Report - click.clediabete.org/?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE=

Report Overview

Submitted URL
click.clediabete.org/?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE=
IP
170.187.185.18
ASN
#63949 Linode, LLC
Submitted
2023-01-28 19:36:52
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
join.letsdoeit.com	unknown	2018-11-17T13:56:25Z	2023-03-13T01:20:05Z	471 B	1.4 kB	185.7.99.226
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.1 kB	4.2 kB	142.250.74.131
www.googleoptimize.com	1604	2019-07-16T12:17:19Z	2023-03-13T07:14:58Z	382 B	47 kB	142.250.74.174
p.cdn.letsdoeit.com	612283	2021-01-04T22:21:17Z	2023-03-09T11:24:31Z	528 B	1.2 kB	64.210.135.119
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	58 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	44.224.148.171
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	601 B	589 B	209.85.233.154
s.cdn.letsdoeit.com	832144	2021-11-10T11:42:10Z	2023-03-09T11:24:30Z	1.0 kB	660 kB	64.210.135.119
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	4.1 kB	11 kB	23.33.119.27
letsdoeit.com	141724	2018-11-15T12:08:53Z	2023-03-12T18:37:23Z	484 B	7.3 kB	172.67.185.28
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	382 B	45 kB	216.58.207.200
click.clediabete.org	unknown	2022-06-02T09:01:57Z	2023-03-05T23:03:20Z	1.1 kB	1.5 kB	170.187.185.18
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	1.3 kB	21 kB	142.250.74.46

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-28 19:36:45	high	Client IP	Internal IP	ETPRO POLICY Observed .cash gTLD in DNS Query

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA	2.0 kB	2023-03-13	2023-03-13
Pretty URL letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA IP 172.67.185.28 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:52:36 Last Seen2023-03-13 11:21:03 Times Seen1 Hash b9e3da82333ec5e8721c0b501492b45d 6d4fcd9719e9a5f6534b1a9735691572b44f2b2a cc6b037fa6f2858e9effa10949dfbbc3c2bc0cef52a1523d145f9ff4f90855e5 Loading...

	www.googleoptimize.com/optimize.js?id=GTM-K8F2MS4	121 kB	2023-03-13	2023-03-13
Pretty URL www.googleoptimize.com/optimize.js?id=GTM-K8F2MS4 IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:10:05 Last Seen2023-03-13 10:10:05 Times Seen1 Hash fbb9d082b36c6d931f2d214eab511f4b f58b0f2706e95229ee4852832015ed12a1ae256d a651092c2cdd0fca61bea266e0230706468009d2fadeee1b15d983a4461551a1 Loading...

	www.googletagmanager.com/gtag/js?id=UA-66229047-1	113 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=UA-66229047-1 IP 216.58.207.200 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:10:05 Last Seen2023-03-13 10:10:05 Times Seen1 Hash 23ebf3c6b708d7466c70f4678193fdae fee8c5663a474216d5cc1db63aefc16c35a3db75 e7b28cc63ed7adde4b87b66e15ad5fd0c778d9f8b0f544cd1ec81465ba51fc7c Loading...

	www.googletagmanager.com/gtag/js?id=UA-66229047-1&l=dataLayer&cx=c	113 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=UA-66229047-1&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:10:05 Last Seen2023-03-13 10:10:05 Times Seen1 Hash 82ec0451ae53f3ad5e5ed5d4e2786e63 2e571fd8a5a362d9b7bf1db4b64f9753c7dcfbb2 b8b45487ffa6166597e205993bb3505ff31eccb9cc11929581e32e8634060970 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA	223 B	2023-03-10	2023-04-01
Pretty URL letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA IP 172.67.185.28 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 07:27:21 Last Seen2023-04-01 10:26:40 Times Seen3 Hash 0b6742ec8c43e16bb656d210b2b5f6d6 c6d2381a31370e1bc6d7b7326d7d721dc2886792 8a5342c8693a4bcd5bba92cc8856b1055d177edb9040c20902ac3d6994338ead Loading...

HTTP Transactions (41)

	URL	IP	Response	Size
	click.clediabete.org/?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE=	170.187.185.18	301 Moved Permanently	406 B
URL HTTP/1.1 click.clediabete.org/?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE= IP 170.187.185.18:0 ASN #63949 Linode, LLC File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size 406 B (406 bytes) Hash 24b6e9b39333f6ba726bbe048b6aaf35 0c35c190f4aa3d4ef83bb45b5be94fa401e6f28d d9f249bb41c8509b674be3a82334cff8dc321c9abd9e147c174a8910c3be94eb HTTP Headers GET /?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE= HTTP/1.1 Host: click.clediabete.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 28 Jan 2023 19:36:40 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 406 Connection: keep-alive Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests Location: https://click.clediabete.org/?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE= X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Nginx-Upstream-Cache-Status: MISS X-Server-Powered-By: Engintron

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 2405562765b49b2782ebd2e2994851d5 be7ac8e558f7875bb1fb86ab5ec674424a5ff269 422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E" Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2381 Expires: Sat, 28 Jan 2023 20:16:21 GMT Date: Sat, 28 Jan 2023 19:36:40 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 9fbe85f42e8ae8ae41cc12df5f98b141 949fa36ff0f22f72565fd584bef094dd4de23037 184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8" Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9638 Expires: Sat, 28 Jan 2023 22:17:18 GMT Date: Sat, 28 Jan 2023 19:36:40 GMT Connection: keep-alive`

	firefox.settings.services.mozilla.com/v1/	35.241.9.150	200 OK	939 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/ IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size 939 B (939 bytes) Hash dcd75ca6daca51c5e39d431468511793 07f76d3bf23d65c9110d810fa71a994e39e085d3 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459 HTTP Headers `GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Sat, 28 Jan 2023 19:35:31 GMT content-type: application/json age: 70 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 03092d1a1bc7ac91ee342a1a7ab2a562 52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a 03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD" Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4706 Expires: Sat, 28 Jan 2023 20:55:07 GMT Date: Sat, 28 Jan 2023 19:36:41 GMT Connection: keep-alive`

	content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain	34.160.144.191	200 OK	5.3 kB
URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP 34.160.144.191:0 ASN #15169 GOOGLE File type PEM certificate\012- , ASCII text Size 5.3 kB (5348 bytes) Hash 7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c HTTP Headers `GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK x-amz-id-2: bFFv+1BVQ6Snet7sbQ4EoxtE7tzSiF5iL4pHh1GE4VlENSlHEO/p6tFKykuSqLhY5EzDYcnQapk= x-amz-request-id: 0GFD5GD38D0YGTZQ content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Sat, 28 Jan 2023 18:50:01 GMT age: 2800 last-modified: Mon, 09 Jan 2023 18:04:21 GMT etag: "7b922915ebf1fa3639b333f994c74f24" content-type: binary/octet-stream cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2`

	contile.services.mozilla.com/v1/tiles	34.117.237.239	200 OK	12 B
URL HTTP/2 contile.services.mozilla.com/v1/tiles IP 34.117.237.239:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with no line terminators Size 12 B (12 bytes) Hash 23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 HTTP Headers `GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx date: Sat, 28 Jan 2023 19:36:41 GMT content-type: application/json content-length: 12 vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-expose-headers: content-type access-control-allow-credentials: true strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 0a7dad3bb453a40c40a12a84428b09eb c3c19a25596ef4c814c5327b4b2f9ff8068d8fe5 6051556a4d4188161acf0b5885b326ef42e949f7321e1dd30d30b0e0ac0fa92e HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "6051556A4D4188161ACF0B5885B326EF42E949F7321E1DD30D30B0E0AC0FA92E" Last-Modified: Thu, 26 Jan 2023 13:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=21600 Expires: Sun, 29 Jan 2023 01:36:41 GMT Date: Sat, 28 Jan 2023 19:36:41 GMT Connection: keep-alive`

	firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US	35.241.9.150	200 OK	329 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size 329 B (329 bytes) Hash 0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 HTTP Headers `GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Sat, 28 Jan 2023 18:41:40 GMT age: 3301 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" content-type: application/json cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 16a7b6a7128312e2f985d30df18c4487 6017bff79ffb525d9c7f9f32b999b74b5dc69602 663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16" Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10806 Expires: Sat, 28 Jan 2023 22:36:47 GMT Date: Sat, 28 Jan 2023 19:36:41 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 89ab8c8e87d0dab09e1eb90a09ab61b1 894ca6eaf79933f8da4bf04e1740923af0886e05 ecf8d68bea8c8bd8be27d48b0ac8e14b45f664ede3256a169966ef3534d68887 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "ECF8D68BEA8C8BD8BE27D48B0AC8E14B45F664EDE3256A169966EF3534D68887" Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15893 Expires: Sun, 29 Jan 2023 00:01:34 GMT Date: Sat, 28 Jan 2023 19:36:41 GMT Connection: keep-alive`

	push.services.mozilla.com/	44.224.148.171	101 Switching Protocols	0 B
URL HTTP/1.1 push.services.mozilla.com/ IP 44.224.148.171:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: uuBrmU28zuztIyqmwmR9KA== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket `HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: vPJYWxVUxhixvpGsyo3XKtI4EXY=`

	join.letsdoeit.com/track/MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA	185.7.99.226	302 Found	279 B
URL HTTP/2 join.letsdoeit.com/track/MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA IP 185.7.99.226:0 ASN #42567 Mojohost B.v. File type data Size 279 B (279 bytes) Hash cdb4ab36f4e9c690e9a56d534b172ea8 28d58ccc012d55ac466e7c9e3be467e995046262 f9758a8e06c906218984ed793247b00a692bfab8155a32dfdf3dd64b8fa26380 HTTP Headers `GET /track/MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA HTTP/1.1 Host: join.letsdoeit.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site` HTTP/2 302 Found server: nginx date: Sat, 28 Jan 2023 19:36:41 GMT content-type: text/html; charset=UTF-8 location: https://letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: PHPSESSID=57e6028554be86ffc16807fee814e81f; path=/ nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA; expires=Mon, 27-Feb-2023 19:36:41 GMT; Max-Age=2592000; path=/; domain=join.letsdoeit.com; HttpOnly nats_cookie=No%2BReferring%2BURL; expires=Mon, 27-Feb-2023 19:36:41 GMT; Max-Age=2592000; path=/; domain=join.letsdoeit.com; HttpOnly nats_unique=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA; expires=Sun, 29-Jan-2023 19:36:41 GMT; Max-Age=86400; path=/; domain=join.letsdoeit.com; HttpOnly nats_sess=7c078806de21c4e266fd9bd28d5dc0f4; expires=Mon, 08-May-2023 18:36:41 GMT; Max-Age=8636400; path=/; domain=join.letsdoeit.com; HttpOnly nats_landing=No%2BLanding%2BPage%2BURL; expires=Mon, 27-Feb-2023 19:36:41 GMT; Max-Age=2592000; path=/; domain=join.letsdoeit.com; HttpOnly X-Firefox-Spdy: h2

	letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA	172.67.185.28	200 OK	5.5 kB
URL HTTP/2 letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA IP 172.67.185.28:0 ASN #13335 CLOUDFLARENET File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6490) Size 5.5 kB (5530 bytes) Hash ec007e8243e362bd63c6989317d6f3d6 4f069db800a55227c6531d91d25f07dc750a1d5b 87029769076737b9f9edcc1bb7f1521bac85511ce76a964fb1630b47130836ba HTTP Headers `GET /survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA HTTP/1.1 Host: letsdoeit.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site` HTTP/2 200 OK date: Sat, 28 Jan 2023 19:36:42 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding set-cookie: nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA; expires=Sun, 29-Jan-2023 07:36:41 GMT; Max-Age=43200; path=/; domain=.letsdoeit.com; secure; HttpOnly PHPSESSID=vqsblpqivpvofppha1iq5dp6ia; path=/; secure; HttpOnly _pAa=1; expires=Fri, 28-Apr-2023 18:36:41 GMT; Max-Age=7772400; path=/; domain=.letsdoeit.com; secure; HttpOnly _pAa=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.letsdoeit.com; secure; HttpOnly _pAa=1; expires=Fri, 28-Apr-2023 18:36:41 GMT; Max-Age=7772400; path=/; domain=.letsdoeit.com; secure; HttpOnly _csrf=dbdf218e1ec54939b1d421d0f989f3d2077bbbcb0821869f8d663afca1673fcda%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22UHLwWkZib4dNnSOOyTdPsktnkNQ6ekHi%22%3B%7D; path=/; HttpOnly; SameSite=Lax expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache strict-transport-security: max-age=63072000; includeSubDomains; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block content-language: en access-control-allow-credentials: true referrer-policy: no-referrer-when-downgrade cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zZxDLrxQLCacH4ankm1YZ9yDFrPAhAJU%2Boj3YDwLck5s%2B8W7HrJVSEGmnpql%2BN49SzY86%2BrPeWGmJfGLSgDzu2leDplQolDoEqeEh0QEGPmSd5GORDNqnjH3OUf2uJSF"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 790c2daf1d2ab51d-OSL content-encoding: br alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 36147c185553851c38547798733a9fb2 912ec40237eae2ed558d09103c86c41f87896eca a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 28 Jan 2023 19:36:42 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 36147c185553851c38547798733a9fb2 912ec40237eae2ed558d09103c86c41f87896eca a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 28 Jan 2023 19:36:42 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.googleoptimize.com/optimize.js?id=GTM-K8F2MS4	142.250.74.174	200 OK	46 kB
URL HTTP/2 www.googleoptimize.com/optimize.js?id=GTM-K8F2MS4 IP 142.250.74.174:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (2108) Size 46 kB (46069 bytes) Hash d50aeccc54e4add46c4b429f15daa0fc 6c97f8845e48696dcd23396ddb3ecb5a4843375c a56a558699818e3464ec91b49fa85f44b0b11b7fdd35500405419d293ca957ac HTTP Headers `GET /optimize.js?id=GTM-K8F2MS4 HTTP/1.1 Host: www.googleoptimize.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://letsdoeit.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Sat, 28 Jan 2023 19:36:42 GMT expires: Sat, 28 Jan 2023 19:36:42 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 46069 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=UA-66229047-1	216.58.207.200	200 OK	44 kB
URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-66229047-1 IP 216.58.207.200:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (1759) Size 44 kB (44059 bytes) Hash 5ce99fa91892f5b90141cfc3145d155b cd62c6a9481cb9a64659300a3d16d738b9ee525d 54b7b153fc479737e9d923bf0118d1bf7c71444b29b2007919bc9c10bd7d1def HTTP Headers `GET /gtag/js?id=UA-66229047-1 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://letsdoeit.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Sat, 28 Jan 2023 19:36:42 GMT expires: Sat, 28 Jan 2023 19:36:42 GMT cache-control: private, max-age=900 last-modified: Sat, 28 Jan 2023 18:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 44059 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 36147c185553851c38547798733a9fb2 912ec40237eae2ed558d09103c86c41f87896eca a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 28 Jan 2023 19:36:42 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 36147c185553851c38547798733a9fb2 912ec40237eae2ed558d09103c86c41f87896eca a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 28 Jan 2023 19:36:42 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.google-analytics.com/analytics.js	142.250.74.46	200 OK	20 kB
URL HTTP/2 www.google-analytics.com/analytics.js IP 142.250.74.46:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (1490) Size 20 kB (20085 bytes) Hash ca7fbbfd120e3e329633044190bbf134 d17f81e03dd827554ddd207ea081fb46b3415445 847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db HTTP Headers `GET /analytics.js HTTP/1.1 Host: www.google-analytics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://letsdoeit.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK strict-transport-security: max-age=10886400; includeSubDomains; preload x-content-type-options: nosniff vary: Accept-Encoding content-encoding: gzip cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 20085 date: Sat, 28 Jan 2023 17:45:20 GMT expires: Sat, 28 Jan 2023 19:45:20 GMT cache-control: public, max-age=7200 age: 6682 last-modified: Tue, 10 Jan 2023 21:29:14 GMT content-type: text/javascript alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.google-analytics.com/j/collect?v=1&_v=j99&aip=1&a=1785831253&t=pageview&_s=1&dl=https%3A%2F%2Fletsdoeit.com%2Fsurvey-new.en.html%3Fnats%3DMjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA&ul=en-us&de=UTF-8&dt=Answer%20Letsdoeit%20Survey%20And%20Get%20A%20Reward!%20%7C%20LetsDoeIt&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1211734654&gjid=825662466&cid=1571497851.1674934607&uid=&tid=UA-66229047-1&_gid=1728561562.1674934607&_r=1&_slc=1&gtm=2ou1p0&z=1862763598	142.250.74.46	200 OK	4 B
URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&aip=1&a=1785831253&t=pageview&_s=1&dl=https%3A%2F%2Fletsdoeit.com%2Fsurvey-new.en.html%3Fnats%3DMjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA&ul=en-us&de=UTF-8&dt=Answer%20Letsdoeit%20Survey%20And%20Get%20A%20Reward!%20%7C%20LetsDoeIt&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1211734654&gjid=825662466&cid=1571497851.1674934607&uid=&tid=UA-66229047-1&_gid=1728561562.1674934607&_r=1&_slc=1&gtm=2ou1p0&z=1862763598 IP 142.250.74.46:0 ASN #15169 GOOGLE File type ASCII text, with no line terminators Size 4 B (4 bytes) Hash 9e92e190700c1af4539b40c2171320a9 209bcdb79e6067b51091ce8586d4b977f25b67d8 aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 HTTP Headers POST /j/collect?v=1&_v=j99&aip=1&a=1785831253&t=pageview&_s=1&dl=https%3A%2F%2Fletsdoeit.com%2Fsurvey-new.en.html%3Fnats%3DMjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA&ul=en-us&de=UTF-8&dt=Answer%20Letsdoeit%20Survey%20And%20Get%20A%20Reward!%20%7C%20LetsDoeIt&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1211734654&gjid=825662466&cid=1571497851.1674934607&uid=&tid=UA-66229047-1&_gid=1728561562.1674934607&_r=1&_slc=1&gtm=2ou1p0&z=1862763598 HTTP/1.1 Host: www.google-analytics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain Content-Length: 0 Origin: https://letsdoeit.com Connection: keep-alive Referer: https://letsdoeit.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers `HTTP/2 200 OK access-control-allow-origin: https://letsdoeit.com date: Sat, 28 Jan 2023 19:36:42 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate last-modified: Sun, 17 May 1998 03:00:00 GMT access-control-allow-credentials: true x-content-type-options: nosniff content-type: text/plain cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 4 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash ed8a8c45dceab588456b222e04775919 0242859712655caa3c3e9b936878c7c7874b7b5a 669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 28 Jan 2023 19:36:42 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-66229047-1&cid=1571497851.1674934607&jid=1211734654&gjid=825662466&_gid=1728561562.1674934607&_u=YEBAAUAAAAAAACAAI~&z=700937826	209.85.233.154	200 OK	1 B
URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-66229047-1&cid=1571497851.1674934607&jid=1211734654&gjid=825662466&_gid=1728561562.1674934607&_u=YEBAAUAAAAAAACAAI~&z=700937826 IP 209.85.233.154:0 ASN #15169 GOOGLE File type very short file (no magic) Size 1 B (1 bytes) Hash c4ca4238a0b923820dcc509a6f75849b 356a192b7913b04c54574d18c28d46e6395428ab 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b HTTP Headers POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-66229047-1&cid=1571497851.1674934607&jid=1211734654&gjid=825662466&_gid=1728561562.1674934607&_u=YEBAAUAAAAAAACAAI~&z=700937826 HTTP/1.1 Host: stats.g.doubleclick.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain Content-Length: 0 Origin: https://letsdoeit.com Connection: keep-alive Referer: https://letsdoeit.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK access-control-allow-origin: https://letsdoeit.com strict-transport-security: max-age=10886400; includeSubDomains; preload date: Sat, 28 Jan 2023 19:36:42 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate last-modified: Sun, 17 May 1998 03:00:00 GMT access-control-allow-credentials: true x-content-type-options: nosniff content-type: text/plain cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 1 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash ed8a8c45dceab588456b222e04775919 0242859712655caa3c3e9b936878c7c7874b7b5a 669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 28 Jan 2023 19:36:42 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 32b55bd093fab767224089dd5bba10dd 4bd50642d0873a3b034248869ca015f01b3a3d8e 371ae3681b8310f968f7d79c1dc16656d3fa40846afa2c14c4b2019a30a2f94e HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "371AE3681B8310F968F7D79C1DC16656D3FA40846AFA2C14C4B2019A30A2F94E" Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2642 Expires: Sat, 28 Jan 2023 20:20:45 GMT Date: Sat, 28 Jan 2023 19:36:43 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 32b55bd093fab767224089dd5bba10dd 4bd50642d0873a3b034248869ca015f01b3a3d8e 371ae3681b8310f968f7d79c1dc16656d3fa40846afa2c14c4b2019a30a2f94e HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "371AE3681B8310F968F7D79C1DC16656D3FA40846AFA2C14C4B2019A30A2F94E" Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2633 Expires: Sat, 28 Jan 2023 20:20:36 GMT Date: Sat, 28 Jan 2023 19:36:43 GMT Connection: keep-alive`

	s.cdn.letsdoeit.com/images/survey/large-new.jpg	64.210.135.119	200 OK	658 kB
URL HTTP/2 s.cdn.letsdoeit.com/images/survey/large-new.jpg IP 64.210.135.119:0 ASN #30361 SWIFTWILL2 File type JPEG image data, progressive, precision 8, 1920x1030, components 3\012- data Size 658 kB (657891 bytes) Hash bccebb8c505826c9aae922dbfc1e56ca 22a8d3e9a77eeb3de0f1c009887d7ba8be8962ad 30c7a15af1fd6d2a751055c577ee662bd9b53ed6ab0e36d5438bee14ebbd6e70 HTTP Headers `GET /images/survey/large-new.jpg HTTP/1.1 Host: s.cdn.letsdoeit.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA Connection: keep-alive Cookie: nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA; _pAa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site` HTTP/2 200 OK date: Sat, 28 Jan 2023 19:36:43 GMT content-type: image/jpeg content-length: 657891 last-modified: Tue, 10 Jan 2023 14:15:44 GMT etag: "63bd7310-a09e3" expires: Mon, 15 Jan 2024 15:08:59 GMT cache-control: max-age=31536000 access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,OPTIONS access-control-allow-origin: * cf-cache-status: MISS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gmyJtxgOamckaIzJS%2FEleOBdXX4YaDTu4IGejB%2BRJzRUasqNATC%2FmgKdlLNpiFLYWq47zpu98ySFSxHNmoit9laBxg%2BCvDNXGfXhmPTGf5c5Us1PoYhZKMcRllkyvfaQZC%2BZBmIrIA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray: 789f87ad4e0bb7d9-AMS alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 accept-ranges: bytes x-cdn-diag: ams5-7846-3-9720-h-0-0---;7846-29-60327----0-0-0 X-Firefox-Spdy: h2

	p.cdn.letsdoeit.com/static/icons/letsdoeit-36x36.png	64.210.135.119	200 OK	620 B
URL HTTP/2 p.cdn.letsdoeit.com/static/icons/letsdoeit-36x36.png IP 64.210.135.119:0 ASN #30361 SWIFTWILL2 File type PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data Size 620 B (620 bytes) Hash d55400d310c2cdc926f381ed77f70c7a bf6201a5294be1356893583707ed58e418020801 13f9fd117b299519f249fb842de135022ee22073b756b5f92fc460e5ac0144c8 HTTP Headers GET /static/icons/letsdoeit-36x36.png HTTP/1.1 Host: p.cdn.letsdoeit.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA Connection: keep-alive Cookie: nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA; _pAa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site TE: trailers HTTP/2 200 OK date: Sat, 28 Jan 2023 19:36:43 GMT content-type: image/png content-length: 620 etag: "d55400d310c2cdc926f381ed77f70c7a" last-modified: Wed, 20 Nov 2019 11:10:33 GMT x-amz-id-2: K0VNSTIHmI8QYkMp+kV8bnwPJsRb2a/sUHx/0a4M6UDzhClFl5pgtBM6r83q6hmscGGVqmYI3TGS x-amz-meta-mtime: 1559292969 x-amz-request-id: 4BDFAC889E17E776 cache-control: max-age=31536000 access-control-allow-origin: * access-control-allow-methods: GET,HEAD,OPTIONS accept-ranges: bytes x-cdn-diag: ams5-6249-1-21269-h-0-0---;7846-29-60327----0-0-0 X-Firefox-Spdy: h2

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69" Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4131 Expires: Sat, 28 Jan 2023 20:45:34 GMT Date: Sat, 28 Jan 2023 19:36:43 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69" Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4131 Expires: Sat, 28 Jan 2023 20:45:34 GMT Date: Sat, 28 Jan 2023 19:36:43 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69" Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4131 Expires: Sat, 28 Jan 2023 20:45:34 GMT Date: Sat, 28 Jan 2023 19:36:43 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.33.119.27	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69" Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4131 Expires: Sat, 28 Jan 2023 20:45:34 GMT Date: Sat, 28 Jan 2023 19:36:43 GMT Connection: keep-alive`

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg	34.120.237.76	200 OK	12 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 12 kB (11568 bytes) Hash b7a0759c043594fbe85af422b59b8227 a05cfaad16078f42218dae233da38f6f5dff8487 e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 11568 x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: e9T3UGA3oAMFSlQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0 x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg== via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google date: Fri, 27 Jan 2023 23:03:41 GMT age: 73982 etag: "a05cfaad16078f42218dae233da38f6f5dff8487" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8b9b454-0728-4fe3-a661-33c8205e00c2.webp	34.120.237.76	200 OK	9.8 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8b9b454-0728-4fe3-a661-33c8205e00c2.webp IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 9.8 kB (9758 bytes) Hash 3516e6446944e35557bee1c66fcb46ba a2930481e12b2faf871267a0ee1166ee05b1a168 c19bf7db6637169a0def1e7ba1f1cc675cec38f190a1d41a4b970f2f31a75549 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8b9b454-0728-4fe3-a661-33c8205e00c2.webp HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 9758 x-amzn-requestid: e80bf4a2-5fb6-4b21-8570-9d8bf72bc65f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fa_T5EgAoAMFSsw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d445b2-106eca49521af490104019bb;Sampled=0 x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: wmGlLHXvIs6iskEqfrqN09vwMpRlMKF-mukahEyeYRWC8WbnOmk4Hw== via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google date: Fri, 27 Jan 2023 21:56:37 GMT etag: "a2930481e12b2faf871267a0ee1166ee05b1a168" content-type: image/jpeg age: 78006 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg	34.120.237.76	200 OK	4.5 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 4.5 kB (4475 bytes) Hash 4205d8106659e00fff1cbe9262918b8c ab4f6528594a1725934727dc7d834c028a79c609 31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 4475 x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fa_e6HsaIAMF5Lg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0 x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA== via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google date: Fri, 27 Jan 2023 21:56:46 GMT age: 77997 etag: "ab4f6528594a1725934727dc7d834c028a79c609" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg	34.120.237.76	200 OK	13 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 13 kB (13375 bytes) Hash b4afa01d2ffe17f8378e4c0b5afd4608 f5c7e2137efa07a207427a6b6fe1df541f85ea25 84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 13375 x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fa-CxF6BoAMFyGg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0 x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw== via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google date: Fri, 27 Jan 2023 21:48:58 GMT age: 78465 etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg	34.120.237.76	200 OK	7.6 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 7.6 kB (7585 bytes) Hash ea24bcba583bd8bd139559448a343e68 b9d37c2b14f890d41983a59f352e8f7caa9c94bb e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 7585 x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fa_vkE5roAMF0Hw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0 x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw== via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google date: Fri, 27 Jan 2023 22:46:13 GMT age: 75030 etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg	34.120.237.76	200 OK	5.0 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 5.0 kB (4975 bytes) Hash c982569d070f24dba1259603091c22e3 0f93acb5bee53670cc4ef486922f7333d96a2f4e 9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 4975 x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fa-EBGuaoAMFbSw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0 x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: M4VR-I89SGD0-FLzHhZ88PJJJmdWTEi0UrBnAmCBCQAdjRsssqnSzw== via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google date: Fri, 27 Jan 2023 21:49:06 GMT age: 78457 etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	click.clediabete.org/?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE=	170.187.185.18	200 OK	0 B
URL HTTP/2 click.clediabete.org/?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE= IP 170.187.185.18:0 ASN #63949 Linode, LLC File type Size 0 B (0 bytes) Hash HTTP Headers GET /?t=c&ids=NTkwNDUzMjIz__MTUwODI=__NTE5MDI2Mjg=__NjU0__857&url=aHR0cHMlM0ElMkYlMkZqb2luLmxldHNkb2VpdC5jb20lMkZ0cmFjayUyRk1qQTJOaTR4Tnk0eUxqUTFNeTR4TGpBdU1DNHdMakE= HTTP/1.1 Host: click.clediabete.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 `HTTP/2 200 OK server: nginx date: Sat, 28 Jan 2023 19:36:41 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding strict-transport-security: max-age=63072000; includeSubDomains; preload content-security-policy: upgrade-insecure-requests x-xss-protection: 1; mode=block x-content-type-options: nosniff x-nginx-upstream-cache-status: EXPIRED x-server-powered-by: Engintron content-encoding: gzip X-Firefox-Spdy: h2`

	s.cdn.letsdoeit.com/images/survey/present.svg	64.210.135.119	200 OK	0 B
URL HTTP/2 s.cdn.letsdoeit.com/images/survey/present.svg IP 64.210.135.119:0 ASN #30361 SWIFTWILL2 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /images/survey/present.svg HTTP/1.1 Host: s.cdn.letsdoeit.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://letsdoeit.com/survey-new.en.html?nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA Connection: keep-alive Cookie: nats=MjA2Ni4xNy4yLjQ1My4xLjAuMC4wLjA; _pAa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site` HTTP/2 200 OK date: Sat, 28 Jan 2023 19:36:43 GMT content-type: image/svg+xml last-modified: Tue, 10 Jan 2023 14:15:44 GMT vary: Accept-Encoding etag: W/"63bd7310-979" expires: Wed, 10 Jan 2024 14:54:35 GMT cache-control: max-age=31536000 access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,OPTIONS access-control-allow-origin: * cf-cache-status: MISS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6gVcViZR8Pv3FZyjsu7krcdkW%2Fr3%2BAERSOdS1TAYLZWLgrQ6g2X8FolRcSdjYX08lHhfcRed2diU3lbKPYkN3iSXHOlwgF9p%2FWrw0mqxC3kPG5AUEfAaz20eNsOEXqQoQJBqnReiUQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray: 78763fb548adb7e5-AMS content-encoding: br alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-cdn-diag: ams5-7619-3-23037-h-0-0---;7846-29-60327----0-0-1 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (41)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type