129.novitrk3.com/smartlink?mongo_id=6320fcde35e14d6792739038&mongo_grouped_id=6320ef732926d921932dee0e&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
188.240.52.20302 Found 718 B URL HTTP/1.1 129.novitrk3.com/smartlink?mongo_id=6320fcde35e14d6792739038&mongo_grouped_id=6320ef732926d921932dee0e&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript
IP 188.240.52.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a396ae4c728f9cf14e29bb550de53253
8de44e709c8abafc58111aa0e65aca48aab329e0
b7bece8b4beae907ea2dd6500d1145a4e3ea99c2ae7d9f3b258990d4f05b293d
GET /smartlink?mongo_id=6320fcde35e14d6792739038&mongo_grouped_id=6320ef732926d921932dee0e&redirect_url=www.google.com&bot=1&suspicious=1&suspicious_reason=noscript HTTP/1.1
Host: 129.novitrk3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.19.10
Date: Tue, 13 Sep 2022 21:58:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
Location: https://129.novitrk3.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjZuQURvVG9sN2g5ZFFaTGVqRzJPVGc9PSIsInZhbHVlIjoidkdzSldKQ1Ivb3lyOTh3dnB0bXROeFpFSnlLZlVQckl1RlJ5eVJtWWJmaGZjWXdMeEhCWnRhWm51OXhmK0ZVYnNtWlhmMVk0K0g4ZlcvWXNkWWw1Q0RYWU1qVmhaM0U2SFdVcTM2bFRabUswUndvWUY2V1NIaVpHZnlHUDk5QUQiLCJtYWMiOiI1ZTQzNjg2MjYxMGM5NTRjZTVkYWIxNGQ5ZTg5NjBmMDYwODI4OTE4Y2Q1YjFhYWNkNGZkOWEzMzE4MjFjNTNhIiwidGFnIjoiIn0%3D; expires=Tue, 13-Sep-2022 23:58:00 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImNjc05JMHQyQWlFMTB6RyswZ0w2WlE9PSIsInZhbHVlIjoiM2NhT09QOHBNNkZiSkxGTXQzM211c3dEa0VCaEFiSzBHbTRnVlBPRWQ2ZFgzZ0FXQzFjQlNlSVc5ZWh0Wkt2MzJtZi9Uc1Q2elhUb1EyYXBycHhLMjkvV0NXOEVNWkc5OW9iOVV6TGtRMmxJdXpPMU5jWVUyWEVsV2dMR2ZHQ0YiLCJtYWMiOiIwYTg0NWZhNTY3NzE4YWQ3MmJjNzc4M2RiYjM1N2Q3ZDdkZmNkMjU1YmU1NTFkZGI5MDNjYjA2ZmI0YTlmNTNhIiwidGFnIjoiIn0%3D; expires=Tue, 13-Sep-2022 23:58:00 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 13 Sep 2022 21:08:54 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: p5Z_MNygypY840xF7mQULu6T7rqjo9Xu5Ivc9_ZHTYm_qTOCeayESg==
Age: 2946
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10280
Expires: Wed, 14 Sep 2022 00:49:21 GMT
Date: Tue, 13 Sep 2022 21:58:01 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 13 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7X70iWcHDG1OK5SJ403yJ-6_ES7ZnN7xYIh4kpmnBmNPeOkHdk5aLw==
age: 62567
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 21:58:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 13 Sep 2022 21:03:22 GMT
Expires: Tue, 13 Sep 2022 21:52:29 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: A84GdXji44S6VpyRfFoxosnr0N0rZHB4FPSLZnYFgAxP4U23R8ma9Q==
Age: 3279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e96dbe1b54932c8f447bbbfc9d31cfb0
b15d4a54fbdf95b0af8bd34b6f8ef03055eef0cd
427326963ac1ef6ddeeaf52ab07807c694b82effa6111671ada8270b1faecdae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3613
Cache-Control: max-age=126547
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 21:58:01 GMT
Etag: "63203a1f-1d7"
Expires: Thu, 15 Sep 2022 09:07:08 GMT
Last-Modified: Tue, 13 Sep 2022 08:06:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.237.239.70101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.239.70:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: M8zAuRO+gbcG2oAcbr6ECg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: D+HHUt0vpUWaa/UxJaaAHgs3eR4=
m.news-page.net/?utm_term=7142987086683963521&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
99.198.108.195200 OK 7.0 kB URL HTTP/2 m.news-page.net/?utm_term=7142987086683963521&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
IP 99.198.108.195:0
Hash e12f48ed6566a17184237020c6893ad3
b36df5ddcc5c32dab576c3cd3cbc985fd4bb76d9
7958918dbbadad717d424da3514fbc6672e3472ae890ed5e1ddb1664d56c35e1
GET /?utm_term=7142987086683963521&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85 HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_medium=98774ae3068a24906aeee5af1282751e21ca5683&utm_campaign=mainstream_np&1=3&2={subid}&cid=902943194&np=1
Cookie: u=8a044b1ca31bd8b45ec1040d14329f43
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 21:58:02 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
m.news-page.net/proc.php?2b0576ac51544d5858c815f8f04146c4d98192ed
99.198.108.195200 OK 1.6 kB URL HTTP/2 m.news-page.net/proc.php?2b0576ac51544d5858c815f8f04146c4d98192ed
IP 99.198.108.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3620), with no line terminators
Hash 0f8e229e2aafe30aa263db9330882346
59994caf42fa8d3004eda355f8b2794207ca489b
024050aac45a482206360e373f0643444820e1eec1e3e4d94d1ffc1db537422e
GET /proc.php?2b0576ac51544d5858c815f8f04146c4d98192ed HTTP/1.1
Host: m.news-page.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.news-page.net/?utm_term=7142987086683963521&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85
Cookie: u=8a044b1ca31bd8b45ec1040d14329f43
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 21:58:02 GMT
content-type: text/html; charset=UTF-8
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142987086683963521&website=4472-bfdf314f-6f01772b&placement=4472
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip
X-Firefox-Spdy: h2
www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142987086683963521&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.12941848228945663&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
51.68.85.158302 Found 0 B URL HTTP/1.1 www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142987086683963521&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.12941848228945663&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7142987086683963521&website=4472-bfdf314f-6f01772b&placement=4472&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8f8ebdb2c6b0c4b6b78587b2bb88b0bdb68cbd82b380b3b6b6bcb4aaaba9a9aeafacada293a1919697f8f4848f9b8a8f9f89c09291898c87959de5cbfbf8cbcaffcec9f2f3f085848291f5cafac8f8fcf7fccdf3f3f2f5c6c7c4c5dae8edebe8ebebebebebe6e2e0efece61b85&eyeg=3&eyer=0.12941848228945663&eyei=0&eyew=1280&eyeh=939&eyetd=220&eyef=m.news-page.net HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 13 Sep 2022 21:58:02 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330000ae576f72c03b324798b26974d2e843c0913-202209-flb*5467509-4538f*M7142987086683963521*sl_5467509-4538f*c23b01b01c3bdb323af1ae62681042c82fb833d2*4472-bfdf314f-6f01772b*4472
www.wewillserv.com/favicon.ico
51.68.85.158204 No Content 0 B URL HTTP/1.1 www.wewillserv.com/favicon.ico
IP 51.68.85.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.wewillserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: openresty
Date: Tue, 13 Sep 2022 21:58:03 GMT
Connection: keep-alive
129.novitrk3.com/smartlink-css/6320fce99443c11f490e9d27
188.240.52.20200 OK 7.9 kB URL HTTP/2 129.novitrk3.com/smartlink-css/6320fce99443c11f490e9d27
IP 188.240.52.20:0
Hash 57d9047d0e233026363e5cced8f95f5e
cbb93c4b447bf6479f2dfd21a9768fbad0004268
393e30ec6f05302f64f95b58ee82d1f966f716f15c9a0fe59b801ad1355989c5
Analyzer Verdict Alert fortinet Phishing
GET /smartlink-css/6320fce99443c11f490e9d27 HTTP/1.1
Host: 129.novitrk3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://129.novitrk3.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
Cookie: XSRF-TOKEN=eyJpdiI6IlNzRGdTOVhjZkZENDR6aHlsaUZKNUE9PSIsInZhbHVlIjoiQzhNUGRjLzYxeDZtWUJvT21JV1lvc0VGMElKNDVranpLa0hCU1QrVHNXZm5CQkNZb2JKdytRaFB0ZFNkYTVaaFNHZzg4d2VNcERabXRJS2pjVnBJTkQ4VERaQWYwcy9FYlJFdjFXL0VuQ3A2NkJCV1BkRWJJNXBUOTZPdlltVWwiLCJtYWMiOiJhMWVmYzVkOWI3MTc4ZTJkMjkyYTVkODMyYjQ1YmU1ZGU1YzYzMjdjMzY4NGY5NjgzMDk2OWI5OTk1NDBkZDFhIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6ImR5czR1djJ2eGNMeTlIY01SdGhzVFE9PSIsInZhbHVlIjoiL1VOZ2RiS1llVWtnejN3MFFnbkpmMUpvWkx3NktJYWtlTmlidlV4UjBJY0xPbmgxSHQwMGZaN2tDWTNHeEtDY3YrR3paK3RUZmM4eU5kYXBBdnB1Z21pdzY0aFF2QTBmdG0zcktGY0lCcFZmY3hXZDNId2FjSWhuM3ZrcHAyV1AiLCJtYWMiOiI2YmNhZDU2OWZhNDBiYjdlNzM0YTFjZmI0ZWIwMTBlMDBlNjY0MTRhMmI2YTNmOGE0MTdhOWRiZjk0YzU4MmE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Tue, 13 Sep 2022 21:58:01 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IllWcXhYd2JIamp1azV3YkFydXNtQ0E9PSIsInZhbHVlIjoiSGtwMm5nQzlqbW5paGp3MW01bGdBU1A5M2RENmN4UVJ4NkZqbXF0aGxwWGdRV3lVSVpRMWwyZnMwM2lYbDFEdUlKZkhZMWlFUVNodHFUWmxoL2pLWmx1ME84MjlJeGx0elBzZGo3ZVdvZklHcXNuUGNnUkZibzJMK2c3eVh0cXUiLCJtYWMiOiI1MGZjNjJjYjQxNjFlZmU2NDI0NDJkZjJiYjJmMTZhODE0NjQ5M2VkM2E0Y2EzYWQ1MjlhYjdhZDBmNzRmMjQ5IiwidGFnIjoiIn0%3D; expires=Tue, 13-Sep-2022 23:58:01 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ik53Tk92ZWJhRHhpOTdXTUpKeGcwUUE9PSIsInZhbHVlIjoiZVhreHFQVG53WnFIck80WmIrVEs3ejNmRCtGenpyengxUWRGYkM3TnZPZm1mTjVlMmJYL2IvdWNLNWNJZWQ3d2JTRnEzQXcwZUYzWnJNUTkzcFE4Qnk0SC9Vd0kxTDNHcXlnMFBYRUVoc0FoT2JXZFR0VE9rNUlJRmN6L0pIWlEiLCJtYWMiOiIzZmJiNTViYjRlNjUzYTI1YjUyOTQ5YTVmNzcwMWRlNzhjZmE5YTdiYzExMmZjZjhiOTFiMWI3MzQ4M2UxYjBlIiwidGFnIjoiIn0%3D; expires=Tue, 13-Sep-2022 23:58:01 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330000ae576f72c03b324798b26974d2e843c0913-202209-flb*5467509-4538f*M7142987086683963521*sl_5467509-4538f*c23b01b01c3bdb323af1ae62681042c82fb833d2*4472-bfdf314f-6f01772b*4472
34.141.137.168302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330000ae576f72c03b324798b26974d2e843c0913-202209-flb*5467509-4538f*M7142987086683963521*sl_5467509-4538f*c23b01b01c3bdb323af1ae62681042c82fb833d2*4472-bfdf314f-6f01772b*4472
IP 34.141.137.168:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330000ae576f72c03b324798b26974d2e843c0913-202209-flb*5467509-4538f*M7142987086683963521*sl_5467509-4538f*c23b01b01c3bdb323af1ae62681042c82fb833d2*4472-bfdf314f-6f01772b*4472 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6320e0c925a694000152c5d1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 13 Sep 2022 21:58:03 GMT
content-length: 0
location: https://admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=503&sub1=330000ae576f72c03b324798b26974d2e843c0913-202209-flb*5467509-4538f*M7142987086683963521*sl_5467509-4538f*c23b01b01c3bdb323af1ae62681042c82fb833d2*4472-bfdf314f-6f01772b*4472&sub2=&sub3=&sub4=5093&sub5=503
access-control-allow-origin: *
X-Firefox-Spdy: h2
admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=503&sub1=330000ae576f72c03b324798b26974d2e843c0913-202209-flb*5467509-4538f*M7142987086683963521*sl_5467509-4538f*c23b01b01c3bdb323af1ae62681042c82fb833d2*4472-bfdf314f-6f01772b*4472&sub2=&sub3=&sub4=5093&sub5=503
34.141.137.168302 Found 0 B URL HTTP/2 admoustache.go2affise.com/sl?id=59a8401d13943b96038b456a&pid=503&sub1=330000ae576f72c03b324798b26974d2e843c0913-202209-flb*5467509-4538f*M7142987086683963521*sl_5467509-4538f*c23b01b01c3bdb323af1ae62681042c82fb833d2*4472-bfdf314f-6f01772b*4472&sub2=&sub3=&sub4=5093&sub5=503
IP 34.141.137.168:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=59a8401d13943b96038b456a&pid=503&sub1=330000ae576f72c03b324798b26974d2e843c0913-202209-flb*5467509-4538f*M7142987086683963521*sl_5467509-4538f*c23b01b01c3bdb323af1ae62681042c82fb833d2*4472-bfdf314f-6f01772b*4472&sub2=&sub3=&sub4=5093&sub5=503 HTTP/1.1
Host: admoustache.go2affise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: afclick=6320e0c925a694000152c5d1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 13 Sep 2022 21:58:03 GMT
content-length: 0
location: https://7a99a36e.myofferplus.com/rc/a91581ead4?affclick=6320fceb9b20dd0001a4bca2&pubid=503
set-cookie: afclick=6320fceb9b20dd0001a4bca2; expires=Wed, 13 Sep 2023 21:58:03 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19274
Expires: Wed, 14 Sep 2022 03:19:17 GMT
Date: Tue, 13 Sep 2022 21:58:03 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19274
Expires: Wed, 14 Sep 2022 03:19:17 GMT
Date: Tue, 13 Sep 2022 21:58:03 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19274
Expires: Wed, 14 Sep 2022 03:19:17 GMT
Date: Tue, 13 Sep 2022 21:58:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 239262b6ab17cb19414c35cd4f761092
48eddcf9838e980e67cc8f9cbb05b475df2f0331
cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PWOeca9JRnIgEymeLVyqTBucBJ0j6OS9Rmqwd4CcAKixqo0zvb452w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:48:18 GMT
age: 585
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9ab2ec10c79b91d15edb1d1e3dc763c
744fee4a0baa22ba3aa352d60620a916972b47dd
f7bb66f5bb572d73f936fc74823f51ede1f2c4e309a939b39d9529ff8f757fbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9945
x-amzn-requestid: a347749f-a63a-4533-a274-7151b9f235ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXcX8HAKoAMF5EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa765-56cff18515b2a5b3397231df;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:40:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eX23PaCAomr6VAV9ZbI5zgphphhjNOYOgVQ8ky8Xqg8ITHDwJnQ_HQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:42:21 GMT
age: 942
etag: "744fee4a0baa22ba3aa352d60620a916972b47dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 04:49:30 GMT
age: 61713
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bb76515-eb77-4f38-aae2-75a885833991.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bb76515-eb77-4f38-aae2-75a885833991.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 557695ec8ffeebb0272c099542a14ace
ad627b434e1c3b693d8636675bcea0f8794e0dc2
4d79c7830caa73b921d6abaa97771ab1f4dc8fd709597f01ba04c268c03b6157
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bb76515-eb77-4f38-aae2-75a885833991.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10407
x-amzn-requestid: 85df5ad9-f229-4d33-90b9-5dd28c77578a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YH396F2SIAMFnGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63196d25-3ee08f1e27cd37e96dba0f40;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 04:18:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Oep2UJdadBnTBuCy7CexUcezT0cCvm_9hroZnV-UrC9lQQxwUc4rkw==
via: 1.1 07c02ae6c53d85283eb15380264d9998.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 06:18:57 GMT
age: 56346
etag: "ad627b434e1c3b693d8636675bcea0f8794e0dc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 838f709437b2dfbede4ee15307afe217
2ab2ee20e720b78be6deb55f967ac0d8b7dad048
a3b47ce595b475f2aab6f7378888d15ba3e98453d6c8a3d88946efc5d65eedba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10849
x-amzn-requestid: bc2a9e2a-373d-4f1e-9556-ef15b7912206
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXcwnFRLoAMFnVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa803-38fbde8e60f3662504591c64;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:43:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CH1PWFGKKehKvQj-BvGVPngiQy4M1DwxqLyhDSugw00b_1aCkV4Cqg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:42:21 GMT
age: 942
etag: "2ab2ee20e720b78be6deb55f967ac0d8b7dad048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:41:55 GMT
age: 968
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9bc48bb0b62061303b36ca096070c6f2
d73ccb017379a6bbcb42ce7d4532d34a6178938f
797411d43cb420a224169286dc3b8b1ddbadb429e0ee4556b5cf2590e72b30e2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "797411D43CB420A224169286DC3B8B1DDBADB429E0EE4556B5CF2590E72B30E2"
Last-Modified: Mon, 12 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5391
Expires: Tue, 13 Sep 2022 23:27:54 GMT
Date: Tue, 13 Sep 2022 21:58:03 GMT
Connection: keep-alive
intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pubec30675d6de0455da0674b3ac4b7263c&sub_id=8063a697
104.248.110.148302 Found 830 B URL HTTP/1.1 intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pubec30675d6de0455da0674b3ac4b7263c&sub_id=8063a697
IP 104.248.110.148:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (331)
Hash 6c9b05ac1d3ef49d6bcb97e00f6b441e
8fcdedd4cfbf6141979b2657978a5a8bf2416372
7baa7e940766b6944b53bb9fcf3da943d48994ad6d5ef2e29752b730f92338b9
GET /redirects?offer_id=13&affiliate_id=9&click_id=pubec30675d6de0455da0674b3ac4b7263c&sub_id=8063a697 HTTP/1.1
Host: intrap.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7a99a36e.myofferplus.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
server: nginx/1.18.0 (Ubuntu)
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
date: Tue, 13 Sep 2022 21:58:03 GMT
location: https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_0409ad543a60f0b2f6da88ccc07dce2a&pub_sub_id=8063a697
expires: Tue, 13 Sep 2022 21:58:03 GMT
transfer-encoding: chunked
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash 777687b00bbe950c2f41ea8f2d6abe26
e6b5ac4d994d31a4457c1cd5a7eebcaa533401ab
86725214b484da75dd1d56b88fb9ce030b451d193cf859380f63c38f98c3ffe4
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 21:58:04 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2022 13:54:56 GMT
Expires: Sat, 17 Sep 2022 13:54:55 GMT
Etag: "e6b5ac4d994d31a4457c1cd5a7eebcaa533401ab"
Cache-Control: max-age=316010,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74a424623a94fab4-OSL
armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_0409ad543a60f0b2f6da88ccc07dce2a&pub_sub_id=8063a697
116.202.246.189200 OK 216 B URL HTTP/1.1 armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_0409ad543a60f0b2f6da88ccc07dce2a&pub_sub_id=8063a697
IP 116.202.246.189:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document, ASCII text
Hash 9b878d73c56b78bb72c93d4b62ca3159
6d4f529404b57be448f680554fad98b54a8fca23
7e2abe38f8f2547a4a58ae1b7d12ad92365885991864911be7f3c9b98509ad18
GET /recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_0409ad543a60f0b2f6da88ccc07dce2a&pub_sub_id=8063a697 HTTP/1.1
Host: armr.trckswrm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://7a99a36e.myofferplus.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 216
date: Tue, 13 Sep 2022 21:58:04 GMT
129.novitrk3.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
188.240.52.20200 OK 0 B URL HTTP/2 129.novitrk3.com/smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source=
IP 188.240.52.20:0
GET /smartlink?user_id=3&&creative_id=276030&extra_id=double_click&traffic_source= HTTP/1.1
Host: 129.novitrk3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Tue, 13 Sep 2022 21:58:01 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlNzRGdTOVhjZkZENDR6aHlsaUZKNUE9PSIsInZhbHVlIjoiQzhNUGRjLzYxeDZtWUJvT21JV1lvc0VGMElKNDVranpLa0hCU1QrVHNXZm5CQkNZb2JKdytRaFB0ZFNkYTVaaFNHZzg4d2VNcERabXRJS2pjVnBJTkQ4VERaQWYwcy9FYlJFdjFXL0VuQ3A2NkJCV1BkRWJJNXBUOTZPdlltVWwiLCJtYWMiOiJhMWVmYzVkOWI3MTc4ZTJkMjkyYTVkODMyYjQ1YmU1ZGU1YzYzMjdjMzY4NGY5NjgzMDk2OWI5OTk1NDBkZDFhIiwidGFnIjoiIn0%3D; expires=Tue, 13-Sep-2022 23:58:01 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImR5czR1djJ2eGNMeTlIY01SdGhzVFE9PSIsInZhbHVlIjoiL1VOZ2RiS1llVWtnejN3MFFnbkpmMUpvWkx3NktJYWtlTmlidlV4UjBJY0xPbmgxSHQwMGZaN2tDWTNHeEtDY3YrR3paK3RUZmM4eU5kYXBBdnB1Z21pdzY0aFF2QTBmdG0zcktGY0lCcFZmY3hXZDNId2FjSWhuM3ZrcHAyV1AiLCJtYWMiOiI2YmNhZDU2OWZhNDBiYjdlNzM0YTFjZmI0ZWIwMTBlMDBlNjY0MTRhMmI2YTNmOGE0MTdhOWRiZjk0YzU4MmE0IiwidGFnIjoiIn0%3D; expires=Tue, 13-Sep-2022 23:58:01 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
7a99a36e.myofferplus.com/rc/a91581ead4?affclick=6320fceb9b20dd0001a4bca2&pubid=503
104.21.24.76200 OK 0 B URL HTTP/2 7a99a36e.myofferplus.com/rc/a91581ead4?affclick=6320fceb9b20dd0001a4bca2&pubid=503
IP 104.21.24.76:0
GET /rc/a91581ead4?affclick=6320fceb9b20dd0001a4bca2&pubid=503 HTTP/1.1
Host: 7a99a36e.myofferplus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 21:58:03 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALB=YhEoAT8rr7nKDMj83xEu55/Ve0uamjibOJp4E3RpR09cUyiT8tQq3yPJbjBhuGOoyth0Rv8UEJ6OFxWA/wGWmKOZp6gE16K70E8wZS6Ulh2FrgjwmHK810xRK/Vp; Expires=Tue, 20 Sep 2022 21:58:03 GMT; Path=/
AWSALBCORS=YhEoAT8rr7nKDMj83xEu55/Ve0uamjibOJp4E3RpR09cUyiT8tQq3yPJbjBhuGOoyth0Rv8UEJ6OFxWA/wGWmKOZp6gE16K70E8wZS6Ulh2FrgjwmHK810xRK/Vp; Expires=Tue, 20 Sep 2022 21:58:03 GMT; Path=/; SameSite=None
vary: Accept-Encoding, Accept-Language, Cookie
content-language: en
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3pOsc1LuxOpjdJzPKUwsYmg%2Bx04g%2FgvRfTCG6bRG2b14TR02W8k3xDoXKeQKc0cPv78Lx18%2F54vdA7b7k6mTUVdukgR5x3lceiBHOVp70mj4yZTV5Fqx6%2F73a0CKzucJRVnRL54RXjJNdcs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74a4245d9b56b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.addlnk.com/redirect.css
104.21.20.70200 OK 0 B URL HTTP/2 cdn.addlnk.com/redirect.css
IP 104.21.20.70:0
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7a99a36e.myofferplus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 21:58:03 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: BUW6rlWHZvzQnvJHp4gBkVRIGc8DfdhWdOpgruWqMqu7ownlHIapox/IYSueiBqz+QseNtzP+2A=
x-amz-request-id: KYXF7EGSHW20KRRM
cf-cache-status: HIT
age: 3326
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHbSSs0twZzeqfaHZpOauAnzGvhYpyx1xHw2F9%2F1jDDkOz3mEDwroMfAVI3DgvSVNlZKPDIns9eeaB4pbM5cK5T9422xtYBdz0n%2FJTYyD4uuq6%2FBDv7ks%2BKfK2h1YQTvEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a4245eec6f1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2