| phythmspeters.com/648353f7-f07e-4bda-b712-cd2b254a7f3e |  18.156.16.63 | 302 | 0 B |
URL HTTP/1.1phythmspeters.com/648353f7-f07e-4bda-b712-cd2b254a7f3e IP18.156.16.63:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /648353f7-f07e-4bda-b712-cd2b254a7f3e HTTP/1.1
Host: phythmspeters.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Fri, 20 Jan 2023 04:20:57 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.special-offers.org/push/gc/index.html?cep=Z7rloQeN1lCu8qYH2XH4VsFR96G0S1gHg04P4_HEmh68dLNJP9R_4A_599tjX5nxGcCF77Nq3iuGHj4ZApza2biLMoMIJ3xnMpEpQo8pRgEf1gFTPvBF5-24vrysXOYDIsEadEdOtfvBeQFhWyfrsOkiRe6TVua8iVmofGvGwzncIWQXr_gJW0EwSb3C89OjWb0BQi5eicgQOM_jtua_1y3wTwocAN6dbFpaDPrLGwv_jsxOqETVh3VTRhHtqblrfOxDPWjcrPI8NIw7Hmcf5NUSMdAPtvjdXfn_EoNdysmT15egep12rCrslOGy0HjGdQ1c0tswmfi20-Y6PhHVFqHILGzF0AO3opzP150SSODmto3wBut9YXrBC3kxjxAM&lptoken=161374cc19fe026757be
Pragma: no-cache
Set-Cookie: 648353f7-f07e-4bda-b712-cd2b254a7f3e-v4=bLeBtANg1uEJpITj_P6_UwLZhu8uQA86tbebDfAFAG0; Max-Age=86400; Expires=Sat, 21-Jan-2023 04:20:57 GMT; Domain=phythmspeters.com; Path=/; HttpOnly
cep-v4=DF-aXLu4L8uwmoVUmOK6BYnPQGTYviPP2ezKXiwk555za9G3TMQUG8Nd4szkFVkmXR3C-T-rv43dEfZn3iyE1cktOBpQ-_JVPK1dOtrfJ-aPoa6IvJO79vYMBMweJ1ngjS4rn-q6JojGu7EgPr6vs_FQVZc1v2MuiUFZGBz-D7ESMN-DUmnqZkXRWJalmEHqBzpGAKJHrT0w642V7FA-keWCLy4SUZdRInXCOV8bacT38FYmkgBgickztl-nLeJvn6Pc-v_zE_eZPtsSl-jEbaN5cnizrmF3lHIjq3R3ULHulxRziCQpg_NzxHnLaX3xhovL2vrs1ZFiiRCbxjFVt1JPsmLj2KMolESE7P9pYvWyBycITyUb_9pFLJVKwdmL; Max-Age=86400; Expires=Sat, 21-Jan-2023 04:20:57 GMT; Domain=phythmspeters.com; Path=/; HttpOnly
|
|
| r3.o.lencr.org/ |  95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hashcc07d664b5dadee6f9120d54904dfa57 df75a55b0b2019684a6c512bee528c51a2c4a756 14a1bd6315a3256468edafedfd1c02a6ba147914c0f01e8504e7d8cc67781c34
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14A1BD6315A3256468EDAFEDFD1C02A6BA147914C0F01E8504E7D8CC67781C34"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17741
Expires: Fri, 20 Jan 2023 09:16:38 GMT
Date: Fri, 20 Jan 2023 04:20:57 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hash648bf42163c5d645d8a33cd0a9afebd0 9b9ac85435c4e90647e8379bca54c689058a8929 060757fb4857858d4d01a715824ea6771d0137e73a24bf75e2844d0f346380fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060757FB4857858D4D01A715824EA6771D0137E73A24BF75E2844D0F346380FA"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15464
Expires: Fri, 20 Jan 2023 08:38:41 GMT
Date: Fri, 20 Jan 2023 04:20:57 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ |  35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashff250d3ef3fa45322bf05039a0122a9f b3e7a2c383bce1bab807dbe1a03c375258b51f1d d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 03:34:35 GMT
content-type: application/json
age: 2782
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hash6c8239f3894cfba54d1f3a9ea1c85db5 a70f2b3bf79f2aa26b0cc0340dd182565c3eb946 64dc0508d3fcea1ec92fb60310e9b3f5454c0b69f61e8453fd443bc46ab9471b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64DC0508D3FCEA1EC92FB60310E9B3F5454C0B69F61E8453FD443BC46AB9471B"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2422
Expires: Fri, 20 Jan 2023 05:01:19 GMT
Date: Fri, 20 Jan 2023 04:20:57 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: d1GwN+nJg5Mjks1OcmQ6r3wGIo0LQx0dsgEXeE4e0FYautq0VPO93xpwXdMTdAqL881ezB2qwRg=
x-amz-request-id: 20MZMEGDZDC2VNW9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 20 Jan 2023 03:46:11 GMT
age: 2087
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 04:20:58 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.165 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.165:0
Hashf53e5533262a90891040ea96e2bfdff1 a41786161938ffd3679ae02717976ff434abc6c2 f14cea911a4ba3ba0c8cb0117b3836f64590adc0e8cb780c09263b21dab9e72e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=153213
Date: Fri, 20 Jan 2023 04:20:58 GMT
Etag: "63c9ca27-1d7"
Expires: Sat, 21 Jan 2023 22:54:31 GMT
Last-Modified: Thu, 19 Jan 2023 22:54:31 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IGxo8vJGk78fE1SJ94YU__i2OXjBy9m8pTO4EoGu09T-VmzSvtAYnA==
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 20 Jan 2023 04:17:28 GMT
age: 210
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashdce4a8be753d4a93db03ffca50421c43 068040a8f69777484e545c0053ad54f273710797 7e6dddef8a4a5502c9715f8c20dcb75e132ecc875f13459a967c9e235e9ce3e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3980
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 04:20:58 GMT
Last-Modified: Fri, 20 Jan 2023 03:14:39 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
|
|
| www.special-offers.org/push/gc/c02173e7e4e2e6e95265f3f52dba5132a5a6e15111.gif | 54.230.111.15 | 200 OK | 636 kB |
URL HTTP/2www.special-offers.org/push/gc/c02173e7e4e2e6e95265f3f52dba5132a5a6e15111.gif IP54.230.111.15:0
File typeGIF image data, version 89a, 800 x 600\012- data Size636 kB (636270 bytes) Hashe9c2b911f7146d835ac0020b436d34e9 8a5e8a2275c780ffc650615325b6213d6e35d8f0 a79832a29a4c866c3f7830f60abfa91a89367ab6af66786104d92d85a9ff50ad
GET /push/gc/c02173e7e4e2e6e95265f3f52dba5132a5a6e15111.gif HTTP/1.1
Host: www.special-offers.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.special-offers.org/push/gc/index.html?cep=Z7rloQeN1lCu8qYH2XH4VsFR96G0S1gHg04P4_HEmh68dLNJP9R_4A_599tjX5nxGcCF77Nq3iuGHj4ZApza2biLMoMIJ3xnMpEpQo8pRgEf1gFTPvBF5-24vrysXOYDIsEadEdOtfvBeQFhWyfrsOkiRe6TVua8iVmofGvGwzncIWQXr_gJW0EwSb3C89OjWb0BQi5eicgQOM_jtua_1y3wTwocAN6dbFpaDPrLGwv_jsxOqETVh3VTRhHtqblrfOxDPWjcrPI8NIw7Hmcf5NUSMdAPtvjdXfn_EoNdysmT15egep12rCrslOGy0HjGdQ1c0tswmfi20-Y6PhHVFqHILGzF0AO3opzP150SSODmto3wBut9YXrBC3kxjxAM&lptoken=161374cc19fe026757be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 636270
date: Fri, 20 Jan 2023 04:20:59 GMT
last-modified: Wed, 07 Sep 2022 01:07:36 GMT
etag: "e9c2b911f7146d835ac0020b436d34e9"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zAhDjS-xjYNHrGuc2VWf7EJtEmRN3Dz0iwp1ETmrCLi8SqLskKUu7w==
X-Firefox-Spdy: h2
|
|
| www.special-offers.org/push/gc/2ef289afa287fa1e905a9eb520974fb963c1fe98.png | 54.230.111.15 | 200 OK | 8.7 kB |
URL HTTP/2www.special-offers.org/push/gc/2ef289afa287fa1e905a9eb520974fb963c1fe98.png IP54.230.111.15:0
File typePNG image data, 395 x 77, 8-bit/color RGBA, non-interlaced\012- data Hashbec6b8eab9d6e094df42a0e1b8230994 2ef289afa287fa1e905a9eb520974fb963c1fe98 ca9a2744b49c225c39ddd78239e2b4e1703f2f8ee03d6bc22a9f53532ac94046
GET /push/gc/2ef289afa287fa1e905a9eb520974fb963c1fe98.png HTTP/1.1
Host: www.special-offers.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.special-offers.org/push/gc/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 8660
date: Fri, 20 Jan 2023 04:20:59 GMT
last-modified: Wed, 07 Sep 2022 01:07:28 GMT
etag: "bec6b8eab9d6e094df42a0e1b8230994"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3ZvBgXzq0CQt7THwhBmrZQE66UFLHy6zxjnNmllDMl0_KcQx7cFuuw==
X-Firefox-Spdy: h2
|
|
| fly.greenlizard.click/js/pub.min.js | 67.212.173.77 | 200 OK | 1.5 kB |
URL HTTP/2fly.greenlizard.click/js/pub.min.js IP67.212.173.77:0
File typeASCII text, with very long lines (2752) Hash31c303586c1b78e33984bd252b8e2644 8083e2aad4cbf8242a4e6fb53657d49552b85f82 d2c713c2734353dc0ef2896d057021e9b04f35bb7c851d920d390941769c66be
GET /js/pub.min.js HTTP/1.1
Host: fly.greenlizard.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.special-offers.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 04:20:58 GMT
content-type: application/javascript
content-length: 1482
last-modified: Fri, 09 Sep 2022 11:46:08 GMT
vary: Accept-Encoding
etag: "631b2780-5ca"
content-encoding: gzip
expires: Sat, 21 Jan 2023 04:20:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 54.68.36.223 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.68.36.223:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gUKA5XrMxEXt3HUbdAt36A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nAWGKtPfoE789IILeebgdRCPwHA=
|
|
| www.special-offers.org/push/gc/1d936c9181a86fc7d77dc67ad3a3f2d194557253.png | 54.230.111.15 | 200 OK | 48 kB |
URL HTTP/2www.special-offers.org/push/gc/1d936c9181a86fc7d77dc67ad3a3f2d194557253.png IP54.230.111.15:0
File typePNG image data, 414 x 736, 8-bit colormap, non-interlaced\012- data Hasha66a7278909b71cde6a87ae400e2de8b 1d936c9181a86fc7d77dc67ad3a3f2d194557253 52e9e7f992721ed81bdb6146fe578eb67437eeb378d7c87a46928996ff219b1c
GET /push/gc/1d936c9181a86fc7d77dc67ad3a3f2d194557253.png HTTP/1.1
Host: www.special-offers.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.special-offers.org/push/gc/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 47495
date: Fri, 20 Jan 2023 04:21:00 GMT
last-modified: Wed, 07 Sep 2022 01:07:27 GMT
etag: "a66a7278909b71cde6a87ae400e2de8b"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: THlc_KDICXniGc7b7uOqybO50vWpi7b6pAadGSdiJ4Plez5-mHvzHw==
X-Firefox-Spdy: h2
|
|
| www.special-offers.org/sw.js?v=1674188458573 | 54.230.111.15 | 200 OK | 53 B |
URL HTTP/2www.special-offers.org/sw.js?v=1674188458573 IP54.230.111.15:0
File typeASCII text, with no line terminators Hash7ef63b2d277b275b371f84e2c5bd4181 b41db3a7b78683d7ddf2373b6b7dd8a1861d46ba 4c8929735720cc18a7ed54c0edd2b48a69ea531f00f04b950dd146195314feab
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /sw.js?v=1674188458573 HTTP/1.1
Host: www.special-offers.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 53
date: Fri, 20 Jan 2023 04:21:00 GMT
last-modified: Tue, 03 May 2022 01:04:33 GMT
etag: "7ef63b2d277b275b371f84e2c5bd4181"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: h5XoA4stzO56IhhiZt5WxysxSuH9mzOPNyeR2cb7iyX9yss3fAZMgQ==
X-Firefox-Spdy: h2
|
|
| www.special-offers.org/push/gc/99e01d3e0c461a43735019cc73db8074aa7ab504.png | 54.230.111.15 | 200 OK | 96 B |
URL HTTP/2www.special-offers.org/push/gc/99e01d3e0c461a43735019cc73db8074aa7ab504.png IP54.230.111.15:0
File typePNG image data, 16 x 16, 1-bit colormap, non-interlaced\012- data Hash35b9ee99fe32d3d68f7807c43d768092 99e01d3e0c461a43735019cc73db8074aa7ab504 cfee15b8d3ffca2475ecab6e25900ed1454d9c327fca1942728629452ad00ee6
GET /push/gc/99e01d3e0c461a43735019cc73db8074aa7ab504.png HTTP/1.1
Host: www.special-offers.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.special-offers.org/push/gc/index.html?cep=Z7rloQeN1lCu8qYH2XH4VsFR96G0S1gHg04P4_HEmh68dLNJP9R_4A_599tjX5nxGcCF77Nq3iuGHj4ZApza2biLMoMIJ3xnMpEpQo8pRgEf1gFTPvBF5-24vrysXOYDIsEadEdOtfvBeQFhWyfrsOkiRe6TVua8iVmofGvGwzncIWQXr_gJW0EwSb3C89OjWb0BQi5eicgQOM_jtua_1y3wTwocAN6dbFpaDPrLGwv_jsxOqETVh3VTRhHtqblrfOxDPWjcrPI8NIw7Hmcf5NUSMdAPtvjdXfn_EoNdysmT15egep12rCrslOGy0HjGdQ1c0tswmfi20-Y6PhHVFqHILGzF0AO3opzP150SSODmto3wBut9YXrBC3kxjxAM&lptoken=161374cc19fe026757be
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 96
date: Fri, 20 Jan 2023 04:21:00 GMT
last-modified: Wed, 07 Sep 2022 01:07:30 GMT
etag: "35b9ee99fe32d3d68f7807c43d768092"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9Jsbc_el-o_mIzrmyt_Lfv2p6yDr4m4LNTUbqKZ0nTEoOrg5I30HKQ==
X-Firefox-Spdy: h2
|
|
| shipit.reddragon.bond/sw.js | 184.154.10.250 | 200 OK | 776 B |
URL HTTP/2shipit.reddragon.bond/sw.js IP184.154.10.250:0
Hash4670e927866f32d0e1a384d9831b3091 74cb870ed594216e97cc657979014919890a9ccf 7b0c67d5c3fc76260367d6a8df9e9c12aa4dec99e3f9d531aa3715c4401f6b59
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /sw.js HTTP/1.1
Host: shipit.reddragon.bond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.special-offers.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 04:20:59 GMT
content-type: application/javascript
content-length: 776
last-modified: Sat, 14 Jan 2023 09:18:05 GMT
vary: Accept-Encoding
etag: "63c2734d-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hash7db9f11a1c6ab0117ed3dd1d36e3aecc 61a4de77803ce4ad730c21dd88b5b55a196f26d6 b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2967
Expires: Fri, 20 Jan 2023 05:10:27 GMT
Date: Fri, 20 Jan 2023 04:21:00 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hash7db9f11a1c6ab0117ed3dd1d36e3aecc 61a4de77803ce4ad730c21dd88b5b55a196f26d6 b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2967
Expires: Fri, 20 Jan 2023 05:10:27 GMT
Date: Fri, 20 Jan 2023 04:21:00 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hash7db9f11a1c6ab0117ed3dd1d36e3aecc 61a4de77803ce4ad730c21dd88b5b55a196f26d6 b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2967
Expires: Fri, 20 Jan 2023 05:10:27 GMT
Date: Fri, 20 Jan 2023 04:21:00 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hash7db9f11a1c6ab0117ed3dd1d36e3aecc 61a4de77803ce4ad730c21dd88b5b55a196f26d6 b52c568528f72c5653bad85a1f72fb22f43dcb5d96ad234ab2772a7f95ca6cc2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B52C568528F72C5653BAD85A1F72FB22F43DCB5D96AD234AB2772A7F95CA6CC2"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2967
Expires: Fri, 20 Jan 2023 05:10:27 GMT
Date: Fri, 20 Jan 2023 04:21:00 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2c28916-3631-461f-8eaf-6d24961d9110.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2c28916-3631-461f-8eaf-6d24961d9110.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash476046a1ca0444e381e76423ec70a59e fca15006510971eeece8d0b0f0594e52c7089297 d15bd15ff9ac7ac17ecf1c85c6db3022db8e92ddc7a8d19e99f320b931be4236
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2c28916-3631-461f-8eaf-6d24961d9110.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11034
x-amzn-requestid: ea862f2a-f9df-4a80-a27e-5728e6a39c00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6w5UFWsoAMFobQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c761d5-0d35e5a712fff4a57bf265b9;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 03:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sZdHPl3ikAqc-h9G-jxdw9wEb4sr7dljeD_lO2abCmGU8sLh30V57Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 04:41:24 GMT
age: 85176
etag: "fca15006510971eeece8d0b0f0594e52c7089297"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9369b744-9dfc-4ac2-9ce0-a77f2ec05285.jpeg | 34.120.237.76 | 200 OK | 8.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9369b744-9dfc-4ac2-9ce0-a77f2ec05285.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash7cea3a2fd9e8c981ece73b75feccf858 37d407635bcb25d297429c10c3e33d58cc82e178 32063a5a3d74bc88752b89b7cd3387169e71e81d97ec0c2041c53c03c60f62a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9369b744-9dfc-4ac2-9ce0-a77f2ec05285.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8230
x-amzn-requestid: 6ab1dccd-6dc5-485a-af2d-ac53f13c78bd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRvGMJIAMFkdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73e-586593f974e499e94995c289;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LvLtJnSXSnrBdTUWvpvsX6Vu33POniybQnepJx06DqWLk2KwnC52AQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:04:37 GMT
age: 22583
etag: "37d407635bcb25d297429c10c3e33d58cc82e178"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39a35445-bc58-42fe-a967-b38a36fdd046.jpeg | 34.120.237.76 | 200 OK | 6.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39a35445-bc58-42fe-a967-b38a36fdd046.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hasha97cab18b1edfc6020ede86813e24b16 61f5d22d3697f56e862fa18b21ba971a8fafc856 adc06b60d43a1074da12325a4fb27365773ea08db9d51b1e0756b2b2a05a6400
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39a35445-bc58-42fe-a967-b38a36fdd046.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6385
x-amzn-requestid: b9f064c9-1c2b-4888-b684-f57b116eb09f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRQGESIAMF5-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73b-2e4d54d54fe21db92ab308c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iWraVjV4LxSKHeLNstsLWAw1zDFukQ-HPoJTYWlkkqO9FZ0HeGUOpQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:08:45 GMT
age: 22335
etag: "61f5d22d3697f56e862fa18b21ba971a8fafc856"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F698f24eb-f312-4a20-b261-be41dd92564c.jpeg | 34.120.237.76 | 200 OK | 6.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F698f24eb-f312-4a20-b261-be41dd92564c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashffb6957f05eb26875b60b795a1a0e818 44c2febdf59c4f08401e7c3edd0837dd4b1a8886 0fdb841fbf2f336f58cc4b63d271c8cdd3fba345de4c774651826ea24e3628b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F698f24eb-f312-4a20-b261-be41dd92564c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6399
x-amzn-requestid: e4b80b20-8aad-47aa-9059-7f7729f901bf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7UZ1ExQoAMFXKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79aa5-66622b6c3e8fd210011618c5;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:07:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HSec-atXiQMoOd0Jqu8_jiC3cHqeyPpYvFJxKzqJcpp9i6sZhGMMEg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 06:59:40 GMT
age: 76880
etag: "44c2febdf59c4f08401e7c3edd0837dd4b1a8886"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c5bbe69-4672-4861-95fd-3f76c75ed161.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c5bbe69-4672-4861-95fd-3f76c75ed161.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd04668bc55b023c020ad89eb4f559951 9912835fb400d443dfbe7aca613aeb5c21e7f6db a61ab41144cfd20dcc81eedd1a61ac22fff2003c24f8b2ffd9141443120f525d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c5bbe69-4672-4861-95fd-3f76c75ed161.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11046
x-amzn-requestid: a8521e16-bb8c-43ce-b4a6-4e064f8574b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-m54Ge3oAMFpqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8eb72-59eb8eef5dba93ae12823a81;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 07:04:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AR4jf0c95Lg86A1TzCLuPdWuRkmlOi_mW1Cy9tEiSqDZiRF1KSxAcQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 07:32:16 GMT
age: 74924
etag: "9912835fb400d443dfbe7aca613aeb5c21e7f6db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1d34ea3-007b-405d-b0bb-99fdb4b08159.jpeg | 34.120.237.76 | 200 OK | 6.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1d34ea3-007b-405d-b0bb-99fdb4b08159.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash447c7832b50421193a9b962e621d8379 eddd33bded6e9c705ed5f0aa2ed036faeefa388f 00946fa4ac2a2c6c23a22e1c5bf2d1d3871975c9730cf522fa7f937bb431e0ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1d34ea3-007b-405d-b0bb-99fdb4b08159.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5963
x-amzn-requestid: ea2ebb82-342c-43b8-8efc-2d498b10dcf3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6x34HRKIAMFsaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c76365-718e93577d7b38307da8ec52;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 03:11:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sDlG3HtyJQ6JNgwAiWqCmhFkmOSV_PQyHJpH0Vj6Jzae_xb-4vbzfg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 04:46:29 GMT
age: 84871
etag: "eddd33bded6e9c705ed5f0aa2ed036faeefa388f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| www.special-offers.org/push/gc/index.html?cep=Z7rloQeN1lCu8qYH2XH4VsFR96G0S1gHg04P4_HEmh68dLNJP9R_4A_599tjX5nxGcCF77Nq3iuGHj4ZApza2biLMoMIJ3xnMpEpQo8pRgEf1gFTPvBF5-24vrysXOYDIsEadEdOtfvBeQFhWyfrsOkiRe6TVua8iVmofGvGwzncIWQXr_gJW0EwSb3C89OjWb0BQi5eicgQOM_jtua_1y3wTwocAN6dbFpaDPrLGwv_jsxOqETVh3VTRhHtqblrfOxDPWjcrPI8NIw7Hmcf5NUSMdAPtvjdXfn_EoNdysmT15egep12rCrslOGy0HjGdQ1c0tswmfi20-Y6PhHVFqHILGzF0AO3opzP150SSODmto3wBut9YXrBC3kxjxAM&lptoken=161374cc19fe026757be | 54.230.111.15 | 200 OK | 0 B |
URL HTTP/2www.special-offers.org/push/gc/index.html?cep=Z7rloQeN1lCu8qYH2XH4VsFR96G0S1gHg04P4_HEmh68dLNJP9R_4A_599tjX5nxGcCF77Nq3iuGHj4ZApza2biLMoMIJ3xnMpEpQo8pRgEf1gFTPvBF5-24vrysXOYDIsEadEdOtfvBeQFhWyfrsOkiRe6TVua8iVmofGvGwzncIWQXr_gJW0EwSb3C89OjWb0BQi5eicgQOM_jtua_1y3wTwocAN6dbFpaDPrLGwv_jsxOqETVh3VTRhHtqblrfOxDPWjcrPI8NIw7Hmcf5NUSMdAPtvjdXfn_EoNdysmT15egep12rCrslOGy0HjGdQ1c0tswmfi20-Y6PhHVFqHILGzF0AO3opzP150SSODmto3wBut9YXrBC3kxjxAM&lptoken=161374cc19fe026757be IP54.230.111.15:0
GET /push/gc/index.html?cep=Z7rloQeN1lCu8qYH2XH4VsFR96G0S1gHg04P4_HEmh68dLNJP9R_4A_599tjX5nxGcCF77Nq3iuGHj4ZApza2biLMoMIJ3xnMpEpQo8pRgEf1gFTPvBF5-24vrysXOYDIsEadEdOtfvBeQFhWyfrsOkiRe6TVua8iVmofGvGwzncIWQXr_gJW0EwSb3C89OjWb0BQi5eicgQOM_jtua_1y3wTwocAN6dbFpaDPrLGwv_jsxOqETVh3VTRhHtqblrfOxDPWjcrPI8NIw7Hmcf5NUSMdAPtvjdXfn_EoNdysmT15egep12rCrslOGy0HjGdQ1c0tswmfi20-Y6PhHVFqHILGzF0AO3opzP150SSODmto3wBut9YXrBC3kxjxAM&lptoken=161374cc19fe026757be HTTP/1.1
Host: www.special-offers.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
date: Fri, 20 Jan 2023 04:20:59 GMT
last-modified: Thu, 08 Sep 2022 01:54:40 GMT
etag: W/"bb812e8ee0d3b737305da5418922d206"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KUFJ8iT7GV3eyHYb-KYq-LirZLqYjXwvhSpTexJYmm3bPKaqFMUfEA==
X-Firefox-Spdy: h2
|
|
| www.special-offers.org/push/gc/style.css | 54.230.111.15 | 200 OK | 0 B |
URL HTTP/2www.special-offers.org/push/gc/style.css IP54.230.111.15:0
GET /push/gc/style.css HTTP/1.1
Host: www.special-offers.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.special-offers.org/push/gc/index.html?cep=Z7rloQeN1lCu8qYH2XH4VsFR96G0S1gHg04P4_HEmh68dLNJP9R_4A_599tjX5nxGcCF77Nq3iuGHj4ZApza2biLMoMIJ3xnMpEpQo8pRgEf1gFTPvBF5-24vrysXOYDIsEadEdOtfvBeQFhWyfrsOkiRe6TVua8iVmofGvGwzncIWQXr_gJW0EwSb3C89OjWb0BQi5eicgQOM_jtua_1y3wTwocAN6dbFpaDPrLGwv_jsxOqETVh3VTRhHtqblrfOxDPWjcrPI8NIw7Hmcf5NUSMdAPtvjdXfn_EoNdysmT15egep12rCrslOGy0HjGdQ1c0tswmfi20-Y6PhHVFqHILGzF0AO3opzP150SSODmto3wBut9YXrBC3kxjxAM&lptoken=161374cc19fe026757be
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Fri, 20 Jan 2023 04:20:59 GMT
last-modified: Wed, 07 Sep 2022 01:07:39 GMT
etag: W/"5e1f5f4c96dc20f233a6ef9d8cc271ff"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qUxly0ubDlxkkc7wjS8EQUwFYCCidyzhcV96H5C4XOog-s08oROdgg==
X-Firefox-Spdy: h2
|
|