tracker.essayzon.com/go/b9dfad6b-d5af-48fb-b769-5b61926663fa
3.70.16.242302 Found 632 B URL HTTP/1.1 tracker.essayzon.com/go/b9dfad6b-d5af-48fb-b769-5b61926663fa
IP 3.70.16.242:0
File type HTML document, ASCII text, with very long lines (632), with no line terminators
Hash 4e85f8b0959cc4e751e0a09ee8d9fc22
c286c89e34109778e36fc84c8341a6e97fd35d77
21685f9060502c86463d84a559ae963027b72f9b40fe97117c07374eae677091
Analyzer Verdict Alert fortinet Phishing
GET /go/b9dfad6b-d5af-48fb-b769-5b61926663fa HTTP/1.1
Host: tracker.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: openresty
Date: Tue, 04 Apr 2023 06:56:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 632
Connection: keep-alive
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
Access-Control-Allow-Origin: *
Location: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
Set-Cookie: bemob-uniq-visit:b9dfad6b-d5af-48fb-b769-5b61926663fa=1; Domain=tracker.essayzon.com; Path=/; Expires=Wed, 05 Apr 2023 06:56:56 GMT; HttpOnly
bemob-rotation:b9dfad6b-d5af-48fb-b769-5b61926663fa:random:37328f8c0ec9519ecbdb8ea06f38183b=0-6-3; Domain=tracker.essayzon.com; Path=/; Expires=Wed, 05 Apr 2023 06:56:56 GMT; HttpOnly
bemob-track-url=http%3A%2F%2Foffer.essayzon.com%2F1%2Fmyprize%2Fboxwin%2FFNB.php%3Fkey%3DeyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%253D%253D%26bemobdata%3Dc%253Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%253D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%253D0..b%253D0..ts%253D1680591416895; Domain=tracker.essayzon.com; Path=/; Expires=Wed, 05 Apr 2023 06:56:56 GMT; HttpOnly
Vary: Accept
X-Response-Time: 12.425ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1965860f5630f7dda817a236cb72ea24
beec8147d48911a007287014564ce544d296a5fd
00b4aafe530f6ceb3d6d4de42fffdaee0cb4e0a60834c85b1d21e42e5db2ef91
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00B4AAFE530F6CEB3D6D4DE42FFFDAEE0CB4E0A60834C85B1D21E42E5DB2EF91"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16892
Expires: Tue, 04 Apr 2023 11:38:29 GMT
Date: Tue, 04 Apr 2023 06:56:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0c17f530e6db706fa5f9eb36a6cca4a4
446b60a425aae47b0adf5abd7e18e9f90f52c0bc
ccf1a90e945a18fb951654d29f128acdb3916d4dca315b0fad44ae8cc95be48e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CCF1A90E945A18FB951654D29F128ACDB3916D4DCA315B0FAD44AE8CC95BE48E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5238
Expires: Tue, 04 Apr 2023 08:24:15 GMT
Date: Tue, 04 Apr 2023 06:56:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Alert, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 06:16:37 GMT
content-type: application/json
age: 2420
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 903ed2d58f1f33d069b70c4b53f1cb1f
0ef89cd6eb79a2ddd74434f9233cf486fffc1142
d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20653
Expires: Tue, 04 Apr 2023 12:41:10 GMT
Date: Tue, 04 Apr 2023 06:56:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3
GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Sg4fKSOpabs+7XOJWCs1IRX8/CboriyDdcmF2LOYREjEoIl9Qsj7+l/8orEX4fTOOkmcP39gdSE=
x-amz-request-id: H778GKWN8PD0Z0N3
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 06:53:03 GMT
age: 234
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 06:56:57 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
162.246.59.148200 OK 12 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
IP 162.246.59.148:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1261)
Hash d2e5890c44fa27e135d94cf09c953ce1
98591f0d7deccfb01e4ce6c7ae10bafa67c84dea
1b1102c7e9eed19ce2ecfe2bce90a7c023cf3157e1500988cc483eafe7f930b8
GET /1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895 HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 06:56:57 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
offer.essayzon.com/1/myprize/boxwin/index_files/froala_style.css
162.246.59.148200 OK 7.2 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/index_files/froala_style.css
IP 162.246.59.148:0
File type ASCII text, with very long lines (7048)
Hash 8d4fba5186f02a0c4458986b0cf91667
785579011ecdda9e4754ca41649fa2fc06453b52
1cfc73a6db9523c12b6b7f5d009bed19c8799eed001f607bd891a1fd838b7739
GET /1/myprize/boxwin/index_files/froala_style.css HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 06:56:57 GMT
Server: Apache
Last-Modified: Sun, 13 Feb 2022 14:01:51 GMT
Accept-Ranges: bytes
Content-Length: 7208
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
offer.essayzon.com/1/myprize/boxwin/index_files/c1ffd89caad1a6f1ac64e76a76c000bc.js
162.246.59.148200 OK 88 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/index_files/c1ffd89caad1a6f1ac64e76a76c000bc.js
IP 162.246.59.148:0
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Analyzer Verdict Alert fortinet Phishing
GET /1/myprize/boxwin/index_files/c1ffd89caad1a6f1ac64e76a76c000bc.js HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 06:56:57 GMT
Server: Apache
Last-Modified: Sun, 13 Feb 2022 14:01:51 GMT
Accept-Ranges: bytes
Content-Length: 88145
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, ETag, Cache-Control, Expires, Backoff, Last-Modified, Pragma, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 06:17:29 GMT
age: 2368
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
offer.essayzon.com/1/myprize/boxwin/index_files/mycss.css
162.246.59.148200 OK 63 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/index_files/mycss.css
IP 162.246.59.148:0
File type ASCII text, with very long lines (62302)
Hash 2b37216df12f31603669e8c36bb17f07
21430816671911f6718866d509c06ff2e13e1939
e8e2aa7f91f6f8d1064f0d3851c4e350e9e5675b65116d2dc21fddbae235d552
GET /1/myprize/boxwin/index_files/mycss.css HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 06:56:57 GMT
Server: Apache
Last-Modified: Tue, 24 May 2022 08:19:50 GMT
Accept-Ranges: bytes
Content-Length: 62845
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2820ca2dae3aed6a76736f236502749b
d2e4995fdd0fbb64d9051f50be93023a752ef449
0ac73659b8f464575a3596da96a94fc6dbc26a4d5a90bec1331a5df5ad796006
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0AC73659B8F464575A3596DA96A94FC6DBC26A4D5A90BEC1331A5DF5AD796006"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19333
Expires: Tue, 04 Apr 2023 12:19:11 GMT
Date: Tue, 04 Apr 2023 06:56:58 GMT
Connection: keep-alive
offer.essayzon.com/1/myprize/boxwin/index_files/62becd726872236d701af5d76cf57542.js
162.246.59.148404 Not Found 59 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/index_files/62becd726872236d701af5d76cf57542.js
IP 162.246.59.148:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9381)
Hash 3d91d6754e54ac85a6de97bef18d38e5
d509963b62707e8faa9c5b9abad793c51ae92bb7
4fb1bfbebc543b4f9cbb722a9f0344a03dae63c31da0161808a39978b3322573
Analyzer Verdict Alert fortinet Phishing
GET /1/myprize/boxwin/index_files/62becd726872236d701af5d76cf57542.js HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 404 Not Found
Date: Tue, 04 Apr 2023 06:56:57 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://offer.essayzon.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
offer.essayzon.com/1/myprize/boxwin/index_files/micro.js
162.246.59.148404 Not Found 59 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/index_files/micro.js
IP 162.246.59.148:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9381)
Hash 5bdfe8881ecc30373a8bffd4f9c8a53e
f16b1ef2fde6e670c2ac2b0e370b2c4609e06920
cc9c6ea5d61ab8f1e72496ea65edf28c97704f3b32d176428c0639f1d27cfe9a
Analyzer Verdict Alert fortinet Phishing
GET /1/myprize/boxwin/index_files/micro.js HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 404 Not Found
Date: Tue, 04 Apr 2023 06:56:57 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://offer.essayzon.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
offer.essayzon.com/1/myprize/boxwin/header-logo.svg
162.246.59.148200 OK 18 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/header-logo.svg
IP 162.246.59.148:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (9463), with CRLF line terminators
Hash 61e37d8c757872ce48534e467336f278
7064121964b52465231a8806a68ea0701395460c
2eccd00ff9d42512cc11b7e443e3308755f6e3196997d751dfc93af3bc58f4c0
Analyzer Verdict Alert fortinet Phishing
GET /1/myprize/boxwin/header-logo.svg HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 06:56:58 GMT
Server: Apache
Last-Modified: Tue, 24 May 2022 08:35:23 GMT
Accept-Ranges: bytes
Content-Length: 17551
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
offer.essayzon.com/1/myprize/boxwin/fnbg.png
162.246.59.148200 OK 24 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/fnbg.png
IP 162.246.59.148:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 320eaf9f6b1afc63cfa9ba72ac5f800f
b0f662a8365ae83b65b6fa9f86823848f3ed0136
051b719032c3b27200c9c61f6b17e957eb90dd85abc1b56b7753437f01616b17
GET /1/myprize/boxwin/fnbg.png HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 06:56:58 GMT
Server: Apache
Last-Modified: Tue, 24 May 2022 08:22:28 GMT
Accept-Ranges: bytes
Content-Length: 23901
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
offer.essayzon.com/1/myprize/boxwin/index_files/b45cbc066907105f9fdb6ff6f3de0bf3.png
162.246.59.148200 OK 2.3 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/index_files/b45cbc066907105f9fdb6ff6f3de0bf3.png
IP 162.246.59.148:0
File type PNG image data, 257 x 184, 8-bit colormap, non-interlaced\012- data
Hash 57cffe641003f9a80834df4f706d16c3
900af1f1f75f11f547bf4bab2f9f88f0b3b0c38d
fd0a52dab9715198deaac93ec52117c0443279db1ed9b186790806d7542e98aa
GET /1/myprize/boxwin/index_files/b45cbc066907105f9fdb6ff6f3de0bf3.png HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 06:56:58 GMT
Server: Apache
Last-Modified: Sun, 13 Feb 2022 14:01:51 GMT
Accept-Ranges: bytes
Content-Length: 2283
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
offer.essayzon.com/1/myprize/boxwin/index_files/top_r.png
162.246.59.148404 Not Found 59 kB URL HTTP/1.1 offer.essayzon.com/1/myprize/boxwin/index_files/top_r.png
IP 162.246.59.148:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9381)
Hash 98e816b79d3965d6d3c9eeec4b6183b2
543ccbd379d150260c8d4569e5006690cabd6d31
1914d2c8aec6c8132ad8c612c1b55fb7e8dcb6854ef76291672e0d1c4353625d
GET /1/myprize/boxwin/index_files/top_r.png HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/index_files/mycss.css
HTTP/1.1 404 Not Found
Date: Tue, 04 Apr 2023 06:56:58 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://offer.essayzon.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
44.242.3.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.3.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EcyfXLBkqKtZ5Nzyosc3fQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hTjzUC3+4z1hTQdQOM7kSwTC2RA=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c6e8b28d1af99cecbab425e0f0f6bac7
899bf8150f74f1ce5c30cada3f6b994ec23edcc4
aa32c6e9b423aa2e9b48d4ad7bd8f4497b878acb183f15763856972c8ceb3ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA32C6E9B423AA2E9B48D4AD7BD8F4497B878ACB183F15763856972C8CEB3FFD"
Last-Modified: Tue, 04 Apr 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 04 Apr 2023 12:56:58 GMT
Date: Tue, 04 Apr 2023 06:56:58 GMT
Connection: keep-alive
offer.essayzon.com/favicon.ico
162.246.59.148302 Found 0 B URL HTTP/1.1 offer.essayzon.com/favicon.ico
IP 162.246.59.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
HTTP/1.1 302 Found
Date: Tue, 04 Apr 2023 06:56:58 GMT
Server: Apache
Link: <http://offer.essayzon.com/wp-json/>; rel="https://api.w.org/"
X-Redirect-By: WordPress
Location: http://offer.essayzon.com/wp-includes/images/w-logo-blue-white-bg.png
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
offer.essayzon.com/wp-includes/images/w-logo-blue-white-bg.png
162.246.59.148200 OK 4.1 kB URL HTTP/1.1 offer.essayzon.com/wp-includes/images/w-logo-blue-white-bg.png
IP 162.246.59.148:0
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: offer.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://offer.essayzon.com/1/myprize/boxwin/FNB.php?key=eyJ0aW1lc3RhbXAiOiIxNjgwNTkxNDE2IiwiaGFzaCI6ImRkZTlmZWM5OWJjMWZkMDM5NGYwOTI1ZGIzYTc3ZDllNzEwMWMxMGQifQ%3D%3D&bemobdata=c%3Db9dfad6b-d5af-48fb-b769-5b61926663fa..l%3D97f36ce2-5ed7-4bcb-a817-b75fdeec624d..a%3D0..b%3D0..ts%3D1680591416895
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 06:56:58 GMT
Server: Apache
Last-Modified: Thu, 08 Dec 2022 05:14:54 GMT
Accept-Ranges: bytes
Content-Length: 4119
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f06399875b2b1c6a0afe8a1d791f5a4a
f2ce36c5d6599e57e4df8f08a030e8cb00ebe830
2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7617
Expires: Tue, 04 Apr 2023 09:03:56 GMT
Date: Tue, 04 Apr 2023 06:56:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f06399875b2b1c6a0afe8a1d791f5a4a
f2ce36c5d6599e57e4df8f08a030e8cb00ebe830
2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7617
Expires: Tue, 04 Apr 2023 09:03:56 GMT
Date: Tue, 04 Apr 2023 06:56:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f06399875b2b1c6a0afe8a1d791f5a4a
f2ce36c5d6599e57e4df8f08a030e8cb00ebe830
2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7617
Expires: Tue, 04 Apr 2023 09:03:56 GMT
Date: Tue, 04 Apr 2023 06:56:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f06399875b2b1c6a0afe8a1d791f5a4a
f2ce36c5d6599e57e4df8f08a030e8cb00ebe830
2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7617
Expires: Tue, 04 Apr 2023 09:03:56 GMT
Date: Tue, 04 Apr 2023 06:56:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bc87aa979c0767120514f1e4b758ff17
67f5976f5c3664fdddf0df409fd06c6654f2f844
6933b54d13aba860ff4e8c5978ffa4a2e546b15a17c783fcf5d87bfb817a28f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4815
x-amzn-requestid: 9f83c9c3-43ef-4753-8407-8592386870f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNUVHDcoAMFtNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642928e8-733f938a34d9987746b87996;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:04:08 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9BppJUd9FJVFIdgyG6EjmTfnhfGUvyf2Zovd7TX2r6HndLV2zdtzpg==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 07:21:34 GMT
age: 84925
etag: "67f5976f5c3664fdddf0df409fd06c6654f2f844"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b3221e-f465-4b09-8edb-d71d2b28f571.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b3221e-f465-4b09-8edb-d71d2b28f571.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 904fe1f41565ef3b94317ec52a7203e1
b7911bd82a447c46eb419919a52ea46fa243ee0f
19e32a25d63d4696b05d167d44b640582352985928518bc2ce11973a20e9b2da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b3221e-f465-4b09-8edb-d71d2b28f571.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11387
x-amzn-requestid: 3e5b802d-c2f3-4b72-8dea-5f6452cd57d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frcED1oAMFZiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-2429f95743f7924f14ec8565;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: IdX0QYFMiMahVBKfPu25uWzmrdyi-2LHyFh0SHRJgl8Xt1DlD2idnw==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 f958a3846d80a3925f664b320dfad9c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:34:01 GMT
etag: "b7911bd82a447c46eb419919a52ea46fa243ee0f"
content-type: image/jpeg
age: 33778
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 790b71fc2b1faa08db8b4334c9c3f9e3
e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4
eed429169c9d3feb115463d8ead934fa348cdca60aabf0c88d4553ed23575c9c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10535
x-amzn-requestid: 8efe600f-9818-4c23-afd3-41c5a4dece2f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbFHSoAMF8HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-65e8e6fd575fdc91668d6676;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 3eFc64JrVV7kNe1QSEyApxR5PQ0aC-6UWaOI5wUZjIDATg38NAlkcw==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:34:01 GMT
etag: "e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4"
content-type: image/jpeg
age: 33778
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16318447-1c81-4525-becf-32a77c9030e1.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16318447-1c81-4525-becf-32a77c9030e1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5c226ea23c670c61a42a6d94959e10dc
e4a946d93a63ad9fcf751fbb8e55ab18466197e2
b95c03169121047006cdab960d5564c683c6ef8755ba9ca143e0c87bcca9ed92
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16318447-1c81-4525-becf-32a77c9030e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4265
x-amzn-requestid: c4bfc599-63fb-4953-b39b-45c059c99070
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CopBKHO1IAMF10A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6426886d-7adcee9a3a8156542d555ccf;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 07:14:53 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Yx9_tqAFKR9hYmdjG7q3Z27fk9-StzSDP9Pjpz6tbDygWUFBHplGiA==
via: 1.1 22ea0ab0881473261b786ecbb5e00f54.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 12:50:38 GMT
age: 65181
etag: "e4a946d93a63ad9fcf751fbb8e55ab18466197e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fde7605b95c3ac6b8de339dbd12e17b1
b44d521b31be7b3fe378a0e070c49379a6eab26e
5496cf7c705ccc67dd13f86a07d9a352424d58591aa67afe1e1361c640f8d510
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6803
x-amzn-requestid: 6c78179f-0d11-4a23-8e86-e4f05d7c7f90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fq3HrioAMF7ww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4645-758850e07ef9b1512b684c35;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:57 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: TvDTtH9ZqXuvomWMYiB8g8N0JKjRrHIXF1SxfCRJfwZS-7pGLAPrVw==
via: 1.1 ee32c7a76e2727d565413cc6c352ef48.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:33:57 GMT
etag: "b44d521b31be7b3fe378a0e070c49379a6eab26e"
content-type: image/jpeg
age: 33782
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfb42fa-a742-48e1-9e04-5a6dd253e7c3.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfb42fa-a742-48e1-9e04-5a6dd253e7c3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa38adb609929dd640969cf7fdac34e0
2f6376d861ae95e83cd65f47f0ad99f73ecc519b
f83c9e3dd084b6148accb41f7b234e93d4e53a12f0a92846a1a7234159f6567e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfb42fa-a742-48e1-9e04-5a6dd253e7c3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8717
x-amzn-requestid: 18f7e80a-b9df-4ece-86f2-59330cbda055
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fpsGk6IAMFbdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b463d-37906ba06871532364672b8a;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:49 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: Xi_8Yg97BKFIwPUNBvWnQGvSntLzEmdJj_draypXTq0zRQ-QykfssQ==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:33:50 GMT
etag: "2f6376d861ae95e83cd65f47f0ad99f73ecc519b"
content-type: image/jpeg
age: 33789
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tracker.essayzon.com/click
3.70.16.242200 OK 0 B URL HTTP/2 tracker.essayzon.com/click
IP 3.70.16.242:0
Analyzer Verdict Alert fortinet Phishing
GET /click HTTP/1.1
Host: tracker.essayzon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://offer.essayzon.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 04 Apr 2023 06:56:58 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
etag: W/"12c-g6W6mfjiu2HgZOPjR8TsJ9uR8sU"
x-response-time: 2.572ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2