urlscan.io logo urlscan.io
SecurityTrails logo

lesclara.qlitrk.com Open in urlscan Pro
34.202.201.120  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tcprosmail.com/r/w3b9P?mid=3D177-c97660-1782501-37153
Effective URL: https://lesclara.qlitrk.com/qlick/blocked
Submission: On August 16 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 14 HTTP transactions. The main IP is 34.202.201.120, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is lesclara.qlitrk.com.
TLS certificate: Issued by GoGetSSL RSA DV CA on January 6th 2021. Valid for: a year.
This is the only time lesclara.qlitrk.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
4 144.217.221.144 16276 (OVH)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 192.0.78.26 2635 (AUTOMATTIC)
1 3 34.202.201.120 14618 (AMAZON-AES)
14 6
1    2606:4700:3030::6815:1037 (United States)

ASN13335 (CLOUDFLARENET, US)
tcprosmail.com
4    144.217.221.144 (Beauharnois, Canada)

ASN16276 (OVH, FR)
www.lesclara.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    192.0.78.26 (United States)

ASN2635 (AUTOMATTIC, US)
href.li
3    34.202.201.120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-201-120.compute-1.amazonaws.com
lesclara.qlitrk.com
Domain Requested by
4 fonts.gstatic.com fonts.googleapis.com
4 www.lesclara.com www.lesclara.com
3 lesclara.qlitrk.com 1 redirects href.li
lesclara.qlitrk.com
2 fonts.googleapis.com www.lesclara.com
lesclara.qlitrk.com
1 href.li www.lesclara.com
1 cdnjs.cloudflare.com www.lesclara.com
1 tcprosmail.com 1 redirects
14 7

This site contains links to these domains. Also see Links.

Domain
qliker.io
Subject Issuer Validity Valid
lesclara.com
cPanel, Inc. Certification Authority		 2021-06-02 -
2021-08-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
tls.automattic.com
R3		 2021-06-17 -
2021-09-15		 3 months crt.sh
*.qlitrk.com
GoGetSSL RSA DV CA		 2021-01-06 -
2022-01-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://lesclara.qlitrk.com/qlick/blocked
Frame ID: F67B2FC81F3EC8F231B098C1436A8BD7
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://tcprosmail.com/r/w3b9P?mid=3D177-c97660-1782501-37153 HTTP 302
    https://www.lesclara.com/email Page URL
  2. https://href.li/?https://lesclara.qlitrk.com/r/soloemailtracker Page URL
  3. https://lesclara.qlitrk.com/r/soloemailtracker HTTP 302
    https://lesclara.qlitrk.com/qlick/blocked Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

14
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

211 kB
Transfer

428 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tcprosmail.com/r/w3b9P?mid=3D177-c97660-1782501-37153 HTTP 302
    https://www.lesclara.com/email Page URL
  2. https://href.li/?https://lesclara.qlitrk.com/r/soloemailtracker Page URL
  3. https://lesclara.qlitrk.com/r/soloemailtracker HTTP 302
    https://lesclara.qlitrk.com/qlick/blocked Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://tcprosmail.com/r/w3b9P?mid=3D177-c97660-1782501-37153 HTTP 302
  • https://www.lesclara.com/email

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
email
www.lesclara.com/
Redirect Chain
  • https://tcprosmail.com/r/w3b9P?mid=3D177-c97660-1782501-37153
  • https://www.lesclara.com/email
2 KB
869 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.lesclara.com/email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
144.217.221.144 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
88510f8c2995b2e82ff0925deaeff017d305d8e36d10d8187c201d86dfcaa8f0

Request headers

:method
GET
:authority
www.lesclara.com
:scheme
https
:path
/email
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
content-length
625
content-encoding
br
vary
Accept-Encoding
date
Mon, 16 Aug 2021 15:03:56 GMT
server
LiteSpeed
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Redirect headers

date
Mon, 16 Aug 2021 15:03:55 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.22
set-cookie
frontend=b98a7qsqo8v8l4hlktae921icd; expires=Sun, 14-Nov-2021 15:03:55 GMT; Max-Age=7776000; path=/; domain=.tcprosmail.com
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
location
https://www.lesclara.com/email
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u5avmB6PbGns3dqfbiJhb0pYD92EBnaXvJspJmDgZ3t5T59CDoiF8uDD2YI6WgGu4iIzBWS9V76guHK1Y%2B4ugB5T8b7eQTufOtoZ3q6SCXsxqGzDZJWdR4%2Blkpl9w7lhZ5qPIzH6eOyMB7N%2BZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
67fb8d588e3a16ea-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
bootstrap.min.css
www.lesclara.com/assets/css/ 		138 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.lesclara.com/assets/css/bootstrap.min.css
Requested by
Host: www.lesclara.com
URL: https://www.lesclara.com/email
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
144.217.221.144 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Request headers

:path
/assets/css/bootstrap.min.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.lesclara.com
referer
https://www.lesclara.com/email
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.lesclara.com/email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 15:03:56 GMT
content-encoding
br
last-modified
Fri, 13 Mar 2020 15:39:09 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
18451
expires
Mon, 23 Aug 2021 15:03:56 GMT
style.css
www.lesclara.com/assets/css/ 		31 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.lesclara.com/assets/css/style.css
Requested by
Host: www.lesclara.com
URL: https://www.lesclara.com/email
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
144.217.221.144 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
a2fbcfddc48ff57d994b2f3ab98c73c169ec15f3d31c17163bdecb844fceb1d9

Request headers

:path
/assets/css/style.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.lesclara.com
referer
https://www.lesclara.com/email
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.lesclara.com/email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 15:03:56 GMT
content-encoding
br
last-modified
Fri, 13 Mar 2020 15:39:09 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
2704
expires
Mon, 23 Aug 2021 15:03:56 GMT
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.0/ 		57 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.0/animate.min.css
Requested by
Host: www.lesclara.com
URL: https://www.lesclara.com/email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ed082521f47921ffff14d4ec1c6c3f1ea55114741bee23cc23d4ab6a3213642
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.lesclara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 15:03:56 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1027592
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
3541
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:58 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d2a-e283"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCRxc%2Busnynaj2zL%2Bi%2BFLNjGzpCKu%2FT5rxr0Zv%2B63clwGFCpF86H7ra%2Fj7KaCv5sn3E%2FSAapdMvFB2bYe1Hp%2FHmZp9egwbOfPEC4uIHU3NVNnBXwXlNm0JslmmtimlrXby7TI2xQl5DoIe5cpSqXA6%2Fn"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
67fb8d5fcf4f061c-FRA
expires
Sat, 06 Aug 2022 15:03:56 GMT
loader.gif
www.lesclara.com/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.lesclara.com/images/loader.gif
Requested by
Host: www.lesclara.com
URL: https://www.lesclara.com/email
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
144.217.221.144 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
2196f8bb6f51927fa06a98f0bcb753fa5d66a883c0e21dcbfceb7fbe916aab05

Request headers

:path
/images/loader.gif
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.lesclara.com
referer
https://www.lesclara.com/email
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.lesclara.com/email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 15:03:56 GMT
last-modified
Fri, 13 Mar 2020 15:39:17 GMT
server
LiteSpeed
content-type
image/gif
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4198
expires
Mon, 23 Aug 2021 15:03:56 GMT
css
fonts.googleapis.com/ 		7 KB
822 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Fjalla+One|Roboto:300,400,500
Requested by
Host: www.lesclara.com
URL: https://www.lesclara.com/assets/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
19333ba59f6109457bc153fb7d5015632ae418735519cd8dbf7c3cfe603d0b42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.lesclara.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 16 Aug 2021 15:03:56 GMT
server
ESF
date
Mon, 16 Aug 2021 15:03:56 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 16 Aug 2021 15:03:56 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fjalla+One|Roboto:300,400,500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.lesclara.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 09 Aug 2021 18:26:24 GMT
x-content-type-options
nosniff
age
592652
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 09 Aug 2022 18:26:24 GMT
/
href.li/ 		526 B
417 B 		Document
General
Check archive.org
Download Go to
Full URL
https://href.li/?https://lesclara.qlitrk.com/r/soloemailtracker
Requested by
Host: www.lesclara.com
URL: https://www.lesclara.com/email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.26 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
href.li
:scheme
https
:path
/?https://lesclara.qlitrk.com/r/soloemailtracker
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www.lesclara.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.lesclara.com/

Response headers

server
nginx
date
Mon, 16 Aug 2021 15:04:02 GMT
content-type
text/html; charset=utf-8
strict-transport-security
max-age=31536000
vary
Accept-Encoding
content-encoding
gzip
x-ac
3.ams _dfw
Primary Request blocked
lesclara.qlitrk.com/qlick/
Redirect Chain
  • https://lesclara.qlitrk.com/r/soloemailtracker
  • https://lesclara.qlitrk.com/qlick/blocked
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lesclara.qlitrk.com/qlick/blocked
Requested by
Host: href.li
URL: https://href.li/?https://lesclara.qlitrk.com/r/soloemailtracker
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.201.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-202-201-120.compute-1.amazonaws.com
Software
nginx / PHP/7.4.16
Resource Hash
2889f47c78306eee77d40658930ee253249b86ab82aeaeb123347ec930694f87

Request headers

:method
GET
:authority
lesclara.qlitrk.com
:scheme
https
:path
/qlick/blocked
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
lpp=1; XSRF-TOKEN=eyJpdiI6IjZ6b0ZheEhhQTFHSmMwaE5HSWFaREE9PSIsInZhbHVlIjoicEc3bDRVVGlsN1JnME5ISU14TlJFeGExSysyejE1S0dRY1hraVJhaGo2dnlOdkNsV29acVpyZGpXT0V1V083ejF6SXRtbXl4NXJWeFBSbENxdi9iWTl3eUYzNlJnanI2UjUyY0hGR3dSRW4rcFZ1cjJVRFdJd0RGR2l0bGRVTy8iLCJtYWMiOiI2NWNjYWM3NzhkMGRjY2QxNzU5YTI0ZDYyYWFlMmM0YTQ0MTE5M2I0YzQ3YWI2NDI0ODFkZjA1YTMzMTE4MzIxIn0%3D; qlikersession=eyJpdiI6ImRCMk0yN0QwbXp3ckdZTnBPVmR6L0E9PSIsInZhbHVlIjoiQTNhQm5uRTlUSWgzeStnOFFkSmEyWFRBNThqS1A2UmdETmcwUzNQemhSQzIyWkRWK3ZXdWhSOVBmZWFFdHdVbEdCZDlJQzlHV29jL0ZvZW9nL2diRWFETjlZT0RzSmtVOFQ5SXZBakZRb3d5UGR6bWtvYlhhM3FvYlNyTGJncUgiLCJtYWMiOiI5YmJlNjY4NzJkMTM1ZDU2MGRkMDBiZjM0OGYyZjIzNGQ5NzA5ZjY5NzlhOTZiNWM4NGI3MjVkZGFkN2U3MzMzIn0%3D; rn=eyJpdiI6IkZpV0FZRFdrZXBRRkIxK0FERHNQbmc9PSIsInZhbHVlIjoiVEtwdkNJWHkrM1lFUlJxTTM0ZVlSdWMrQWpqd240eXZPNmlQUStCK3JDMFdDWFZ2Qjk4bFV2WTgzR0t3d0l2ZDF2R05WUDJ4enU2MjEwVWpseDd4aHc5NlpIYkRrQllrRCtWLzlUQXlmRnM9IiwibWFjIjoiZmIzNTJmMTQ5ZGYzOGI4OTU1ODQzNWFmZTYyYzgzMWFhZWJhNWE5Yjc0Y2NmMGJlMTU5Nzg3ZjEyNDJhOGIxNSJ9; rnl=eyJpdiI6ImlKY25oVmQwN1Njb0UwaUxQMWhPQ0E9PSIsInZhbHVlIjoiRzlaOGZqTWhXdXhjVnZwdzdKMFlmRkZ5WTVzaCtBQ0s1d1NsZnZHbHBwelZjYXlQMEMyUm9INXpyVWdnMFRHc1h3YWJFUWE1K2JBREhxbXljWlZNcGtvc1B1SzlXVnVkQm9QdEw0UmRCZmM9IiwibWFjIjoiM2U0MzFiZDkxNTM1ODA0YzRjNDFkNmNkMWMyZjQwYTZiYzZhNTc5Njg0MDc5Mzc0M2JkOTFlNjRiZjFmMzdkMCJ9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://href.li/?https://lesclara.qlitrk.com/r/soloemailtracker

Response headers

date
Mon, 16 Aug 2021 15:04:03 GMT
content-type
text/html; charset=UTF-8
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/7.4.16
cache-control
no-cache, private
x-ratelimit-limit
300
x-ratelimit-remaining
298
set-cookie
XSRF-TOKEN=eyJpdiI6IjZWZk5ReHI2MS9mRWRXVFdRa0Rwb1E9PSIsInZhbHVlIjoibEF6cDhrSG91ZVhwellTblVzR2xzL0RCdGFDWWdEWEZmZUJnMzRrUFE2ajF6dnRCdEs1TGZadmFHdHgzaHpGeGIvVTlkNWEwNGpNWGQ5K1p3NnZIa0dSd29XUktZVGp5NzZsQ0xjT1MvbkI5KzlDMElrVUloQXhaazR0NDE1SWkiLCJtYWMiOiJhYzgzMTMxMWNlZDIyYmRmY2E0MWY5NzFhYmI4YzkzODQzYzg4OWIxNWRlZjc1NWQ1NzM4ZTYxMzU3ODEzMGE4In0%3D; expires=Sun, 05-Sep-2021 15:04:03 GMT; Max-Age=1728000; path=/; domain=.qlitrk.com; samesite=lax qlikersession=eyJpdiI6InVYdUNkSkdPRkRCMTdONHhMaUQwL0E9PSIsInZhbHVlIjoiVUd0MGVRYWlBSithM2xrUndBL0JHWFdWZmZWNjZMVytST1h6a0cwQmplV3Y1WFRWbVdqYjRFNzl5U3hhalZNbUEyRnlma2hObFhramlUbTZ2aHJFc1liOE9oUTI0RWE0Wm1KeXlyQmQ3c3pqaEw2MDJxSWhrcy9vSzBPMEoxb3YiLCJtYWMiOiJmYmMyOTQxZjBmYmVjNzQyNDI1ODg3NDIxNWFkMzZjZDUxZDY1NTMxYjlkOGY4MzVjNzBmYTE5MmI1YmVmNmI5In0%3D; expires=Sun, 05-Sep-2021 15:04:03 GMT; Max-Age=1728000; path=/; domain=.qlitrk.com; samesite=lax
content-encoding
gzip

Redirect headers

date
Mon, 16 Aug 2021 15:04:03 GMT
content-type
text/html; charset=UTF-8
location
https://lesclara.qlitrk.com/qlick/blocked
server
nginx
x-powered-by
PHP/7.4.16
set-cookie
lpp=1; expires=Mon, 16-Aug-2021 15:04:08 GMT; Max-Age=5; path=/ XSRF-TOKEN=eyJpdiI6IjZ6b0ZheEhhQTFHSmMwaE5HSWFaREE9PSIsInZhbHVlIjoicEc3bDRVVGlsN1JnME5ISU14TlJFeGExSysyejE1S0dRY1hraVJhaGo2dnlOdkNsV29acVpyZGpXT0V1V083ejF6SXRtbXl4NXJWeFBSbENxdi9iWTl3eUYzNlJnanI2UjUyY0hGR3dSRW4rcFZ1cjJVRFdJd0RGR2l0bGRVTy8iLCJtYWMiOiI2NWNjYWM3NzhkMGRjY2QxNzU5YTI0ZDYyYWFlMmM0YTQ0MTE5M2I0YzQ3YWI2NDI0ODFkZjA1YTMzMTE4MzIxIn0%3D; expires=Sun, 05-Sep-2021 15:04:03 GMT; Max-Age=1728000; path=/; domain=.qlitrk.com; samesite=lax qlikersession=eyJpdiI6ImRCMk0yN0QwbXp3ckdZTnBPVmR6L0E9PSIsInZhbHVlIjoiQTNhQm5uRTlUSWgzeStnOFFkSmEyWFRBNThqS1A2UmdETmcwUzNQemhSQzIyWkRWK3ZXdWhSOVBmZWFFdHdVbEdCZDlJQzlHV29jL0ZvZW9nL2diRWFETjlZT0RzSmtVOFQ5SXZBakZRb3d5UGR6bWtvYlhhM3FvYlNyTGJncUgiLCJtYWMiOiI5YmJlNjY4NzJkMTM1ZDU2MGRkMDBiZjM0OGYyZjIzNGQ5NzA5ZjY5NzlhOTZiNWM4NGI3MjVkZGFkN2U3MzMzIn0%3D; expires=Sun, 05-Sep-2021 15:04:03 GMT; Max-Age=1728000; path=/; domain=.qlitrk.com; samesite=lax rn=eyJpdiI6IkZpV0FZRFdrZXBRRkIxK0FERHNQbmc9PSIsInZhbHVlIjoiVEtwdkNJWHkrM1lFUlJxTTM0ZVlSdWMrQWpqd240eXZPNmlQUStCK3JDMFdDWFZ2Qjk4bFV2WTgzR0t3d0l2ZDF2R05WUDJ4enU2MjEwVWpseDd4aHc5NlpIYkRrQllrRCtWLzlUQXlmRnM9IiwibWFjIjoiZmIzNTJmMTQ5ZGYzOGI4OTU1ODQzNWFmZTYyYzgzMWFhZWJhNWE5Yjc0Y2NmMGJlMTU5Nzg3ZjEyNDJhOGIxNSJ9; expires=Tue, 16-Aug-2022 15:04:03 GMT; Max-Age=31536000; path=/; domain=.qlitrk.com; httponly; samesite=lax rnl=eyJpdiI6ImlKY25oVmQwN1Njb0UwaUxQMWhPQ0E9PSIsInZhbHVlIjoiRzlaOGZqTWhXdXhjVnZwdzdKMFlmRkZ5WTVzaCtBQ0s1d1NsZnZHbHBwelZjYXlQMEMyUm9INXpyVWdnMFRHc1h3YWJFUWE1K2JBREhxbXljWlZNcGtvc1B1SzlXVnVkQm9QdEw0UmRCZmM9IiwibWFjIjoiM2U0MzFiZDkxNTM1ODA0YzRjNDFkNmNkMWMyZjQwYTZiYzZhNTc5Njg0MDc5Mzc0M2JkOTFlNjRiZjFmMzdkMCJ9; expires=Tue, 16-Aug-2022 15:04:03 GMT; Max-Age=31536000; path=/; domain=.qlitrk.com; httponly; samesite=lax
cache-control
post-check=0, pre-check=0, private
expires
Tue, 03 Jul 2001 06:00:00 GMT
last-modified
Mon, 16 Aug 2021 15:04:03 GMT
pragma
no-cache
x-ratelimit-limit
300
x-ratelimit-remaining
299
css
fonts.googleapis.com/ 		9 KB
839 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700
Requested by
Host: lesclara.qlitrk.com
URL: https://lesclara.qlitrk.com/qlick/blocked
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b0c6270c06376a439c78b771536429905666d4899fea1561e7d9a4b1d8a2eca2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://lesclara.qlitrk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 16 Aug 2021 13:35:17 GMT
server
ESF
date
Mon, 16 Aug 2021 15:04:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 16 Aug 2021 15:04:03 GMT
404-bg2.jpg
lesclara.qlitrk.com/img/ 		114 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lesclara.qlitrk.com/img/404-bg2.jpg
Requested by
Host: lesclara.qlitrk.com
URL: https://lesclara.qlitrk.com/qlick/blocked
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.201.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-202-201-120.compute-1.amazonaws.com
Software
nginx /
Resource Hash
02ef65197316ddb43f835968bedb2a88b94e9ba682245e2d5532aa221739a23b

Request headers

:path
/img/404-bg2.jpg
pragma
no-cache
cookie
lpp=1; rn=eyJpdiI6IkZpV0FZRFdrZXBRRkIxK0FERHNQbmc9PSIsInZhbHVlIjoiVEtwdkNJWHkrM1lFUlJxTTM0ZVlSdWMrQWpqd240eXZPNmlQUStCK3JDMFdDWFZ2Qjk4bFV2WTgzR0t3d0l2ZDF2R05WUDJ4enU2MjEwVWpseDd4aHc5NlpIYkRrQllrRCtWLzlUQXlmRnM9IiwibWFjIjoiZmIzNTJmMTQ5ZGYzOGI4OTU1ODQzNWFmZTYyYzgzMWFhZWJhNWE5Yjc0Y2NmMGJlMTU5Nzg3ZjEyNDJhOGIxNSJ9; rnl=eyJpdiI6ImlKY25oVmQwN1Njb0UwaUxQMWhPQ0E9PSIsInZhbHVlIjoiRzlaOGZqTWhXdXhjVnZwdzdKMFlmRkZ5WTVzaCtBQ0s1d1NsZnZHbHBwelZjYXlQMEMyUm9INXpyVWdnMFRHc1h3YWJFUWE1K2JBREhxbXljWlZNcGtvc1B1SzlXVnVkQm9QdEw0UmRCZmM9IiwibWFjIjoiM2U0MzFiZDkxNTM1ODA0YzRjNDFkNmNkMWMyZjQwYTZiYzZhNTc5Njg0MDc5Mzc0M2JkOTFlNjRiZjFmMzdkMCJ9; XSRF-TOKEN=eyJpdiI6IjZWZk5ReHI2MS9mRWRXVFdRa0Rwb1E9PSIsInZhbHVlIjoibEF6cDhrSG91ZVhwellTblVzR2xzL0RCdGFDWWdEWEZmZUJnMzRrUFE2ajF6dnRCdEs1TGZadmFHdHgzaHpGeGIvVTlkNWEwNGpNWGQ5K1p3NnZIa0dSd29XUktZVGp5NzZsQ0xjT1MvbkI5KzlDMElrVUloQXhaazR0NDE1SWkiLCJtYWMiOiJhYzgzMTMxMWNlZDIyYmRmY2E0MWY5NzFhYmI4YzkzODQzYzg4OWIxNWRlZjc1NWQ1NzM4ZTYxMzU3ODEzMGE4In0%3D; qlikersession=eyJpdiI6InVYdUNkSkdPRkRCMTdONHhMaUQwL0E9PSIsInZhbHVlIjoiVUd0MGVRYWlBSithM2xrUndBL0JHWFdWZmZWNjZMVytST1h6a0cwQmplV3Y1WFRWbVdqYjRFNzl5U3hhalZNbUEyRnlma2hObFhramlUbTZ2aHJFc1liOE9oUTI0RWE0Wm1KeXlyQmQ3c3pqaEw2MDJxSWhrcy9vSzBPMEoxb3YiLCJtYWMiOiJmYmMyOTQxZjBmYmVjNzQyNDI1ODg3NDIxNWFkMzZjZDUxZDY1NTMxYjlkOGY4MzVjNzBmYTE5MmI1YmVmNmI5In0%3D
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
lesclara.qlitrk.com
referer
https://lesclara.qlitrk.com/qlick/blocked
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://lesclara.qlitrk.com/qlick/blocked
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 15:04:04 GMT
last-modified
Mon, 18 May 2020 08:08:16 GMT
server
nginx
etag
"5ec24270-1c8fa"
content-type
image/jpeg
accept-ranges
bytes
x-robots-tag
noindex
content-length
116986
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://lesclara.qlitrk.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 09 Aug 2021 20:30:51 GMT
x-content-type-options
nosniff
age
585192
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15764
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:10:17 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 09 Aug 2022 20:30:51 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://lesclara.qlitrk.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 10 Aug 2021 13:27:21 GMT
x-content-type-options
nosniff
age
524202
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16112
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:10:09 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Aug 2022 13:27:21 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3d7092e6eb6f3aa0c572e52e061a59cc88a3e9eff581c95c4bd7456800904d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://lesclara.qlitrk.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 10 Aug 2021 02:22:32 GMT
x-content-type-options
nosniff
age
564092
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16064
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:09:56 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Aug 2022 02:22:32 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

5 Cookies

Domain/Path Name / Value
.qlitrk.com/ Name: qlikersession
Value: eyJpdiI6InVYdUNkSkdPRkRCMTdONHhMaUQwL0E9PSIsInZhbHVlIjoiVUd0MGVRYWlBSithM2xrUndBL0JHWFdWZmZWNjZMVytST1h6a0cwQmplV3Y1WFRWbVdqYjRFNzl5U3hhalZNbUEyRnlma2hObFhramlUbTZ2aHJFc1liOE9oUTI0RWE0Wm1KeXlyQmQ3c3pqaEw2MDJxSWhrcy9vSzBPMEoxb3YiLCJtYWMiOiJmYmMyOTQxZjBmYmVjNzQyNDI1ODg3NDIxNWFkMzZjZDUxZDY1NTMxYjlkOGY4MzVjNzBmYTE5MmI1YmVmNmI5In0%3D
.qlitrk.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IjZWZk5ReHI2MS9mRWRXVFdRa0Rwb1E9PSIsInZhbHVlIjoibEF6cDhrSG91ZVhwellTblVzR2xzL0RCdGFDWWdEWEZmZUJnMzRrUFE2ajF6dnRCdEs1TGZadmFHdHgzaHpGeGIvVTlkNWEwNGpNWGQ5K1p3NnZIa0dSd29XUktZVGp5NzZsQ0xjT1MvbkI5KzlDMElrVUloQXhaazR0NDE1SWkiLCJtYWMiOiJhYzgzMTMxMWNlZDIyYmRmY2E0MWY5NzFhYmI4YzkzODQzYzg4OWIxNWRlZjc1NWQ1NzM4ZTYxMzU3ODEzMGE4In0%3D
.qlitrk.com/ Name: rnl
Value: eyJpdiI6ImlKY25oVmQwN1Njb0UwaUxQMWhPQ0E9PSIsInZhbHVlIjoiRzlaOGZqTWhXdXhjVnZwdzdKMFlmRkZ5WTVzaCtBQ0s1d1NsZnZHbHBwelZjYXlQMEMyUm9INXpyVWdnMFRHc1h3YWJFUWE1K2JBREhxbXljWlZNcGtvc1B1SzlXVnVkQm9QdEw0UmRCZmM9IiwibWFjIjoiM2U0MzFiZDkxNTM1ODA0YzRjNDFkNmNkMWMyZjQwYTZiYzZhNTc5Njg0MDc5Mzc0M2JkOTFlNjRiZjFmMzdkMCJ9
.qlitrk.com/ Name: rn
Value: eyJpdiI6IkZpV0FZRFdrZXBRRkIxK0FERHNQbmc9PSIsInZhbHVlIjoiVEtwdkNJWHkrM1lFUlJxTTM0ZVlSdWMrQWpqd240eXZPNmlQUStCK3JDMFdDWFZ2Qjk4bFV2WTgzR0t3d0l2ZDF2R05WUDJ4enU2MjEwVWpseDd4aHc5NlpIYkRrQllrRCtWLzlUQXlmRnM9IiwibWFjIjoiZmIzNTJmMTQ5ZGYzOGI4OTU1ODQzNWFmZTYyYzgzMWFhZWJhNWE5Yjc0Y2NmMGJlMTU5Nzg3ZjEyNDJhOGIxNSJ9
lesclara.qlitrk.com/ Name: lpp
Value: 1