache?vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs=803716228
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash bad7f8dd7c7e0222df76f8164f37d7f0
e6f37c1e21f83b5e26660d2beee029c5fdfdf447
c167a02d8d16558f88713a894be5587558e1876b822e73e1a9eef21815bd233f
GET /v/fingerprint-cache?vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs=803716228 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Cookie: plc=5cf7e0bd268b230100a5ddf4; stp=1; ck_tsp=2022-10-07T04%3A21%3A35.338Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 110
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"6e-5vN8HiH4O14mZg0r7uApxf399Ec"
set-cookie: qst.sid=s%3AUJ585tL3dlUQjDPG7Pwyfs-QljEHG7XR.C3nSR5%2BDdLQ38dPKcxk8IoRZQ3aNOqhEKZoLnVRiT3M; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-iivmxswc,x-request-id,x-session-id
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:35 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-flow-id,x-lead-id,x-offer-id,x-ofvuinwk,x-placement-id,x-session-id,x-zqhkygow
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:36 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/fonts/Roboto-Bold.ttf
34.78.252.25200 OK 170 kB URL HTTP/1.1 cdn.formulead.com/fonts/Roboto-Bold.ttf
IP 34.78.252.25:0
File type TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size 170 kB (170348 bytes)
Hash e07df86cef2e721115583d61d1fb68a6
3dd713113ff2d79b94d2df343e2e28fa8e7279cf
c9cc991deb5d27f267830a19f2301eb164d9e61ec08669c1a1a291c5620ff40a
GET /fonts/Roboto-Bold.ttf HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://cdn.formulead.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:35 GMT
Content-Type: font/ttf
Content-Length: 170348
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Accept-Ranges: bytes
Cache-Control: public, max-age=2678400
Last-Modified: Wed, 05 Oct 2022 13:35:03 GMT
ETag: W/"2996c-183a85b5b58"
app.ln5.quiztionnaire.com/service-worker.js
54.230.111.71200 OK 268 B URL HTTP/2 app.ln5.quiztionnaire.com/service-worker.js
IP 54.230.111.71:0
Hash 0e34c6b07be19b99ee9000b6d6eb04ab
7cebf39f882ef947cc95e21aa322e5f235060c12
d3f0e3768a432b0d4b35761375a6f329f4d122eed499c7640708041a9c7dd05f
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
content-length: 268
server: nginx/1.19.0
date: Thu, 06 Oct 2022 15:29:27 GMT
last-modified: Thu, 06 Oct 2022 07:58:28 GMT
etag: "633e8aa4-10c"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: o3d5CZDFH58h6zufDmwDqRPYstRLzuP52OqJRH8qSuBLDoIiIjdejQ==
age: 46329
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
142.250.74.163200 OK 159 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (711)
Size 159 kB (158844 bytes)
Hash b4ed95d4318e3b78b936c9c0f1ffa96e
b53c9376b1459afb07fb4b5c2e8d8dad776d3a02
3c21880cb7be6bec40f9d40c23ad39c9758999cf950cec07b86c83b21fde175f
GET /recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 21:02:07 GMT
expires: Thu, 05 Oct 2023 21:02:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
content-type: text/javascript
age: 112769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aea480478c3be7392d09e8a92826542f
b660fb42c8122efb07b3d1de1a8907ad1f6e1a60
ee691969e4d61ba3145fe90b28c5051367c223f31c0e0ee001d8481035090760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 04:21:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
event.trk-consulatu.com/register/event_log/poe7jxrye0
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/poe7jxrye0
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/poe7jxrye0 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:36 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://app.ln5.quiztionnaire.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7BfwQ2bDx657RC%2BDkOv%2F6qsBXGq9LuYmhxhCSUkNKX%2BJs0BdOl91lRNFDnTC4ijIP3QkpmSp9JVQvakivviyku5%2BaIUyBsSmEFbll8BcuBAhWJEyJ93NjFjtuWjuno6Iniw3P5SQ%2FY%2Fugw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7563d9d73e6e71a4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
34.78.252.25200 OK 481 B URL HTTP/1.1 cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with very long lines (481), with no line terminators
Hash 1ed044793da229b3280acf173ed872d8
565271d6ea10a10eaa58e0329c7ef025182c593f
07fc9cc1015f27c8e93d09ac778a49a24a2044190e16ba3848e1df79f621d9ef
GET /vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b.fRSU1Kiyxk8Wkh4AOnbGJWiuLpxWxF+E5zO+Lce2080
X-Offer-Id: 5ea18b92636b6a47d70b5403
X-Flow-Id: 5ea18b92636b6a47d70b5403
X-Placement-Id: 5cf7e0bd268b230100a5ddf4
x-zqhkygow: 6e3f090be5bc7e09b4e61498d2eb41d2d3ab157d24e6a7c0c47181110a857d97
x-ofvuinwk: 49d6a26aa617ef418caed4af5d8b1d660d1ba6a095f7bdf725aebf8b4dd05bbd
X-Lead-Id: 31613139695dd2fdce339b99
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:36 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Vary: Accept-Encoding
event.trk-consulatu.com/register/event_log/poe7jxrye0
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/poe7jxrye0
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/poe7jxrye0 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:36 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://app.ln5.quiztionnaire.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LlApXpyldj56xWL%2BwQaKOOLKhd%2BGjWHG5zsIHkYB%2F1VJMyE9emq7tft65pRRXEWfR9kCJ%2FKgYwUS3%2BXt1Oqp1BIsX1hZe3gkqAwmsl1Pb22wznJElxf1hPW%2FEhMHeiS1dzENU%2Bng%2BNpqXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7563d9d75e9071a4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/poe7jxrye0
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/poe7jxrye0
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/poe7jxrye0 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.ln5.quiztionnaire.com/
Content-type: application/json
Origin: https://app.ln5.quiztionnaire.com
Content-Length: 180
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:36 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://app.ln5.quiztionnaire.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9i4MazNCKIYq%2FJZX%2FZ%2BJ7WFTV%2BhqN5gUOBjBP%2FFyh13SeUwSYv15mp4MkH9dBV6Gx29cW3tf1p2YhgJfSjEfFHnH7ZTS1JtXD4yy9ZgL8lYOzNd%2FknMYQjC7bHBQcNIfdT6ufBgftEtRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7563d9d7eeed71a4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/poe7jxrye0
172.64.168.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/poe7jxrye0
IP 172.64.168.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/poe7jxrye0 HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.ln5.quiztionnaire.com/
Content-type: application/json
Origin: https://app.ln5.quiztionnaire.com
Content-Length: 141
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:36 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://app.ln5.quiztionnaire.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N9QLcJEyvAGhyO2q6%2FemSKOid5DSgZ0md1eTx708jJ1HUDxKy0T%2Fi%2BRtvYBTF2ikpWqXUtwNjaVxEgedwXE%2FgDPLpA9W4iN61E4PKBaMnJXfLgOu5X%2FTzZnMuGTSzoQge0yws7Rk7izDSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7563d9d80f1471a4-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.formulead.com/v/reverse-dns-lookup
34.78.252.25200 OK 88 B URL HTTP/1.1 cdn.formulead.com/v/reverse-dns-lookup
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 9e040edd17bb2e1b8595c5bca9c3781a
cb57e3f304d455c0b252e6a05bc0e55814c8c553
56c21491b74b93d01b73e9f45bde0ad2c392e0b4afbe710b7c324c7c090178e0
GET /v/reverse-dns-lookup HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Cookie: plc=5cf7e0bd268b230100a5ddf4; stp=1; ck_tsp=2022-10-07T04%3A21%3A35.338Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 88
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"58-y1fj8wTUVcCyUuagW8DlWBTIxVM"
set-cookie: qst.sid=s%3AHNQBBDe2sGLgPDjX-ClpwZQWDO13z_FR.7UXoBXPKpyhUHKaBErvz8WwV2hXUSVTU55eS2AjwGWI; Path=/; HttpOnly
Vary: Accept-Encoding
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
172.217.21.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 172.217.21.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 12:31:58 GMT
expires: Sun, 01 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 488978
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
172.217.21.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 172.217.21.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 07 Oct 2022 00:48:31 GMT
expires: Sat, 07 Oct 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 12785
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.formulead.com/t/page
34.78.252.25200 OK 2 B IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:37 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/t/validator
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/t/validator
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /t/validator HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-session-id
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:37 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/top_no.png
54.230.111.71200 OK 8.6 kB URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/top_no.png
IP 54.230.111.71:0
File type PNG image data, 588 x 189, 8-bit colormap, non-interlaced\012- data
Hash e914b7075a417b2a3816509739c46d4d
72e78715f90b69365c932efedc0dbcf9ea1d61c5
034b7b205673b04f6ab641cf8a5ea0b29372f7e18b2076c2ba53e6f1649750a3
GET /n/09/11/assets/images/iphonexr/top_no.png HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 8641
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:37 GMT
last-modified: Thu, 06 Oct 2022 07:57:49 GMT
etag: "633e8a7d-21c1"
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1HMgtbQhPGPwLnxwptOiGIiePNvsjGJ5R5OSB9l56K24bSyBdUEl2Q==
X-Firefox-Spdy: h2
cdn.formulead.com/t/validator
34.78.252.25200 OK 16 B URL HTTP/1.1 cdn.formulead.com/t/validator
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/validator HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b.fRSU1Kiyxk8Wkh4AOnbGJWiuLpxWxF+E5zO+Lce2080
Content-Type: application/json
Content-Length: 1831
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:37 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
cdn.formulead.com/v/recaptcha3?token=03AIIukzhOImzR6v_q3TqAV_QGqpHBjtAZP5S95V4a8Nby8OFqy3KKUtdk_TNix4Uj_IBvQJIG23sX8_JLTIQaMZA-Y44UvN6MwvmUv-W3OAZPg_JsLOt91u8qoB7u37kiUC9IghcyUMm_M6x1dXsJQatUQnw1w5j8slPOLY8AaKk_BBxsuhLvtL3FfQe9AZKRm04shwc94qKpd44sjXl5dwhNgikGRR7_u46DQoMGkZfWcgG2VHvYYkDgSjrzXRmalIz22A4ywXlBnTB03CfxabJ9ZReb_JmZYqASdUjHizTEBeChCBunK8NgV1B79PxtDeAY6_8TGqIgDvH1KUC_DmzijPTtgJ7e7MUL-mXb9imzWlTCo-4NT7BVML0V_kmDN_0WZj8aO1ek4ikQAnY8IqQq9UaWwffhZhAuiAYDWs8Aj5Uqz4aRPOXFuRAQJkRc8uKSykKgNqACkJx2hokaUHOoICnDw-ZlwjFE-Cv8Mkw8QgQS-lu2jmGAM_DlDvMFG3iKxMR_IGUlWGKHNx_4jOCoaqQj4Xxt7g&step=1
34.78.252.25200 OK 172 B URL HTTP/1.1 cdn.formulead.com/v/recaptcha3?token=03AIIukzhOImzR6v_q3TqAV_QGqpHBjtAZP5S95V4a8Nby8OFqy3KKUtdk_TNix4Uj_IBvQJIG23sX8_JLTIQaMZA-Y44UvN6MwvmUv-W3OAZPg_JsLOt91u8qoB7u37kiUC9IghcyUMm_M6x1dXsJQatUQnw1w5j8slPOLY8AaKk_BBxsuhLvtL3FfQe9AZKRm04shwc94qKpd44sjXl5dwhNgikGRR7_u46DQoMGkZfWcgG2VHvYYkDgSjrzXRmalIz22A4ywXlBnTB03CfxabJ9ZReb_JmZYqASdUjHizTEBeChCBunK8NgV1B79PxtDeAY6_8TGqIgDvH1KUC_DmzijPTtgJ7e7MUL-mXb9imzWlTCo-4NT7BVML0V_kmDN_0WZj8aO1ek4ikQAnY8IqQq9UaWwffhZhAuiAYDWs8Aj5Uqz4aRPOXFuRAQJkRc8uKSykKgNqACkJx2hokaUHOoICnDw-ZlwjFE-Cv8Mkw8QgQS-lu2jmGAM_DlDvMFG3iKxMR_IGUlWGKHNx_4jOCoaqQj4Xxt7g&step=1
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8281c756277a5cc3c6e14a94f418754e
65ecbc3df5064e62e4f1a268899a928652443ee4
903b6b0a29be5897de10ccf976a05fb7be996d44febc1fc72850450b503a9c48
GET /v/recaptcha3?token=03AIIukzhOImzR6v_q3TqAV_QGqpHBjtAZP5S95V4a8Nby8OFqy3KKUtdk_TNix4Uj_IBvQJIG23sX8_JLTIQaMZA-Y44UvN6MwvmUv-W3OAZPg_JsLOt91u8qoB7u37kiUC9IghcyUMm_M6x1dXsJQatUQnw1w5j8slPOLY8AaKk_BBxsuhLvtL3FfQe9AZKRm04shwc94qKpd44sjXl5dwhNgikGRR7_u46DQoMGkZfWcgG2VHvYYkDgSjrzXRmalIz22A4ywXlBnTB03CfxabJ9ZReb_JmZYqASdUjHizTEBeChCBunK8NgV1B79PxtDeAY6_8TGqIgDvH1KUC_DmzijPTtgJ7e7MUL-mXb9imzWlTCo-4NT7BVML0V_kmDN_0WZj8aO1ek4ikQAnY8IqQq9UaWwffhZhAuiAYDWs8Aj5Uqz4aRPOXFuRAQJkRc8uKSykKgNqACkJx2hokaUHOoICnDw-ZlwjFE-Cv8Mkw8QgQS-lu2jmGAM_DlDvMFG3iKxMR_IGUlWGKHNx_4jOCoaqQj4Xxt7g&step=1 HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Cookie: plc=5cf7e0bd268b230100a5ddf4; stp=1; ck_tsp=2022-10-07T04%3A21%3A35.338Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:37 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 172
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"ac-Zey8PfUGTmLk8aJoiZqShlJEPuQ"
set-cookie: qst.sid=s%3AJq57zvktibq1Clz7ZACf_x_QfV2eER86.m%2FsFFCHqy7iihmZv%2BDD38%2BFbkiJqUQTYIEjebrBdu38; Path=/; HttpOnly
Vary: Accept-Encoding
cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full
34.78.252.25200 OK 6.9 kB URL HTTP/1.1 cdn.formulead.com/p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full
IP 34.78.252.25:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (26626), with no line terminators
Hash 1ecc1cb55274b973818aaf4be17ce55d
d266492c59c5c576bbe38c8441d6220890b4706d
3430ca715e7ce35b570f78f9a664a1a7f05d19005e19cae6c911b354798999d6
GET /p/5cf7e0bd268b230100a5ddf4/feed?sc_domain=app.ln5.quiztionnaire.com&cl_ip=91.90.42.154&qb_placement_id=5cf7e0bd268b230100a5ddf4&qb_offer_id=5ea18b92636b6a47d70b5403&qb_flow_id=5ea18b92636b6a47d70b5403&qb_vendor_id=570e5c924ce290010026cc24&qb_country=NO&ql_session_id=22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b&p_id=5cf7e0bd268b230100a5ddf4&aff_code=FST&request_id=67d063d5532412274a04dd086b261dc9&aff_goal_id=3402&aff_goal_id2=3404&aff_id=1516&aff_version=no_teaser&aff_adv_id=2&aff_offer_id=726&aff_inc=iphonexr&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_tt=dp&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&sc_campaign_page=no_teaser.html&sc_campaign_path=%2Fn%2F09%2F11%2Fno%2Fiphonexr%2F&sc_campaign_domain=https%3A%2F%2Fapp.ln5.quiztionnaire.com&sc_url_wl=https%3A%2F%2Flp.nectarjunkie.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html&stp=1&feed_type=full HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b.fRSU1Kiyxk8Wkh4AOnbGJWiuLpxWxF+E5zO+Lce2080
X-Request-Id: 31613139695dd2fdce339b99
X-iivmxswc: f9ea625d5c39658be5a52ce4ed6fc32c74e38decb2d426bf63646c1005b30025
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Cookie: plc=5cf7e0bd268b230100a5ddf4; stp=1; ck_tsp=2022-10-07T04%3A21%3A35.338Z; sip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:38 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: stp=1; Path=/; Expires=Sun, 06 Oct 2024 04:21:35 GMT; Secure; SameSite=None
ck_tsp=2022-10-07T04%3A21%3A35.995Z; Path=/; Expires=Sun, 06 Oct 2024 04:21:35 GMT; Secure; SameSite=None
sip=91.90.42.154; Path=/; Expires=Sun, 06 Oct 2024 04:21:35 GMT; Secure; SameSite=None
ETag: W/"68e2-wUtjulbAoS/eJQ4aezqZ22H3G48"
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_cljs_lead_count=0&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_lead_count=0&vl_rc3=true&vl_rc3_score=0.1&vl_rc3_host=app.ln5.quiztionnaire.com&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
34.78.252.25200 OK 2 B URL HTTP/1.1 cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_cljs_lead_count=0&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_lead_count=0&vl_rc3=true&vl_rc3_score=0.1&vl_rc3_host=app.ln5.quiztionnaire.com&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
IP 34.78.252.25:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_cljs_lead_count=0&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_lead_count=0&vl_rc3=true&vl_rc3_score=0.1&vl_rc3_host=app.ln5.quiztionnaire.com&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-flow-id,x-lead-id,x-offer-id,x-ofvuinwk,x-placement-id,x-session-id,x-zqhkygow
Referer: https://app.ln5.quiztionnaire.com/
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:38 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
Vary: Accept-Encoding
cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_cljs_lead_count=0&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_lead_count=0&vl_rc3=true&vl_rc3_score=0.1&vl_rc3_host=app.ln5.quiztionnaire.com&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
34.78.252.25200 OK 483 B URL HTTP/1.1 cdn.formulead.com/vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_cljs_lead_count=0&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_lead_count=0&vl_rc3=true&vl_rc3_score=0.1&vl_rc3_host=app.ln5.quiztionnaire.com&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html
IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with very long lines (483), with no line terminators
Hash 860af79bfd4eea9f1a3077989eef78a4
38d1e1be0a3695c726e6a8871a991be45f4b3667
91cef7604a9626e700569227fa1476d886eec75aa3d4e7270beaca2c3d19b503
GET /vl/ql/?qb_country=NO&aff_source=1516_3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_city=Oslo&cl_country=NO&cl_ip=91.90.42.154&ld_email=&ld_first_name=&ld_last_name=&ld_zip_code=&aff_version=no_teaser&aff_code=FST&aff_id=1516&aff_offer_id=726&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&cl_browser=Firefox&cl_browser_tz=UTC&cl_device=DESKTOP&cl_language=en-US&cl_os=Linux&cl_ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp=a74cd5ce7a780a8e853446157b06ed76&vl_fp_cljs_device=unknown&vl_fp_cljs_language=en-US&vl_fp_cljs_lead_count=0&vl_fp_comp_has_lied_browser=false&vl_fp_comp_has_lied_languages=false&vl_fp_comp_has_lied_os=false&vl_fp_comp_has_lied_resolution=false&vl_fp_comp_navigator_platform=Linux%20x86_64&vl_fp_comp_color_depth=24&vl_fp_comp_resolution=1280&vl_fp_comp_resolution=1024&vl_fp_comp_user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&vl_fp_lead_count=0&vl_rc3=true&vl_rc3_score=0.1&vl_rc3_host=app.ln5.quiztionnaire.com&sc_url=https%3A%2F%2Fapp.ln5.quiztionnaire.com%2Fn%2F09%2F11%2Fno%2Fiphonexr%2Fno_teaser.html HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b.fRSU1Kiyxk8Wkh4AOnbGJWiuLpxWxF+E5zO+Lce2080
X-Offer-Id: 5ea18b92636b6a47d70b5403
X-Flow-Id: 5ea18b92636b6a47d70b5403
X-Placement-Id: 5cf7e0bd268b230100a5ddf4
x-zqhkygow: 6e3f090be5bc7e09b4e61498d2eb41d2d3ab157d24e6a7c0c47181110a857d97
x-ofvuinwk: e1f4d73bcfa6926e21186c1fe5aa69e7bd324df6c1c3fcef1ea8c96bd4fbac44
X-Lead-Id: 31613139695dd2fdce339b99
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:38 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Vary: Accept-Encoding
cdn.formulead.com/t/page
34.78.252.25200 OK 16 B IP 34.78.252.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
POST /t/page HTTP/1.1
Host: cdn.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Session-Id: s:22CWuWa0cZmxU3U5sGwXDPzwSbd2PZ5b.fRSU1Kiyxk8Wkh4AOnbGJWiuLpxWxF+E5zO+Lce2080
Content-Type: application/json
Content-Length: 113
Origin: https://app.ln5.quiztionnaire.com
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Fri, 07 Oct 2022 04:21:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 16
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: https://app.ln5.quiztionnaire.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Expose-Headers: Content-Length
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-CSRF-Token, X-Session-Id, X-Offer-Id, X-Flow-Id, X-Flow_Id, X-Placement-Id, X-Placement_Id, X-Lead-Id, X-Sig, X-iivmxswc, X-Request-id, X-zqhkygow, X-ofvuinwk
Pragma: no-cache
Cache-Control: no-cache
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
Vary: Accept-Encoding
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2da6f7a-675a-45e2-af30-4afd851d825d.jpeg
34.120.237.76200 OK 2.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2da6f7a-675a-45e2-af30-4afd851d825d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17df62c3e2ed48ba9c788f5e1b3b702f
854c326016059d67fae42cc34905d0feb58cb6fc
d0bee7a7e629f6594a79bad563bb91c71a17768c2f347fd4a366f7f0daf94fda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2da6f7a-675a-45e2-af30-4afd851d825d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 2478
x-amzn-requestid: ed2a2dca-5367-42c1-b982-07a39762063e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmigWFvGIAMF9CQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4ace-6fabb7845e4d04613897a866;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: GFxAiO1AQfV1-pVy0NBmc9VoQoxBuBeOWsbPkVpOuT06D8Tw_YuZfA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:18:30 GMT
age: 21790
etag: "854c326016059d67fae42cc34905d0feb58cb6fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
secure.newyearspecials.xyz/lp/load/1b/?vsv=UTS&vl=1&vlink=app.logictree.co&country=NO&cep=lin58ZYs9u5QW7qCjw0QC-TvXLdCfbUCpsrblUgdU3xE5c7tcyxN0LDKFxqtW---XRPqMRjO6Fd9X4zifR-c3ibtOV1Ac8jp5YL9MOt7k1mPrfzHds1m8qu7usPk2W1lbbxFfptFs1npoSmoCQu946v_cnFiT-V-dgJ0YVaotoOBJsbnT3pXSSCNqiZ7DwUKgFLC5Fudtxyy-t0hEEopws7uqrU_HErFwvnuyvjLR7-RdNIVTv4gFKDnBHGx0TxntY5ygw_eI8C1e3DjrD_TG-IDN9BT6BeP3jsWeXssr-GQz3eslGW6gJNLCFVweJJPHunCzm__gu84lk3XuYkDMxJGP31D0PVcUoExT1y9MWpOefSz9_ifDa-UYpPQBRGWsEKlZoM7a9XswN6KbC5kEdnrA5xosYHoyn3CnDHDegNkVPRL7pYwBNRDQOqoP_JLc6VauQ5EH5wfM3qbAGO59LpW42m_0vXeGKDxkrTppKQ&lptoken=16216550114d829e9274&s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=&spushon=y
104.21.66.134200 OK 0 B URL HTTP/2 secure.newyearspecials.xyz/lp/load/1b/?vsv=UTS&vl=1&vlink=app.logictree.co&country=NO&cep=lin58ZYs9u5QW7qCjw0QC-TvXLdCfbUCpsrblUgdU3xE5c7tcyxN0LDKFxqtW---XRPqMRjO6Fd9X4zifR-c3ibtOV1Ac8jp5YL9MOt7k1mPrfzHds1m8qu7usPk2W1lbbxFfptFs1npoSmoCQu946v_cnFiT-V-dgJ0YVaotoOBJsbnT3pXSSCNqiZ7DwUKgFLC5Fudtxyy-t0hEEopws7uqrU_HErFwvnuyvjLR7-RdNIVTv4gFKDnBHGx0TxntY5ygw_eI8C1e3DjrD_TG-IDN9BT6BeP3jsWeXssr-GQz3eslGW6gJNLCFVweJJPHunCzm__gu84lk3XuYkDMxJGP31D0PVcUoExT1y9MWpOefSz9_ifDa-UYpPQBRGWsEKlZoM7a9XswN6KbC5kEdnrA5xosYHoyn3CnDHDegNkVPRL7pYwBNRDQOqoP_JLc6VauQ5EH5wfM3qbAGO59LpW42m_0vXeGKDxkrTppKQ&lptoken=16216550114d829e9274&s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=&spushon=y
IP 104.21.66.134:0
GET /lp/load/1b/?vsv=UTS&vl=1&vlink=app.logictree.co&country=NO&cep=lin58ZYs9u5QW7qCjw0QC-TvXLdCfbUCpsrblUgdU3xE5c7tcyxN0LDKFxqtW---XRPqMRjO6Fd9X4zifR-c3ibtOV1Ac8jp5YL9MOt7k1mPrfzHds1m8qu7usPk2W1lbbxFfptFs1npoSmoCQu946v_cnFiT-V-dgJ0YVaotoOBJsbnT3pXSSCNqiZ7DwUKgFLC5Fudtxyy-t0hEEopws7uqrU_HErFwvnuyvjLR7-RdNIVTv4gFKDnBHGx0TxntY5ygw_eI8C1e3DjrD_TG-IDN9BT6BeP3jsWeXssr-GQz3eslGW6gJNLCFVweJJPHunCzm__gu84lk3XuYkDMxJGP31D0PVcUoExT1y9MWpOefSz9_ifDa-UYpPQBRGWsEKlZoM7a9XswN6KbC5kEdnrA5xosYHoyn3CnDHDegNkVPRL7pYwBNRDQOqoP_JLc6VauQ5EH5wfM3qbAGO59LpW42m_0vXeGKDxkrTppKQ&lptoken=16216550114d829e9274&s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=&spushon=y HTTP/1.1
Host: secure.newyearspecials.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gr01.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:32 GMT
content-type: text/html
last-modified: Thu, 06 Oct 2022 10:38:18 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6rvDB3RvjrecDLOk%2Fo2Z2H81jvwMQaSJzDLkytrGMYqQZYgfD2STGSefyY7uxBVYhHgqJJNsIcx7kY6ly6fdQ4m4wFq7%2Fy7la%2FUABjwOzFZZIt4WIWHhOQrBoYvlhdJxhSRLgBKkEkwRPB7FjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7563d9bf6b630b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
st.formulead.com/assets/js/bioep.min.js
54.230.111.123200 OK 0 B URL HTTP/2 st.formulead.com/assets/js/bioep.min.js
IP 54.230.111.123:0
GET /assets/js/bioep.min.js HTTP/1.1
Host: st.formulead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf8
server: nginx/1.19.0
last-modified: Tue, 20 Sep 2022 15:27:41 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Thu, 06 Oct 2022 15:18:07 GMT
etag: W/"6329dbed-14c4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UGmqu_FtRZK3nhlr5aTR_wc0PmulAKz9TqH2e06NAziYqIPVJk22CA==
age: 47007
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=app.ln5.quiztionnaire.com
172.64.169.3200 OK 0 B URL HTTP/2 trk-consulatu.com/scripts/push/script/z75dnkdk4q?url=app.ln5.quiztionnaire.com
IP 172.64.169.3:0
GET /scripts/push/script/z75dnkdk4q?url=app.ln5.quiztionnaire.com HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:36 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ss77xNFLEdaO5DAsiK%2BJIrlq0bJVWBqa7x8AGy3HgiaAoXIps%2BB%2BOtQHFvfYc1Rel7m7AktXoDlkWfpG2STd6IBYahoprhgh1XGZnd%2BmTu%2F4RtMvsNNNAG3BQHJI%2B1Qzxj%2BU9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7563d9d39ba106ae-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/silver.png
54.230.111.71200 OK 0 B URL HTTP/2 app.ln5.quiztionnaire.com/n/09/11/assets/images/iphonexr/silver.png
IP 54.230.111.71:0
GET /n/09/11/assets/images/iphonexr/silver.png HTTP/1.1
Host: app.ln5.quiztionnaire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://app.ln5.quiztionnaire.com/n/09/11/no/iphonexr/no_teaser.html?p_id=5cf7e0bd268b230100a5ddf4&_c_id=aff_code:FST;request_id:67d063d5532412274a04dd086b261dc9;aff_tid:;aff_goal_id:3402;aff_goal_id2:3404;aff_id:1516;aff_version:no_teaser;aff_adv_id:2;aff_offer_id:726;aff_inc:iphonexr&_c_user=ld_first_name:;ld_last_name:;ld_email:;ld_phone_cell:&_c_loc=ld_zip_code:;ld_city:&_c_dob=ld_dob:&aff_click_id=djvdvomj5mholkijiae43l18&aff_sub=3c9cfc8b-7a42-4d84-bf62-62fed5238287_&aff_sub2=djvdvomj5mholkijiae43l18&aff_sub3=&aff_sub4=&aff_sub5=&aff_fbp=&aff_tt=dp&aff_ttp=&ch=&request_id=67d063d5532412274a04dd086b261dc9&aff_id=1516
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf8
server: nginx/1.19.0
date: Fri, 07 Oct 2022 04:21:37 GMT
access-control-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: U0d0ELWLMYSmRU3BlsPOO_iCNms2GjtVWkiIqu02D3JNSth9k3pNNQ==
X-Firefox-Spdy: h2
gr01.net/l/?s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=
104.21.2.6200 OK 0 B URL HTTP/2 gr01.net/l/?s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10=
IP 104.21.2.6:0
GET /l/?s1=&s2=&s3=&s4=&s5=&s6=3&s7=&s8=&s9=&s10= HTTP/1.1
Host: gr01.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:32 GMT
content-type: text/html
last-modified: Thu, 06 Oct 2022 10:35:44 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hlHI4%2B3nB9efrgyeX9tGRCR5kLiY9wYtyVwsUfkVbtioNpymRO%2FgHb6Wb0Kmj1VpBUJ0qWXOC5G0tzDvyaiSld9mTeRiZCH5xpuaB1kh7r%2FdQTMmxNLHoP%2FMsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7563d9bb6badb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
apidata.info/js
172.67.149.37200 OK 0 B IP 172.67.149.37:0
GET /js HTTP/1.1
Host: apidata.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gr01.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:32 GMT
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: POST, GET
access-control-max-age: 3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hv1x8td1UTaKX0i%2BvxA%2FnBAfA0iwMlTvAkcr9YVTxFoZldXgUx2A0HohZuTdnWU9U8ph7RHaUOYKll3MkAP4WbsV2Qczn40SZtGpBJHPSiEfGGlyRL1DFeB7%2BKXKASw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuGQ4mUqJj6izyopp8yhqksk2KbwnukAPRjbe52hwa; SameSite=Lax; path=/; expires=Sat, 08-Oct-22 03:21:32 GMT; HttpOnly
server: cloudflare
cf-ray: 7563d9bcd935b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secure.newyearspecials.xyz/script/gotoURL.js
104.21.66.134200 OK 0 B URL HTTP/2 secure.newyearspecials.xyz/script/gotoURL.js
IP 104.21.66.134:0
GET /script/gotoURL.js HTTP/1.1
Host: secure.newyearspecials.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:32 GMT
content-type: application/javascript
last-modified: Thu, 06 Oct 2022 10:51:16 GMT
etag: W/"633eb324-1daf"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZ4JsDKWgqj%2B4LUXBmX8nvw9mhdBs%2F5N0%2F2gTzP8E%2Fp%2BTEBgmaSxjQxTAwX%2FeeOuuqqyT6L2hP4ddA7dEsx2tyoty9dMvVIhxVo5CI9s9WRcCNfVV1Z%2Bs%2BIvudZhExWxSn9dsKrzmBqf%2Fjex7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7563d9c0bbe80b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secure.newyearspecials.xyz/favicon.ico
104.21.66.134200 OK 0 B URL HTTP/2 secure.newyearspecials.xyz/favicon.ico
IP 104.21.66.134:0
GET /favicon.ico HTTP/1.1
Host: secure.newyearspecials.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 04:21:33 GMT
content-type: image/x-icon
last-modified: Thu, 06 Oct 2022 10:35:44 GMT
etag: W/"633eaf80-47e"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jp4fDuaLR7uSxy7EIbvwT1WpP%2Bj9HUGUSaPCqtKzCmG5jZOnkZTIBtjci%2BgCWZTOxAdE2KevQ4n1CcuOpe4UK%2B%2FMnFjYkRcmzY5FRfHJdTQcVpMp3t5NKv7mUR3Y0t57wjmOaJv1pDphry9iA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7563d9c2ecf40b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2