0my.lotstolink.com/t/a4c85d49aa63/78042642-620b-11ed-a8e7-79084f9d6821/78098074-620b-11ed-8a5d-a5cf6b21b15b
301 Moved Permanently 0 B URL HTTP/1.1 0my.lotstolink.com/t/a4c85d49aa63/78042642-620b-11ed-a8e7-79084f9d6821/78098074-620b-11ed-8a5d-a5cf6b21b15b
IP
ASN #21130 Iomart Cloud Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /t/a4c85d49aa63/78042642-620b-11ed-a8e7-79084f9d6821/78098074-620b-11ed-8a5d-a5cf6b21b15b HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://0my.lotstolink.com/t/a4c85d49aa63/78042642-620b-11ed-a8e7-79084f9d6821/78098074-620b-11ed-8a5d-a5cf6b21b15b
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7087
Expires: Fri, 11 Nov 2022 23:53:09 GMT
Date: Fri, 11 Nov 2022 21:55:02 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4966
Cache-Control: max-age=136751
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 21:55:02 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 11:54:13 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 11 Nov 2022 21:43:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 665
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a8391107bfc5e4673e8a706f90f63768
5295ed0b1cb8bad4d3e851049acc7f0270937d12
ed5c27510100ffc4481be474ebcb020d147c645beb110604d5284eeeb8b97c02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED5C27510100FFC4481BE474EBCB020D147C645BEB110604D5284EEEB8B97C02"
Last-Modified: Fri, 11 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10257
Expires: Sat, 12 Nov 2022 00:45:59 GMT
Date: Fri, 11 Nov 2022 21:55:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WHuVMqb2gHn30B1sb8u4cdDpHNl0ljzWvbbGHbWGSjqJUa/G0jeDYEfm/2p6hy4yEgPiERSJwh0=
x-amz-request-id: F2TR67WF1QG6SESQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 11 Nov 2022 21:12:43 GMT
age: 2539
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 22544d8361c01df427974d234efb1b51
59107c3e9a3db027aa124b09b25c8f899fbf08c4
6c72b0d111ed6cde4bc7020a2042f0bf0060057b841c4ea56ec186ea6ee951a8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6C72B0D111ED6CDE4BC7020A2042F0BF0060057B841C4EA56EC186EA6EE951A8"
Last-Modified: Fri, 11 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12343
Expires: Sat, 12 Nov 2022 01:20:45 GMT
Date: Fri, 11 Nov 2022 21:55:02 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 21:55:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
0my.lotstolink.com/t/a4c85d49aa63/78042642-620b-11ed-a8e7-79084f9d6821/78098074-620b-11ed-8a5d-a5cf6b21b15b
200 OK 6.3 kB URL HTTP/1.1 0my.lotstolink.com/t/a4c85d49aa63/78042642-620b-11ed-a8e7-79084f9d6821/78098074-620b-11ed-8a5d-a5cf6b21b15b
IP
ASN #21130 Iomart Cloud Services Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (985)
Hash 301251b972c71b7382d83b37ea7c1b7a
5b1458fee788895b3dcdc2fd307bd82ce0023516
878f683d34f727fa4dc56d22eb91ab31bcf9e4a06b4640c7756ffcf945585a8f
Analyzer Verdict Alert fortinet Phishing
GET /t/a4c85d49aa63/78042642-620b-11ed-a8e7-79084f9d6821/78098074-620b-11ed-8a5d-a5cf6b21b15b HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Fri, 11 Nov 2022 21:55:03 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
service-worker-allowed: /
cache-control: no-cache, private
x-redir: true
set-cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; expires=Fri, 11 Nov 2022 23:55:03 GMT; Max-Age=7200; path=/; samesite=lax
yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D; expires=Fri, 11 Nov 2022 23:55:03 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-encoding: gzip
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/files/custom_style.css
200 OK 9.1 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/custom_style.css
IP
ASN #21130 Iomart Cloud Services Limited
File type ASCII text, with very long lines (341)
Hash d6821948f9d3a80b1f3169f670e1b06c
4e041b3a391424b761c6a55d63d9fd5c25c60565
67aa606c92605d826c400b3e72147f7df5723f1c1abee0bb4c8665a9cb0b4255
GET /templates/templates/mysterybox/files/custom_style.css HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:42 GMT
last-modified: Mon, 07 Nov 2022 14:51:34 GMT
etag: "d6821948f9d3a80b1f3169f670e1b06c"
content-type: text/css
content-length: 9065
x-varnish: 7166424 32775
age: 367941
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 11 Nov 2022 21:44:48 GMT
cache-control: public,max-age=3600
age: 615
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4483
Cache-Control: max-age=131192
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 21:55:03 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:21:35 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
0my.lotstolink.com/templates/templates/mysterybox/files/en_date.js
200 OK 1.1 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/en_date.js
IP
ASN #21130 Iomart Cloud Services Limited
Hash f9d789ef2320020f47db4ed0db2e4323
cf76ef82e090285dfd1fccfbb9c479ebf179ae1c
1999301c84d39ee8b6ea31d6b71f8de51a7470ea855b1080effcc67a2afe6136
Analyzer Verdict Alert fortinet Phishing
GET /templates/templates/mysterybox/files/en_date.js HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:42 GMT
last-modified: Mon, 07 Nov 2022 14:51:34 GMT
etag: "f9d789ef2320020f47db4ed0db2e4323"
content-type: application/javascript
content-length: 1125
service-worker-allowed: /
x-varnish: 7166425 163842
age: 367941
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 21:55:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 18:51:00 GMT
expires: Thu, 09 Nov 2023 18:51:00 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 183843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
0my.lotstolink.com/templates/templates/mysterybox/files/platform.js
200 OK 41 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/platform.js
IP
ASN #21130 Iomart Cloud Services Limited
File type ASCII text, with very long lines (568)
Hash ccad5ec1b46e291191a730fa8f9545bb
3a9ab890a0268080c79fcf3739ef82779d9ff453
5450fd792e0070751798a1b0923d0aef6e0fae66f81b0a17f5bed483e8a1234c
Analyzer Verdict Alert fortinet Phishing
GET /templates/templates/mysterybox/files/platform.js HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:43 GMT
last-modified: Mon, 07 Nov 2022 14:51:34 GMT
etag: "ccad5ec1b46e291191a730fa8f9545bb"
content-type: application/javascript
content-length: 40635
service-worker-allowed: /
x-varnish: 7737914 65542
age: 367941
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 21:55:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
0my.lotstolink.com/o/2XXQ6DLP/78042642-620b-11ed-a8e7-79084f9d6821/?push=true
302 Found 818 B URL HTTP/1.1 0my.lotstolink.com/o/2XXQ6DLP/78042642-620b-11ed-a8e7-79084f9d6821/?push=true
IP
ASN #21130 Iomart Cloud Services Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (325)
Hash 74e5c0eb2c5e6df71f555fea626b3f23
b32f41738dd3ceb6b2a65e8a4c843c5490daf538
5329ef17da08b6fd023f04dbb3072136ff60159c25c5a1474cc7500af9a8b41a
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/78042642-620b-11ed-a8e7-79084f9d6821/?push=true HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
date: Fri, 11 Nov 2022 21:55:03 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=7f2cf214-620b-11ed-9459-61feb602bf8d&&push=true
x-redir: true
set-cookie: XSRF-TOKEN=eyJpdiI6IkloOVREaVpRTXpyazQvWHlTM3c3cEE9PSIsInZhbHVlIjoiK1B0RTRDd2REV1VCQ0lYQ2kvN3RuSGpNbndRZ3NJdVAxdEgzN1BabUR0MjNMUURQYnA5dmExS2craHFBZitnbDE2Z0VCL0RZQkhrWHN4aFRnTmVEQmhtTncxdlNVUERRcTFIT0V3ZCt5bGs1K1BJNDJSVFg5ZVE0Q0pibkJBT1IiLCJtYWMiOiI2MzI4NDViMWY0OTNiY2JmZjY0ZGNmN2ZhY2NmYWVlYThiNTVlNWJlZjQ0YWExZTIyNWUzMDMxZjFhNTBiZjkxIiwidGFnIjoiIn0%3D; expires=Fri, 11 Nov 2022 23:55:03 GMT; Max-Age=7200; path=/; samesite=lax
yredir_session=eyJpdiI6Ik9BMUFJR2JHWHJHd0pwd21IZUZkNHc9PSIsInZhbHVlIjoiYU5MWXI4cWcvcUpZOWR1VDNUb1c0UERpRm9yVlArZkNIKzJwTUV2UFJNZGkxOTgvSWJ6YzFYVjZRUVFldSsvUVBTdjg0Ym4wUVJPUVBramg1TldSblBnREpXUThKL0xQdXlmbW9teVNkWjRaaFZlbHVTOFJ5VVNiZnI4dWpqb00iLCJtYWMiOiI5NWRmOWY1Y2E4NjVjYzY0NzQ2NDZiMTQ4OTljNzEwOTlmNDAzZmFmMjBmMGEyNWVmZTM1ZjllMDc3MTAyMWE5IiwidGFnIjoiIn0%3D; expires=Fri, 11 Nov 2022 23:55:03 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VOgfn1/pgMobAApZPWoXcQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: idfvbbodwaYSriOmHH9Vm8WPaSo=
0my.lotstolink.com/templates/templates/mysterybox/files/box_c.png
200 OK 8.8 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/box_c.png
IP
ASN #21130 Iomart Cloud Services Limited
File type PNG image data, 241 x 184, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b0b641f72293ea5bb5e43b8158b31a9
e04f96aac3e342f60df32c92ef54b9b316b1fb59
6b2c28e1e03c021256d67916384b83f706500edfa701080150d78bd9fab51bf2
GET /templates/templates/mysterybox/files/box_c.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:43 GMT
last-modified: Mon, 07 Nov 2022 14:51:34 GMT
etag: "9b0b641f72293ea5bb5e43b8158b31a9"
content-type: image/png
content-length: 8814
x-varnish: 7737919 229382
age: 367941
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/files/exit.png
200 OK 525 B URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/exit.png
IP
ASN #21130 Iomart Cloud Services Limited
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 7b53e9c6d14fab18765c748a00d43c93
afe0633605e88df340fa3e0238c315eec766fe2f
fdc34fd73310984f22db0235f635024c80a884c451322931892dd722567ceaaf
GET /templates/templates/mysterybox/files/exit.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:44 GMT
last-modified: Mon, 07 Nov 2022 14:51:34 GMT
etag: "7b53e9c6d14fab18765c748a00d43c93"
content-type: image/png
content-length: 525
x-varnish: 7166432 229386
age: 367940
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/media/template-images/walmart-giftcard/300x200.jpg.png
403 Forbidden 243 B URL HTTP/1.1 0my.lotstolink.com/media/template-images/walmart-giftcard/300x200.jpg.png
IP
ASN #21130 Iomart Cloud Services Limited
File type XML 1.0 document text\012- XML document, ASCII text
Hash a42c304401c94f4021745e6e518e2398
4a84a3f51324fa6232bfdfe25d65fa53deb50cb8
eb3a545a68dbd1d2f59b1c7f9b6b4922333900d860cef40d24e4973826497b9c
GET /media/template-images/walmart-giftcard/300x200.jpg.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Mon, 07 Nov 2022 15:43:25 GMT
x-varnish: 7166433 294999
age: 367897
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/assets/box_o_t.png
200 OK 2.4 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/assets/box_o_t.png
IP
ASN #21130 Iomart Cloud Services Limited
File type PNG image data, 241 x 79, 8-bit colormap, non-interlaced\012- data
Hash fc33ce5887eb7b5a81b9377a68698114
bb99be3eac1dbe6ebec9a1e5f08b0f183b79a2c6
f9e2740fb819e3748066a670f88ad743cfc3068d5ce2a99fbd1fa731537f6127
GET /templates/templates/mysterybox/assets/box_o_t.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:44 GMT
last-modified: Mon, 07 Nov 2022 14:51:33 GMT
etag: "fc33ce5887eb7b5a81b9377a68698114"
content-type: image/png
content-length: 2430
x-varnish: 7270190 196621
age: 367940
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/media/template-images/walmart-giftcard/300x200.jpg
200 OK 18 kB URL HTTP/1.1 0my.lotstolink.com/media/template-images/walmart-giftcard/300x200.jpg
IP
ASN #21130 Iomart Cloud Services Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 297x200, components 3\012- data
Hash 3e09663738b55a530e6793a9aff614d2
055062071f88722ce768d4ee267c5eee2fee0a36
b9d2fc39cb665151ced9376b094791724b3d7d310117f8d2472c1abf3a1c68c2
GET /media/template-images/walmart-giftcard/300x200.jpg HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:43:26 GMT
last-modified: Tue, 17 May 2022 15:09:08 GMT
etag: "3e09663738b55a530e6793a9aff614d2"
content-type: image/jpeg
content-length: 18232
x-varnish: 7287531 360531
age: 367898
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/files/gift.gif
200 OK 16 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/gift.gif
IP
ASN #21130 Iomart Cloud Services Limited
File type GIF image data, version 89a, 100 x 100\012- data
Hash 573c467d7a0b1c4c009ba98927dfa335
78d9c7efaeed568b74f1e4d1b4eb67e51dbbb9f1
c4f1d8867d03d437694f1cac0c9df3a7f5006fb8df474023bfa1d78f88843ce8
GET /templates/templates/mysterybox/files/gift.gif HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:43 GMT
last-modified: Mon, 07 Nov 2022 14:51:34 GMT
etag: "573c467d7a0b1c4c009ba98927dfa335"
content-type: image/gif
content-length: 15606
x-varnish: 7557806 229384
age: 367940
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.digicert.com/
200 OK 279 B IP
Hash d128e06e5a875be2f44297807c556d4e
f2482a1ec4d04be51d9bd57cec63ec7d665316ca
9ff826c5c2deb53cacb44eebfd9202b0ccde070d3e41d581e727f5b8e10355ce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=91448
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 21:55:03 GMT
Etag: "636d86ef-117"
Expires: Sat, 12 Nov 2022 23:19:11 GMT
Last-Modified: Thu, 10 Nov 2022 23:19:11 GMT
Server: nginx
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2949
Expires: Fri, 11 Nov 2022 22:44:14 GMT
Date: Fri, 11 Nov 2022 21:55:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2949
Expires: Fri, 11 Nov 2022 22:44:14 GMT
Date: Fri, 11 Nov 2022 21:55:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2949
Expires: Fri, 11 Nov 2022 22:44:14 GMT
Date: Fri, 11 Nov 2022 21:55:05 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5823b629e86542b63f4355ec5e67a126
97cbdbbb6b03e6ef7f3f45449245470ad8bd8292
96d8e39efb6eebd1413a4bc0fa6800781f636e70dc0ccadf6a546f26fa022755
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96D8E39EFB6EEBD1413A4BC0FA6800781F636E70DC0CCADF6A546F26FA022755"
Last-Modified: Thu, 10 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2949
Expires: Fri, 11 Nov 2022 22:44:14 GMT
Date: Fri, 11 Nov 2022 21:55:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85c6f450b38f41a2fb924d6d9a9cbff8
691f59b65ca9fde4f59bbf96b37071e07351f190
c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5583
x-amzn-requestid: e844f42a-e87e-4e61-8c97-137c07c5ae28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ9Ho7IAMF5_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-62c44d2f7d23632e74895bd8;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uHlIN1IVGCFUVl5lx5pFSux0YncseT2HQjiwFDL9eaEaBa9CdnCl8g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 07:47:38 GMT
age: 50847
etag: "691f59b65ca9fde4f59bbf96b37071e07351f190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5530631-4859-4685-8ab3-a5b1013cd2cb.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5530631-4859-4685-8ab3-a5b1013cd2cb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ae1fe42d639643009ccee5a7ef770fd
d43bb27911013930ed09d9609a71d737e0838556
d5fc8515f49a0b90e083f6a6025c3dc71dba286e15d5b3f841772d60d2e68fb2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5530631-4859-4685-8ab3-a5b1013cd2cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11527
x-amzn-requestid: a2a00c3d-12f7-412b-ba02-6bda7aa60586
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNfYZHXhIAMFVYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687902-593d2a380bac7a567af893d3;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:18:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -4aHIcRGJA05uxZs2HkLI5SBdino1x_a5dIH9soWfxKe1mVNhwpglA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 09:59:00 GMT
age: 42965
etag: "d43bb27911013930ed09d9609a71d737e0838556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e72f32944d6f03e005f7b6f3e87d8c72
5fe340bf33ac219f6a3d44810f31d0a8796c83a9
bcdcba30210d276996d0fe749bbfc69d666ae11ddfbfdb57307e4bb4d6e43d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e7dc40a-e47f-44b5-b3b4-87b10cd8669d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10671
x-amzn-requestid: 1b6053eb-64ac-4c24-a750-c1b8cd69157f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJEh8GxPoAMFhPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366b472-56c6a3bc07ec89ab56d4f3bd;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 19:07:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qJeWGvC4DM_d3k66OHN2V19elou-xoSNkep1BNalBO0NtKyQtAFzNQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 04:30:53 GMT
age: 62652
etag: "5fe340bf33ac219f6a3d44810f31d0a8796c83a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg
200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 88c9931a009690991e73c5b37a1aa085
815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0
74e70391889e4b46742033b1d5daccfec415ba2ee999e429d1013fd4a1ebc61a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8294
x-amzn-requestid: 5dab4522-fca9-4ada-ad6f-3305c9686315
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4u3H7PoAMF02g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e5e-756c150c40fe6fff3ae7a609;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:34:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FXIS1Gr_-3RUm6WPZCVcjaefD3hehHV-IwO-ieFeUqeoPAE7vajlsg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:47:09 GMT
age: 476
etag: "815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg
200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13f7b6eea163326da8c58ae5c09efccd
e0d1ebb35a16c686eae3d31eb85ac72278459b05
13f2f428acb7806808d957a8167ab2c139a5d0f59798671465717f2b39b914a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8581
x-amzn-requestid: 385174fe-153f-448f-be5e-9ea3b5757ff9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4u1EYOIAMFncA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e5e-6084a34f58df22037275e676;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:34:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MhIq0Vdxah99pPo_O7gkhrq9Nekkxld2lv0955wr0yJzcP3g6LAH8g==
via: 1.1 dfc972676b24a6d23251d4f298dfa08c.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:47:09 GMT
age: 476
etag: "e0d1ebb35a16c686eae3d31eb85ac72278459b05"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f29164fb4dd64d9ce60566fbebd40f0a
96de8f2627e1103c5e6beb5d64cdbc09f97fce82
8eba6095edfed1ee1402c050727f81b8a9942625fd1c9cbb3bac4e51ee178577
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6517
x-amzn-requestid: 7884aa37-c94f-49d4-b6a4-c6bd66026d2c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apxD3EeYIAMFYAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2ee5-337e8e0949f5020713fcab58;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:10:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kXRfJbLr7ErTvJIW0rjpcqxHA0zvN6XOPrszlIzXBgaJkJGWzkoyGw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:48:37 GMT
age: 388
etag: "96de8f2627e1103c5e6beb5d64cdbc09f97fce82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
0my.lotstolink.com/templates/templates/mysterybox/assets/box_o_b.png
200 OK 3.4 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/assets/box_o_b.png
IP
ASN #21130 Iomart Cloud Services Limited
File type PNG image data, 241 x 134, 8-bit colormap, non-interlaced\012- data
Hash 44da211f58be2b1f3aaa2aa3aa3055ed
59f5e9a8e6f5874a7521dec4fdd6878d7924bb75
ed16388bac328613e7ff4fa6933545b80a53cbcb528997e574a6f1b19f5aeeb2
GET /templates/templates/mysterybox/assets/box_o_b.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkVYUSthYmhaY3VWek5XaVZyNThkdHc9PSIsInZhbHVlIjoiS252NVhYOWs5Y3llbloxdTZISFpJSHplSUlhb3BvNGg5cU93cVVJSHYvWWJGeUFOVTNCeWJYREh3SWEzZVlsTW8vNzFzNHJxSllOamRySjNKK0lFcFMxT003eWlROTFDNDlZU25iYnNob0pBWHcrMjE5MWRwS3B0dDM4ZEhCeVQiLCJtYWMiOiI3Y2I1ZTEzMDQxODM5YmVhY2FjZGU0ODNiYzg3ZjQ0NzVmNzdkMzNlMzcxZWZmYmQxZTBmZjY1N2Y5NTU0ZDUzIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6InJzaysraUc0akxIQVdFQ0JEalE2MWc9PSIsInZhbHVlIjoiNlhnUG9YcFE0RDNwOVc0cWZ3MFM1SjNzbWhvY1VzbTR0SEEvK1I1WitiajlPSEFCK0J5TXp0Rk4wZXQ1VG9NTnJtMUt4V1pBQ0pVeVhwb2N4NStQeFZtejdkaVF6YXVMQ2FpcGRNWEhJMzR1eUdoenVra3Mwemk4Q0FnS3pZK1kiLCJtYWMiOiIyYTAxODY5MTdiODkwNzg3MDNiNjQzMGZlZWEyYmFmNzMyNjIxZDI4NTMwMzJiYTM4YmJiNTM3MjU3ODE1OWNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:44 GMT
last-modified: Mon, 07 Nov 2022 14:51:33 GMT
etag: "44da211f58be2b1f3aaa2aa3aa3055ed"
content-type: image/png
content-length: 3394
x-varnish: 7557815 229388
age: 367942
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.digicert.com/
200 OK 279 B IP
Hash d128e06e5a875be2f44297807c556d4e
f2482a1ec4d04be51d9bd57cec63ec7d665316ca
9ff826c5c2deb53cacb44eebfd9202b0ccde070d3e41d581e727f5b8e10355ce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2
Cache-Control: max-age=91448
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 21:55:05 GMT
Etag: "636d86ef-117"
Expires: Sat, 12 Nov 2022 23:19:13 GMT
Last-Modified: Thu, 10 Nov 2022 23:19:11 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
0my.lotstolink.com/_common/js/service-workers/neptuneads/service-worker.js
200 OK 90 B URL HTTP/1.1 0my.lotstolink.com/_common/js/service-workers/neptuneads/service-worker.js
IP
ASN #21130 Iomart Cloud Services Limited
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkloOVREaVpRTXpyazQvWHlTM3c3cEE9PSIsInZhbHVlIjoiK1B0RTRDd2REV1VCQ0lYQ2kvN3RuSGpNbndRZ3NJdVAxdEgzN1BabUR0MjNMUURQYnA5dmExS2craHFBZitnbDE2Z0VCL0RZQkhrWHN4aFRnTmVEQmhtTncxdlNVUERRcTFIT0V3ZCt5bGs1K1BJNDJSVFg5ZVE0Q0pibkJBT1IiLCJtYWMiOiI2MzI4NDViMWY0OTNiY2JmZjY0ZGNmN2ZhY2NmYWVlYThiNTVlNWJlZjQ0YWExZTIyNWUzMDMxZjFhNTBiZjkxIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6Ik9BMUFJR2JHWHJHd0pwd21IZUZkNHc9PSIsInZhbHVlIjoiYU5MWXI4cWcvcUpZOWR1VDNUb1c0UERpRm9yVlArZkNIKzJwTUV2UFJNZGkxOTgvSWJ6YzFYVjZRUVFldSsvUVBTdjg0Ym4wUVJPUVBramg1TldSblBnREpXUThKL0xQdXlmbW9teVNkWjRaaFZlbHVTOFJ5VVNiZnI4dWpqb00iLCJtYWMiOiI5NWRmOWY1Y2E4NjVjYzY0NzQ2NDZiMTQ4OTljNzEwOTlmNDAzZmFmMjBmMGEyNWVmZTM1ZjllMDc3MTAyMWE5IiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=58d95ccb-68b5-db5e-2de7-e8427c38ece0
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Mon, 07 Nov 2022 15:42:42 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 7557816 5
age: 367943
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/media/template-images/walmart-giftcard/300x200.jpg.png
403 Forbidden 243 B URL HTTP/1.1 0my.lotstolink.com/media/template-images/walmart-giftcard/300x200.jpg.png
IP
ASN #21130 Iomart Cloud Services Limited
File type XML 1.0 document text\012- XML document, ASCII text
Hash a42c304401c94f4021745e6e518e2398
4a84a3f51324fa6232bfdfe25d65fa53deb50cb8
eb3a545a68dbd1d2f59b1c7f9b6b4922333900d860cef40d24e4973826497b9c
GET /media/template-images/walmart-giftcard/300x200.jpg.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkloOVREaVpRTXpyazQvWHlTM3c3cEE9PSIsInZhbHVlIjoiK1B0RTRDd2REV1VCQ0lYQ2kvN3RuSGpNbndRZ3NJdVAxdEgzN1BabUR0MjNMUURQYnA5dmExS2craHFBZitnbDE2Z0VCL0RZQkhrWHN4aFRnTmVEQmhtTncxdlNVUERRcTFIT0V3ZCt5bGs1K1BJNDJSVFg5ZVE0Q0pibkJBT1IiLCJtYWMiOiI2MzI4NDViMWY0OTNiY2JmZjY0ZGNmN2ZhY2NmYWVlYThiNTVlNWJlZjQ0YWExZTIyNWUzMDMxZjFhNTBiZjkxIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6Ik9BMUFJR2JHWHJHd0pwd21IZUZkNHc9PSIsInZhbHVlIjoiYU5MWXI4cWcvcUpZOWR1VDNUb1c0UERpRm9yVlArZkNIKzJwTUV2UFJNZGkxOTgvSWJ6YzFYVjZRUVFldSsvUVBTdjg0Ym4wUVJPUVBramg1TldSblBnREpXUThKL0xQdXlmbW9teVNkWjRaaFZlbHVTOFJ5VVNiZnI4dWpqb00iLCJtYWMiOiI5NWRmOWY1Y2E4NjVjYzY0NzQ2NDZiMTQ4OTljNzEwOTlmNDAzZmFmMjBmMGEyNWVmZTM1ZjllMDc3MTAyMWE5IiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=58d95ccb-68b5-db5e-2de7-e8427c38ece0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Mon, 07 Nov 2022 15:43:25 GMT
x-varnish: 7557817 294999
age: 367898
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=7f2cf214-620b-11ed-9459-61feb602bf8d&&push=true
200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=7f2cf214-620b-11ed-9459-61feb602bf8d&&push=true
IP
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=7f2cf214-620b-11ed-9459-61feb602bf8d&&push=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 11 Nov 2022 21:55:05 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Fri, 11 Nov 2022 21:55:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7xh8d2kkR%2FJGsguCwnLNW8qJlN7MdziltEPGtAydjOB2VM5PmxfwuoZXPjgQ1BPg0YpOEqhUVchIC%2F4H%2FREnLREDIAiEKCoNgyQwt2msq5z20YkZY9VZUKebynpRis4KBvx4RJAn6lSDhJzzaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768a451e386876b9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
IP
GET /javascripts/trackpush-v2-vapid.js?v=1&custom=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 11 Nov 2022 21:55:05 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 81
last-modified: Fri, 11 Nov 2022 21:53:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dv44DskIUWQVDBhcNhYvVNxIrwWYI5TeWEoTbLUB1qqDzjUI5qxKrMR4fVL319X885kOmSdyJnCOgXAQYC5sLuOcC66JHpM1PlOeRxc2v2Iy3BKCy4YSaTjc6YuLna2nypcK6zFEjxrJDH5FYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768a45265b6076b9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
185.224.196.128
34.160.144.191
93.184.220.29
23.36.77.32