firefox.settings.services.mozilla.com/v1/
18.244.155.28200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.244.155.28:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 14:26:19 GMT
Expires: Sat, 22 Oct 2022 14:48:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 7abcd88a14dd92e6910468bb5a172372.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: UXDe39uUF7FkllwV-aCv3l7eXAq-MHUtdxG4PYQmY_o18nBYwwG_yA==
Age: 3307
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19275
Expires: Sat, 22 Oct 2022 20:42:41 GMT
Date: Sat, 22 Oct 2022 15:21:26 GMT
Connection: keep-alive
32.winprizes632.lol/id1/1idaffn2.html
45.76.148.82301 Moved Permanently 428 B URL HTTP/1.1 32.winprizes632.lol/id1/1idaffn2.html
IP 45.76.148.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6d1c6d5a3eb217457a2f1ccac3adb6f6
60c7ed6ac0a3f10f1c73526d9c973ec56c123396
d749c0dbbea59164738e5cf91bef5d96a69e640066c2ec934953d3edb96bfe69
Analyzer Verdict Alert fortinet Phishing
GET /id1/1idaffn2.html HTTP/1.1
Host: 32.winprizes632.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 22 Oct 2022 15:21:26 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 428
Connection: keep-alive
Location: https://32.winprizes632.lol/id1/1idaffn2.html
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cecd3b2e0cd07173ee1fb63b0a744119
774e0935fffd5bb39799c040098e32c3dc88702f
78c2c60f2d752f572f1711e23aa3f82d5e5bce1940064405f6f989886f6315df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78C2C60F2D752F572F1711E23AA3F82D5E5BCE1940064405F6F989886F6315DF"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6169
Expires: Sat, 22 Oct 2022 17:04:15 GMT
Date: Sat, 22 Oct 2022 15:21:26 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PTfJnHk8w5zFG4EqSblZ48SnikDmclZGaWnxjqOoxDTi/E4bQIi/vbyURd61pX9VAnkyEX5MXd0x9HFEMpFYXA==
x-amz-request-id: 3HJRQ3CQESNSNX8R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 15:07:41 GMT
age: 825
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 15:21:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.244.155.28200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.244.155.28:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Pragma, Content-Length, Content-Type, ETag, Retry-After, Cache-Control, Last-Modified, Backoff, Expires
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 22 Oct 2022 14:36:24 GMT
Expires: Sat, 22 Oct 2022 15:23:04 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 829762c3f42db9d1ea41f24010e3ac9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P8
X-Amz-Cf-Id: 7QGFRDrm3udpJqfvIXI0lQs93N1IFlo7DDlfYIZJLZbUIHgLwpYXLA==
Age: 2703
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6019
Cache-Control: max-age=152737
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 15:21:27 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 09:47:04 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.43.61.95101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.61.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YvJJ7cSNbhpFNiqPm0FKEA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IY9djjB22MX6U7fngb+vNcywVtc=
32.winprizes632.lol/id1/prize.png
45.76.148.82200 OK 2.9 kB URL HTTP/2 32.winprizes632.lol/id1/prize.png
IP 45.76.148.82:0
File type PNG image data, 96 x 106, 8-bit colormap, non-interlaced\012- data
Hash 61710e84d51f96e9bc51babda9c3f255
582965d469667d948acc3ae75ccf8b156bf31f6e
eaf97d6be9a14b4da47a0382c4a362621a9f4225326b250ba1da944c9e8d9de6
GET /id1/prize.png HTTP/1.1
Host: 32.winprizes632.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://32.winprizes632.lol/id1/1idaffn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 15:21:27 GMT
content-type: image/png
content-length: 2868
last-modified: Tue, 18 Oct 2022 08:37:29 GMT
etag: "b34-5eb4b00a0fb0a"
accept-ranges: bytes
X-Firefox-Spdy: h2
push.winprizes632.lol/js/pub.min.js
99.198.108.198200 OK 1.5 kB URL HTTP/2 push.winprizes632.lol/js/pub.min.js
IP 99.198.108.198:0
File type ASCII text, with very long lines (2752)
Hash 31c303586c1b78e33984bd252b8e2644
8083e2aad4cbf8242a4e6fb53657d49552b85f82
d2c713c2734353dc0ef2896d057021e9b04f35bb7c851d920d390941769c66be
Analyzer Verdict Alert fortinet Phishing
GET /js/pub.min.js HTTP/1.1
Host: push.winprizes632.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://32.winprizes632.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 15:21:27 GMT
content-type: application/javascript
content-length: 1482
last-modified: Fri, 09 Sep 2022 11:46:08 GMT
vary: Accept-Encoding
etag: "631b2780-5ca"
content-encoding: gzip
expires: Sun, 23 Oct 2022 15:21:27 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
X-Firefox-Spdy: h2
push.winprizes632.lol/sw.js
99.198.108.198200 OK 776 B URL HTTP/2 push.winprizes632.lol/sw.js
IP 99.198.108.198:0
Hash f72a11763f13b05c1f2379d13387dd05
002fbf7672d3f4655b89b6413d160e4185ce9900
70d744bbd19a0cc35c8d9f1d8ba181c6cdc902f95799ac750da4adc3ad987b11
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: push.winprizes632.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://32.winprizes632.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 15:21:28 GMT
content-type: application/javascript
content-length: 776
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5434
Expires: Sat, 22 Oct 2022 16:52:02 GMT
Date: Sat, 22 Oct 2022 15:21:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5434
Expires: Sat, 22 Oct 2022 16:52:02 GMT
Date: Sat, 22 Oct 2022 15:21:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f65d4c-2c16-4111-887b-bcae5238faa2.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f65d4c-2c16-4111-887b-bcae5238faa2.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e44a8dcfdfa8527125ae334ecf2acc2c
c6cf8d68ae9c8c76f072576bca1c271ae70f7525
81386f6c1e64e32069aeeb7a340b0d51851ca907f9db223570e70e5c46f04fed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f65d4c-2c16-4111-887b-bcae5238faa2.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12012
x-amzn-requestid: f0a1e367-d30e-488c-82d6-005eb15a21c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-TLE1MoAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310e0-27ce063b550723635109ca7b;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VEMcF0HdB5O2-7cLAZGGI4XmWu5RDySUzD9owOQv_T02ZmV8pRpSLQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:36:33 GMT
age: 60295
etag: "c6cf8d68ae9c8c76f072576bca1c271ae70f7525"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5434
Expires: Sat, 22 Oct 2022 16:52:02 GMT
Date: Sat, 22 Oct 2022 15:21:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ee464d6a426da49571c97060e65a4e8
aef2208c82085b4dc8472ee28bc63b9a8832fe0e
704e9800cb12b9b2927e85901b21fbb22303f11bf4b052340d0fc610414e2a6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hitgYm684zdpmL8IbPzFxhPWRrc2-VmnlofdTiPhJzkrc26mgXTTTA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:41 GMT
age: 62447
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cdaacab30d73a7d05180cc16f4a96a3f
6cc0e39e0decbc20c765f171f63affd85fc9e6da
f015c3b1d838bd7d100ee104551bed2bb06a512b20ce3e5ac419d54b747fadd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f5552d5-4394-409a-9a9c-43e4ebf38ee1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10720
x-amzn-requestid: 96267527-f482-4bfa-ba7a-12467408efe9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-MvGutIAMFc8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b7-25f2624559b0fb7d62ced3a3;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:51 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4--AiSTKMMOm9HnJL_ervFnd5rkQ-WZfGM-FNkxXKO892SPw67cxXA==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:11:42 GMT
age: 61786
etag: "6cc0e39e0decbc20c765f171f63affd85fc9e6da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -R91mOdVOCkUp-5vOpEyQactO7SrjtbYwxTsvbR1LP6fBlFZFDTP5A==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
age: 62456
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a361cef05d531426819a2bffd8ab1e47
9c8050ffd0de58005705219ec70b6e4352e35b5e
0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kV1qS7kI7-DRm5Su-p133YIf_m4n6i16uBSDrGdsbMDPxD_2v1a69Q==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:20:05 GMT
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
content-type: image/jpeg
age: 61283
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4fb0f4c9ac5a88678baf456107f5341
f6c54dbdfad7e243fe38c03f004c4c79f96b2892
b2fc6c453d7ed610521fcf34d7736a20191d86b485fd57236d2d2c4849cbb8d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7821
x-amzn-requestid: b3b72561-80fd-4b73-862c-ad070f135634
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzEkrIAMFmrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-73f427947c17f35667c0b443;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: LMoH9qNuDmuriAWS_UIw4XHAUcnNhvxI48pB39I68aypUxeorSft0A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
etag: "f6c54dbdfad7e243fe38c03f004c4c79f96b2892"
content-type: image/jpeg
age: 62456
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
32.winprizes632.lol/id1/1idaffn2.html
45.76.148.82200 OK 0 B URL HTTP/2 32.winprizes632.lol/id1/1idaffn2.html
IP 45.76.148.82:0
Analyzer Verdict Alert fortinet Phishing
GET /id1/1idaffn2.html HTTP/1.1
Host: 32.winprizes632.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 15:21:27 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Tue, 18 Oct 2022 08:37:28 GMT
etag: W/"1cd55-5eb4b00972767"
content-encoding: br
X-Firefox-Spdy: h2
32.winprizes632.lol/id1/jquery.min.js
45.76.148.82200 OK 0 B URL HTTP/2 32.winprizes632.lol/id1/jquery.min.js
IP 45.76.148.82:0
GET /id1/jquery.min.js HTTP/1.1
Host: 32.winprizes632.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://32.winprizes632.lol/id1/1idaffn2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 15:21:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 18 Oct 2022 08:37:29 GMT
etag: W/"15d9d-5eb4b009fb2ea"
content-encoding: br
X-Firefox-Spdy: h2
32.winprizes632.lol/favicon.ico
45.76.148.82404 Not Found 0 B URL HTTP/2 32.winprizes632.lol/favicon.ico
IP 45.76.148.82:0
GET /favicon.ico HTTP/1.1
Host: 32.winprizes632.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://32.winprizes632.lol/id1/1idaffn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 22 Oct 2022 15:21:27 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2
32.winprizes632.lol/sw.js?v=1666452102494
45.76.148.82200 OK 0 B URL HTTP/2 32.winprizes632.lol/sw.js?v=1666452102494
IP 45.76.148.82:0
Analyzer Verdict Alert fortinet Phishing
GET /sw.js?v=1666452102494 HTTP/1.1
Host: 32.winprizes632.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 15:21:28 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 18 Oct 2022 08:37:52 GMT
etag: W/"35-5eb4b020686d5"
content-encoding: br
X-Firefox-Spdy: h2