cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=UVq2ApBmJjSwS22raDTHrx
54.154.212.179302 Found 243 B URL HTTP/1.1 cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=UVq2ApBmJjSwS22raDTHrx
IP 54.154.212.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e972885a14b7ea26669141f79e0c5576
70736772b48dc20f9388e0904e36248efa129425
893cd376518a5018acfb98ff267f0fa04be3bc92b2393cd20454aff082f46a12
GET /?a=43588&c=318080&co=91932&mt=18&s2=UVq2ApBmJjSwS22raDTHrx HTTP/1.1
Host: cddtsecure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 25 Mar 2023 23:08:16 GMT
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Set-Cookie: gdm_click_freq_v2_1_001=bfK8z5UDo04kDjzc8YCbxhsnK2uYnJ94WwQuiD3K6E/WFKh1nFt5UuKL7bh54ap1; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/; Secure; SameSite=None
gdm_uid_v2_1_001=E3VPKVLDB0p+gPYCS5pFhusfrhdjykEgczpjqnR40vASbFI0E/kB0i7L/rwCmh8G; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/; Secure; SameSite=None
gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/; Secure; SameSite=None
gdm_uid_v1_1_001=E3VPKVLDB0p+gPYCS5pFhusfrhdjykEgczpjqnR40vASbFI0E/kB0i7L/rwCmh8G; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/
gdm_click_adv_freq_v2_1_001=B6XtSNf0/Fok3GcB4BTdMugTHIwyUV4LI3Iekd0LeU0RvqfLLQn7tvTROWD8euZn; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/; Secure; SameSite=None
gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/
gdm_click_adv_freq_v1_1_001=B6XtSNf0/Fok3GcB4BTdMugTHIwyUV4LI3Iekd0LeU0RvqfLLQn7tvTROWD8euZn; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/
gdm_sid_v2_3_001=UmDgq9nG8+xJktCQuknlu+WFieZn+YyYztCCcBmrMvyXUyoUEHV0J3H1MLtdVX1phZUA/mxFz+ec4qWO0wsuKNhk6O7ZpMX6VFshFHMZHsCx1McvbYcDPGsi6mEvuYleqepghvCgQnWTE6ZkSClpB1Ff3hzwqtql6li3ARLhD/SXxgwBDQvQLQ4KkVSEgGwJU5agYr1SPBwexiSB5Ah7exk8NopZBkFMXQWrRpFyCbJxJHGhX4n78fA4z3nE70ZSWoQo9/xCHwIGR2XF/1Kxn71ip1dFs4S2A2fzw2ewedDIQlsCrP3Tdq7LIlO5dHSPkcsLwFcB4ACXB5J+RN8/MVcBr2Yev4Cp/KV2gnGlfVk1DYg4UvjPL2aPNYR8P6jTPBMfCd1H5mteG2HKthVYaGejHB3YJvQATGDlF9WLNObWOSYFXqbBpTEJJVUZh+GFJ37PzfweudjOxFPpWMVZoaUhMZDD7khzjzHaQ+yXQ+qA9Z1AtiSaiRpi5AtQ+lGqE/lmxk4gAA/CfEAIoKTYtIUrzXcrzaZBAmp+LOHYV82b2jeb6LNNI+syz5hrlgWCmk5jc2Sh9KRCCxhqcaGlhameaIMl5VOHqv1WYjKad8wNiLUtfDQRt6US97g5Yz+BSom6IIvzqEzY+BkIqHZyzjeJKGvLWNOmqNKbKvDgRFKV0evhBV/VI0VOh+dN/S6815fhAvlSOThlYkqbwi2vg2VpjJWvjdhL02ufXR1rjsMc3Nkc/coVIyd/Rw5Nn3iGzh2+Z/nchkxx4w9YbKte7Ta2I95jYik1lLJ4qV+ai2Q0KG5nduvrkDq5JCL7Cod9bWxEAo5GggdqtWoZ1kdoL5MD2AtYXrgjTzdHZMMYCP8pg90mQG3TRW89aYhn9BSFXr/94QcbtQ061C3UvnbQG1uSy1+223yownOPWycHUbGTYi6V09zupPJ78PtqcmOgQt213SWhSzotNwyq0eiLdaGN5Ju36K1Cv9unJj7LOtPEZ1BPrva5s07wLa8gWmHFkvkW2rm1BECPutGuaOgyRQ==; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/; Secure; SameSite=None
gdm_sid_v1_3_001=UmDgq9nG8+xJktCQuknlu+WFieZn+YyYztCCcBmrMvyXUyoUEHV0J3H1MLtdVX1phZUA/mxFz+ec4qWO0wsuKNhk6O7ZpMX6VFshFHMZHsCx1McvbYcDPGsi6mEvuYleqepghvCgQnWTE6ZkSClpB1Ff3hzwqtql6li3ARLhD/SXxgwBDQvQLQ4KkVSEgGwJU5agYr1SPBwexiSB5Ah7exk8NopZBkFMXQWrRpFyCbJxJHGhX4n78fA4z3nE70ZSWoQo9/xCHwIGR2XF/1Kxn71ip1dFs4S2A2fzw2ewedDIQlsCrP3Tdq7LIlO5dHSPkcsLwFcB4ACXB5J+RN8/MVcBr2Yev4Cp/KV2gnGlfVk1DYg4UvjPL2aPNYR8P6jTPBMfCd1H5mteG2HKthVYaGejHB3YJvQATGDlF9WLNObWOSYFXqbBpTEJJVUZh+GFJ37PzfweudjOxFPpWMVZoaUhMZDD7khzjzHaQ+yXQ+qA9Z1AtiSaiRpi5AtQ+lGqE/lmxk4gAA/CfEAIoKTYtIUrzXcrzaZBAmp+LOHYV82b2jeb6LNNI+syz5hrlgWCmk5jc2Sh9KRCCxhqcaGlhameaIMl5VOHqv1WYjKad8wNiLUtfDQRt6US97g5Yz+BSom6IIvzqEzY+BkIqHZyzjeJKGvLWNOmqNKbKvDgRFKV0evhBV/VI0VOh+dN/S6815fhAvlSOThlYkqbwi2vg2VpjJWvjdhL02ufXR1rjsMc3Nkc/coVIyd/Rw5Nn3iGzh2+Z/nchkxx4w9YbKte7Ta2I95jYik1lLJ4qV+ai2Q0KG5nduvrkDq5JCL7Cod9bWxEAo5GggdqtWoZ1kdoL5MD2AtYXrgjTzdHZMMYCP8pg90mQG3TRW89aYhn9BSFXr/94QcbtQ061C3UvnbQG1uSy1+223yownOPWycHUbGTYi6V09zupPJ78PtqcmOgQt213SWhSzotNwyq0eiLdaGN5Ju36K1Cv9unJj7LOtPEZ1BPrva5s07wLa8gWmHFkvkW2rm1BECPutGuaOgyRQ==; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/
gdm_click_freq_v1_1_001=bfK8z5UDo04kDjzc8YCbxhsnK2uYnJ94WwQuiD3K6E/WFKh1nFt5UuKL7bh54ap1; Domain=.cddtsecure.com; Expires=Fri, 23-Jun-2023 23:08:16 GMT; Path=/
Location: https://ujn.nowsubmission.com//?kw=43588&s1=b5e6d255448e4cabbf1f7c51cbd13dcd1e1bf&s2=
Content-Language: en-US
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8007
Expires: Sun, 26 Mar 2023 01:21:44 GMT
Date: Sat, 25 Mar 2023 23:08:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12573
Expires: Sun, 26 Mar 2023 02:37:50 GMT
Date: Sat, 25 Mar 2023 23:08:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 22:15:29 GMT
content-type: application/json
age: 3168
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7146
Expires: Sun, 26 Mar 2023 01:07:23 GMT
Date: Sat, 25 Mar 2023 23:08:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RhR5yG/0AwaHaVElzKiw0Vx/OtU6sQe5rxgjsakDHDy7SOEhfhXPN/aLP0hqSGSFYC/WRvrpOuk=
x-amz-request-id: H140BNQCD8R4EK5S
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 22:55:05 GMT
age: 792
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 23:08:17 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 196e1ba22c141dd9db08033b5a80e517
2dc3ca029793606fa473aecc154b3bd3d4fd1d6f
9fc2d4766db6381a817eb75d197abc777b51b2ebc9947a95f457eaf96f96c3f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FC2D4766DB6381A817EB75D197ABC777B51B2EBC9947A95F457EAF96F96C3F1"
Last-Modified: Sat, 25 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20237
Expires: Sun, 26 Mar 2023 04:45:34 GMT
Date: Sat, 25 Mar 2023 23:08:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 22:14:33 GMT
age: 3224
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ujn.nowsubmission.com//?kw=43588&s1=b5e6d255448e4cabbf1f7c51cbd13dcd1e1bf&s2=
179.61.143.121302 Found 718 B URL HTTP/1.1 ujn.nowsubmission.com//?kw=43588&s1=b5e6d255448e4cabbf1f7c51cbd13dcd1e1bf&s2=
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ce66af5082e5c653a84757103ad63272
dee6740c83cb8a9bdeaa4f021174acd321a4a17e
cf397ee484cd9ec9808b31fd6b04674308cea697b98d9c00ae5bf51a9e672229
GET //?kw=43588&s1=b5e6d255448e4cabbf1f7c51cbd13dcd1e1bf&s2= HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
cache-control: no-cache, private
date: Sat, 25 Mar 2023 23:08:17 GMT
location: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
content-type: text/html; charset=UTF-8
x-redir: true
set-cookie: yredir_session=eyJpdiI6Iks3aWVNVHhsTCtnaDBvTXJ4bzRleVE9PSIsInZhbHVlIjoibnprbWkrOUlaT3lXM0dRcmhnandnMm9KSFloNlN2V0thK1Noc25FaDIrdlF1b1VJeE1oQXBaOWxpOVM1Q1FtSWFpdG9NV0pjTW9YSmZhclowNnVoVjA1ZU0rTlo3cEx0WlJSc3krSVNLN1hjc3VoeG5JbjBWNngxZTBZMlZjN28iLCJtYWMiOiI4NTU0YmI3NGI1Y2QwN2E5OWJiZjNiM2VlYjFiMDQzMzBiNTI2ZWEwZTBkZGMwNGFiNzBlZGVjYzY1YmYzM2FmIiwidGFnIjoiIn0%3D; expires=Sun, 26-Mar-2023 01:08:17 GMT; path=/; httponly; samesite=lax
transfer-encoding: chunked
strict-transport-security: max-age=15768000
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 70300b32357c46f3448d567189b64cb3
6ba66a5cf63cdbfeaec59b936151cc812bac56df
5a2b4f9fc5ebaa8062058bf68eae75fc28e06c6ef6a0e79c3c761c1d92f81cb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A2B4F9FC5EBAA8062058BF68EAE75FC28E06C6EF6A0E79C3C761C1D92F81CB9"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2230
Expires: Sat, 25 Mar 2023 23:45:27 GMT
Date: Sat, 25 Mar 2023 23:08:17 GMT
Connection: keep-alive
ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
179.61.143.121200 OK 15 kB URL HTTP/1.1 ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (738)
Hash 57708f4cfc58ddea257d2e4e6612bd4b
a09e00791c45969d571ffe4e77a07ada656aa58e
33bf6d5fbdd7e5cfb0a6fa7add14e72f639ffe243e463f4e559fe4c4cf48b460
Analyzer Verdict Alert fortinet Phishing
GET /t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6Iks3aWVNVHhsTCtnaDBvTXJ4bzRleVE9PSIsInZhbHVlIjoibnprbWkrOUlaT3lXM0dRcmhnandnMm9KSFloNlN2V0thK1Noc25FaDIrdlF1b1VJeE1oQXBaOWxpOVM1Q1FtSWFpdG9NV0pjTW9YSmZhclowNnVoVjA1ZU0rTlo3cEx0WlJSc3krSVNLN1hjc3VoeG5JbjBWNngxZTBZMlZjN28iLCJtYWMiOiI4NTU0YmI3NGI1Y2QwN2E5OWJiZjNiM2VlYjFiMDQzMzBiNTI2ZWEwZTBkZGMwNGFiNzBlZGVjYzY1YmYzM2FmIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 25 Mar 2023 23:08:17 GMT
x-redir: true
set-cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D; expires=Sun, 26-Mar-2023 01:08:17 GMT; path=/; httponly; samesite=lax
transfer-encoding: chunked
strict-transport-security: max-age=15768000
code.jquery.com/jquery-1.11.3.min.js
69.16.175.42200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.11.3.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32038)
Hash 1c8acbf5f411ace3b76578a1fd1a603e
b1bbee9db24d885c25afd2e5a7720e4f79b6b991
e37464521b5447580a641b775ddb258a76f3bc7a3ca5a34eb452b12908b350a9
GET /jquery-1.11.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 23:08:18 GMT
content-encoding: gzip
content-length: 33261
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-176d5"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1679785698.dop225.sk1.t,1679785698.cds235.sk1.hn,1679785698.cds216.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 23:08:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 23:08:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.213.220.137101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.220.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: J+tBLG13tqXXjxkBv0wLXQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tCmVsbwPRGebFu0EaFf/AAy60Yw=
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
216.58.207.202200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP 216.58.207.202:0
File type ASCII text, with very long lines (32072)
Hash d38e2944bbc9ae54b8947a2bd0b9a932
782a825679b248d38979c2d7ecae257873344437
65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32954
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 19 Mar 2023 17:43:11 GMT
expires: Mon, 18 Mar 2024 17:43:11 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 537907
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ujn.nowsubmission.com/o/2XXQ6DLP/ed86755e-cb61-11ed-bbbe-930271cc50b9/?push=true
179.61.143.121302 Found 818 B URL HTTP/1.1 ujn.nowsubmission.com/o/2XXQ6DLP/ed86755e-cb61-11ed-bbbe-930271cc50b9/?push=true
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (325)
Hash 26c9f7d3a2a3f839d0410684d73b57fb
d90a16cafbad12ea47f02627b5f958dbd1fd244b
e03f133a1680f17a30f8fa5d81f43e7c0b3d4485777f4d025965f1149bd34286
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/ed86755e-cb61-11ed-bbbe-930271cc50b9/?push=true HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
cache-control: no-cache, private
date: Sat, 25 Mar 2023 23:08:18 GMT
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=edd95eae-cb61-11ed-9808-4be2f9827d22&&push=true
content-type: text/html; charset=UTF-8
x-redir: true
set-cookie: yredir_session=eyJpdiI6IkppVkZNcnZuUTdERHlUTFQrcStJbEE9PSIsInZhbHVlIjoieXpJSTBhcE1YbFZrMk5DNWRIMzA0UGpwM0F4WlRDdGpZMk9zUTVySGwrOFRiRk0raHFRU0tYelZ1VE5XdUtxR2U2aE5SNW5oZG5kR3ZvSy9TcWpNSWdiaVB1R0t2bHlwZlczTUNEeDc4ejJGbWRrSlZMSVJTbUNMTCswdEdCTDAiLCJtYWMiOiJkZWQxZjM4YTk3NjQ1NGEyMzk4NDBhMDQ5OTc5ZTdjZDY5ZGM1NGI3OTBiY2I0ZmI4MjI5YWE5ZWRjMDY3YzZlIiwidGFnIjoiIn0%3D; expires=Sun, 26-Mar-2023 01:08:18 GMT; path=/; httponly; samesite=lax
transfer-encoding: chunked
strict-transport-security: max-age=15768000
fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
172.217.21.170200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
IP 172.217.21.170:0
Hash 7ebfa27fd8b2929cbfbd0903ff5464e4
0909c41cc073ee9ff39fde2ba6ff059e56775f3a
c8862e32218c654b94e8a45b2472257c3ba13e529d06713a5fe91adb07ebedcc
GET /css?family=Roboto+Condensed%7COpen+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Mar 2023 23:08:18 GMT
date: Sat, 25 Mar 2023 23:08:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 23:08:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
179.61.143.121200 OK 25 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
Hash bc84bd3caee9a7b227a5054179477e02
bc1b53ceedb9b91f4d4bec2037126b4d05c20912
d86b239f3ad7fc29593df1655848824493b2299a203c9be2f67adae10f94309e
GET /templates/templates/spin-casino_MASTER/css/style.css HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 15:59:18 GMT
last-modified: Wed, 22 Mar 2023 20:46:16 GMT
etag: "bc84bd3caee9a7b227a5054179477e02"
x-amz-server-side-encryption: AES256
content-type: text/css
content-length: 25401
x-varnish: 1724361 163854
age: 198540
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b644abd1d83faa6f0327486dae33b18d
cb745aa55db6976159ef31ff8835e2b26fd32109
784e1b0a41a50629890a6fd6f58beb9f3a6eb5ba56aa35c671e5217d839aeeac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 23:08:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ujn.nowsubmission.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:49 GMT
expires: Sat, 23 Mar 2024 10:26:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
age: 132089
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay2.png
179.61.143.121200 OK 19 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay2.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash 90f8155b00c6e9ec624a12e8a67bd264
fbf3b21af8cc2c2d44879f19f5893dbe696113f1
677aebad5741b57c1a3a51f8a65cd295a7aae1d656958313a882ef199f046418
GET /templates/templates/spin-casino_MASTER/images/overlay2.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 15:59:02 GMT
last-modified: Wed, 22 Mar 2023 20:46:16 GMT
etag: "90f8155b00c6e9ec624a12e8a67bd264"
x-amz-server-side-encryption: AES256
content-type: image/png
content-length: 18646
x-varnish: 1724363 51
age: 198557
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b644abd1d83faa6f0327486dae33b18d
cb745aa55db6976159ef31ff8835e2b26fd32109
784e1b0a41a50629890a6fd6f58beb9f3a6eb5ba56aa35c671e5217d839aeeac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 23:08:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay.png
179.61.143.121200 OK 19 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash a3f2c95451c2201b26033d755a0164c9
f150487dacf8607e49c31abebaf034e34ef8e8aa
bd03836c50a13a9d0c5868a5656f4112f69909cc52c50ca21de772da164e13a2
GET /templates/templates/spin-casino_MASTER/images/overlay.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 15:59:01 GMT
last-modified: Wed, 22 Mar 2023 20:46:16 GMT
etag: "a3f2c95451c2201b26033d755a0164c9"
x-amz-server-side-encryption: AES256
content-type: image/png
content-length: 18661
x-varnish: 1724364 46
age: 198558
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/loader.gif
179.61.143.121200 OK 2.9 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/loader.gif
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type GIF image data, version 89a, 128 x 15\012- data
Hash 35de537ece3bfee3ab3f7af4c19e2151
9139201df5d36e1b2b9a8a6566683c95a49e0006
2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5
GET /templates/templates/spin-casino_MASTER/images/loader.gif HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 15:59:05 GMT
last-modified: Wed, 22 Mar 2023 20:46:16 GMT
etag: "35de537ece3bfee3ab3f7af4c19e2151"
x-amz-server-side-encryption: AES256
content-type: image/gif
content-length: 2892
x-varnish: 2816022 98329
age: 198554
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin2.png
179.61.143.121200 OK 88 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin2.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash f12f850a9ec2daa0b2dbb07e11252122
012a03ac053a0367ef9cdb76685a77d61f3d8a22
ada8eb4421bf605c058c123aa95bd5e4590b4507c68809f563c921e4db31ea8a
GET /templates/templates/spin-casino_MASTER/images/spin2.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 15:59:04 GMT
last-modified: Wed, 22 Mar 2023 20:46:16 GMT
etag: "f12f850a9ec2daa0b2dbb07e11252122"
x-amz-server-side-encryption: AES256
content-type: image/png
content-length: 88130
x-varnish: 1202988 98321
age: 198555
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin1.png
179.61.143.121200 OK 85 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin1.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash 827076646858c6cc499ec675c45b147d
4b6bf3459af50ba8db76d31f9dc3876b50a4c5fe
bc50750cd41cbabc77efc8143fb1b210c983a23e5c954b65b02562958b922e63
GET /templates/templates/spin-casino_MASTER/images/spin1.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 15:59:02 GMT
last-modified: Wed, 22 Mar 2023 20:46:16 GMT
etag: "827076646858c6cc499ec675c45b147d"
x-amz-server-side-encryption: AES256
content-type: image/png
content-length: 85123
x-varnish: 1724365 98317
age: 198556
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif
179.61.143.121200 OK 23 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type GIF image data, version 89a, 500 x 150\012- data
Hash f79f189bde401dfac7723f7c963d0ef8
83530e9d6248767d661c4996c14414621c857ed6
bdc936e847facab60f4b4a9153dc8145ebccdeca49becc4cd684e007cd0459ca
GET /templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
Cookie: yredir_session=eyJpdiI6IkppVkZNcnZuUTdERHlUTFQrcStJbEE9PSIsInZhbHVlIjoieXpJSTBhcE1YbFZrMk5DNWRIMzA0UGpwM0F4WlRDdGpZMk9zUTVySGwrOFRiRk0raHFRU0tYelZ1VE5XdUtxR2U2aE5SNW5oZG5kR3ZvSy9TcWpNSWdiaVB1R0t2bHlwZlczTUNEeDc4ejJGbWRrSlZMSVJTbUNMTCswdEdCTDAiLCJtYWMiOiJkZWQxZjM4YTk3NjQ1NGEyMzk4NDBhMDQ5OTc5ZTdjZDY5ZGM1NGI3OTBiY2I0ZmI4MjI5YWE5ZWRjMDY3YzZlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 15:59:08 GMT
last-modified: Wed, 22 Mar 2023 20:46:16 GMT
etag: "f79f189bde401dfac7723f7c963d0ef8"
x-amz-server-side-encryption: AES256
content-type: image/gif
content-length: 23095
x-varnish: 1202992 65571
age: 198551
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
179.61.143.121200 OK 90 B URL HTTP/1.1 ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IkppVkZNcnZuUTdERHlUTFQrcStJbEE9PSIsInZhbHVlIjoieXpJSTBhcE1YbFZrMk5DNWRIMzA0UGpwM0F4WlRDdGpZMk9zUTVySGwrOFRiRk0raHFRU0tYelZ1VE5XdUtxR2U2aE5SNW5oZG5kR3ZvSy9TcWpNSWdiaVB1R0t2bHlwZlczTUNEeDc4ejJGbWRrSlZMSVJTbUNMTCswdEdCTDAiLCJtYWMiOiJkZWQxZjM4YTk3NjQ1NGEyMzk4NDBhMDQ5OTc5ZTdjZDY5ZGM1NGI3OTBiY2I0ZmI4MjI5YWE5ZWRjMDY3YzZlIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=396528c7-a362-9646-6f92-41c07915c9d2
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 15:58:50 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 2816023 65542
age: 198569
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
179.61.143.121200 OK 171 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size 171 kB (171408 bytes)
Hash 276c26514be610b5c6fa413756b33671
43c532ff2dc2ce6ed8360fc5d05116b222036e4b
453150bf90ff9debe217f3734a4d3cf4bf6ed9017635d4f2d867096132ad4e28
GET /templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 23 Mar 2023 17:09:40 GMT
last-modified: Wed, 22 Mar 2023 20:46:16 GMT
etag: "276c26514be610b5c6fa413756b33671"
x-amz-server-side-encryption: AES256
content-type: image/png
content-length: 171408
x-varnish: 1630791 69150
age: 194319
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9897
Expires: Sun, 26 Mar 2023 01:53:16 GMT
Date: Sat, 25 Mar 2023 23:08:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9897
Expires: Sun, 26 Mar 2023 01:53:16 GMT
Date: Sat, 25 Mar 2023 23:08:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9897
Expires: Sun, 26 Mar 2023 01:53:16 GMT
Date: Sat, 25 Mar 2023 23:08:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde451a1a-fcba-44c0-b885-cf9daa6d2ff8.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde451a1a-fcba-44c0-b885-cf9daa6d2ff8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d54efd2b1b21530d0da6f7a622ea898e
656849322a4885c98f1f06600f3c4680522d78d0
88d941b88e10152a49bd5e07bb6d7f31a1e3b2841562985d1869f5eea6aacf7b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde451a1a-fcba-44c0-b885-cf9daa6d2ff8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9290
x-amzn-requestid: ea6a8cc6-98ee-4d42-9cb7-73087027dde2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1soGZRIAMF0-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6983-32b521b073af557b282cb6b4;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:37:07 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: amzRKsV1FYQWrlBPncqtBdU6rnpKISHPETSvZQSE6VPULbYEmGW_CQ==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:51:27 GMT
age: 4612
etag: "656849322a4885c98f1f06600f3c4680522d78d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbfc8880-7788-4d8c-a59c-c048b787b772.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbfc8880-7788-4d8c-a59c-c048b787b772.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9b21b2c60279839939b60afd83d047fa
544c243fe2d69156f50eec156a62de127128a028
091a59214cfc0af90b4cb820bb521577ae63e862ec10160b8f64c9a9e593630d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbfc8880-7788-4d8c-a59c-c048b787b772.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7823
x-amzn-requestid: c528eae7-69b4-4669-8c15-2b306586b84b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kWHx5IAMFlEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-340c77491ea4440b340e3822;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: L_VF003IBR5rwk7Dkcc5BLDFTR4sUCzXvgD3mcLML1bzNatBZjW-Cg==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:49:34 GMT
age: 4725
etag: "544c243fe2d69156f50eec156a62de127128a028"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Ncagzm12kJaHQtYhhjUUhcfXVfbwMdonoNYqpK-QXEmLfyyENgFnFA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 08:51:06 GMT
age: 51433
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F381b1b42-2394-4e4e-bb0a-986511a19bd1.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F381b1b42-2394-4e4e-bb0a-986511a19bd1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8dc799aaa2f69ef1109501a605dbdcfd
58cefa986d580ee408fbca288e3e45ba86fb97ac
54fa967d6b96b456416c62140a4eb9b6cda29b80d5083b5d1321b1fb89b3455f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F381b1b42-2394-4e4e-bb0a-986511a19bd1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9124
x-amzn-requestid: 30a39bb7-d3cc-473a-a5f9-4921367832c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kUESiIAMFVEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-6c9bb97512fc3c8a3ecedc43;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: _4VxID1v_auG0Vuzp87FJoPbgJovhYYYa1fpzQZze51I6HwFKbja6w==
via: 1.1 6af36c6902a46beec743522a9bbb3ab0.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:50:36 GMT
age: 4663
etag: "58cefa986d580ee408fbca288e3e45ba86fb97ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a195fab-643a-48cc-8f4e-51e27511b474.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a195fab-643a-48cc-8f4e-51e27511b474.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8a2437b3c9ab01cd0e2327d4be5c61a
33573e5a6b6c1912702040c6d880c362baf0c3db
2556646c122f89bfce8467d13bf05e68f735373c8c18a33f7258f37f602673cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a195fab-643a-48cc-8f4e-51e27511b474.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5424
x-amzn-requestid: b03169ca-0cc0-49f5-b785-5e29d70048cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kWGCnIAMFf7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-679415d416cf3b666ec128be;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: HJYBgmjUNbjdPrncK3FAPRUykhg3R25vwcbN6jA4K23HPwRUVDCdpA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:51:29 GMT
age: 4610
etag: "33573e5a6b6c1912702040c6d880c362baf0c3db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080fe5e4-bfa3-4b7e-bc7b-ea9d3348e6c4.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080fe5e4-bfa3-4b7e-bc7b-ea9d3348e6c4.webp
IP 34.120.237.76:0
Hash 8e481637282a51b5b27f673bf8f3ae67
e0df43bf1110d8576187040cc39fe4fb851ddab7
bef9e0ab9d9e0f1928ea18f2179290a71f26ff6994438a44759b6a8f109c0e13
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080fe5e4-bfa3-4b7e-bc7b-ea9d3348e6c4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: dd142563-f3de-4390-816b-192fc44c480d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kWHjMIAMF9xA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-5dee56692bbe2f35034c9178;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: ZVnX7AJMV_qcEeF6TG2tsNkiw3kUbCI6rskIb8IPuw-8VMg9raFUjA==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:51:25 GMT
age: 4614
etag: "42e3c97cb72a824d50de5b49e92731a7678c4e73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ujn.nowsubmission.com/livewire/livewire.js?id=90730a3b0e7144480175
179.61.143.121200 OK 175 kB URL HTTP/1.1 ujn.nowsubmission.com/livewire/livewire.js?id=90730a3b0e7144480175
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type Algol 68 source text\012- Pascal source, Unicode text, UTF-8 text, with very long lines (53585)
Size 175 kB (174819 bytes)
Hash 0e377e741f7d57da94c0d5aed41693cd
f2619196a61c34b00491f62774a84f778134b974
38a4dc885f9d1267bbfaf361e24fbf51994bd7f6743784ec3e4a267bbe74a0be
Analyzer Verdict Alert fortinet Phishing
GET /livewire/livewire.js?id=90730a3b0e7144480175 HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6Im8rK2M4cnFNMldTaWt3YkhmNHhnMEE9PSIsInZhbHVlIjoiNlUwZUdOeG9RcVZwYlNUNFFmYnBJUGV2WWo3SWl0SUd0L09VZmhPZXgvY0o5N1k1eXhFVjdjZGhNR0JNaGtnNVh2UURYa1ZZWHY1dGNYWUJVc0VSNDczVWExNjc0UTdrYWpTbzdOa0w2Q1NmbWN6cmVwTHU1d0RKRkdDLzhpckgiLCJtYWMiOiJjNzM0OGY4ZmVhNTJhZDNjOWQ3MzdkOTA3ZWY1ODkzZmNlMzVlNmU4NGEyZWY0ZWE2MGI2N2VmNTAzNzQ3NmI1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
content-type: application/javascript; charset=utf-8
expires: Mon, 25 Mar 2024 23:08:19 GMT
cache-control: max-age=31536000, public
last-modified: Fri, 03 Mar 2023 20:12:38 GMT
date: Sat, 25 Mar 2023 23:08:19 GMT
content-length: 174819
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/favicon.ico
179.61.143.121403 Forbidden 243 B URL HTTP/1.1 ujn.nowsubmission.com/favicon.ico
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type XML 1.0 document text\012- XML document, ASCII text
Hash 14bb79749415fe51af1ed3ab150ed09e
321461bef74c788f0c2be1b8130e5f0d9263a288
58d5c4189cb032a869f0fe60476b8af04c0f490fb9ea04353d7a5a8421159692
GET /favicon.ico HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/ed86755e-cb61-11ed-bbbe-930271cc50b9/ed8be14c-cb61-11ed-a87c-6d5796b1174a
Cookie: yredir_session=eyJpdiI6IkppVkZNcnZuUTdERHlUTFQrcStJbEE9PSIsInZhbHVlIjoieXpJSTBhcE1YbFZrMk5DNWRIMzA0UGpwM0F4WlRDdGpZMk9zUTVySGwrOFRiRk0raHFRU0tYelZ1VE5XdUtxR2U2aE5SNW5oZG5kR3ZvSy9TcWpNSWdiaVB1R0t2bHlwZlczTUNEeDc4ejJGbWRrSlZMSVJTbUNMTCswdEdCTDAiLCJtYWMiOiJkZWQxZjM4YTk3NjQ1NGEyMzk4NDBhMDQ5OTc5ZTdjZDY5ZGM1NGI3OTBiY2I0ZmI4MjI5YWE5ZWRjMDY3YzZlIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=396528c7-a362-9646-6f92-41c07915c9d2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Thu, 23 Mar 2023 15:59:05 GMT
x-varnish: 2816025 65566
age: 198554
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
179.61.143.121304 Not Modified 0 B URL HTTP/1.1 ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IkppVkZNcnZuUTdERHlUTFQrcStJbEE9PSIsInZhbHVlIjoieXpJSTBhcE1YbFZrMk5DNWRIMzA0UGpwM0F4WlRDdGpZMk9zUTVySGwrOFRiRk0raHFRU0tYelZ1VE5XdUtxR2U2aE5SNW5oZG5kR3ZvSy9TcWpNSWdiaVB1R0t2bHlwZlczTUNEeDc4ejJGbWRrSlZMSVJTbUNMTCswdEdCTDAiLCJtYWMiOiJkZWQxZjM4YTk3NjQ1NGEyMzk4NDBhMDQ5OTc5ZTdjZDY5ZGM1NGI3OTBiY2I0ZmI4MjI5YWE5ZWRjMDY3YzZlIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=396528c7-a362-9646-6f92-41c07915c9d2
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Fri, 20 May 2022 14:50:35 GMT
If-None-Match: "1060884cf64d39c3fb28309d83ead97c"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
date: Thu, 23 Mar 2023 15:58:50 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
service-worker-allowed: /
x-varnish: 2816027 65542
age: 198571
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=edd95eae-cb61-11ed-9808-4be2f9827d22&&push=true
172.64.129.25200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=edd95eae-cb61-11ed-9808-4be2f9827d22&&push=true
IP 172.64.129.25:0
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=edd95eae-cb61-11ed-9808-4be2f9827d22&&push=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ujn.nowsubmission.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 23:08:18 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Sat, 25 Mar 2023 23:08:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OKv%2Bvwhs3XS7GrtKqEWOID%2BVPltd4iGLVCa57oX5wogmMQ4xSYzDqYJFq2Z%2Bx5hmBxZBpVcTd8Z%2Fr%2FTtqTWELr05mN97I0raImyLWaMX5xBBAMtA%2F4pcDG%2FniKQ7uVV9dswo8ezefFfkRt1OSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7adad0a69d9d48ce-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pushlite.neptuneadspush.com/javascripts/service_worker.js?v=2.01
172.64.129.25200 OK 0 B URL HTTP/2 pushlite.neptuneadspush.com/javascripts/service_worker.js?v=2.01
IP 172.64.129.25:0
GET /javascripts/service_worker.js?v=2.01 HTTP/1.1
Host: pushlite.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 23:08:21 GMT
content-type: application/javascript
last-modified: Mon, 30 Jan 2023 13:48:28 GMT
etag: W/"63d7caac-260a"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 5244
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iigRnMfDGlHm9Mg%2BuIh67zQS0pwvTGJBwavQq2nR3Pw40QgI%2FS2j3yCp491KjYwvj7H75zar2QoTvi7hLlO9cXbC0Vby%2Bh5umq0zxVl4G3MqjvQEH5HwCTg7725oVixb0HCAAn9smY%2BFJ6C5C48%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7adad0baab8d496a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2