r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21374
Expires: Fri, 27 Jan 2023 13:36:46 GMT
Date: Fri, 27 Jan 2023 07:40:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4556
Expires: Fri, 27 Jan 2023 08:56:28 GMT
Date: Fri, 27 Jan 2023 07:40:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8142
Expires: Fri, 27 Jan 2023 09:56:14 GMT
Date: Fri, 27 Jan 2023 07:40:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 07:35:19 GMT
content-type: application/json
age: 313
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
zd7bc.toconnectoffer.com/t/a4c85d49aa63/d7216c84-9e15-11ed-8e7b-eb3962768833/d72b2954-9e15-11ed-9d69-b59d9bc84fae
301 Moved Permanently 0 B URL HTTP/1.1 zd7bc.toconnectoffer.com/t/a4c85d49aa63/d7216c84-9e15-11ed-8e7b-eb3962768833/d72b2954-9e15-11ed-9d69-b59d9bc84fae
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /t/a4c85d49aa63/d7216c84-9e15-11ed-8e7b-eb3962768833/d72b2954-9e15-11ed-9d69-b59d9bc84fae HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://zd7bc.toconnectoffer.com/t/a4c85d49aa63/d7216c84-9e15-11ed-8e7b-eb3962768833/d72b2954-9e15-11ed-9d69-b59d9bc84fae
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ce9r7JLcM/9eTQBKHqwlGsHD1UxXwxOjuK48F5CsVtffRce8vri/KGL44TrAxULAV5vYg4HO8sk=
x-amz-request-id: 51K7B854VEX5PZAJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 07:20:27 GMT
age: 1205
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 07:40:32 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 06:49:03 GMT
age: 3089
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 13aade267a5f403b24dbe41a66f49e96
5d49154fdc0f95632cccc92615877dbbd94cfe68
4939c464ac0887768a0ded6d61d10cdf8f58365556612fe87c904aeb07650664
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4939C464AC0887768A0DED6D61D10CDF8F58365556612FE87C904AEB07650664"
Last-Modified: Wed, 25 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21549
Expires: Fri, 27 Jan 2023 13:39:41 GMT
Date: Fri, 27 Jan 2023 07:40:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c398b6b39d11d25b8ae9bc5cd94a1c98
640aa8c399ced71d0c2a9f5a90fbaf091b01d642
a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3754
Expires: Fri, 27 Jan 2023 08:43:07 GMT
Date: Fri, 27 Jan 2023 07:40:33 GMT
Connection: keep-alive
zd7bc.toconnectoffer.com/t/a4c85d49aa63/d7216c84-9e15-11ed-8e7b-eb3962768833/d72b2954-9e15-11ed-9d69-b59d9bc84fae
200 OK 6.3 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/t/a4c85d49aa63/d7216c84-9e15-11ed-8e7b-eb3962768833/d72b2954-9e15-11ed-9d69-b59d9bc84fae
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (985)
Hash 042cb4291f2714c330e9774934efd71e
21bf09a9d2bf4057c094329b6c32456a54532135
aca171e3b284776754b55e0d2b0ddfd365a3644bfa8b6485b2eac503ba9ff96a
Analyzer Verdict Alert fortinet Phishing
GET /t/a4c85d49aa63/d7216c84-9e15-11ed-8e7b-eb3962768833/d72b2954-9e15-11ed-9d69-b59d9bc84fae HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Fri, 27 Jan 2023 07:40:33 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
service-worker-allowed: /
cache-control: no-cache, private
x-redir: true
set-cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D; expires=Fri, 27 Jan 2023 09:40:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-encoding: gzip
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 07:40:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 03:22:46 GMT
expires: Mon, 22 Jan 2024 03:22:46 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 447467
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/custom_style.css
200 OK 9.1 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/custom_style.css
IP
File type ASCII text, with very long lines (341)
Hash d6821948f9d3a80b1f3169f670e1b06c
4e041b3a391424b761c6a55d63d9fd5c25c60565
67aa606c92605d826c400b3e72147f7df5723f1c1abee0bb4c8665a9cb0b4255
GET /templates/templates/mysterybox/files/custom_style.css HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:52 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "d6821948f9d3a80b1f3169f670e1b06c"
content-type: text/css
content-length: 9065
x-varnish: 154855629 150502862
age: 123641
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 07:40:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: V+c0GPJks6RROPLAid6Ncw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wFkZ6fgVyDyyPt1smSVYdpcymY4=
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/en_date.js
200 OK 1.1 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/en_date.js
IP
Hash f9d789ef2320020f47db4ed0db2e4323
cf76ef82e090285dfd1fccfbb9c479ebf179ae1c
1999301c84d39ee8b6ea31d6b71f8de51a7470ea855b1080effcc67a2afe6136
Analyzer Verdict Alert fortinet Phishing
GET /templates/templates/mysterybox/files/en_date.js HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:52 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "f9d789ef2320020f47db4ed0db2e4323"
content-type: application/javascript
content-length: 1125
service-worker-allowed: /
x-varnish: 155314079 150981842
age: 123641
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/o/2XXQ6DLP/d7216c84-9e15-11ed-8e7b-eb3962768833/?push=true
302 Found 818 B URL HTTP/1.1 zd7bc.toconnectoffer.com/o/2XXQ6DLP/d7216c84-9e15-11ed-8e7b-eb3962768833/?push=true
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (325)
Hash f7e1a6ed110e258f20d81bf5f4df3c62
0270457fcc3a78ac7176bf7aaf2694f064dd4765
0c49673c3d5fc9fddbf598b7dcd4c2b640f880a820aadc463cc32489773721fd
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/d7216c84-9e15-11ed-8e7b-eb3962768833/?push=true HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
date: Fri, 27 Jan 2023 07:40:33 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=e1c1cd28-9e15-11ed-84d0-0bf3782a64f6&&push=true
x-redir: true
set-cookie: yredir_session=eyJpdiI6IjRVbE9VbUErd1JrZ2FpZUZIM3Fac0E9PSIsInZhbHVlIjoicnJVMVVTQWVveU15cjhBSXNOcFNHUGNkdnNVUzBrdTBJUHJLWkI2NU44OXJKVGdZWWlYQ0cwc2oraTlOY1Y3amQ2eEcvSWxSRko2VnZadXJpUnZKU1dIcVhzK3dQc3M5Q1F1TDZoa3IrK2tOQkVBY0dvWU5WdU1OZXV3Um03a1MiLCJtYWMiOiI3ZDZhNzcwNTE2OTMwZGEzYTZjMTE0MTdjM2UzMjUzNWRlYmU2Yjk3MjdiODIwYzgwMDM4ZWFlMWI3MTA4YTkzIiwidGFnIjoiIn0%3D; expires=Fri, 27 Jan 2023 09:40:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/platform.js
200 OK 41 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/platform.js
IP
File type ASCII text, with very long lines (568)
Hash ccad5ec1b46e291191a730fa8f9545bb
3a9ab890a0268080c79fcf3739ef82779d9ff453
5450fd792e0070751798a1b0923d0aef6e0fae66f81b0a17f5bed483e8a1234c
Analyzer Verdict Alert fortinet Phishing
GET /templates/templates/mysterybox/files/platform.js HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:52 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "ccad5ec1b46e291191a730fa8f9545bb"
content-type: application/javascript
content-length: 40635
service-worker-allowed: /
x-varnish: 155314081 150981844
age: 123641
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.digicert.com/
200 OK 278 B IP
Hash 311d1440194c05b2538504a598f955a8
96e8c0ec7ba1ee27880aeb573469e0c40a88cba8
ec3fa33eda02a8d80b4a3fe2aa90536a93a85c6b2827729fbc3cf8eed5de57dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 07:40:33 GMT
Server: ECS (amb/6B93)
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash 311d1440194c05b2538504a598f955a8
96e8c0ec7ba1ee27880aeb573469e0c40a88cba8
ec3fa33eda02a8d80b4a3fe2aa90536a93a85c6b2827729fbc3cf8eed5de57dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 07:40:34 GMT
Last-Modified: Fri, 27 Jan 2023 07:40:33 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
zd7bc.toconnectoffer.com/templates/templates/mysterybox/assets/box_o_b.png
200 OK 3.4 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/assets/box_o_b.png
IP
File type PNG image data, 241 x 134, 8-bit colormap, non-interlaced\012- data
Hash 44da211f58be2b1f3aaa2aa3aa3055ed
59f5e9a8e6f5874a7521dec4fdd6878d7924bb75
ed16388bac328613e7ff4fa6933545b80a53cbcb528997e574a6f1b19f5aeeb2
GET /templates/templates/mysterybox/assets/box_o_b.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:21:35 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "44da211f58be2b1f3aaa2aa3aa3055ed"
content-type: image/png
content-length: 3394
x-varnish: 155314086 151260517
age: 123539
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/gift.gif
200 OK 16 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/gift.gif
IP
File type GIF image data, version 89a, 100 x 100\012- data
Hash 573c467d7a0b1c4c009ba98927dfa335
78d9c7efaeed568b74f1e4d1b4eb67e51dbbb9f1
c4f1d8867d03d437694f1cac0c9df3a7f5006fb8df474023bfa1d78f88843ce8
GET /templates/templates/mysterybox/files/gift.gif HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:54 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "573c467d7a0b1c4c009ba98927dfa335"
content-type: image/gif
content-length: 15606
x-varnish: 155369990 150532583
age: 123641
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/exit.png
200 OK 525 B URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/exit.png
IP
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 7b53e9c6d14fab18765c748a00d43c93
afe0633605e88df340fa3e0238c315eec766fe2f
fdc34fd73310984f22db0235f635024c80a884c451322931892dd722567ceaaf
GET /templates/templates/mysterybox/files/exit.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:54 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "7b53e9c6d14fab18765c748a00d43c93"
content-type: image/png
content-length: 525
x-varnish: 155396548 151047454
age: 123641
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/box_c.png
200 OK 8.8 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/box_c.png
IP
File type PNG image data, 241 x 184, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b0b641f72293ea5bb5e43b8158b31a9
e04f96aac3e342f60df32c92ef54b9b316b1fb59
6b2c28e1e03c021256d67916384b83f706500edfa701080150d78bd9fab51bf2
GET /templates/templates/mysterybox/files/box_c.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:54 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "9b0b641f72293ea5bb5e43b8158b31a9"
content-type: image/png
content-length: 8814
x-varnish: 155494517 150532581
age: 123641
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/assets/box_o_t.png
200 OK 2.4 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/assets/box_o_t.png
IP
File type PNG image data, 241 x 79, 8-bit colormap, non-interlaced\012- data
Hash fc33ce5887eb7b5a81b9377a68698114
bb99be3eac1dbe6ebec9a1e5f08b0f183b79a2c6
f9e2740fb819e3748066a670f88ad743cfc3068d5ce2a99fbd1fa731537f6127
GET /templates/templates/mysterybox/assets/box_o_t.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:56 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "fc33ce5887eb7b5a81b9377a68698114"
content-type: image/png
content-length: 2430
x-varnish: 155276340 150981867
age: 123639
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/media/template-images/cashapp-750/300x200.jpg
200 OK 9.2 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/media/template-images/cashapp-750/300x200.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x198, components 3\012- data
Hash 010f3ef1fb20eba0a01b50a9a1b75230
e08035409cef0e2c6548ecb3c9f052d228194f12
8f01fe728439dd1badf7aee8079c1cd6c5a168cf20d6f3c14754e3cd0480a00e
GET /media/template-images/cashapp-750/300x200.jpg HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 22:09:01 GMT
last-modified: Tue, 17 May 2022 15:08:24 GMT
etag: "010f3ef1fb20eba0a01b50a9a1b75230"
content-type: image/jpeg
content-length: 9181
x-varnish: 154855631 150171091
age: 120693
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/media/template-images/cashapp-750/300x200.jpg.png
403 Forbidden 243 B URL HTTP/1.1 zd7bc.toconnectoffer.com/media/template-images/cashapp-750/300x200.jpg.png
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash e191a6a396fc644db06c3174fa269edd
1ab4d08d68f2269166d79fe80f8eee6e15e81ecb
69ce06229c75d65f3eda34008c3fa3160e49c568644043b74fa0ba598356f2f6
GET /media/template-images/cashapp-750/300x200.jpg.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlRkaloySUNBTTAvb0lEWW5MdXQyQVE9PSIsInZhbHVlIjoiVlYyWlprcG1PWTVkTGo4ckZJUVluemNCSk1Sem9QQUxZdG5ZVG1VMTF2YmdwMzFjR1h1VW04ZUFQd01lOUZUTzZLRmtyazB4Sng1TjZwTjJEZzBiRlJxVHVZU2ZBbkxDays0dTVHMXBmaTgrTno4UURMdkYxQk1WQnVzakdiMVIiLCJtYWMiOiI5Mjc3YzhjZTE4MTc0OTZmMmQzODljYjIxODMzZDI4NjgyYjhjYzNiZWQwNGQyY2Y3ZTBkYjVkN2E2NGI3N2M0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Wed, 25 Jan 2023 22:08:59 GMT
x-varnish: 155276342 151455532
age: 120694
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/_common/js/service-workers/neptuneads/service-worker.js
200 OK 90 B URL HTTP/1.1 zd7bc.toconnectoffer.com/_common/js/service-workers/neptuneads/service-worker.js
IP
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IjRVbE9VbUErd1JrZ2FpZUZIM3Fac0E9PSIsInZhbHVlIjoicnJVMVVTQWVveU15cjhBSXNOcFNHUGNkdnNVUzBrdTBJUHJLWkI2NU44OXJKVGdZWWlYQ0cwc2oraTlOY1Y3amQ2eEcvSWxSRko2VnZadXJpUnZKU1dIcVhzK3dQc3M5Q1F1TDZoa3IrK2tOQkVBY0dvWU5WdU1OZXV3Um03a1MiLCJtYWMiOiI3ZDZhNzcwNTE2OTMwZGEzYTZjMTE0MTdjM2UzMjUzNWRlYmU2Yjk3MjdiODIwYzgwMDM4ZWFlMWI3MTA4YTkzIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=22a2a65b-15b9-5b6f-ff61-48ac4c3850ee
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:11:22 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 155369991 151162932
age: 124153
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10806
Expires: Fri, 27 Jan 2023 10:40:40 GMT
Date: Fri, 27 Jan 2023 07:40:34 GMT
Connection: keep-alive
zd7bc.toconnectoffer.com/media/template-images/cashapp-750/300x200.jpg.png
403 Forbidden 243 B URL HTTP/1.1 zd7bc.toconnectoffer.com/media/template-images/cashapp-750/300x200.jpg.png
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash e191a6a396fc644db06c3174fa269edd
1ab4d08d68f2269166d79fe80f8eee6e15e81ecb
69ce06229c75d65f3eda34008c3fa3160e49c568644043b74fa0ba598356f2f6
GET /media/template-images/cashapp-750/300x200.jpg.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IjRVbE9VbUErd1JrZ2FpZUZIM3Fac0E9PSIsInZhbHVlIjoicnJVMVVTQWVveU15cjhBSXNOcFNHUGNkdnNVUzBrdTBJUHJLWkI2NU44OXJKVGdZWWlYQ0cwc2oraTlOY1Y3amQ2eEcvSWxSRko2VnZadXJpUnZKU1dIcVhzK3dQc3M5Q1F1TDZoa3IrK2tOQkVBY0dvWU5WdU1OZXV3Um03a1MiLCJtYWMiOiI3ZDZhNzcwNTE2OTMwZGEzYTZjMTE0MTdjM2UzMjUzNWRlYmU2Yjk3MjdiODIwYzgwMDM4ZWFlMWI3MTA4YTkzIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=22a2a65b-15b9-5b6f-ff61-48ac4c3850ee
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Wed, 25 Jan 2023 22:08:59 GMT
x-varnish: 155276343 151455532
age: 120694
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10806
Expires: Fri, 27 Jan 2023 10:40:40 GMT
Date: Fri, 27 Jan 2023 07:40:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2dfd3530064d405643a31fedd4fd7618
d8268771360e609892c5506f3114dc4f73c0aad0
b4790125e39e400c30d640cd0c64497256168892405511ec3d43b03dc0e5715a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10973
x-amzn-requestid: caff330a-0cc6-488d-be82-c09c2bb87408
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLQYTEduIAMFZkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfa9b-1f26b225062c8465440cf460;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:10:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L-i1AEFIP6AoWwjds6n7ohyz-Ls1HoF9CXNJS7RRDFApBceBZXmoxA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 13:59:06 GMT
age: 63688
etag: "d8268771360e609892c5506f3114dc4f73c0aad0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33883a9-7857-4110-892f-73f67db692bc.jpeg
200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33883a9-7857-4110-892f-73f67db692bc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a85badd84c0542610b94f22c4f265511
5b490095b5e02d9fef4b762888353998b645dfc9
23d6d9848caf36f0556438c371f112b40dcbf9b08b8b27bd37d4d73960c701c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd33883a9-7857-4110-892f-73f67db692bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9482
x-amzn-requestid: 825c5e6b-8fda-445e-9ed3-f5d634943c00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIZd0HqkIAMFn7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ccd5f1-2b31fe3001a1b04a406ff7ff;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 06:21:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 13clEFrwHH0RFfYGMW5jPHcaa3ezdkHAes8FPn6yA5-pxqRaddDPqQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 05:42:19 GMT
age: 7095
etag: "5b490095b5e02d9fef4b762888353998b645dfc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7364957de1b4c82a923bd947f0cce750
d8aa55b64a65757e043b4b1b63efd93c8261d275
f1f7059968d08adfa1c775c906ecb6e5b752210af0bcdcebfa77c2ba6f15bbf4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: 2946b91b-1d7e-4eba-966d-600ae368cd3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzVxGw1oAMF-xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce328b-04037751257e13ca156eee8d;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4TidB2H164ziAxKhEORFw4BBF0FB2pkkwNq3iMQfS4t7yObXCA59Pw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 14:49:11 GMT
age: 60683
etag: "d8aa55b64a65757e043b4b1b63efd93c8261d275"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg
200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 464592dade1d7207d58b22d5d09d9254
3caa2537edfe4c738540884b3eda51e437d26f4d
c0cdec94ff460c4b875657bb53ed90ef2ef786a2b8095d1ebf09365556536375
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4627
x-amzn-requestid: 38f2ed09-3a2e-4b5d-bde9-24fd7467d1a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZJE-BIAMFvdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3a-4ad90b1c2883444f547b6f84;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Pl5Ta4lZHz2a_R1U3OnL1AZFcLc4Ez6_2U7WZ6ZYUC26k9r7m6mxXw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 03:05:12 GMT
age: 16522
etag: "3caa2537edfe4c738540884b3eda51e437d26f4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23169a26-33f3-4f92-9612-02bf2555d37c.jpeg
200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23169a26-33f3-4f92-9612-02bf2555d37c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d2506ac511dfbea29e29ab14ba10f85
b2e2972ffa82b103c62ffde0fca99454e12d95e6
fbe6f833114208d84033ba691a74da18d641e38f0f327c752333a339f1baae34
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23169a26-33f3-4f92-9612-02bf2555d37c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5263
x-amzn-requestid: d9ce236e-c2fa-42dc-b0ff-ffe53a03a5a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVr6RFnrIAMF3DA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d226a7-378aa8163ddd262944257578;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:07:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jbNIYT3pKuUF_8NaACEsgFv3KxUt5q_5tUqgsf1Bdtdsw7Oxf6kFfA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 07:04:43 GMT
age: 2151
etag: "b2e2972ffa82b103c62ffde0fca99454e12d95e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 18:35:59 GMT
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
age: 47075
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=e1c1cd28-9e15-11ed-84d0-0bf3782a64f6&&push=true
200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=e1c1cd28-9e15-11ed-84d0-0bf3782a64f6&&push=true
IP
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=e1c1cd28-9e15-11ed-84d0-0bf3782a64f6&&push=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 07:40:34 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Fri, 27 Jan 2023 07:40:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02mNQmLZqMr4LhvYmPbocemBHWp0I47Dyapy7epki8iSWAWSAL4zlelGI4Ef0Ig74kJBlciP4tgawInvcmwPlVFW9gqtUgFI2JAFIbEp628B7cuvMawjVOhino%2BbPLUzPj1VKwRxAKIVd5sfmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ffd7485d4376d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
66.195.197.18
93.184.220.29
95.101.11.115
0.0.0.0