ss.ddirectofrs.click/go/919a743e-298b-439c-b410-d1e3a5d7ff6e
3.70.16.242302 Found 1.0 kB URL HTTP/1.1 ss.ddirectofrs.click/go/919a743e-298b-439c-b410-d1e3a5d7ff6e
IP 3.70.16.242:0
File type HTML document, ASCII text, with very long lines (1006), with no line terminators
Hash 485138c9c16da7b84dd52ea0f803a54c
d1ce409d8b7d3a5f045cc3a75112f57d074ed832
864bf86d9de3aa815cc674647df674fabcbb2a7bade2bac6213771820457d466
Analyzer Verdict Alert fortinet Phishing
GET /go/919a743e-298b-439c-b410-d1e3a5d7ff6e HTTP/1.1
Host: ss.ddirectofrs.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: openresty
Date: Sat, 04 Feb 2023 18:57:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1006
Connection: keep-alive
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
Access-Control-Allow-Origin: *
Location: https://us.psmareks.click/uslw/1/?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=47208216-5574-4249-adf9-afd0e21e8ba8&osv=Windows%2010.0&isp=Firefox&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%3D%3D&td=ss.ddirectofrs.click&bemobdata=c%3D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%3D47208216-5574-4249-adf9-afd0e21e8ba8..a%3D0..b%3D0
Set-Cookie: bemob-uniq-visit:919a743e-298b-439c-b410-d1e3a5d7ff6e=1; Domain=ss.ddirectofrs.click; Path=/; Expires=Sun, 05 Feb 2023 18:57:05 GMT; HttpOnly
bemob-rotation:919a743e-298b-439c-b410-d1e3a5d7ff6e:random:f5459e2caf335738160bc41e85012c09=0-0-2; Domain=ss.ddirectofrs.click; Path=/; Expires=Sun, 05 Feb 2023 18:57:05 GMT; HttpOnly
bemob-track-url=https%3A%2F%2Fus.psmareks.click%2Fuslw%2F1%2F%3Fts%3D08e29a07-b84a-41cf-a9c0-1cb114072fbc%26camp%3D%26zone%3D%26landid%3D47208216-5574-4249-adf9-afd0e21e8ba8%26osv%3DWindows%252010.0%26isp%3DFirefox%26tid%3D08e29a07-b84a-41cf-a9c0-1cb114072fbc%26key%3DeyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%253D%253D%26td%3Dss.ddirectofrs.click%26bemobdata%3Dc%253D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%253D47208216-5574-4249-adf9-afd0e21e8ba8..a%253D0..b%253D0; Domain=ss.ddirectofrs.click; Path=/; Expires=Sun, 05 Feb 2023 18:57:05 GMT; HttpOnly
Vary: Accept
X-Response-Time: 32.101ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13833
Expires: Sat, 04 Feb 2023 22:47:38 GMT
Date: Sat, 04 Feb 2023 18:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10700
Expires: Sat, 04 Feb 2023 21:55:25 GMT
Date: Sat, 04 Feb 2023 18:57:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 18:43:38 GMT
content-type: application/json
age: 807
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21524
Expires: Sun, 05 Feb 2023 00:55:49 GMT
Date: Sat, 04 Feb 2023 18:57:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zb9PaJafMGcNP4X9Q7DO1eDk39lmg6Glepx1XsuEsyewyft1Widi96WUq0zLCUIEfFBJPvbq32I=
x-amz-request-id: YJQ97TQXWFD9KPX8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 18:52:56 GMT
age: 249
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 18:57:05 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
us.psmareks.click/uslw/1/?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=47208216-5574-4249-adf9-afd0e21e8ba8&osv=Windows%2010.0&isp=Firefox&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%3D%3D&td=ss.ddirectofrs.click&bemobdata=c%3D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%3D47208216-5574-4249-adf9-afd0e21e8ba8..a%3D0..b%3D0
143.198.123.224302 Found 0 B URL HTTP/2 us.psmareks.click/uslw/1/?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=47208216-5574-4249-adf9-afd0e21e8ba8&osv=Windows%2010.0&isp=Firefox&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%3D%3D&td=ss.ddirectofrs.click&bemobdata=c%3D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%3D47208216-5574-4249-adf9-afd0e21e8ba8..a%3D0..b%3D0
IP 143.198.123.224:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uslw/1/?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=47208216-5574-4249-adf9-afd0e21e8ba8&osv=Windows%2010.0&isp=Firefox&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%3D%3D&td=ss.ddirectofrs.click&bemobdata=c%3D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%3D47208216-5574-4249-adf9-afd0e21e8ba8..a%3D0..b%3D0 HTTP/1.1
Host: us.psmareks.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sat, 04 Feb 2023 18:57:05 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://7ktpj.bemobtracks.com/go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=47208216-5574-4249-adf9-afd0e21e8ba8&osv=Windows%2010.0&isp=Firefox&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%3D%3D&td=ss.ddirectofrs.click&bemobdata=c%3D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%3D47208216-5574-4249-adf9-afd0e21e8ba8..a%3D0..b%3D0
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 18:07:19 GMT
age: 2986
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d83fff8b387b2f8e71ccbbeb2780db04
cf4acae387f82098ee45ab9581a2b5f33bd8885c
c9fa3d16c3e395d53b00e8034fdc179536276484e3dfa1078d3c8e8fe991d1be
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9FA3D16C3E395D53B00E8034FDC179536276484E3DFA1078D3C8E8FE991D1BE"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 05 Feb 2023 00:57:05 GMT
Date: Sat, 04 Feb 2023 18:57:05 GMT
Connection: keep-alive
7ktpj.bemobtracks.com/go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=47208216-5574-4249-adf9-afd0e21e8ba8&osv=Windows%2010.0&isp=Firefox&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%3D%3D&td=ss.ddirectofrs.click&bemobdata=c%3D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%3D47208216-5574-4249-adf9-afd0e21e8ba8..a%3D0..b%3D0
3.70.16.242302 Found 238 B URL HTTP/2 7ktpj.bemobtracks.com/go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=47208216-5574-4249-adf9-afd0e21e8ba8&osv=Windows%2010.0&isp=Firefox&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%3D%3D&td=ss.ddirectofrs.click&bemobdata=c%3D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%3D47208216-5574-4249-adf9-afd0e21e8ba8..a%3D0..b%3D0
IP 3.70.16.242:0
File type HTML document, ASCII text, with no line terminators
Hash 049e67acd60d2f32854e87d1eb0d53b3
43eb626d715fd740714c88edb4c3496de918d95b
09b3778e2dc43fd2323170f7bda6b5fe39ea6bdba5e5dd2c398a5cfd8c0b8b9f
GET /go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=47208216-5574-4249-adf9-afd0e21e8ba8&osv=Windows%2010.0&isp=Firefox&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTM3MDI1IiwiaGFzaCI6IjU2YTNkYjVlNzRkMjA2M2Y0YjU4MmM5NGVmNjUyZTM5ZmU5YjZlMmIifQ%3D%3D&td=ss.ddirectofrs.click&bemobdata=c%3D919a743e-298b-439c-b410-d1e3a5d7ff6e..l%3D47208216-5574-4249-adf9-afd0e21e8ba8..a%3D0..b%3D0 HTTP/1.1
Host: 7ktpj.bemobtracks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: openresty
date: Sat, 04 Feb 2023 18:57:06 GMT
content-type: text/html; charset=utf-8
content-length: 238
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
location: https://cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=PiGyGCDTWByxweyd2o785e
set-cookie: bemob-uniq-visit:75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3=1; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Sun, 05 Feb 2023 18:57:05 GMT; HttpOnly; Secure; SameSite=None
bemob-rotation:75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3:random:e59840d95b1a632cb6ff2b38396af467=0-0-5; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Sun, 05 Feb 2023 18:57:05 GMT; HttpOnly; Secure; SameSite=None
bemob-click-id=PiGyGCDTWByxweyd2o785e; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Sun, 05 Feb 2023 18:57:06 GMT; HttpOnly; Secure; SameSite=None
vary: Accept
x-response-time: 14.321ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10862
Expires: Sat, 04 Feb 2023 21:58:08 GMT
Date: Sat, 04 Feb 2023 18:57:06 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash fa84d26ddc9e2cf6ec128a12fafb4e7a
07750496708cf74655cdac3c319b4c4131051eb2
1d2f8e4f1838a4eab0833104d05bc4bc7ea34f0e5c4da203292d62f6f1857be0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=91574
Date: Sat, 04 Feb 2023 18:57:06 GMT
Etag: "63dd625a-1d7"
Expires: Sun, 05 Feb 2023 20:23:20 GMT
Last-Modified: Fri, 03 Feb 2023 19:36:58 GMT
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RjuyVFa8sLboIX2w-hj1uil8II29ybDQ4ZNQ2G2MOI_C8UU7MdHt5w==
Age: 2782
push.services.mozilla.com/
35.160.45.85101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.45.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: n6UzZ4zjHRbabD0N1CbdBw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5PwB4ZSp3hmvXdKvjmXJlKAhFsE=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ca48fe3f4b906619f2023ba7e57cc12
56cd653988ae3c4a352743b0fa11ae991f550e60
cd75b994b7cdb9a0c02e292f639f5f40471ad33af2c5aab589be6db72fd045df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CD75B994B7CDB9A0C02E292F639F5F40471AD33AF2C5AAB589BE6DB72FD045DF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6146
Expires: Sat, 04 Feb 2023 20:39:33 GMT
Date: Sat, 04 Feb 2023 18:57:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8885
Expires: Sat, 04 Feb 2023 21:25:12 GMT
Date: Sat, 04 Feb 2023 18:57:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8885
Expires: Sat, 04 Feb 2023 21:25:12 GMT
Date: Sat, 04 Feb 2023 18:57:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8885
Expires: Sat, 04 Feb 2023 21:25:12 GMT
Date: Sat, 04 Feb 2023 18:57:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 66984
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 76143
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 74794
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 74806
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 114e345e134986d7451148fcea31b29d
541e878afee68c8802bb52b0cbbe5a5a0a185392
5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8211
x-amzn-requestid: 6a1fd567-b34d-4787-aa05-5b7db3fc51c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fflRBHU4IAMFnsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61c06-2d1ec3206d2ebeb4780a84b4;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:11:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUloQ6xaRWpnvMRh7kFvFIWhFotmILLZHfD_YK01RmrQ2vmYKVh46w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 03:08:59 GMT
age: 56888
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 74795
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ujn.nowsubmission.com//?kw=43588&s1=0c536f4c889246af8ab4b5586b5a14491e1bf&s2=
179.61.143.121302 Found 718 B URL HTTP/1.1 ujn.nowsubmission.com//?kw=43588&s1=0c536f4c889246af8ab4b5586b5a14491e1bf&s2=
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e4f27c345a895ac5d9706a483262fafe
35029593ef3407d6e422ff5de4bdc130ffe0b933
a75e3b5bb5822f16f0bc2f82064c46a0f1cb81d85991d65f40060f8faf274ab0
GET //?kw=43588&s1=0c536f4c889246af8ab4b5586b5a14491e1bf&s2= HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
date: Sat, 04 Feb 2023 18:57:08 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
x-redir: true
set-cookie: yredir_session=eyJpdiI6IlNxTGVqdVkrVDRsOWptTnZXYmNKa1E9PSIsInZhbHVlIjoiMjE4TnhXOCtFc0VhbXNTT3Z5dXJoUFVBTFVJZTZXNzZnMDhrNFMxYWwrelZtRjVJTWR5eG55RTBFQkNDWXBTRmI4MzZrajVObnNqTUZEUk9SRFhRTzcwSXZLaWhKR29XM1lkUWVweThteHlMNHpZeTlwVE1GOVNxa2I2UXkyd28iLCJtYWMiOiJlOTU3MjlkMmQwMzk2ZjJiMjVjMjY0OTM2M2QyNzhlOWQ0N2IwYjYyOTNiNTA1MWNkMjE0YzRlNGQ0NjY2MGRhIiwidGFnIjoiIn0%3D; expires=Sat, 04 Feb 2023 20:57:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
179.61.143.121200 OK 3.5 kB URL HTTP/1.1 ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 74ae62739d2d9b5a3b166d5282007673
3f2ac662c51cc31a96b46d2e92469c87c5c2737e
7b704b89e8d4b6c352ee53358cd1db85b3a472c176f6ddce1c47e180a4fb56c6
Analyzer Verdict Alert fortinet Phishing
GET /t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953 HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlNxTGVqdVkrVDRsOWptTnZXYmNKa1E9PSIsInZhbHVlIjoiMjE4TnhXOCtFc0VhbXNTT3Z5dXJoUFVBTFVJZTZXNzZnMDhrNFMxYWwrelZtRjVJTWR5eG55RTBFQkNDWXBTRmI4MzZrajVObnNqTUZEUk9SRFhRTzcwSXZLaWhKR29XM1lkUWVweThteHlMNHpZeTlwVE1GOVNxa2I2UXkyd28iLCJtYWMiOiJlOTU3MjlkMmQwMzk2ZjJiMjVjMjY0OTM2M2QyNzhlOWQ0N2IwYjYyOTNiNTA1MWNkMjE0YzRlNGQ0NjY2MGRhIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Sat, 04 Feb 2023 18:57:08 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
service-worker-allowed: /
cache-control: no-cache, private
x-redir: true
set-cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D; expires=Sat, 04 Feb 2023 20:57:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-encoding: gzip
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 18:57:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 18:57:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
code.jquery.com/jquery-1.11.3.min.js
69.16.175.10200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.11.3.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32038)
Hash 1c8acbf5f411ace3b76578a1fd1a603e
b1bbee9db24d885c25afd2e5a7720e4f79b6b991
e37464521b5447580a641b775ddb258a76f3bc7a3ca5a34eb452b12908b350a9
GET /jquery-1.11.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 18:57:09 GMT
content-encoding: gzip
content-length: 33261
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-176d5"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675537029.dop013.sk1.t,1675537029.cds255.sk1.hn,1675537029.cds216.sk1.c
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
142.250.74.138200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32072)
Hash d38e2944bbc9ae54b8947a2bd0b9a932
782a825679b248d38979c2d7ecae257873344437
65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32954
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 15:56:41 GMT
expires: Sat, 03 Feb 2024 15:56:41 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 97228
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 18:57:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
142.250.74.138200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
IP 142.250.74.138:0
Hash 11ceae8e5b6d4ff8959fc9b085fe17b8
97f149f0ab562b18f655bf15d386501b8b4a079a
3d54bd9e9ae703cc025156e042b2126014c6af50d0e7e2196b369d280f889288
GET /css?family=Roboto+Condensed%7COpen+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 18:57:09 GMT
date: Sat, 04 Feb 2023 18:57:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
179.61.143.121200 OK 25 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
Hash bc84bd3caee9a7b227a5054179477e02
bc1b53ceedb9b91f4d4bec2037126b4d05c20912
d86b239f3ad7fc29593df1655848824493b2299a203c9be2f67adae10f94309e
GET /templates/templates/spin-casino_MASTER/css/style.css HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "bc84bd3caee9a7b227a5054179477e02"
content-type: text/css
content-length: 25401
x-varnish: 4699901 65539
age: 421496
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/o/2XXQ6DLP/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/?push=true
179.61.143.121302 Found 818 B URL HTTP/1.1 ujn.nowsubmission.com/o/2XXQ6DLP/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/?push=true
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (325)
Hash d4978e7af23da1bc6e3d0bfb11940ded
569ede74989c21aec283da7c5e4dbb84bd3f84c1
81d79f3a624af092530c3402549ee73a742f9029498dc3f4a5fadb25cc7a2f0e
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/?push=true HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
date: Sat, 04 Feb 2023 18:57:09 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=b9f34b74-a4bd-11ed-8288-cdcc4b9fb03e&&push=true
x-redir: true
set-cookie: yredir_session=eyJpdiI6Imd4Zmc0MXVjNXI4QU1CRFREZ2ttMnc9PSIsInZhbHVlIjoiRE1sWDcrcEdtSjQ5YmltRlA5UnpxUWJkL28rVVJUdnR2bFlianBMNEV3TmJGNnpKeERQSUp6czl3dnN0TDc1K2NuNVRqRVRLVmhSNFdhODdDcEk1NDRBM1hoQUNmZlBSazcrclRsREM4ai91bnlpZHdQK2Z3STh5WGFoNm9nTHIiLCJtYWMiOiIyNGEwNGQyYzUwNWFjZjUyNTNhYzZmYjBmOGVjMmIwNjNkYmU3NmU5NmVjZjg4MzAwZDg5Y2I1NjY5MDg5NGYyIiwidGFnIjoiIn0%3D; expires=Sat, 04 Feb 2023 20:57:09 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a8ddfafa8e20eb3ef5461a778b3ea745
311d84563825372456a8ffd7e6d92fc11d70aecb
aaad42520cd4dbffe26c673ea69df6fb47e76ef381bd18d74f3ec7ac05af0748
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3847
Cache-Control: max-age=105974
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 18:57:09 GMT
Etag: "63dd9674-118"
Expires: Mon, 06 Feb 2023 00:23:23 GMT
Last-Modified: Fri, 03 Feb 2023 23:19:16 GMT
Server: ECS (amb/6BAE)
X-Cache: HIT
Content-Length: 280
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/loader.gif
179.61.143.121200 OK 2.9 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/loader.gif
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type GIF image data, version 89a, 128 x 15\012- data
Hash 35de537ece3bfee3ab3f7af4c19e2151
9139201df5d36e1b2b9a8a6566683c95a49e0006
2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5
GET /templates/templates/spin-casino_MASTER/images/loader.gif HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "35de537ece3bfee3ab3f7af4c19e2151"
content-type: image/gif
content-length: 2892
x-varnish: 4415242 131077
age: 421496
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay.png
179.61.143.121200 OK 19 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash a3f2c95451c2201b26033d755a0164c9
f150487dacf8607e49c31abebaf034e34ef8e8aa
bd03836c50a13a9d0c5868a5656f4112f69909cc52c50ca21de772da164e13a2
GET /templates/templates/spin-casino_MASTER/images/overlay.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "a3f2c95451c2201b26033d755a0164c9"
content-type: image/png
content-length: 18661
x-varnish: 4633923 6
age: 421497
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay2.png
179.61.143.121200 OK 19 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay2.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash 90f8155b00c6e9ec624a12e8a67bd264
fbf3b21af8cc2c2d44879f19f5893dbe696113f1
677aebad5741b57c1a3a51f8a65cd295a7aae1d656958313a882ef199f046418
GET /templates/templates/spin-casino_MASTER/images/overlay2.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "90f8155b00c6e9ec624a12e8a67bd264"
content-type: image/png
content-length: 18646
x-varnish: 4699905 98306
age: 421497
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin1.png
179.61.143.121200 OK 85 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin1.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash 827076646858c6cc499ec675c45b147d
4b6bf3459af50ba8db76d31f9dc3876b50a4c5fe
bc50750cd41cbabc77efc8143fb1b210c983a23e5c954b65b02562958b922e63
GET /templates/templates/spin-casino_MASTER/images/spin1.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "827076646858c6cc499ec675c45b147d"
content-type: image/png
content-length: 85123
x-varnish: 4172981 131074
age: 421496
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a8ddfafa8e20eb3ef5461a778b3ea745
311d84563825372456a8ffd7e6d92fc11d70aecb
aaad42520cd4dbffe26c673ea69df6fb47e76ef381bd18d74f3ec7ac05af0748
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3847
Cache-Control: max-age=105974
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 18:57:09 GMT
Etag: "63dd9674-118"
Expires: Mon, 06 Feb 2023 00:23:23 GMT
Last-Modified: Fri, 03 Feb 2023 23:19:16 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin2.png
179.61.143.121200 OK 88 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin2.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash f12f850a9ec2daa0b2dbb07e11252122
012a03ac053a0367ef9cdb76685a77d61f3d8a22
ada8eb4421bf605c058c123aa95bd5e4590b4507c68809f563c921e4db31ea8a
GET /templates/templates/spin-casino_MASTER/images/spin2.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "f12f850a9ec2daa0b2dbb07e11252122"
content-type: image/png
content-length: 88130
x-varnish: 4885781 32774
age: 421496
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 18:57:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
179.61.143.121200 OK 171 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size 171 kB (171408 bytes)
Hash 276c26514be610b5c6fa413756b33671
43c532ff2dc2ce6ed8360fc5d05116b222036e4b
453150bf90ff9debe217f3734a4d3cf4bf6ed9017635d4f2d867096132ad4e28
GET /templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6IlIxZC85STZxa3pROFdpV0M0OVk2cUE9PSIsInZhbHVlIjoiVGIrVStEYXBTZm4wYnJJd0ZISGxlSHZrWS9rQ3VPNm5QTGVZcUpJTUNXaW5nc3U5M1A4Q1kvTldCc05DTXo2NDhvZTdxQlA5ckZac3ZPVjlldU9YOFlhZC96UzU1UXdsVXRTdFhtZUNpLytiWktzV0xJOUFtblhKYlVlT1c3NlkiLCJtYWMiOiIzNDc3ZTZkMWQwMGEyOTI0NTBiMTZmOGRhM2YxZTFmOWNlZDAyMjk3MmI3MmU3NjQ0OGJlOTdhOTgwMjg1M2ExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 23:43:15 GMT
last-modified: Mon, 30 Jan 2023 22:01:35 GMT
etag: "276c26514be610b5c6fa413756b33671"
content-type: image/png
content-length: 171408
x-varnish: 4822559 399171
age: 414835
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ujn.nowsubmission.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 01:03:45 GMT
expires: Fri, 02 Feb 2024 01:03:45 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
age: 237204
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif
179.61.143.121200 OK 23 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type GIF image data, version 89a, 500 x 150\012- data
Hash f79f189bde401dfac7723f7c963d0ef8
83530e9d6248767d661c4996c14414621c857ed6
bdc936e847facab60f4b4a9153dc8145ebccdeca49becc4cd684e007cd0459ca
GET /templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
Cookie: yredir_session=eyJpdiI6Imd4Zmc0MXVjNXI4QU1CRFREZ2ttMnc9PSIsInZhbHVlIjoiRE1sWDcrcEdtSjQ5YmltRlA5UnpxUWJkL28rVVJUdnR2bFlianBMNEV3TmJGNnpKeERQSUp6czl3dnN0TDc1K2NuNVRqRVRLVmhSNFdhODdDcEk1NDRBM1hoQUNmZlBSazcrclRsREM4ai91bnlpZHdQK2Z3STh5WGFoNm9nTHIiLCJtYWMiOiIyNGEwNGQyYzUwNWFjZjUyNTNhYzZmYjBmOGVjMmIwNjNkYmU3NmU5NmVjZjg4MzAwZDg5Y2I1NjY5MDg5NGYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:14 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "f79f189bde401dfac7723f7c963d0ef8"
content-type: image/gif
content-length: 23095
x-varnish: 4172986 163843
age: 421496
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 18:57:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
179.61.143.121200 OK 90 B URL HTTP/1.1 ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6Imd4Zmc0MXVjNXI4QU1CRFREZ2ttMnc9PSIsInZhbHVlIjoiRE1sWDcrcEdtSjQ5YmltRlA5UnpxUWJkL28rVVJUdnR2bFlianBMNEV3TmJGNnpKeERQSUp6czl3dnN0TDc1K2NuNVRqRVRLVmhSNFdhODdDcEk1NDRBM1hoQUNmZlBSazcrclRsREM4ai91bnlpZHdQK2Z3STh5WGFoNm9nTHIiLCJtYWMiOiIyNGEwNGQyYzUwNWFjZjUyNTNhYzZmYjBmOGVjMmIwNjNkYmU3NmU5NmVjZjg4MzAwZDg5Y2I1NjY5MDg5NGYyIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=67cc4eb1-a585-f877-73f5-3329ea0df85c
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 4699910 8
age: 421497
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/favicon.ico
179.61.143.121403 Forbidden 243 B URL HTTP/1.1 ujn.nowsubmission.com/favicon.ico
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type XML 1.0 document text\012- XML document, ASCII text
Hash f32f16b6b8675138da65d215cde75d7f
4d4b92e9af571e5781f6683cdee06e95fbc80fba
ef05fab47ab573c0c0736f0dfc33352ac33ef6eada75b7f4bbd9e3119a0cc029
GET /favicon.ico HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/b9824834-a4bd-11ed-8f69-a9ff2ee2af87/b986409c-a4bd-11ed-b108-d387536e6953
Cookie: yredir_session=eyJpdiI6Imd4Zmc0MXVjNXI4QU1CRFREZ2ttMnc9PSIsInZhbHVlIjoiRE1sWDcrcEdtSjQ5YmltRlA5UnpxUWJkL28rVVJUdnR2bFlianBMNEV3TmJGNnpKeERQSUp6czl3dnN0TDc1K2NuNVRqRVRLVmhSNFdhODdDcEk1NDRBM1hoQUNmZlBSazcrclRsREM4ai91bnlpZHdQK2Z3STh5WGFoNm9nTHIiLCJtYWMiOiIyNGEwNGQyYzUwNWFjZjUyNTNhYzZmYjBmOGVjMmIwNjNkYmU3NmU5NmVjZjg4MzAwZDg5Y2I1NjY5MDg5NGYyIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=67cc4eb1-a585-f877-73f5-3329ea0df85c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Mon, 30 Jan 2023 21:52:12 GMT
x-varnish: 4172987 163845
age: 421496
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=PiGyGCDTWByxweyd2o785e
63.34.237.166302 Found 0 B URL HTTP/2 cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=PiGyGCDTWByxweyd2o785e
IP 63.34.237.166:0
GET /?a=43588&c=318080&co=91932&mt=18&s2=PiGyGCDTWByxweyd2o785e HTTP/1.1
Host: cddtsecure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 04 Feb 2023 18:57:06 GMT
content-type: text/html;charset=ISO-8859-1
location: https://ujn.nowsubmission.com//?kw=43588&s1=0c536f4c889246af8ab4b5586b5a14491e1bf&s2=
server: nginx
set-cookie: gdm_sid_v1_3_001=Bg8NqtxUzeP6opsui2eXmA/5VwaUughkg1PmSM4+gt+wfR1czlDX/1C8eGHRDIb1EF8hIoKmr9RCyvNZBbRZUhVT9bkU917lkCmv8uhXmQeSoKBkwL6rDBwg9/26WBNYCEyDBXPzS7QbJ6OvdQen57k5w5YiOIyL0sG8xfgaDoosYzsbdNwI0DoPcOorgY6pOKd3UzginLh1ISjXuhxomDHUA6cECuE2vADNMQUN6zIlleY9C66eeQGPE3yPs5rA/2SrtaY4PPLCxxjBbT9YdcgzkPkt0iZr2C9Q7bHTmbxiu4XyandBoeP0iHFneagIdU8l8FWXPLmGHX8SfZ0dOxvYrqr6+gDqw31zOofWY3oWRoXAmPDMtY1WMTdLVLnpfiinj0tTIXS+Ys039G6SemM5KN0TX727+xtCN6YYtEEmPEob2TMvRsl9Ibom/waBHoYiQYkwKQwIjk8N0edxr0EjDoL8saSbVp/yOImMdV9mlPGn//O7O3it6CuJAeYj9+MejGtELQJNYeVsezTica/2aeJ9L+eT8NsqVQyEjcJJuLd/f9yHFQfStyaukqhAln7oayulRIxmFAeH/ZJg6j1JcWp07eQcScLr8tD6d1h/9BAm6ZcAPqHp4wrXq72Q6lFVBytOuTExyWKLKT5EuxzrKj0iIvdayDCFGFM6r77orhGxZNCwGBBpWQSpqyibAVWz+ej333QuoKRnjTMcsLjSJGAntvdqGvb0MUnZCp/klWHpDVFvihqWRpe+CAdIa/15a+D++swUlS/yysNJ3eJxhTPgjRhitoaNfgCHhHds2irtY4iPwqdhMlR7ALH5Y0U6a0otm4DuGQlCTmAMU2qf5OW8xot2F4Hj+zdIpoPKJ4nmSA2UsgxyVLGfeYl2PG5cT2IqvFIUMIAgqjM7Bt02zrgv19lom6LM2c4Bu2eRw272z/EkhVVKU0VMKNG5/Ar057k1duM2KBd0+3UVbFpNJuU+Ivho66VPRxby85IyfjLNr/TRGnC2K/ZOBp3ZCGjCsnnrZ/XsrVAZ7nzthQ==; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:06 GMT; Path=/
gdm_uid_v1_1_001=CjliS/FyQLBGpgJoCfCLMJ+/ujbRMyullnkiefJmOrUEwjenAtddePuu/sYkSf5i; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:06 GMT; Path=/
gdm_click_adv_freq_v1_1_001=B6XtSNf0/Fok3GcB4BTdMhe6kY4jHuCFdD1DdA32F1FgB/Xh1TWgWra2nTN88RGW; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:06 GMT; Path=/
gdm_click_freq_v1_1_001=bfK8z5UDo04kDjzc8YCbxm/z4TiuBOiWSNDKDKAv52ZI4V1b1HAGYA0TS3yO1gEZ; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:06 GMT; Path=/
gdm_click_freq_v2_1_001=bfK8z5UDo04kDjzc8YCbxm/z4TiuBOiWSNDKDKAv52ZI4V1b1HAGYA0TS3yO1gEZ; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:05 GMT; Path=/; Secure; SameSite=None
gdm_sid_v2_3_001=Bg8NqtxUzeP6opsui2eXmA/5VwaUughkg1PmSM4+gt+wfR1czlDX/1C8eGHRDIb1EF8hIoKmr9RCyvNZBbRZUhVT9bkU917lkCmv8uhXmQeSoKBkwL6rDBwg9/26WBNYCEyDBXPzS7QbJ6OvdQen57k5w5YiOIyL0sG8xfgaDoosYzsbdNwI0DoPcOorgY6pOKd3UzginLh1ISjXuhxomDHUA6cECuE2vADNMQUN6zIlleY9C66eeQGPE3yPs5rA/2SrtaY4PPLCxxjBbT9YdcgzkPkt0iZr2C9Q7bHTmbxiu4XyandBoeP0iHFneagIdU8l8FWXPLmGHX8SfZ0dOxvYrqr6+gDqw31zOofWY3oWRoXAmPDMtY1WMTdLVLnpfiinj0tTIXS+Ys039G6SemM5KN0TX727+xtCN6YYtEEmPEob2TMvRsl9Ibom/waBHoYiQYkwKQwIjk8N0edxr0EjDoL8saSbVp/yOImMdV9mlPGn//O7O3it6CuJAeYj9+MejGtELQJNYeVsezTica/2aeJ9L+eT8NsqVQyEjcJJuLd/f9yHFQfStyaukqhAln7oayulRIxmFAeH/ZJg6j1JcWp07eQcScLr8tD6d1h/9BAm6ZcAPqHp4wrXq72Q6lFVBytOuTExyWKLKT5EuxzrKj0iIvdayDCFGFM6r77orhGxZNCwGBBpWQSpqyibAVWz+ej333QuoKRnjTMcsLjSJGAntvdqGvb0MUnZCp/klWHpDVFvihqWRpe+CAdIa/15a+D++swUlS/yysNJ3eJxhTPgjRhitoaNfgCHhHds2irtY4iPwqdhMlR7ALH5Y0U6a0otm4DuGQlCTmAMU2qf5OW8xot2F4Hj+zdIpoPKJ4nmSA2UsgxyVLGfeYl2PG5cT2IqvFIUMIAgqjM7Bt02zrgv19lom6LM2c4Bu2eRw272z/EkhVVKU0VMKNG5/Ar057k1duM2KBd0+3UVbFpNJuU+Ivho66VPRxby85IyfjLNr/TRGnC2K/ZOBp3ZCGjCsnnrZ/XsrVAZ7nzthQ==; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:06 GMT; Path=/; Secure; SameSite=None
gdm_uid_v2_1_001=CjliS/FyQLBGpgJoCfCLMJ+/ujbRMyullnkiefJmOrUEwjenAtddePuu/sYkSf5i; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:05 GMT; Path=/; Secure; SameSite=None
gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:06 GMT; Path=/; Secure; SameSite=None
gdm_click_adv_freq_v2_1_001=B6XtSNf0/Fok3GcB4BTdMhe6kY4jHuCFdD1DdA32F1FgB/Xh1TWgWra2nTN88RGW; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:05 GMT; Path=/; Secure; SameSite=None
gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.cddtsecure.com; Expires=Fri, 05-May-2023 18:57:06 GMT; Path=/
content-language: en-US
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
X-Firefox-Spdy: h2
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=b9f34b74-a4bd-11ed-8288-cdcc4b9fb03e&&push=true
172.64.128.25200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=b9f34b74-a4bd-11ed-8288-cdcc4b9fb03e&&push=true
IP 172.64.128.25:0
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=b9f34b74-a4bd-11ed-8288-cdcc4b9fb03e&&push=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ujn.nowsubmission.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 18:57:09 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Sat, 04 Feb 2023 18:57:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bf6Nsqdf3hndq7RQBbkfIWhJbj6nW%2FHyrtSb1sS6%2F5Rvd8ek2EXwfOMGS0JPzSLNGEvsmqybgsVVhAOGhfLnaWqwwjuVrxBg7SnNuNJEHGxjWOdIO0yPSKSbyhdQ93bbM%2FRvt4HxgZJQo1pLLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7945a1630b6124e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2