Overview

URL go.gkrtmc.com/aff_c?offer_id=8447&aff_id=43690&url_id=0&aff_sub5=push&click_id=010bbcig6sllp3ye57
IP172.255.248.105
ASNSERVERS-COM
Location Luxembourg
Report completed2022-09-07 08:12:14 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-07 2 go.gkrtmc.com/rd.html?go=https%3A%2F%2Fodzrea.speciaidates.com%2Fc%2F1e3a4e (...) Phishing
2022-09-07 2 odzrea.speciaidates.com/js/pushjs/1.0.0/utils.js Phishing
2022-09-07 2 odzrea.speciaidates.com/js/pushjs/1.0.0/subscriber.js Phishing
2022-09-07 2 odzrea.speciaidates.com/js/service-worker.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (13)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-07 05:49:58 UTC 143.204.55.27
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-06 05:16:49 UTC 143.204.55.25
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-07 04:49:50 UTC 34.117.237.239
mnemonic passive DNS cdn-dimi.akamaized.net (13) 0 2022-07-07 13:18:25 UTC 2022-09-07 04:05:04 UTC 184.31.15.67 Domain (akamaized.net) ranked at: 280
mnemonic passive DNS ocsp.pki.goog (5) 175 2017-06-14 07:23:31 UTC 2022-09-07 04:49:42 UTC 142.250.74.3
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-07 06:02:11 UTC 93.184.220.29
mnemonic passive DNS odzrea.speciaidates.com (4) 0 2022-06-06 15:56:46 UTC 2022-09-07 06:09:33 UTC 52.19.101.114 Unknown ranking
mnemonic passive DNS go.gkrtmc.com (5) 0 2022-01-24 12:45:18 UTC 2022-09-07 06:37:03 UTC 172.255.248.105 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-09-06 04:41:22 UTC 23.36.76.226
mnemonic passive DNS fonts.googleapis.com (2) 8877 2014-07-21 13:19:55 UTC 2022-09-07 05:56:46 UTC 216.58.211.10
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-07 04:49:31 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-07 05:08:41 UTC 34.218.168.248
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-07 06:45:34 UTC 34.120.237.76


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.255.248.105

Date UQ / IDS / BL URL IP
2022-11-28 18:45:09 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=8495&aff_id=6162 (...) 172.255.248.105
2022-11-28 15:13:48 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=8495&aff_id=6162 (...) 172.255.248.105
2022-11-26 23:16:13 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=4898&aff_id=6217 (...) 172.255.248.105
2022-11-26 22:03:40 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=8495&aff_id=6162 (...) 172.255.248.105
2022-11-26 22:03:39 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=4178&aff_id=6162 (...) 172.255.248.105

Last 5 reports on ASN: SERVERS-COM

Date UQ / IDS / BL URL IP
2022-11-29 00:26:26 +0000
0 - 0 - 2 www.highperformancecpmgate.com/wupep7k28y 173.233.137.52
2022-11-28 22:58:36 +0000
0 - 0 - 5 inslutty.com/ 23.111.80.247
2022-11-28 19:58:57 +0000
0 - 0 - 1 soldierreproduceadmiration.com 173.233.139.164
2022-11-28 19:49:08 +0000
0 - 0 - 3 dfbfgbfgbf.boxmode.io/ 209.192.137.208
2022-11-28 19:42:51 +0000
0 - 0 - 1 turbobif.com/12igtau52jyu.html?short_domain=t (...) 45.142.201.207

Last 5 reports on domain: gkrtmc.com

Date UQ / IDS / BL URL IP
2022-11-28 18:45:09 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=8495&aff_id=6162 (...) 172.255.248.105
2022-11-28 15:13:48 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=8495&aff_id=6162 (...) 172.255.248.105
2022-11-26 23:16:13 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=4898&aff_id=6217 (...) 172.255.248.105
2022-11-26 22:03:40 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=8495&aff_id=6162 (...) 172.255.248.105
2022-11-26 22:03:39 +0000
0 - 0 - 1 go.gkrtmc.com/aff_c?offer_id=4178&aff_id=6162 (...) 172.255.248.105

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-19 09:00:13 +0000
0 - 0 - 3 kreds63hobro.dk/ 104.21.63.186
2022-11-18 05:14:50 +0000
0 - 0 - 3 waebi.fr/ 104.21.0.224
2022-11-18 02:07:03 +0000
0 - 0 - 2 bckstr.vip/?offer=1755&uid=58e36a42-095e-4918 (...) 104.21.76.148
2022-11-17 23:59:27 +0000
0 - 0 - 3 ridino.shareit-gmp.eu/ 172.67.161.83
2022-11-17 23:58:52 +0000
0 - 0 - 2 richisu.polvarotary.eu/ 172.67.216.14


JavaScript

Executed Scripts (19)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (50)


Request Response
                                        
                                            GET /aff_c?offer_id=8447&aff_id=43690&url_id=0&aff_sub5=push&click_id=010bbcig6sllp3ye57 HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.255.248.105
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 07 Sep 2022 08:12:03 GMT
Content-Length: 216
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 07 Oct 2022 08:12:03 GMT test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Location: aff_c?offer_id=4898&aff_id=43690&aff_sub5=push&click_id=010bbcig6sllp3ye57
Vary: Accept
Cache-Control: no-store, no-cache


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   216
Md5:    28601cddd04e0bf44d28781ba71ba9cb
Sha1:   33632984936db5682417665c8aadbf8c67db0e0c
Sha256: b6dc5b7c2675b46c67feaf8fee7894a06e56caec703abff1dad66331086995f2
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 08:04:39 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: y5TcrQJSGQxPzvkklRxxc6RV1l7zWoPYL4x6Yiob3Fw-snmH5NAtSA==
Age: 444


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    99b7d23c1748d0526782b9ff9ea45f09
Sha1:   eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2311
Expires: Wed, 07 Sep 2022 08:50:34 GMT
Date: Wed, 07 Sep 2022 08:12:03 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 05:03:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0caypd9fXR-NSHiaLvjx6JUa5yDt3pSXuYCrDXKpVi_ERIcWiCLULQ==
age: 15929
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /aff_c?offer_id=4898&aff_id=43690&aff_sub5=push&click_id=010bbcig6sllp3ye57 HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: language=en
Upgrade-Insecure-Requests: 1

                                         
                                         172.255.248.105
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 07 Sep 2022 08:12:03 GMT
Content-Length: 216
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 07 Oct 2022 08:12:03 GMT test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Location: aff_c?offer_id=4177&aff_id=43690&aff_sub5=push&click_id=010bbcig6sllp3ye57
Vary: Accept
Cache-Control: no-store, no-cache


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   216
Md5:    47263f928580dee411fd91842a79ea9a
Sha1:   cb92543e568fc1b9d42940ab0677dc8e252ea083
Sha256: a17b6a7f65c22ab8a4a6b50dae7ac30426a8ac166a4548b2da84da968cd30503
                                        
                                            GET /aff_c?offer_id=4177&aff_id=43690&aff_sub5=push&click_id=010bbcig6sllp3ye57 HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: language=en
Upgrade-Insecure-Requests: 1

                                         
                                         172.255.248.105
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 07 Sep 2022 08:12:03 GMT
Content-Length: 444
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 07 Oct 2022 08:12:03 GMT test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT 4177=37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 07 Oct 2022 08:12:03 GMT op_4177=0; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 07 Oct 2022 08:12:03 GMT user_id=cb08ec5d-e959-4190-b43a-a363e805aa2c_152236d26e90a54caaf47596eab13a70; Domain=go.gkrtmc.com; Path=/; Expires=Mon, 06 Sep 2027 08:12:03 GMT; Secure; SameSite=None
Location: /rd.html?go=https%3A%2F%2Fodzrea.speciaidates.com%2Fc%2F1e3a4e532f1c7040%3Fs1%3D116914%26s2%3D1419167%26s3%3D43690%26s5%3D%26click_id%3D37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd%26j1%3D1%26j8%3D1
Vary: Accept
Cache-Control: no-store, no-cache


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (444), with no line terminators
Size:   444
Md5:    1af6519258472767dd78b9a0d249f486
Sha1:   6fed24ec01a715e06eaf4c8401bc29c734ab48e2
Sha256: db9828887e999fc78125389c13988e46ff4dcd53953325b01e5dee2c3f50d05c
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 07 Sep 2022 08:12:03 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /rd.html?go=https%3A%2F%2Fodzrea.speciaidates.com%2Fc%2F1e3a4e532f1c7040%3Fs1%3D116914%26s2%3D1419167%26s3%3D43690%26s5%3D%26click_id%3D37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd%26j1%3D1%26j8%3D1 HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: language=en; 4177=37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd; op_4177=0
Upgrade-Insecure-Requests: 1

                                         
                                         172.255.248.105
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 07 Sep 2022 08:12:03 GMT
Last-Modified: Fri, 13 Aug 2021 14:56:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61168831-149"
Cache-Control: no-store, no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   255
Md5:    997bfcab4e7a51023ff8da026ed4374a
Sha1:   35d15ad133e52c1b9dea0b3696a8719521387a9e
Sha256: 070d804ff334e0de872b9ac4c28c1bc578a043771099d2e9556782974ed560a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4F4B6A9B1B00B2D5944DF121B5159B49545999BD027B475B1A11A4180D3CA0E0"
Last-Modified: Mon, 05 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13917
Expires: Wed, 07 Sep 2022 12:04:01 GMT
Date: Wed, 07 Sep 2022 08:12:04 GMT
Connection: keep-alive

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: go.gkrtmc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://go.gkrtmc.com/rd.html?go=https%3A%2F%2Fodzrea.speciaidates.com%2Fc%2F1e3a4e532f1c7040%3Fs1%3D116914%26s2%3D1419167%26s3%3D43690%26s5%3D%26click_id%3D37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd%26j1%3D1%26j8%3D1
Cookie: language=en; 4177=37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd; op_4177=0

                                         
                                         172.255.248.105
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 07 Sep 2022 08:12:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   123
Md5:    c728bf241d9141b8d3100ae5140e09c5
Sha1:   07f0da1bdfadd0354b090781f1e3264ac22b6c39
Sha256: 34f3447a0b669f7c583609861bd783e8940b379cf642df02901cee86233a355a
                                        
                                            GET /landings/274421/1661963033/css/popup.css?1661963033 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: 6Kf37yfJNVgMvIgRiYFthw6W2U+fu9i6WhY3Gy/zxsETZhfRKWyMEhK1h21lVzjQTdQke/bHvNo=
x-amz-request-id: 05N12VE465R4PYVN
Last-Modified: Wed, 31 Aug 2022 16:23:57 GMT
ETag: "5a61d45142ce5764a2b36dc75343fcd5"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 08:12:04 GMT
Content-Length: 635
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  assembler source, ASCII text
Size:   635
Md5:    4ed05a608a8ec589e8aa5b040f7bb878
Sha1:   c58649a707ba64aed8b285d3be9f6b06a85ea6cb
Sha256: bcc5d06c7b102eed1477b062020dc4414e4f6c4f9e390e3e67fa675a5f0fa363
                                        
                                            GET /landings/274421/1661963033/css/style.css?1661963033 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: KA6+Ks62q3ntboFa2q6D24Iivg4PJf9sENYJidNp7tf3VAAdZJ8XgSvzc6JdVkwWvToScaqpFto=
x-amz-request-id: 05NEKN2F068ZB6A5
Last-Modified: Wed, 31 Aug 2022 16:23:57 GMT
ETag: "91e7cb70a067f0b35ee5d81ae49d4f04"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 08:12:04 GMT
Content-Length: 2983
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text
Size:   2983
Md5:    bf54d7815b53074dc9e100bdeb13835b
Sha1:   087bbc33ccd2421aa69f1128b0d931c379f0ddec
Sha256: 7cbff8b70c2ee311dbab6845b9929abd312e7fc83e5abd9087655e6e5e537094
                                        
                                            GET /landings/274421/1661963033/js/vegas.js?1661963033 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: mhwRVLx3tpKJDakXqV75OlQYQwZs06nYpAaM8kEqsY3rKPNl3ajhGADl71RCKpnFpIxZ5qd12XM=
x-amz-request-id: Z34KPS9TYKH3HS36
Last-Modified: Wed, 31 Aug 2022 16:23:57 GMT
ETag: "9acc66fdf18dea05bd75165eb5a96259"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 08:12:04 GMT
Content-Length: 3401
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text, with very long lines (11568), with CRLF line terminators
Size:   3401
Md5:    156c4046496d16408b06eb605ce1ab09
Sha1:   0dde2c6bbb3cf64132989866bdc1161be62474e3
Sha256: 657aac4fd9cd122e452b9da290c486d115af6b8fe8d409f39ab1d1d3dff44144
                                        
                                            GET /landings/274421/1661963033/js/translates.js?1661963033 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: QpL0MM4s8/h2jTnsxIF+qTbSX73YY3jZsC72t/++zODIa5bpTtn0+akrqSjxn82kwJSwwa1ILh4=
x-amz-request-id: Z34KJR2WC6R58X5A
Last-Modified: Wed, 31 Aug 2022 16:23:57 GMT
ETag: "07cee83d1be10af1ca991d1c60abd6e2"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 08:12:04 GMT
Content-Length: 10048
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   10048
Md5:    f54e5331f7d782d475a884cce1db33fd
Sha1:   d5145e3ebcab1a21d4cdff8632c9901db93b962f
Sha256: 73c4aa8abb0450fbb7eef37c3afc3d6f11f0c2bc3f0a101323364b59298e4e2f
                                        
                                            GET /landings/274421/1661963033/js/function.js?1661963033 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: kdrQedxM0rDFIk3fnYPKZAuOtVksonlUOEss1E20IoUeRElV9rcLW+4h2ooOCalVu1VnU/kzV/c=
x-amz-request-id: Z34MMKH8Y8NW41CN
Last-Modified: Wed, 31 Aug 2022 16:23:57 GMT
ETag: "5da2c51949f2a873bf0091a104658e72"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 08:12:04 GMT
Content-Length: 688
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text
Size:   688
Md5:    ba7deda1bcbc1e2d5c127678e05b71a1
Sha1:   4707fef7ab43a522b3cf7f5c0db4c148c5a43701
Sha256: 303187afb2cbbbf6095724df7eaf8c7967bb019dc17e1224d9e2366ac7f381c5
                                        
                                            GET /landings/274421/1661963033/js/jquery-2.2.4.min.js?1661963033 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: TUA9TFF8Yuo1bu8mG4VEa3LJ1whjKuWhjG66FYk1da8neG8aoDBOHlBvNLOrBr/RR1Zd1k7i3ww=
x-amz-request-id: 05NB64E7ACBKGRVJ
Last-Modified: Wed, 31 Aug 2022 16:23:57 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 07 Sep 2022 08:12:04 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text, with very long lines (32065)
Size:   29855
Md5:    2fa28552f1ee4e1382ee43930b53afb8
Sha1:   803670da6a35378bf4eb73acc8e72fe4feb5ca30
Sha256: ecfddf7d1e798dd2778c071bea24c70b650ef990fc09793fce25f2f094b35494
                                        
                                            GET /landings/274421/1661963033/js/tn_pHash.js?1661963033 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: dcc+ZV5/qDrHCgRYnYLj+SdFW/b5MEAmO05DP1qZZ78bmZ/OouUrHawzdLSMgM/bfaew7XZ1FzM=
x-amz-request-id: 680CD205V6242GAA
Last-Modified: Wed, 31 Aug 2022 16:23:57 GMT
ETag: "3544c08851825a863747a126548d6993"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 252
Date: Wed, 07 Sep 2022 08:12:04 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ASCII text
Size:   252
Md5:    3544c08851825a863747a126548d6993
Sha1:   01882998e61b9f93d5f346386fa633f6b8d95b2d
Sha256: 9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69
                                        
                                            GET /landings/274421/1661963033/images/logo-white.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: mRw2XnqHAsXfPmA/hpUa0ynsv+wkkfMxH6ldkURITOGNrcQ0cQURGoKHlIKMkWyO9P8UuuhfsNk=
x-amz-request-id: EPPGXXSPRR919JDG
Last-Modified: Wed, 31 Aug 2022 16:23:56 GMT
ETag: "27a8fdccc08741c52422bd4852f87c3a"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 9461
Date: Wed, 07 Sep 2022 08:12:04 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 300 x 124, 8-bit colormap, non-interlaced\012- data
Size:   9461
Md5:    27a8fdccc08741c52422bd4852f87c3a
Sha1:   b103730d95829f64c0746b97a85e0ada4f6c18a2
Sha256: 7afbc6f7cb728a9b4dfd7791a8207c60bdd255ea2f00ba12880bee15f7fbdff0
                                        
                                            GET /landings/274421/1661963033/images/logo.png HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: 8KNnb0d9pWA5PvoIQxRWNjnFO8MU2hHQ8vD8zAMz8c2nCZleqJCoyPvXgkmtEjKr6f4i+yGyS+0=
x-amz-request-id: 6807C3AH1KZMJ33V
Last-Modified: Wed, 31 Aug 2022 16:23:56 GMT
ETag: "c0647e470e90e4e76c886ef3f4c651ac"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 40774
Date: Wed, 07 Sep 2022 08:12:04 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 1024 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size:   40774
Md5:    c0647e470e90e4e76c886ef3f4c651ac
Sha1:   fe1dd72ac0432bd8f261672c7c336cf902503d3c
Sha256: 1d4ad487984a8f689c904f3c2532f034b03d361c081dae581752cdc20d983037
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 07 Sep 2022 07:38:18 GMT
Expires: Wed, 07 Sep 2022 07:46:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: C_wxh2eybou_aeJss79l9fo8oaPwJzjgw8JUChsw-LK03gZ1N-kRpQ==
Age: 2026


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 08:12:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 08:12:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css2?family=Ubuntu:wght@400;700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Sep 2022 08:12:04 GMT
date: Wed, 07 Sep 2022 08:12:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1012
Md5:    693ca09925236845af2e79917b9738c2
Sha1:   1f0ff5ea7767d7502e929e7baeeffa2fafa443c5
Sha256: 210887e5c3901f56aaf23fa8dce78b14dc56a8b4c7dfee8ad3bc887bd37f4e33
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 08:12:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 08:12:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6354
Cache-Control: 'max-age=158059'
Date: Wed, 07 Sep 2022 08:12:04 GMT
Last-Modified: Wed, 07 Sep 2022 06:26:10 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://odzrea.speciaidates.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 563876
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://odzrea.speciaidates.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 563876
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            GET /images/favicon.ico HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
x-amz-id-2: 3PLd1JbxzMUZnvLfJ08LlqJVa0X1bm3g8lDKKuDaPcpHRGpUOyvL763tb+Zgy/zeSb8kMvb/P10=
x-amz-request-id: 2XWP9N688THY1C8H
Last-Modified: Wed, 07 Nov 2018 08:41:38 GMT
ETag: "4cdf3256cd7b8ec3917adb79d6bf457e"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 4103
Date: Wed, 07 Sep 2022 08:12:04 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size:   4103
Md5:    4cdf3256cd7b8ec3917adb79d6bf457e
Sha1:   bc615337e9223183a126c8fb649774866fb53e69
Sha256: fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 08:12:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /js/pushjs/1.0.0/utils.js HTTP/1.1 
Host: odzrea.speciaidates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/c/1e3a4e532f1c7040?s1=116914&s2=1419167&s3=43690&s5=backuser&click_id=37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd&iexpp=1&j1=1&j8=1
Cookie: unique_id=63185254000f4756; unique_id2=63180b6e0004924f; 63180b6e0004924f_c=1; ref_token=116914; impression=; 63180b6e0004924f_sl=[274421]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 07 Sep 2022 08:12:04 GMT
expires: Wed, 14 Sep 2022 08:12:04 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (32159)
Size:   11991
Md5:    262c195b66413b88c5fa395ffad05796
Sha1:   d2a9689d861d63c9f6e6857be9f53aa292e43462
Sha256: 33a8085f0dfed0a9f9046173aa24aa4b0c0f25051a0461a2045479904d508815

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uYF6Otfp4xEtXCoRjDwVUw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.218.168.248
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LPy/MORPhGVB6shr2qcduFEGWzs=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2966
Expires: Wed, 07 Sep 2022 09:01:32 GMT
Date: Wed, 07 Sep 2022 08:12:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2966
Expires: Wed, 07 Sep 2022 09:01:32 GMT
Date: Wed, 07 Sep 2022 08:12:06 GMT
Connection: keep-alive

                                        
                                            GET /landings/274421/1661963033/images/2.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: NInfEqObp+bkY0zCdnf1CwzGqp/1pr1FolhyLAJ7aUodJFO/IPYsJ37OLLyYMc+X8OGJB1F3aWE=
x-amz-request-id: PE26FD98J8W3M250
Last-Modified: Wed, 31 Aug 2022 16:23:56 GMT
ETag: "3b8b455b24c71ae1f928266241e9517e"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 102832
Date: Wed, 07 Sep 2022 08:12:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size:   102832
Md5:    3b8b455b24c71ae1f928266241e9517e
Sha1:   8b98ca60c92b83e039c3b996f090883ed8b7ca75
Sha256: c8d05f7eda85f68f0a08307eeee4e481282fda95570dd53f300b8aadd4f504f6
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2966
Expires: Wed, 07 Sep 2022 09:01:32 GMT
Date: Wed, 07 Sep 2022 08:12:06 GMT
Connection: keep-alive

                                        
                                            GET /landings/274421/1661963033/images/3.jpg HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: R2kuBrh05R90SuvaDua0x3vWxk4GktCX8huWyX6k7uGMjLoSCw4N3BLngK+5VtDrn0+AnQFjM1I5wWWAkeCQ1A==
x-amz-request-id: TAX2F2HK7C5JPAT7
Last-Modified: Wed, 31 Aug 2022 16:23:57 GMT
ETag: "8ff03d86c53d978e5527374b5bcd5114"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 149812
Date: Wed, 07 Sep 2022 08:12:06 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1108x1280, components 3\012- data
Size:   149812
Md5:    8ff03d86c53d978e5527374b5bcd5114
Sha1:   2b63b0853d74e24d74d26dbf9622c407e3c74ea9
Sha256: 10dedae19a11a0cf1cea2db4646bde720e63e35140f38ae3453fa2a4e4649e1c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2966
Expires: Wed, 07 Sep 2022 09:01:32 GMT
Date: Wed, 07 Sep 2022 08:12:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2966
Expires: Wed, 07 Sep 2022 09:01:32 GMT
Date: Wed, 07 Sep 2022 08:12:06 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff29f2a08-1dd5-4577-ae0d-6852e6e83ba7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5384
x-amzn-requestid: 6888919c-b9fb-43da-a080-0dde24422b4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDqZHHA5oAMFjzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317bdd3-7f32bdc673d113da6e69b413;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:38:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FvxWL8FJUrDyhFhyYXIuArDhRgFUyTurACy5-POlVjXeskWas-d2pQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:41:25 GMT
age: 37841
etag: "cfca3a21a33e58f300343f643634c50a924bb6db"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5384
Md5:    6447311cd0f34fb9cde4e21946e0d8af
Sha1:   cfca3a21a33e58f300343f643634c50a924bb6db
Sha256: e2de947b52e13a0350c5b6904020924b957161d825930677386185a62d2f2401
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8510bf06-7808-4fda-a5d9-b75fc73021c9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12661
x-amzn-requestid: 71ef9e09-ccf1-4930-865d-665ece4bf3a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3hXnFnXIAMFqKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312e296-627daf7c7ad3e23a60b183cd;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 05:13:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: xwunW741LulZXvM0har5nqrcCiyYoUwvhCWiPsEvs5P2VKSe476_Cw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:38:56 GMT
etag: "dd9cd9b711d7112efa85eff8a798346dbd7d5f5f"
age: 34390
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12661
Md5:    79f4356c488498012cc7fc03be21e3df
Sha1:   dd9cd9b711d7112efa85eff8a798346dbd7d5f5f
Sha256: ebd84bf1db6b39b92be1020c7ea5c32eaa23dfb347ec83941d5bc56e80855ebc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faba86944-df9f-4d50-9b10-d50644b978e3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4805
x-amzn-requestid: 6db42fa4-5a04-4368-b5cb-ea8f70d83ead
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XmxSRFp7oAMFb3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c2f41-1df42bd2265554de5f47932e;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 03:15:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KQ1yb69_uETJJlEIcwsR165zqZuiklGuj3Nn-tyta0e_q8BGqs3cXg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:51:24 GMT
age: 37242
etag: "5200b601017ce86614783b76fd2a775c1c48d4e9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4805
Md5:    4f29d8aaae2d67c27c58001e7553dea7
Sha1:   5200b601017ce86614783b76fd2a775c1c48d4e9
Sha256: 6b55c4d692cf584e0319b07251d9845749fe8954062dab66e003dd2706451504
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fc5baf3-df02-4e98-9312-7ed0ef0b8638.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3604
x-amzn-requestid: 31a6c427-a073-4c25-88b1-6ba40a48c359
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDrvyGg6oAMFhDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317bffe-36dd49416c62f3811167173d;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 21:47:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: hNtG651fpAOKjZluawZlbXYFfBUojeSyqB9UMRsAg1Ooxc95mudq7A==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 21:51:27 GMT
etag: "b95ee99dafca1695d6b86763fce0ceb058f40ef3"
age: 37239
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3604
Md5:    932f4d99fb1927aae3010e00472b38c3
Sha1:   b95ee99dafca1695d6b86763fce0ceb058f40ef3
Sha256: da9dbade65f50c1f9ca10956dc863759dd1e0cdf7e28721c79831c288d3ae24e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ee600c8-d25e-4cb3-93cb-f1970d300d9c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8643
x-amzn-requestid: 8398144d-7a42-452b-88e5-0e6cb9f4bc02
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqbSpEt7IAMFfEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630da5aa-5369099439689d5270e0a044;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 05:52:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MnvZGT9Q3ZSCf7nLpks2IXXNyg7jaNX6r4bnebHekesqfWlMY_bh5A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 22:05:39 GMT
age: 36387
etag: "1fbcbd73de88723e5a42ec1ecb131b94deb1c88e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8643
Md5:    c316fd8a538a8c998ef49d399e9b0692
Sha1:   1fbcbd73de88723e5a42ec1ecb131b94deb1c88e
Sha256: 1a34abee1bf6b76733ba2ca97a5c053b67bd6cd48f6953fc53798c77385cd781
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa395dcd-c2bf-4b9e-a70f-5dc4000d8b8f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3187
x-amzn-requestid: 8a44698f-2fd0-4980-9882-971810debb88
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X6Wf9GyaoAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63140465-3a46f65e5f8c4522065c5ad5;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 01:50:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: skw7KXeCdFODdGvzIqmWcyKbf3jbapZMoMXLqbu6WPaAmStKp2TKlg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 23:55:36 GMT
age: 29790
etag: "f9767c74a6f717635f67ac541f0126f5a63bd7d3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3187
Md5:    ed39b35d8a767c2aad6a77fadc60f233
Sha1:   f9767c74a6f717635f67ac541f0126f5a63bd7d3
Sha256: 343efa10126cf70588f1968dea7c77ec3ff8a121e1152f1f9b9b4960fc42bddb
                                        
                                            GET /landings/274421/1661963033/images/1.mp4 HTTP/1.1 
Host: cdn-dimi.akamaized.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.67
HTTP/1.1 206 Partial Content
Content-Type: video/mp4
                                        
x-amz-id-2: dNNCXuz/gi0CncpPr+wkjCZoTuiuAAXOOsFgnMrw96cpQzN63ZsEGsTgkF8mGzg3ox1KtgRjPZg=
x-amz-request-id: TDBHWX2TM94R1DS0
Last-Modified: Wed, 31 Aug 2022 16:23:56 GMT
ETag: "379ddec6d7d6e118bd7565d1c83dbb90"
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 07 Sep 2022 08:12:06 GMT
Content-Range: bytes 0-1560163/1560164
Content-Length: 1560164
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"


--- Additional Info ---
Magic:  ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size:   1560164
Md5:    379ddec6d7d6e118bd7565d1c83dbb90
Sha1:   16becb1b44f3f35b0fa239668901338cba6eff06
Sha256: 5635dd2c6c23dfdc3e4eb82afc4231a27e8522ec332b8568a3fc7ae8755fec94
                                        
                                            GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1 
Host: odzrea.speciaidates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odzrea.speciaidates.com/c/1e3a4e532f1c7040?s1=116914&s2=1419167&s3=43690&s5=backuser&click_id=37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd&iexpp=1&j1=1&j8=1
Cookie: unique_id=63185254000f4756; unique_id2=63180b6e0004924f; 63180b6e0004924f_c=1; ref_token=116914; impression=; 63180b6e0004924f_sl=[274421]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 07 Sep 2022 08:12:04 GMT
expires: Wed, 14 Sep 2022 08:12:04 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /css2?family=Roboto:wght@300;400;700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Sep 2022 08:12:04 GMT
date: Wed, 07 Sep 2022 08:12:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/service-worker.js HTTP/1.1 
Host: odzrea.speciaidates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: unique_id=63185254000f4756; unique_id2=63180b6e0004924f; 63180b6e0004924f_c=1; ref_token=116914; impression=; 63180b6e0004924f_sl=[274421]
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 07 Sep 2022 08:12:04 GMT
expires: Wed, 14 Sep 2022 08:12:04 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /c/1e3a4e532f1c7040?s1=116914&s2=1419167&s3=43690&s5=&click_id=37_43690_4177_0e31fb9d4f88ab12c9bd56e91ac91bbd&j1=1&j8=1 HTTP/1.1 
Host: odzrea.speciaidates.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://go.gkrtmc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Wed, 07 Sep 2022 08:12:04 GMT
set-cookie: unique_id=63185254000f4756; Path=/; Expires=Sun, 06 Nov 2022 08:12:04 GMT; Secure; SameSite=None unique_id2=63180b6e0004924f; Path=/; Expires=Tue, 06 Dec 2022 08:12:04 GMT; Secure; SameSite=None 63180b6e0004924f_c=1; Path=/; Expires=Tue, 06 Dec 2022 08:12:04 GMT; Secure; SameSite=None ref_token=116914; Path=/; Expires=Fri, 07 Oct 2022 08:12:04 GMT; Secure; SameSite=None impression=; Path=/; Expires=Wed, 07 Sep 2022 08:12:04 GMT; Secure; SameSite=None 63180b6e0004924f_sl=[274421]; Path=/; Expires=Wed, 21 Sep 2022 08:12:04 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---