www.mfiu34kjds.com/cmp/Q9H4NX7Q/77G3B/?__rpt=0&__po=2408&__ptid=5ac535f735c145358fe43e060ec7c3c6&__rpa=0&__rc=1&sub1=track__6bye7b1145ad833bdda21&sub2=yl17y|L2SvoTH=|303gn|05126i|2hqpgqn|76370|0000r1apjl|O|oKW0K2yhqTIl|PC|1lr5r80&sub3=p3yfAwZ5ZJHlMzL1ZGVlAS92oS9vMKA0qzksZGq5nj==&sub4=&sub5=&source_id=&__pcd=9
302 Found 104 B URL HTTP/1.1 www.mfiu34kjds.com/cmp/Q9H4NX7Q/77G3B/?__rpt=0&__po=2408&__ptid=5ac535f735c145358fe43e060ec7c3c6&__rpa=0&__rc=1&sub1=track__6bye7b1145ad833bdda21&sub2=yl17y|L2SvoTH=|303gn|05126i|2hqpgqn|76370|0000r1apjl|O|oKW0K2yhqTIl|PC|1lr5r80&sub3=p3yfAwZ5ZJHlMzL1ZGVlAS92oS9vMKA0qzksZGq5nj==&sub4=&sub5=&source_id=&__pcd=9
IP
File type HTML document, ASCII text
Hash 706d6d1ac9d38b6d3e01b1a03b56d006
24176a67c68fe1ff5ae17067b1b462586807e771
11375bd5ae3178bce9f348c49f7c3b163e88dcea63632fc0003489674a146eae
GET /cmp/Q9H4NX7Q/77G3B/?__rpt=0&__po=2408&__ptid=5ac535f735c145358fe43e060ec7c3c6&__rpa=0&__rc=1&sub1=track__6bye7b1145ad833bdda21&sub2=yl17y|L2SvoTH=|303gn|05126i|2hqpgqn|76370|0000r1apjl|O|oKW0K2yhqTIl|PC|1lr5r80&sub3=p3yfAwZ5ZJHlMzL1ZGVlAS92oS9vMKA0qzksZGq5nj==&sub4=&sub5=&source_id=&__pcd=9 HTTP/1.1
Host: www.mfiu34kjds.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
server: nginx
date: Fri, 09 Dec 2022 05:54:39 GMT
content-type: text/html; charset=utf-8
content-length: 104
location: https://zd7bc.offerslinked.com/?kw=670645&s1=d1e1a4158eff4a3f974858138597f059
set-cookie: uniqueClick_77G3B=73613653-6eae-4eda-82c6-2c3af614edbe:1670565279; Path=/; Expires=Thu, 09 Mar 2023 05:54:39 GMT
transaction_id=d1e1a4158eff4a3f974858138597f059; Path=/; Expires=Thu, 09 Mar 2023 05:54:39 GMT
vary: Origin
x-eflow-request-id: 116679a1-15ef-4773-ae96-0c576a122aa6
Via: 1.1 google
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7936
Expires: Fri, 09 Dec 2022 08:06:55 GMT
Date: Fri, 09 Dec 2022 05:54:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3249
Expires: Fri, 09 Dec 2022 06:48:48 GMT
Date: Fri, 09 Dec 2022 05:54:39 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 05:08:17 GMT
content-type: application/json
age: 2782
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17063
Expires: Fri, 09 Dec 2022 10:39:02 GMT
Date: Fri, 09 Dec 2022 05:54:39 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: aPvCeeXs9NyP8XH6SjfycA/owOikvyrTUMIFiV5pdUi0veaK+r9VnRNYF3eyIkwyqhbe3+41uns=
x-amz-request-id: M7Q95QVP0DK9G2ZF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 05:50:08 GMT
age: 271
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 05:54:40 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 05:07:55 GMT
age: 2805
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4336
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:54:40 GMT
Last-Modified: Fri, 09 Dec 2022 04:42:24 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 07b3658cd56a0a693e26d25429e806c9
1be47109dd1efc98d978d7d112e18a0b10c9d8d1
dc71254c8df1cf16d41f64883294ab8948c696b88551bf6779c96521f2e7171c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC71254C8DF1CF16D41F64883294AB8948C696B88551BF6779C96521F2E7171C"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 11:54:40 GMT
Date: Fri, 09 Dec 2022 05:54:40 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9r3bpFO8kO/HGQLg1tknnQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6xNw4hj67a+BOh4YZQzPGs5gEjw=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21056
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 05:54:42 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21056
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 05:54:42 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21056
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 05:54:42 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp
200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06799a30d9977b0845f525ae82355d23
6ae9a3c17dcbac5912a46ca0c99977ca3adad4ea
d7a7eeb42d36167243b3dea7147a61119cbb5d1dcc2e2304c6ddd4a62e41efd3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4914
x-amzn-requestid: b709d5ff-617b-480b-8fc3-b1408ee358b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQsoEkSIAMF0ZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7ea-4150ac397b97d1217cece045;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8DqbjuQMX0JOMpduQ1-wy_B1a957NXgsAHrZc1OwUzsmqJRKfkEpoA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:49:06 GMT
age: 29136
etag: "6ae9a3c17dcbac5912a46ca0c99977ca3adad4ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 28998
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F345b9f5c-0162-4ba2-800e-223d402d28bf.jpeg
200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F345b9f5c-0162-4ba2-800e-223d402d28bf.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1be0ae00ba0c6009ac14c8df38b8ad0
33edd1469c54a08e3c4cb0003b87b225eba55b3f
ab70390c49c5bb3dd7e97ba008c01213a59b3bc271aa8a350ab35ff422d8b3fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F345b9f5c-0162-4ba2-800e-223d402d28bf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3030
x-amzn-requestid: c5e5e4a1-bc45-42e8-a021-9c8f99e22556
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czUqCFWBoAMFiqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639134a6-5cc9bdf360f2bfb54e16b448;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 00:49:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: x5FUJ8Cbw9B9BWcHlencYw564Xri5cgoVXkQ2MbhEjYq7Y5v2P0IxQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 11:18:08 GMT
age: 66994
etag: "33edd1469c54a08e3c4cb0003b87b225eba55b3f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg
200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 46275ec87d8221804dbb99f95b035131
c47af4e5770daad212f4290527b00321285105f8
2118ec68c738683d8f7e11b95239ca92fda2b9b5054aa7b128267eec0d0634c5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F042317d8-45b6-4c5f-8767-ff9367c24193.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8803
x-amzn-requestid: e8516be3-5ce9-4f15-b522-c81c1e57a0e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjtK9GavoAMFjpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af579-538cc8f300938698004f2241;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:06:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MiOdXHxd9Vmeji8Yqd8LG_EqYoMGf0YBy6by9bhfjb12y1OxKVvvqw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:56:08 GMT
age: 7114
etag: "c47af4e5770daad212f4290527b00321285105f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:15:07 GMT
age: 81575
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg
200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 659b6eb1f1c430e2780758c7787b9a23
4792b0893827924e84cc51450012407717da4d2b
f14393b6bcc036fa9ed61114944ebb25192adfec72c09807eb7948a88c790d69
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8345
x-amzn-requestid: b1cf2094-2cf5-4e19-9ed7-4d7e220c93cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czUoREPoIAMF4hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391349b-1b78fe0a155179643ae2aeed;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 00:49:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: YMFI6I2o0A4rGZTluooPsDLGNRRY9kSAfDAFrwzXhIG4HC_W-hFIoQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 11:31:33 GMT
age: 66189
etag: "4792b0893827924e84cc51450012407717da4d2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
zd7bc.offerslinked.com/?kw=670645&s1=d1e1a4158eff4a3f974858138597f059
302 Found 730 B URL HTTP/1.1 zd7bc.offerslinked.com/?kw=670645&s1=d1e1a4158eff4a3f974858138597f059
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a18fc492c56e82db3281a8fa57229796
d05ce7bbddb06763cd13efeb20cf267f8b5513a2
b467535fe45eb6f624f02ce81eb154325973d4f3bf39e99242f2926920f18eca
GET /?kw=670645&s1=d1e1a4158eff4a3f974858138597f059 HTTP/1.1
Host: zd7bc.offerslinked.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
date: Fri, 09 Dec 2022 05:54:42 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
x-redir: true
set-cookie: XSRF-TOKEN=eyJpdiI6InJjTWZBOFpOaHpZZEI3NXNnZ0hNMVE9PSIsInZhbHVlIjoiTkhBZ2pGZ1Yyc21QVlBpbHMwMHlPbkpJODd0ZDlLcGpPRmcyNGtrazgxaGdBV0V5YUZKWlNZbVdQQk9qZ1JIS1pab1F0MkFBbUREcW1wcmg4NU9JbDNjMitGNWg5S2xWelJLRDFHcUptSnFoRlNQUnRkaDJxay80SThRUlZ0Tk8iLCJtYWMiOiIxOTMyMWFlYzBiOGJiZWU5YjJmOTE5MGY0NTk1OTAyNjkyODc4ZTIxNWQ1YTBiODI2NTFmNzFkNzhjMDEyNWMzIiwidGFnIjoiIn0%3D; expires=Fri, 09 Dec 2022 07:54:42 GMT; Max-Age=7200; path=/; samesite=lax
yredir_session=eyJpdiI6IjB6aUswSDFpMzdheUxXeGlYbWVqQmc9PSIsInZhbHVlIjoiK1Jtbmx4UzdVYjREdTNEd1F4V1RveE4yWnd3c0o3bFZJb3pmMmVYS3V4bjRMUDNXWVovS2tCYUxET0dEN1FBK0NEM0w5YzJyYkdGaytFaEQ5dGJ4MTBJcE9EMHAyWWVvZ2R4VmwrbXF3c1V5Q2s5M2NRcmV4UXc1bmNaWVA5aFAiLCJtYWMiOiIxNWZmZjJhZmE3NWMwZjQ2NjM5OWU0N2IxMDNiNzk5NzJhODM3OGY2ZmE3M2EyNGM0ZWE5YjE5M2ZiOTU1ZGZhIiwidGFnIjoiIn0%3D; expires=Fri, 09 Dec 2022 07:54:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 62508dde40826df770cef115b9eda858
5e7f69398986ba8f4eafd25e90ce43dd31e61edc
d0a541cc67926bcacf1d193723ed0d9d897328c46d7461d02f3881471e0a2c08
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0A541CC67926BCACF1D193723ED0D9D897328C46D7461D02F3881471E0A2C08"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 11:54:43 GMT
Date: Fri, 09 Dec 2022 05:54:43 GMT
Connection: keep-alive
zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
200 OK 3.5 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ba37c521b84f378d88011f5168230f1c
cf78aabcee806abc388993ac60ba45583607fef3
0d61c9d60abed39c039a8d41880a2019eecfd598a551850e957890772e1faf80
Analyzer Verdict Alert fortinet Phishing
GET /t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363 HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Fri, 09 Dec 2022 05:54:43 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
service-worker-allowed: /
cache-control: no-cache, private
x-redir: true
set-cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; expires=Fri, 09 Dec 2022 07:54:43 GMT; Max-Age=7200; path=/; samesite=lax
yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D; expires=Fri, 09 Dec 2022 07:54:43 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-encoding: gzip
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:54:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
code.jquery.com/jquery-1.11.3.min.js
200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.11.3.min.js
IP
File type ASCII text, with very long lines (32038)
Hash 1c8acbf5f411ace3b76578a1fd1a603e
b1bbee9db24d885c25afd2e5a7720e4f79b6b991
e37464521b5447580a641b775ddb258a76f3bc7a3ca5a34eb452b12908b350a9
GET /jquery-1.11.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 05:54:43 GMT
content-encoding: gzip
content-length: 33261
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-176d5"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670565283.dop015.sk1.t,1670565283.cds212.sk1.hn,1670565283.cds216.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:54:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP
File type ASCII text, with very long lines (32072)
Hash d38e2944bbc9ae54b8947a2bd0b9a932
782a825679b248d38979c2d7ecae257873344437
65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32954
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 02:42:30 GMT
expires: Tue, 05 Dec 2023 02:42:30 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 357133
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
IP
Hash 88925c6a793d93e4223febd9d46503a1
bc4f5d7662f938b3c89dcf26f5a0183b4fccb097
e9cc1e7aee4005c9f4782afea1bdfe5ff468e44709fd8437a97781190d471d1e
GET /css?family=Roboto+Condensed%7COpen+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 05:54:43 GMT
date: Fri, 09 Dec 2022 05:54:43 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:54:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/css/style.css
200 OK 25 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/css/style.css
IP
Hash bc84bd3caee9a7b227a5054179477e02
bc1b53ceedb9b91f4d4bec2037126b4d05c20912
d86b239f3ad7fc29593df1655848824493b2299a203c9be2f67adae10f94309e
GET /templates/templates/spin-casino_MASTER/css/style.css HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 21:11:39 GMT
last-modified: Fri, 11 Nov 2022 17:13:57 GMT
etag: "bc84bd3caee9a7b227a5054179477e02"
content-type: text/css
content-length: 25401
x-varnish: 34141884 32442951
age: 117784
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/o/2XXQ6DLP/f9aa6910-7785-11ed-afba-9fcd246c78c4/?push=true
302 Found 818 B URL HTTP/1.1 zd7bc.toconnectoffer.com/o/2XXQ6DLP/f9aa6910-7785-11ed-afba-9fcd246c78c4/?push=true
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (325)
Hash 0eb0b13f14f88c78b83a1e94a76a9171
e65e4f707e8372789bbcf9225bf028cb7725bc06
3805aabfc7db48d53825883900f66bbbfd1c33d30e2cb5474625c16600fb95ea
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/f9aa6910-7785-11ed-afba-9fcd246c78c4/?push=true HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
date: Fri, 09 Dec 2022 05:54:44 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=fadf3ae0-7785-11ed-882b-5788aa4bde05&&push=true
x-redir: true
set-cookie: XSRF-TOKEN=eyJpdiI6ImJzbStySVVJdi9ERzBjMnRyNjI5aEE9PSIsInZhbHVlIjoiUlIvK0NuaTJFQWppcyt4TlNxUVhYeGVwbkR4UVd0M3RyNENmM3hnYjROZlVldDY1eTE3VE9VR0FOd0pkRmhDemppTGkyZGl4TzE1VFFnWGgzTU94MmpoaHNjVGhET1hkTkJtS2VsVHp1VFVoUExJeHhYRDBzZ0JhZzdkVngvVFYiLCJtYWMiOiI2ZWQ0OTljMzAzMDRiNTQzMmM4MTNhYmI3NWE3MjI2NjQyNjdlZGNlNzA0YzUwNTBjMjQ3YzYyMWEwMjY3N2E3IiwidGFnIjoiIn0%3D; expires=Fri, 09 Dec 2022 07:54:44 GMT; Max-Age=7200; path=/; samesite=lax
yredir_session=eyJpdiI6IjE5VFNwbXJwMG1UVGdram9EcjQ2SWc9PSIsInZhbHVlIjoiRUJ3dUhMeXZwSndnQWdOYWpDbWx4ZXkzUCtnQWJqYjVXWS9mcWJYOVRVSHd6RS8yYlc2ZnJJU1E1VmxVTzJzWWN0b0tJOHVkMFIvR04xQ0pDbktDS09OVGNCTDl5R1pvbkhuN1FCVzY1RmtqTVVpVTcyRW9GRjdLY21OUStSRjMiLCJtYWMiOiJhZGUwYjAyNmY2MzQxNDQ3NjJlMzViMjE1ZjNjYTgzODk0ZmM4NmM5ZWExYzUxZWY3NDdjNGUwMzc4ZTMwMzBhIiwidGFnIjoiIn0%3D; expires=Fri, 09 Dec 2022 07:54:44 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/loader.gif
200 OK 2.9 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/loader.gif
IP
File type GIF image data, version 89a, 128 x 15\012- data
Hash 35de537ece3bfee3ab3f7af4c19e2151
9139201df5d36e1b2b9a8a6566683c95a49e0006
2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5
GET /templates/templates/spin-casino_MASTER/images/loader.gif HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 21:11:44 GMT
last-modified: Fri, 11 Nov 2022 17:13:57 GMT
etag: "35de537ece3bfee3ab3f7af4c19e2151"
content-type: image/gif
content-length: 2892
x-varnish: 34141888 32250850
age: 117781
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.digicert.com/
200 OK 279 B IP
Hash 477fc0a8c1eca6eae1d53092c5accec7
95eb7b8d77f557234088d7bf9c3a619815d6b641
585d9b4805f65bf05dbeb48ec17d3b534402ab9c749558486b0c063115fcb313
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1969
Cache-Control: max-age=151042
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:54:44 GMT
Etag: "639270f5-117"
Expires: Sat, 10 Dec 2022 23:52:06 GMT
Last-Modified: Thu, 08 Dec 2022 23:19:17 GMT
Server: ECS (amb/6BC4)
X-Cache: HIT
Content-Length: 279
zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/overlay2.png
200 OK 19 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/overlay2.png
IP
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash 90f8155b00c6e9ec624a12e8a67bd264
fbf3b21af8cc2c2d44879f19f5893dbe696113f1
677aebad5741b57c1a3a51f8a65cd295a7aae1d656958313a882ef199f046418
GET /templates/templates/spin-casino_MASTER/images/overlay2.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 21:11:42 GMT
last-modified: Fri, 11 Nov 2022 17:13:58 GMT
etag: "90f8155b00c6e9ec624a12e8a67bd264"
content-type: image/png
content-length: 18646
x-varnish: 34976968 32507172
age: 117783
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/overlay.png
200 OK 19 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/overlay.png
IP
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash a3f2c95451c2201b26033d755a0164c9
f150487dacf8607e49c31abebaf034e34ef8e8aa
bd03836c50a13a9d0c5868a5656f4112f69909cc52c50ca21de772da164e13a2
GET /templates/templates/spin-casino_MASTER/images/overlay.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 21:11:42 GMT
last-modified: Fri, 11 Nov 2022 17:13:58 GMT
etag: "a3f2c95451c2201b26033d755a0164c9"
content-type: image/png
content-length: 18661
x-varnish: 34824724 32012788
age: 117783
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/spin1.png
200 OK 85 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/spin1.png
IP
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash 827076646858c6cc499ec675c45b147d
4b6bf3459af50ba8db76d31f9dc3876b50a4c5fe
bc50750cd41cbabc77efc8143fb1b210c983a23e5c954b65b02562958b922e63
GET /templates/templates/spin-casino_MASTER/images/spin1.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 21:11:42 GMT
last-modified: Fri, 11 Nov 2022 17:13:58 GMT
etag: "827076646858c6cc499ec675c45b147d"
content-type: image/png
content-length: 85123
x-varnish: 34141889 32474685
age: 117782
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/spin2.png
200 OK 88 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/spin2.png
IP
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash f12f850a9ec2daa0b2dbb07e11252122
012a03ac053a0367ef9cdb76685a77d61f3d8a22
ada8eb4421bf605c058c123aa95bd5e4590b4507c68809f563c921e4db31ea8a
GET /templates/templates/spin-casino_MASTER/images/spin2.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 21:11:43 GMT
last-modified: Fri, 11 Nov 2022 17:13:58 GMT
etag: "f12f850a9ec2daa0b2dbb07e11252122"
content-type: image/png
content-length: 88130
x-varnish: 34724366 32250846
age: 117781
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
200 OK 8.2 kB URL HTTP/2 pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
IP
File type ASCII text, with very long lines (1977), with CRLF line terminators
Hash 71d8f48df28f842599bbb276c36e8e16
9bc4150112a813ac15b49d1e369f724e6a36a577
f10fcd165c69ee76b2224800c5300039ffaa365288e5a28536c0fd925b50d525
GET /javascripts/trackpush-v2-vapid.js?v=1&custom=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 05:54:44 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 2884
last-modified: Fri, 09 Dec 2022 05:06:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H1txNE2pz3Yt8zWs8kP0qKrQZs%2FqcG56Zs0EDP%2BgnW1K9Gcl5pkjGINU4Dvb3crP1XeUHK5j6xBYj4hJ6PHGalLQm6Us6kyv%2B5n5qAqX5%2Bk34CNAy%2BStp75nysTOk5U5M23ObnVAa4jSp607Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776b7ce558f571f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
200 OK 171 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
IP
File type PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size 171 kB (171408 bytes)
Hash 276c26514be610b5c6fa413756b33671
43c532ff2dc2ce6ed8360fc5d05116b222036e4b
453150bf90ff9debe217f3734a4d3cf4bf6ed9017635d4f2d867096132ad4e28
GET /templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImRtT05Ycm4rdnZpOTFXUThxZVhhSWc9PSIsInZhbHVlIjoiaE5EbDU4cGJTQ21ESDVJMWxscEYwTU0zUElyMmJIOEFVdlFIazgxbGpIM1lNTzdSeUF6SUtHcXZRNGlXSjRyaC9mNVR6Y0krblFHMkNVa2tNTll0bzJ0a0ZRazJ2THBwcmhITEF5QjdoaXBaaUt1YXhUMEtuR1hXSnAya0NpaUQiLCJtYWMiOiI2MGUzYzA1NDFlYmU0YzExOTI0YTI1YWUyMGI3Mzc2NmZkMTMzODFkNzkwOTg5ZGEwMThkNjcwYzRkZTJhMWU5IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjIwc2lHMCt0TWhZeVBJRitwZHJFTnc9PSIsInZhbHVlIjoiRGh0dEx5V0dsZ0tjWmNVUXB2czZycWtYbzk5VFgvOHp1TEJlclBHTzZlV25ORzBsWEdURFl6d0dxczRnRFZDWE41S3lkTXRGZy9zbUh0SGd4TXhjM3IvWGdSOUJDTFhUUTF6VTlYQ0xQSUN1NDRsbGhGSFIzazA3TlMwU25lU20iLCJtYWMiOiI3MzRmMzI5ZTViNWZjMTU4YjBmNGZmZTAxNzg0ZTBiMzM4ODFjNjU1MmExYjMzMGFiYmUxMzQ2NzkwMWZkMmMyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 21:15:20 GMT
last-modified: Fri, 11 Nov 2022 17:13:57 GMT
etag: "276c26514be610b5c6fa413756b33671"
content-type: image/png
content-length: 171408
x-varnish: 34762421 32507673
age: 117565
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:54:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zd7bc.toconnectoffer.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 15:42:33 GMT
expires: Wed, 06 Dec 2023 15:42:33 GMT
cache-control: public, max-age=31536000
age: 223931
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:54:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=fadf3ae0-7785-11ed-882b-5788aa4bde05&&push=true
200 OK 24 kB URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=fadf3ae0-7785-11ed-882b-5788aa4bde05&&push=true
IP
File type ASCII text, with CRLF line terminators
Hash 05cd73aee80940f79644eb49cfa549f3
7956bcb31511834b0432f7930aa714ff79fd21f7
66cdefc201745e2ca30dd32db8a542aef84ffed976f9ca8cd2090ed2ae6cc55e
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=fadf3ae0-7785-11ed-882b-5788aa4bde05&&push=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zd7bc.toconnectoffer.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 05:54:44 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Fri, 09 Dec 2022 05:54:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bK3TjL2OtliTEGoPUy%2BoemV%2BTo7N8b3QIjz2BKXbGD0H7KR2zvEV0Pe%2F54P%2BPWN3hxpBRX9M4w6AaPJG9GqNQNUt0jz5ZILSQj0gDDq1VESrmEchcfPiWSpNfJIop5g0Eqw39GFJZqIgdRDBTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776b7ce3782d71f8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zd7bc.toconnectoffer.com/_common/js/service-workers/neptuneads/service-worker.js
200 OK 90 B URL HTTP/1.1 zd7bc.toconnectoffer.com/_common/js/service-workers/neptuneads/service-worker.js
IP
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImJzbStySVVJdi9ERzBjMnRyNjI5aEE9PSIsInZhbHVlIjoiUlIvK0NuaTJFQWppcyt4TlNxUVhYeGVwbkR4UVd0M3RyNENmM3hnYjROZlVldDY1eTE3VE9VR0FOd0pkRmhDemppTGkyZGl4TzE1VFFnWGgzTU94MmpoaHNjVGhET1hkTkJtS2VsVHp1VFVoUExJeHhYRDBzZ0JhZzdkVngvVFYiLCJtYWMiOiI2ZWQ0OTljMzAzMDRiNTQzMmM4MTNhYmI3NWE3MjI2NjQyNjdlZGNlNzA0YzUwNTBjMjQ3YzYyMWEwMjY3N2E3IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjE5VFNwbXJwMG1UVGdram9EcjQ2SWc9PSIsInZhbHVlIjoiRUJ3dUhMeXZwSndnQWdOYWpDbWx4ZXkzUCtnQWJqYjVXWS9mcWJYOVRVSHd6RS8yYlc2ZnJJU1E1VmxVTzJzWWN0b0tJOHVkMFIvR04xQ0pDbktDS09OVGNCTDl5R1pvbkhuN1FCVzY1RmtqTVVpVTcyRW9GRjdLY21OUStSRjMiLCJtYWMiOiJhZGUwYjAyNmY2MzQxNDQ3NjJlMzViMjE1ZjNjYTgzODk0ZmM4NmM5ZWExYzUxZWY3NDdjNGUwMzc4ZTMwMzBhIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=2b3a0f42-51f9-47db-b015-eef7ae63c658
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 21:11:15 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 34141893 32123898
age: 117810
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/favicon.ico
403 Forbidden 243 B URL HTTP/1.1 zd7bc.toconnectoffer.com/favicon.ico
IP
File type XML 1.0 document text\012- XML document, ASCII text
Hash 8f5d3df8d1dbbe947679059c6592c279
f0f8e74667045a7fad0e467672510328b52b519c
8c4d7015d1a4288e74adb0115c03aa60085a59c8f0c330db85e6ed5000270163
GET /favicon.ico HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zd7bc.toconnectoffer.com/t/8f0d93c8664e/f9aa6910-7785-11ed-afba-9fcd246c78c4/f9cbaee0-7785-11ed-8672-d5026dea1363
Cookie: XSRF-TOKEN=eyJpdiI6ImJzbStySVVJdi9ERzBjMnRyNjI5aEE9PSIsInZhbHVlIjoiUlIvK0NuaTJFQWppcyt4TlNxUVhYeGVwbkR4UVd0M3RyNENmM3hnYjROZlVldDY1eTE3VE9VR0FOd0pkRmhDemppTGkyZGl4TzE1VFFnWGgzTU94MmpoaHNjVGhET1hkTkJtS2VsVHp1VFVoUExJeHhYRDBzZ0JhZzdkVngvVFYiLCJtYWMiOiI2ZWQ0OTljMzAzMDRiNTQzMmM4MTNhYmI3NWE3MjI2NjQyNjdlZGNlNzA0YzUwNTBjMjQ3YzYyMWEwMjY3N2E3IiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6IjE5VFNwbXJwMG1UVGdram9EcjQ2SWc9PSIsInZhbHVlIjoiRUJ3dUhMeXZwSndnQWdOYWpDbWx4ZXkzUCtnQWJqYjVXWS9mcWJYOVRVSHd6RS8yYlc2ZnJJU1E1VmxVTzJzWWN0b0tJOHVkMFIvR04xQ0pDbktDS09OVGNCTDl5R1pvbkhuN1FCVzY1RmtqTVVpVTcyRW9GRjdLY21OUStSRjMiLCJtYWMiOiJhZGUwYjAyNmY2MzQxNDQ3NjJlMzViMjE1ZjNjYTgzODk0ZmM4NmM5ZWExYzUxZWY3NDdjNGUwMzc4ZTMwMzBhIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=2b3a0f42-51f9-47db-b015-eef7ae63c658
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Mon, 05 Dec 2022 15:54:16 GMT
x-varnish: 34976969 26725546
age: 309628
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
34.96.118.183
93.184.220.29
95.101.11.115