Report - a.vfgtc.com/288f12d5-a315-4681-8755-34efe660365a?aff_sub4=_bucket&subID1=&affiliateID=44543&source=1025b0da410a0015c3e7a0e465a9e5&subID2=242232&target=&Site=&Bnr=ALGO&cid=wih2im8367i89rkni44ulg36&affsource=xfantasytv&source=242232

Report Overview

Submitted URL
a.vfgtc.com/288f12d5-a315-4681-8755-34efe660365a?aff_sub4=_bucket&subID1=&affiliateID=44543&source=1025b0da410a0015c3e7a0e465a9e5&subID2=242232&target=&Site=&Bnr=ALGO&cid=wih2im8367i89rkni44ulg36&affsource=xfantasytv&source=242232_xfantasytv
IP
18.192.108.151
ASN
#16509 AMAZON-02
Submitted
2023-03-29 19:39:18
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-31T18:18:04Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-31T18:13:52Z	606 B	238 B	34.117.65.55
a.vfgtc.com	unknown	2019-09-27T14:31:23Z	2023-03-31T13:29:07Z	572 B	886 B	18.192.108.151
cdn-dimi.akamaized.net	unknown	2022-07-07T15:18:25Z	2023-03-31T18:31:09Z	5.6 kB	1.9 MB	88.221.27.74
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-31T20:44:48Z	980 B	33 kB	216.58.207.227
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-31T18:12:04Z	3.7 kB	9.8 kB	23.36.76.226
qgxvbz.exceilentdate.com	unknown	2023-02-03T13:17:26Z	2023-03-31T05:38:51Z	3.5 kB	20 kB	63.32.216.166
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-31T18:12:03Z	1.7 kB	3.5 kB	142.250.74.131
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-31T20:23:24Z	846 B	2.3 kB	142.250.74.106
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-31T20:19:47Z	790 B	20 kB	142.250.74.35
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-31T07:51:33Z	3.2 kB	54 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-31T18:14:44Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-31T18:12:09Z	333 B	391 B	34.117.237.239
s.sloffer1.com	unknown	2022-03-23T08:52:34Z	2023-03-31T05:13:34Z	612 B	1.8 kB	52.1.220.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-29	medium	qgxvbz.exceilentdate.com/ortb	Phishing
2023-03-29	medium	qgxvbz.exceilentdate.com/js/pushjs/1.0.0/utils.js	Phishing
2023-03-29	medium	qgxvbz.exceilentdate.com/js/pushjs/1.0.0/subscriber.js	Phishing
2023-03-29	medium	qgxvbz.exceilentdate.com/js/service-worker.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (20)

	URL	Size	First Seen	Last Seen
	cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703	12 kB	2023-03-07	2024-03-04
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-03-04 11:45:24 Times Seen2745 Hash 9acc66fdf18dea05bd75165eb5a96259 f613c52a08155727d4f07536d7bc8df5b6fa0c84 4941450491d73ab79ffb428e660c4cb581acbbad86edf8e943211ea51fe3a6c1 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703	28 kB	2023-03-07	2023-11-27
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:19 Last Seen2023-11-27 04:28:25 Times Seen1471 Hash 07cee83d1be10af1ca991d1c60abd6e2 b5f142d6aac82ede612b6cf96b1e7f25d797e87a 6fc50a9d3f16721904905fa44980c6cac2e3e82f5da71c18f84d289dd1bc54d3 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 17:43:47 Times Seen36964780 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703	252 B	2023-03-07	2023-12-04
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:19 Last Seen2023-12-04 06:45:22 Times Seen1475 Hash 3544c08851825a863747a126548d6993 01882998e61b9f93d5f346386fa633f6b8d95b2d 9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69 Loading...

	qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1	1.1 kB	2023-03-08	2024-01-30
Pretty URL qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:05:28 Last Seen2024-01-30 00:06:54 Times Seen364 Hash bbb1620627154e4d1dfe6f2311527a09 4ee6ef04a16d55e01adc79d286b2e228a20fb84b e91bc30aa3f8d254b591ba919d0310d22b54a570dba39128daa03e891552357e Loading...

	qgxvbz.exceilentdate.com/js/pushjs/1.0.0/utils.js	7.1 kB	2023-03-07	2024-04-19
Pretty URL qgxvbz.exceilentdate.com/js/pushjs/1.0.0/utils.js IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-19 12:29:50 Times Seen4795 Hash 711c7ecda710a342d24faef1dec76ede d1b38489603a2aecc2be5edb4fa4cd8d442fe727 41a5e34d6777a471d63211252ce51555815b728949dc81cec01414f4ffdb98eb Loading...

	qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1	9.9 kB	2023-04-01	2023-04-01
Pretty URL qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:24:02 Last Seen2023-04-01 10:24:02 Times Seen1 Hash ccfa114c841d9d10eec75471f318d70d 58dc85c463677bdcb1476d8bd5ad32da0c68357a 23b2cf6ca4c8d1d2753efc660cb74ca1a1bd524024881f10b72e1367e6794e1d Loading...

	qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1	25 B	2023-03-07	2024-02-05
Pretty URL qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32:52 Last Seen2024-02-05 05:17:29 Times Seen574 Hash 2d41d60a42497a65eec45b94de3c8bba ae34889e77f52741f04772e8ea5a012b45f1fb69 28cff31264d4ffb57f25808f303a8e26c94ff6eb2337314d471c5a936d433dba Loading...

	qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1	3.4 kB	2023-03-14	2023-04-01
Pretty URL qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 00:57:35 Last Seen2023-04-01 11:09:23 Times Seen5 Hash 0ebb94f34a8c5d652bd343d04388b69d b72e7fd475678719d09048fb9282a54aaa01de17 8ee39f39fedaa128c15e0c025deaf092f79a1646a197d8848f46e3b9648f9c8e Loading...

	qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1	3.6 kB	2023-04-01	2023-04-01
Pretty URL qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:24:02 Last Seen2023-04-01 10:24:02 Times Seen1 Hash 0e34419b2905296f907dc99e43c664f1 e09b0580f79dd43731955660bb1ea479fc12d109 30c509d840326927b0c903c5f8ed3e0df4e2257f64481f08fcfc1a3e6fa9be41 Loading...

	qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1	345 B	2023-04-01	2023-04-01
Pretty URL qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:24:02 Last Seen2023-04-01 10:24:02 Times Seen1 Hash 1f878b45e9deeda581cf123d80fbe926 6018fc7bf6877992fbd2a2f4b28a9732c99abf00 24744d314f643396ec764952c35a955b8fe1c39227af5535655f9fa060fcc2ce Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703	4.2 kB	2023-03-07	2024-01-30
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-01-30 06:51:41 Times Seen1355 Hash 5da2c51949f2a873bf0091a104658e72 89d122a536af95bd4183de41fa10e6947c9806e8 80a1aae3b07ee310419c80f52fb2f179bfebc74bf46598bc6b041455feef3201 Loading...

	qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1	59 B	2023-03-07	2024-01-30
Pretty URL qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:41 Last Seen2024-01-30 00:06:54 Times Seen271 Hash 9d332ab7a1f65ecaa6935dfd69626832 d1f094a412afb0760ed2b02f2a8c35b897e4a38f 92f281629763a7f249bf5cbd234f52fb549bd29f364dc51b34cb8621b42d7c02 Loading...

	qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1	103 B	2023-03-13	2023-05-29
Pretty URL qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:44:44 Last Seen2023-05-29 18:55:39 Times Seen208 Hash b233e8492185465146690441825ab993 2c0f265667099bc13935890ef1414568fc6da114 6a63b60c71c3c980baba4fa499c45420691b3b2ddcbab4ae6fba6ccb18f36b45 Loading...

	qgxvbz.exceilentdate.com/js/pushjs/1.0.0/subscriber.js	9.4 kB	2023-03-07	2023-05-23
Pretty URL qgxvbz.exceilentdate.com/js/pushjs/1.0.0/subscriber.js IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2023-05-23 11:55:13 Times Seen1847 Hash eaaa22632bcced1b4a2bad3c22bd618f c5bb4097ff0b252c19671985d5d431dfd6bb7281 20a2729b7c4f4c6a0dd2e80500284bd8c0e84e3e4076eb6a248e2951fec0c550 Loading...

	www.gstatic.com/firebasejs/5.0.2/firebase-app.js	25 kB	2023-03-07	2024-04-19
Pretty URL www.gstatic.com/firebasejs/5.0.2/firebase-app.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:22 Last Seen2024-04-19 12:29:50 Times Seen10986 Hash 9164d0e8a317eceb870cca88c9683127 4617c910005f7100b4ff26a458a8b4463e33cdc6 15c9bd66992ef54979c981763cae280f28b6845520020ed38b5ab5f3f70f7931 Loading...

	qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1	2.0 kB	2023-04-01	2023-04-01
Pretty URL qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:24:02 Last Seen2023-04-01 10:24:02 Times Seen1 Hash 7a866342935b6da23a33fb69749820fe d5bdb4400a03ab1dfba4b33ef1579b9e290c86f1 cdf8f4bc479b4370d089d6cb4c1b562eda28f76e8b9035b72cf82a880afcb1a7 Loading...

	cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703	3.0 kB	2023-03-08	2024-04-19
Pretty URL cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703 IP 88.221.27.74 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:05:28 Last Seen2024-04-19 15:06:48 Times Seen3627 Hash 5f373fa5bf21c44b9ad23b70ef96e73d 068ef5b63ab18924a286f2c0c3ec46545e08c678 7f40bc2c95ee280de5320ae7d33f2e57eeeb0cda5b5820f2c456a0c9ba50ed77 Loading...

	www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js	36 kB	2023-03-07	2024-04-19
Pretty URL www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:22 Last Seen2024-04-19 12:29:50 Times Seen11062 Hash 0cb7a0eb328ea70ab360f861314c8820 e3e20eb50dae36f4cbcef1890b1cc7878acb537a 4569845f7c550a55311814032e88541bd3b4a055ec3894e9cf58c4fff1be91d9 Loading...

	qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1	3.5 kB	2023-04-01	2023-04-01
Pretty URL qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1 IP 63.32.216.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:24:02 Last Seen2023-04-01 10:24:02 Times Seen1 Hash 710be7bfee4ea58a052bb32db0d46e80 8fea563076e492efdb3ca84f3fc612baabeaeea2 d6dc09cf7965798ef35b3b1e830c343138d7e9c1e6c1e0cb45b2b2563ca364f9 Loading...

HTTP Transactions (53)

URL IP Response Size

a.vfgtc.com/288f12d5-a315-4681-8755-34efe660365a?aff_sub4=_bucket&subID1=&affiliateID=44543&source=1025b0da410a0015c3e7a0e465a9e5&subID2=242232&target=&Site=&Bnr=ALGO&cid=wih2im8367i89rkni44ulg36&affsource=xfantasytv&source=242232_xfantasytv

18.192.108.151

302

0 B

URL HTTP/1.1
a.vfgtc.com/288f12d5-a315-4681-8755-34efe660365a?aff_sub4=_bucket&subID1=&affiliateID=44543&source=1025b0da410a0015c3e7a0e465a9e5&subID2=242232&target=&Site=&Bnr=ALGO&cid=wih2im8367i89rkni44ulg36&affsource=xfantasytv&source=242232_xfantasytv
IP
18.192.108.151:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /288f12d5-a315-4681-8755-34efe660365a?aff_sub4=_bucket&subID1=&affiliateID=44543&source=1025b0da410a0015c3e7a0e465a9e5&subID2=242232&target=&Site=&Bnr=ALGO&cid=wih2im8367i89rkni44ulg36&affsource=xfantasytv&source=242232_xfantasytv HTTP/1.1
Host: a.vfgtc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Wed, 29 Mar 2023 19:39:07 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.sloffer1.com/44543/3458/0/?aff_sub=&aff_sub2=242232&aff_sub3=w0qbp9m13lltqrkn2vg5jbe4&aff_sub4=_bucket&aff_sub5=&aff_click_id=1025b0da410a0015c3e7a0e465a9e5&source=242232_xfantasytv
Pragma: no-cache
Set-Cookie: 288f12d5-a315-4681-8755-34efe660365a-v4=bYDVa-jIsBYU7hX5qyg5ZQo25JG7Rc3m-N2J0d8mgnI; Max-Age=86400; Expires=Thu, 30-Mar-2023 19:39:07 GMT; Domain=a.vfgtc.com; Path=/; HttpOnly
cc-v4=1uI%2Bok4qSl5TNMkByR8pG9Id6Cj7JYyWWTnfmuRf4ynhNIyza3HuN8quYubqJ1t3v4Gt3OFFkSLfXu5Ppu7l2pJndllRlv4L%2BuKNwkubkDYPx7cnIaMsomfxuKmbsMohfOSZ3juWh8jBmat2l5%2BY1w%3D%3D; Max-Age=31536000; Expires=Thu, 28-Mar-2024 19:39:07 GMT; Domain=a.vfgtc.com; Path=/; HttpOnly

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5195
Expires: Wed, 29 Mar 2023 21:05:43 GMT
Date: Wed, 29 Mar 2023 19:39:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3485
Expires: Wed, 29 Mar 2023 20:37:13 GMT
Date: Wed, 29 Mar 2023 19:39:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c0d9353dc46e88bf564ed464b0b073c7
0b5ce170e7db24267a3ba5b79a48548b1acd2e5b
7c7ef189b14109b44aa96454ea1b94bcbd3d69599cc7ba429f8234f6acd88a9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C7EF189B14109B44AA96454EA1B94BCBD3D69599CC7BA429F8234F6ACD88A9B"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4737
Expires: Wed, 29 Mar 2023 20:58:05 GMT
Date: Wed, 29 Mar 2023 19:39:08 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Retry-After, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 29 Mar 2023 19:28:11 GMT
content-type: application/json
age: 657
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: JdS0dqjp6Q07jDFAwMJ06fd0SpXZDlPQCc3WxLs9IjfGYBJpF6J4x7KJXi3Hk+GwSik09XWouPNiwv1I+kUfQA==
x-amz-request-id: W585FSNZMS1CT2DA
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 29 Mar 2023 19:02:37 GMT
age: 2191
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 19:39:08 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a740252e7b24892a3e34f6dfed6e3bde
d44d21abb95edd1ccc775632254f11ee94fb585e
e289995a2b4b340364dd7dfa32c79c7722ece6cc4b893b38fc68bbce680d2f94

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E289995A2B4B340364DD7DFA32C79C7722ECE6CC4B893B38FC68BBCE680D2F94"
Last-Modified: Mon, 27 Mar 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6373
Expires: Wed, 29 Mar 2023 21:25:21 GMT
Date: Wed, 29 Mar 2023 19:39:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9d38c50db39b0d287274a39900fe459
2a4ff1595912d634a26e33e7dc48c9ee4e038c66
22c2baf92196375145c0cef3541abe09dbd576dfd0e87d12abd0cac102dd5b5c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22C2BAF92196375145C0CEF3541ABE09DBD576DFD0E87D12ABD0CAC102DD5B5C"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15133
Expires: Wed, 29 Mar 2023 23:51:21 GMT
Date: Wed, 29 Mar 2023 19:39:08 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, ETag, Expires, Alert, Pragma, Content-Type, Retry-After, Last-Modified, Content-Length, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 29 Mar 2023 19:14:36 GMT
age: 1472
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

s.sloffer1.com/44543/3458/0/?aff_sub=&aff_sub2=242232&aff_sub3=w0qbp9m13lltqrkn2vg5jbe4&aff_sub4=_bucket&aff_sub5=&aff_click_id=1025b0da410a0015c3e7a0e465a9e5&source=242232_xfantasytv

52.1.220.62

303 See Other

410 B

URL HTTP/2
s.sloffer1.com/44543/3458/0/?aff_sub=&aff_sub2=242232&aff_sub3=w0qbp9m13lltqrkn2vg5jbe4&aff_sub4=_bucket&aff_sub5=&aff_click_id=1025b0da410a0015c3e7a0e465a9e5&source=242232_xfantasytv
IP
52.1.220.62:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (410), with no line terminators
Size
410 B (410 bytes)
Hash
b24fc1e0bc827d5a64d1bddfdf775948
e772ad9b5fc0753f3a82706c2c54165027e633c2
ef1886e31218c5ee16a02ef9a35d17cf6ddef11a5888d47991aa3093b8cb5cfb

HTTP Headers

GET /44543/3458/0/?aff_sub=&aff_sub2=242232&aff_sub3=w0qbp9m13lltqrkn2vg5jbe4&aff_sub4=_bucket&aff_sub5=&aff_click_id=1025b0da410a0015c3e7a0e465a9e5&source=242232_xfantasytv HTTP/1.1
Host: s.sloffer1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 303 See Other
server: nginx/1.19.0
date: Wed, 29 Mar 2023 19:39:08 GMT
content-type: text/html; charset=utf-8
content-length: 410
location: https://qgxvbz.exceilentdate.com?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1
set-cookie: enc_aff_session_3458=ENC030d5d7cc1568d542ab92dfbc84138456d9ee8809fec60231f4d22f7a3287e5f4f6e6992e6a8b24794d181f5a7d751c93f22e9da3bb4906f6aac18ac7121b2d47ddc22577e83c5eeb2979a7a4c3bb10f1d451db840ae836af4e31ffff644b59e1c98bd9d6e94fcddac04b36436859501ad297933026761df216f993cff93073bf3b8057ec56906062b611b4e9e05c55568266051e2a97e3a5b7057f944205a90534837467ff7a365a03ec87cff29afbfe28d04ef2ba80d2e708e1f253f1bea7a95142dd392; Path=/; Expires=Fri, 28 Mar 2025 19:39:08 GMT; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Sat, 21 Feb 2026 06:19:08 GMT; Secure
tracking_id: 102f54e723a821186eb45709fa734e
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: t/DiJjDIr6g+aOJjH+t9Mg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vrzuFmlxf5CdMydB1pwEbu+vH/w=
Date: Wed, 29 Mar 2023 19:39:08 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c49cfa041a97b5fd3eb0f9dcfbcbad74
e75e14176c1b4d9b60fddc65510b76e5a05df732
2f1daa962baa52e03b775149af2d2249c8be3c9b46898450d9286f32d29d1b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2F1DAA962BAA52E03B775149AF2D2249C8BE3C9B46898450D9286F32D29D1B6A"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2714
Expires: Wed, 29 Mar 2023 20:24:22 GMT
Date: Wed, 29 Mar 2023 19:39:08 GMT
Connection: keep-alive

cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703

88.221.27.74

200 OK

635 B

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
assembler source, ASCII text
Size
635 B (635 bytes)
Hash
4ed05a608a8ec589e8aa5b040f7bb878
c58649a707ba64aed8b285d3be9f6b06a85ea6cb
bcc5d06c7b102eed1477b062020dc4414e4f6c4f9e390e3e67fa675a5f0fa363

HTTP Headers

GET /landings/277386/1674482702/css/popup.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: bv87+9sEAgmF+9LmuaJa+60f+HCwvQ7gaxcSgupAnxavvLT0mzlVWXHwU9nfTHQNVV6BjRfVYJc=
x-amz-request-id: KPETMBYZ91Z3NR3T
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5a61d45142ce5764a2b36dc75343fcd5"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 29 Mar 2023 19:39:09 GMT
Content-Length: 635
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1

63.32.216.166

200 OK

10 kB

URL HTTP/2
qgxvbz.exceilentdate.com/?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1
IP
63.32.216.166:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11568), with CRLF, LF line terminators
Size
10 kB (10477 bytes)
Hash
b70132e2e1280e63a6a46dc7a34ef07a
c510867b81838122f13b4f5f94aa41cdb716048e
1d928d0572aad5986c1d7753f193304b7f6d165af25233e2ff83411ff28026c3

HTTP Headers

GET /?utm_source=da57dc555e50572d&s1=187050&s2=1773580&s3=44543&s5=&click_id=102f54e723a821186eb45709fa734e&j1=1&j8=1&j9=1 HTTP/1.1
Host: qgxvbz.exceilentdate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 19:39:08 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=6424175500078f67; Path=/; Expires=Sun, 28 May 2023 19:39:08 GMT; Secure; SameSite=None
unique_id2=6423534400006ee0; Path=/; Expires=Tue, 27 Jun 2023 19:39:08 GMT; Secure; SameSite=None
6423534400006ee0_c=1; Path=/; Expires=Tue, 27 Jun 2023 19:39:08 GMT; Secure; SameSite=None
ref_token=153990_187050_1018_149927_102612_19663_181986_13290; Path=/; Expires=Fri, 28 Apr 2023 19:39:08 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Wed, 29 Mar 2023 19:39:08 GMT; Secure; SameSite=None
6423534400006ee0_sl=[277386]; Path=/; Expires=Wed, 12 Apr 2023 19:39:08 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703

88.221.27.74

200 OK

3.0 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
ASCII text
Size
3.0 kB (2985 bytes)
Hash
7b6cd1158523786c5e8ff92fa27acb8c
dc556e71d4138225f0a8f529d680794fe6d7c082
53dafd93c9ad7ffdf9b187663144875e7a21c4edfa1e72aec51d360293724b06

HTTP Headers

GET /landings/277386/1674482702/css/style.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: iOgibq5bwefJNmBXigm/qdf31H9uHOKWbNj1r4p/15+8eEKl+gz6QF7Oq9nqECsCF/0ArpYr5Z0=
x-amz-request-id: 6GM9SRD41YNSD1QV
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "c0e91ee9eeac065a145dea1b96ebfd1e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 29 Mar 2023 19:39:09 GMT
Content-Length: 2985
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703

88.221.27.74

200 OK

688 B

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
ASCII text
Size
688 B (688 bytes)
Hash
ba7deda1bcbc1e2d5c127678e05b71a1
4707fef7ab43a522b3cf7f5c0db4c148c5a43701
303187afb2cbbbf6095724df7eaf8c7967bb019dc17e1224d9e2366ac7f381c5

HTTP Headers

GET /landings/277386/1674482702/js/function.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: /ugpl+ZA0b1doH5/3yLNYwjDAKG/jKCtMJkzvxvpvrzZL79aKEU2JjkQrEnyWNag7GXqsU0g1LQ=
x-amz-request-id: PQS3MC6QJD41C01W
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5da2c51949f2a873bf0091a104658e72"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 29 Mar 2023 19:39:09 GMT
Content-Length: 688
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703

88.221.27.74

200 OK

10 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text
Size
10 kB (10048 bytes)
Hash
f54e5331f7d782d475a884cce1db33fd
d5145e3ebcab1a21d4cdff8632c9901db93b962f
73c4aa8abb0450fbb7eef37c3afc3d6f11f0c2bc3f0a101323364b59298e4e2f

HTTP Headers

GET /landings/277386/1674482702/js/translates.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: TIW3vRFhKm0yCOx8VQ93CAm5ZLwnxLU8dQXppKANNofjPZl8kwWFGfOniviPbWsAJbMVgRtfaBs=
x-amz-request-id: K8AD9DT85B3KC9GP
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "07cee83d1be10af1ca991d1c60abd6e2"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 29 Mar 2023 19:39:09 GMT
Content-Length: 10048
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703

88.221.27.74

200 OK

30 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (32065)
Size
30 kB (29855 bytes)
Hash
2fa28552f1ee4e1382ee43930b53afb8
803670da6a35378bf4eb73acc8e72fe4feb5ca30
ecfddf7d1e798dd2778c071bea24c70b650ef990fc09793fce25f2f094b35494

HTTP Headers

GET /landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: g0wEjRbeH4tQ2F6XZ6eWOYGJi3wq/1gm9Kh41qYfI2gKqV/7B6qWVpgtkKR5XQNvRcnILDnk9Xo=
x-amz-request-id: K8AFWKA9RCF1DXHJ
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 29 Mar 2023 19:39:09 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703

88.221.27.74

200 OK

1.3 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.3 kB (1298 bytes)
Hash
0e212ad4454c941c45c2e57df42c2b4f
fe9d7c484c2c0d7a6475692ef984c53a06c95406
e950a9e5e696f39d02028b27a4cd82fab1b6fd07fa34a238d3a3f7f5e90d95c3

HTTP Headers

GET /landings/277386/1674482702/js/title_tanslate.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: womzwfdvfx122HJC0dkG0vHaksbMgIvli2lULFltXAz+5rgXrN7rmt336XJc+hVlIHRzOUBFSVk=
x-amz-request-id: 9VNRHSM75H7FXJE5
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 29 Mar 2023 19:39:09 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703

88.221.27.74

200 OK

252 B

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
ASCII text
Size
252 B (252 bytes)
Hash
3544c08851825a863747a126548d6993
01882998e61b9f93d5f346386fa633f6b8d95b2d
9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69

HTTP Headers

GET /landings/277386/1674482702/js/tn_pHash.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: RKQIuPs47jw+GgV2YdzWtFHlInC0b1aKeP34MEdhK5mIMAIi06KYslboBYE8MYcQk0fLCThqxAk=
x-amz-request-id: 9VNGXFK5QS5WRCK2
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "3544c08851825a863747a126548d6993"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 252
Server: AmazonS3
Date: Wed, 29 Mar 2023 19:39:09 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo.png

88.221.27.74

200 OK

41 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo.png
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 1024 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
41 kB (40774 bytes)
Hash
c0647e470e90e4e76c886ef3f4c651ac
fe1dd72ac0432bd8f261672c7c336cf902503d3c
1d4ad487984a8f689c904f3c2532f034b03d361c081dae581752cdc20d983037

HTTP Headers

GET /landings/277386/1674482702/images/logo.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: saaPX+6fCw1usaKklFw/lLXMWpDahD/h8HepIyRfp7tUjVa7nFU3kzNWR8/Kzs6O4Gu2cP8tbQI=
x-amz-request-id: 40R9FR8B9BMRDAP2
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "c0647e470e90e4e76c886ef3f4c651ac"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 40774
Date: Wed, 29 Mar 2023 19:39:09 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png

88.221.27.74

200 OK

9.5 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 300 x 124, 8-bit colormap, non-interlaced\012- data
Size
9.5 kB (9461 bytes)
Hash
27a8fdccc08741c52422bd4852f87c3a
b103730d95829f64c0746b97a85e0ada4f6c18a2
7afbc6f7cb728a9b4dfd7791a8207c60bdd255ea2f00ba12880bee15f7fbdff0

HTTP Headers

GET /landings/277386/1674482702/images/logo-white.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: 88wUEndrDOVjhFDoJFuImNKhB1vuAo0EPKK1v0j+XWtpjdZgrqXQzMAcudO4WTDX7q7XpMg0zrg=
x-amz-request-id: G2MAJFMWPEEEC571
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "27a8fdccc08741c52422bd4852f87c3a"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 9461
Date: Wed, 29 Mar 2023 19:39:09 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg

88.221.27.74

200 OK

29 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3\012- data
Size
29 kB (29319 bytes)
Hash
2b8ac4e50a5bbbe4e6ea964bec7f3086
5486267315a7cd9eca01fa2fc6007060189c8b4f
8f700ae9dd68bd1130d528b77e1de92b4945e036060fdb01a02ccc148ab24ab3

HTTP Headers

GET /landings/277386/1674482702/images/110010_2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: S10dPOpyBqY7oQzqzXfrZlfoHTUh6afcFTek1SEhaCO5C4zowvEWBZApe9rkVvRTn0os/h31WsI=
x-amz-request-id: 40R8K5Q3GPVDKC89
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2b8ac4e50a5bbbe4e6ea964bec7f3086"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 29319
Date: Wed, 29 Mar 2023 19:39:09 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d4fd78e1925a923742815feb55c9dab0
1b9fb6bb01a275ea7a74aa4185f39e4640a2c5eb
88bc292164002e5b8c4ea4dd317ff1116051a581997bd74b06d0fb231ea15b0c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 19:39:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d4fd78e1925a923742815feb55c9dab0
1b9fb6bb01a275ea7a74aa4185f39e4640a2c5eb
88bc292164002e5b8c4ea4dd317ff1116051a581997bd74b06d0fb231ea15b0c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 19:39:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Ubuntu:wght@400;700&display=swap

142.250.74.106

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Ubuntu:wght@400;700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1012 bytes)
Hash
78994c847dbbe862513eda1775eb9186
79c5262b8fe514205373df98c7d9acb6307e0701
01d5ba48643cff2b694e3d32d12eec40750d46f9f090cddb24d8819b7342d3e1

HTTP Headers

GET /css2?family=Ubuntu:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 19:39:09 GMT
date: Wed, 29 Mar 2023 19:39:09 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

qgxvbz.exceilentdate.com/ortb

63.32.216.166

200 OK

29 B

URL HTTP/2
qgxvbz.exceilentdate.com/ortb
IP
63.32.216.166:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
c453d1e33844d14bbd7ec2846eb408f6
b934f52ed7fbed0cee5874cb0fcafdd1cb450fcd
2b159267580e469b4eed0aaf47253e353fdf727043d52d969bd85cbff7fd4a1a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /ortb HTTP/1.1
Host: qgxvbz.exceilentdate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 348
Origin: https://qgxvbz.exceilentdate.com
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1
Cookie: unique_id=6424175500078f67; unique_id2=6423534400006ee0; 6423534400006ee0_c=1; ref_token=153990_187050_1018_149927_102612_19663_181986_13290; 6423534400006ee0_sl=[277386]
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 19:39:09 GMT
content-type: text/plain; charset=utf-8
content-length: 29
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
21966d424aed17f9af10f69f1cb82860
87ffcdc8f4d76491bc4a5cb3a01a3923d1dff2be
6c02a4b1eee1b1c86633ef6364e6036e3f56b1eaa64a04b770d7641f7e2a2466

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 19:39:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
21966d424aed17f9af10f69f1cb82860
87ffcdc8f4d76491bc4a5cb3a01a3923d1dff2be
6c02a4b1eee1b1c86633ef6364e6036e3f56b1eaa64a04b770d7641f7e2a2466

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 19:39:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qgxvbz.exceilentdate.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:42 GMT
expires: Sat, 23 Mar 2024 10:26:42 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 465147
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qgxvbz.exceilentdate.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:41 GMT
expires: Sat, 23 Mar 2024 10:26:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 465148
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

qgxvbz.exceilentdate.com/js/pushjs/1.0.0/utils.js

63.32.216.166

200 OK

7.5 kB

URL HTTP/2
qgxvbz.exceilentdate.com/js/pushjs/1.0.0/utils.js
IP
63.32.216.166:0
ASN
#16509 AMAZON-02

File type
data
Size
7.5 kB (7480 bytes)
Hash
f6d1a13675be32118569feccaa36157d
27b375eea172acedaa00a57a1dbf4b7f9b400a76
9dde212ece8da8a484dd00d501c8e0ef2e0222a2067273fd02937736326be281

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/pushjs/1.0.0/utils.js HTTP/1.1
Host: qgxvbz.exceilentdate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1
Cookie: unique_id=6424175500078f67; unique_id2=6423534400006ee0; 6423534400006ee0_c=1; ref_token=153990_187050_1018_149927_102612_19663_181986_13290; 6423534400006ee0_sl=[277386]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 19:39:09 GMT
content-type: application/javascript
expires: Wed, 05 Apr 2023 19:39:09 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
21966d424aed17f9af10f69f1cb82860
87ffcdc8f4d76491bc4a5cb3a01a3923d1dff2be
6c02a4b1eee1b1c86633ef6364e6036e3f56b1eaa64a04b770d7641f7e2a2466

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 19:39:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/5.0.2/firebase-app.js

142.250.74.35

200 OK

8.6 kB

URL HTTP/2
www.gstatic.com/firebasejs/5.0.2/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (25088)
Size
8.6 kB (8604 bytes)
Hash
73069e532b7039778d3a7128c997c61a
c523bbf1ac7f4e612c8ade75434c42fbca885adc
b6d7aec09aad2bb78dfbad4c9530fd03c0f33aed8385c3ee57c10b1fe959c4d5

HTTP Headers

GET /firebasejs/5.0.2/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 8604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Mar 2023 18:05:11 GMT
expires: Thu, 28 Mar 2024 18:05:11 GMT
cache-control: public, max-age=31536000
age: 5638
last-modified: Thu, 10 May 2018 20:35:51 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js

142.250.74.35

200 OK

10 kB

URL HTTP/2
www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (35547)
Size
10 kB (10017 bytes)
Hash
fa9987a23f5a9d865766e952511baa30
f2e620b99ee61a01671ba6a9e22ca75d58a1b52d
655daa1e20bf3aff16bc8462339dfea48c7ea5d3dd3505937015af3586d15fb7

HTTP Headers

GET /firebasejs/5.0.2/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Mar 2023 18:05:11 GMT
expires: Thu, 28 Mar 2024 18:05:11 GMT
cache-control: public, max-age=31536000
age: 5638
last-modified: Thu, 10 May 2018 20:35:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11441
Expires: Wed, 29 Mar 2023 22:49:51 GMT
Date: Wed, 29 Mar 2023 19:39:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11441
Expires: Wed, 29 Mar 2023 22:49:51 GMT
Date: Wed, 29 Mar 2023 19:39:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11441
Expires: Wed, 29 Mar 2023 22:49:51 GMT
Date: Wed, 29 Mar 2023 19:39:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11441
Expires: Wed, 29 Mar 2023 22:49:51 GMT
Date: Wed, 29 Mar 2023 19:39:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11441
Expires: Wed, 29 Mar 2023 22:49:51 GMT
Date: Wed, 29 Mar 2023 19:39:10 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6049 bytes)
Hash
253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXiCIy2ZqOyLvougeQikdsmaIJ9BfMPpOO4oU-3nEGY33FQGCm0ZoQ==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:44:35 GMT
age: 78875
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7605 bytes)
Hash
fd1bc71c7e9eed7c086d752ea8b4b992
02a74cf88501d65b3dfcceb5adc79fd93ce785ed
a9a423d347533322d4d3ba90ee5fca5ca32f8d540f744ea2621deeda46df89f3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7605
x-amzn-requestid: b7628073-4eb3-4ef6-b7d0-0224e0a75601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GFPoAMFebQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-445041c74356c54053f772a1;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: npXnMYBUM1bcf7FQIJEHng73EkILWwM0Jvey0QDUvmln0kAJUG_Rpw==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:57 GMT
age: 78913
etag: "02a74cf88501d65b3dfcceb5adc79fd93ce785ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67889522-c6ea-4b17-93f3-ac6e2b4777c1.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6722 bytes)
Hash
d0a85ec27ed4f7910e26b4ff023ab1fb
f35a6c0c18a7c25a5f644ed9bebef0d38f8c6ac0
fc31409ba6db565d4861a35ee6f74b7436eea5e5169bc1283f63cf6dfdb03764

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67889522-c6ea-4b17-93f3-ac6e2b4777c1.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6722
x-amzn-requestid: a6de82bd-5b03-4ffd-90dd-9bd03331d123
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GG2IAMFuzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-7cb1c8187fe3d2b0283fb3a0;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: lZBspmi0Dku2a7jY39WyiBC3wu5F4eAvbTwHF6_8pgHfw21XSW_NbA==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:58 GMT
age: 78912
etag: "f35a6c0c18a7c25a5f644ed9bebef0d38f8c6ac0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8553 bytes)
Hash
e828b7227de7aa7a7b7c54c96e0cef9a
9a717142ab25dabf9123485ef51ed586662d2a71
0390f8771432de010cc11e11be2e2dfa7c303664858a5b066e66a628a1f3dd66

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8553
x-amzn-requestid: 05cb5115-a27b-485a-89fd-670bdb5bb06f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbofHHPIAMFkQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-774bb5d725336b35088e2527;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: NcKs_URb5dFDbkEoCqy2_fjKWneX7mifmEbd5MA5unqkhiPAIH9GPg==
via: 1.1 22ea0ab0881473261b786ecbb5e00f54.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:50:14 GMT
age: 78536
etag: "9a717142ab25dabf9123485ef51ed586662d2a71"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fbdd640-8a87-474c-a4d5-f25e31609f46.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9501 bytes)
Hash
5d389dd69e54e5d7b547a425f9b22ebf
604a65cfc5572c5da9d3fdea795be3942b8d14cb
5beda50c5f20633003e1f939673a6005eca314372e7f8fe0a1d4bb5702ae1712

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fbdd640-8a87-474c-a4d5-f25e31609f46.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9501
x-amzn-requestid: f073f55c-fd49-4b8b-8b9c-026f6a546378
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbunG2VIAMFnQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc3-32af7701763d0f734f09a05d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:11 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: wyrl1rguCM5LrsEN49aH42bNWc7ht0Je1UeO-dAx6Ujj1kjQgdfGEQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 0cf6c59c77f0fff670ae085179adc458.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 22:20:32 GMT
age: 76718
etag: "604a65cfc5572c5da9d3fdea795be3942b8d14cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8745 bytes)
Hash
ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LAAUFZcFBIpdMUkaDQXGW1sdwLK9c_uhQQHLiJHGF7dEvfJ0KX7MaA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:37:00 GMT
age: 79330
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg

88.221.27.74

200 OK

150 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1108x1280, components 3\012- data
Size
150 kB (149812 bytes)
Hash
8ff03d86c53d978e5527374b5bcd5114
2b63b0853d74e24d74d26dbf9622c407e3c74ea9
10dedae19a11a0cf1cea2db4646bde720e63e35140f38ae3453fa2a4e4649e1c

HTTP Headers

GET /landings/277386/1674482702/images/3.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: Xirc4fkz0JOSaRS7VBS3M8nzLP7O9RnlkHucQpuinBkelD+B+7nBZr41dGSTLSs2/GCSrwUj0pg=
x-amz-request-id: XJSRKQFA4YQZWMJS
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "8ff03d86c53d978e5527374b5bcd5114"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 149812
Date: Wed, 29 Mar 2023 19:39:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg

88.221.27.74

200 OK

103 kB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size
103 kB (102832 bytes)
Hash
3b8b455b24c71ae1f928266241e9517e
8b98ca60c92b83e039c3b996f090883ed8b7ca75
c8d05f7eda85f68f0a08307eeee4e481282fda95570dd53f300b8aadd4f504f6

HTTP Headers

GET /landings/277386/1674482702/images/2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: hODAwaxhhoNUzaw+wGQIdlKGG1r6rlm0Gl11mKPn3J7w0gqE64598E1ANjtxBygXrh+DY1h3pjY=
x-amz-request-id: JTW6JJFVF42X0DH8
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "3b8b455b24c71ae1f928266241e9517e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 102832
Date: Wed, 29 Mar 2023 19:39:11 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.mp4

88.221.27.74

206 Partial Content

1.6 MB

URL HTTP/1.1
cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.mp4
IP
88.221.27.74:0
ASN
#20940 Akamai International B.V.

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
1.6 MB (1560164 bytes)
Hash
379ddec6d7d6e118bd7565d1c83dbb90
16becb1b44f3f35b0fa239668901338cba6eff06
5635dd2c6c23dfdc3e4eb82afc4231a27e8522ec332b8568a3fc7ae8755fec94

HTTP Headers

GET /landings/277386/1674482702/images/1.mp4 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 206 Partial Content
x-amz-id-2: 1Ax9N+Cfw91vDfS7SxXRZKuE+o4c4UcnjyTZdFm9/oi70hWYxtxdgby+ENQIv8dZ+MsudWMhl4o=
x-amz-request-id: FBRABVME30ZYGQHT
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "379ddec6d7d6e118bd7565d1c83dbb90"
Accept-Ranges: bytes
Content-Type: video/mp4
Server: AmazonS3
Date: Wed, 29 Mar 2023 19:39:11 GMT
Content-Range: bytes 0-1560163/1560164
Content-Length: 1560164
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Roboto:wght@300;400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 19:39:09 GMT
date: Wed, 29 Mar 2023 19:39:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

qgxvbz.exceilentdate.com/js/pushjs/1.0.0/subscriber.js

63.32.216.166

200 OK

0 B

URL HTTP/2
qgxvbz.exceilentdate.com/js/pushjs/1.0.0/subscriber.js
IP
63.32.216.166:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1
Host: qgxvbz.exceilentdate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qgxvbz.exceilentdate.com/?s1=187050&s2=1773580&s3=44543&s5=backuser&click_id=102f54e723a821186eb45709fa734e&iexpp=1&j1=1&j9=1&utm_source=da57dc555e50572d&j8=1
Cookie: unique_id=6424175500078f67; unique_id2=6423534400006ee0; 6423534400006ee0_c=1; ref_token=153990_187050_1018_149927_102612_19663_181986_13290; 6423534400006ee0_sl=[277386]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 19:39:09 GMT
content-type: application/javascript
expires: Wed, 05 Apr 2023 19:39:09 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

qgxvbz.exceilentdate.com/js/service-worker.js

63.32.216.166

200 OK

0 B

URL HTTP/2
qgxvbz.exceilentdate.com/js/service-worker.js
IP
63.32.216.166:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/service-worker.js HTTP/1.1
Host: qgxvbz.exceilentdate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: unique_id=6424175500078f67; unique_id2=6423534400006ee0; 6423534400006ee0_c=1; ref_token=153990_187050_1018_149927_102612_19663_181986_13290; 6423534400006ee0_sl=[277386]
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 19:39:09 GMT
content-type: application/javascript
expires: Wed, 05 Apr 2023 19:39:09 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL