ss.redirectsstm.click/go/9d3cfb88-732e-4913-aea9-285ef38b55ed
3.70.16.242302 Found 1.1 kB URL HTTP/1.1 ss.redirectsstm.click/go/9d3cfb88-732e-4913-aea9-285ef38b55ed
IP 3.70.16.242:0
File type HTML document, ASCII text, with very long lines (1068), with no line terminators
Hash fff0ec16f6d14718f0472741ccb38d16
1e5913373e6c17014de63100d8b7c8014306e0ad
3808901823793fcea55ffca35ddf51bfba9eff9b6f6f260df7eec421415b9e8e
GET /go/9d3cfb88-732e-4913-aea9-285ef38b55ed HTTP/1.1
Host: ss.redirectsstm.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: openresty
Date: Sun, 05 Feb 2023 11:57:54 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1068
Connection: keep-alive
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
Access-Control-Allow-Origin: *
Location: https://sg.psmareks.click/nz/s22i14/brand/noelleeming/?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=1d0487b4-9fb7-4f40-81bf-c0181f0b1e90&osv=Windows%2010.0&isp=Blix%20Solutions&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%3D%3D&td=ss.redirectsstm.click&bemobdata=c%3D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%3D0..b%3D6
Set-Cookie: bemob-uniq-visit:9d3cfb88-732e-4913-aea9-285ef38b55ed=1; Domain=ss.redirectsstm.click; Path=/; Expires=Mon, 06 Feb 2023 11:57:54 GMT; HttpOnly
bemob-rotation:9d3cfb88-732e-4913-aea9-285ef38b55ed:random:0bc74874dc179c3e4251eb213875fe2d=0-0-0; Domain=ss.redirectsstm.click; Path=/; Expires=Mon, 06 Feb 2023 11:57:54 GMT; HttpOnly
bemob-track-url=https%3A%2F%2Fsg.psmareks.click%2Fnz%2Fs22i14%2Fbrand%2Fnoelleeming%2F%3Fts%3D08e29a07-b84a-41cf-a9c0-1cb114072fbc%26camp%3D%26zone%3D%26landid%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90%26osv%3DWindows%252010.0%26isp%3DBlix%2520Solutions%26tid%3D08e29a07-b84a-41cf-a9c0-1cb114072fbc%26key%3DeyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%253D%253D%26td%3Dss.redirectsstm.click%26bemobdata%3Dc%253D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%253D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%253D0..b%253D6; Domain=ss.redirectsstm.click; Path=/; Expires=Mon, 06 Feb 2023 11:57:54 GMT; HttpOnly
Vary: Accept
X-Response-Time: 17.060ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2363
Expires: Sun, 05 Feb 2023 12:37:17 GMT
Date: Sun, 05 Feb 2023 11:57:54 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10884
Expires: Sun, 05 Feb 2023 14:59:18 GMT
Date: Sun, 05 Feb 2023 11:57:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 11:33:54 GMT
content-type: application/json
age: 1440
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18573
Expires: Sun, 05 Feb 2023 17:07:28 GMT
Date: Sun, 05 Feb 2023 11:57:55 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +j0Q0AAexMinmTwBtRzmFxdYV8erJ2GV9z/pqKF6K+X/2SaKu/zj+yrBtcGEuAksfMOItDuuDJc=
x-amz-request-id: YK6T4B8V6ENMRGST
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 11:24:27 GMT
age: 2008
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 11:57:55 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 11:07:20 GMT
age: 3035
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
sg.psmareks.click/nz/s22i14/brand/noelleeming/?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=1d0487b4-9fb7-4f40-81bf-c0181f0b1e90&osv=Windows%2010.0&isp=Blix%20Solutions&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%3D%3D&td=ss.redirectsstm.click&bemobdata=c%3D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%3D0..b%3D6
139.59.241.112302 Found 0 B URL HTTP/2 sg.psmareks.click/nz/s22i14/brand/noelleeming/?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=1d0487b4-9fb7-4f40-81bf-c0181f0b1e90&osv=Windows%2010.0&isp=Blix%20Solutions&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%3D%3D&td=ss.redirectsstm.click&bemobdata=c%3D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%3D0..b%3D6
IP 139.59.241.112:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nz/s22i14/brand/noelleeming/?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=1d0487b4-9fb7-4f40-81bf-c0181f0b1e90&osv=Windows%2010.0&isp=Blix%20Solutions&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%3D%3D&td=ss.redirectsstm.click&bemobdata=c%3D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%3D0..b%3D6 HTTP/1.1
Host: sg.psmareks.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 05 Feb 2023 11:57:55 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://7ktpj.bemobtracks.com/go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=1d0487b4-9fb7-4f40-81bf-c0181f0b1e90&osv=Windows%2010.0&isp=Blix%20Solutions&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%3D%3D&td=ss.redirectsstm.click&bemobdata=c%3D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%3D0..b%3D6
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7926
Expires: Sun, 05 Feb 2023 14:10:01 GMT
Date: Sun, 05 Feb 2023 11:57:55 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fc6c2d75e4d0c173661788b58f4f0d8b
4e6527950e161a3d4ddf790a4635e5a93cb55e33
d95f66aedaeb1c81837f1472dce635ffda9c7930164d5a22ad6bb3511245c9b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D95F66AEDAEB1C81837F1472DCE635FFDA9C7930164D5A22AD6BB3511245C9B2"
Last-Modified: Sat, 04 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7936
Expires: Sun, 05 Feb 2023 14:10:11 GMT
Date: Sun, 05 Feb 2023 11:57:55 GMT
Connection: keep-alive
7ktpj.bemobtracks.com/go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=1d0487b4-9fb7-4f40-81bf-c0181f0b1e90&osv=Windows%2010.0&isp=Blix%20Solutions&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%3D%3D&td=ss.redirectsstm.click&bemobdata=c%3D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%3D0..b%3D6
3.70.16.242302 Found 238 B URL HTTP/2 7ktpj.bemobtracks.com/go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=1d0487b4-9fb7-4f40-81bf-c0181f0b1e90&osv=Windows%2010.0&isp=Blix%20Solutions&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%3D%3D&td=ss.redirectsstm.click&bemobdata=c%3D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%3D0..b%3D6
IP 3.70.16.242:0
File type HTML document, ASCII text, with no line terminators
Hash 0f0b40389b5b8faeeed91d8665f64099
dcdb7d3741c5ff1a603ff9927bae34ddb2233c3c
21566025e0b94f6fadcb63708b65ef006a2a1e2c82ed6c8e780d0973242bb60e
GET /go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=1d0487b4-9fb7-4f40-81bf-c0181f0b1e90&osv=Windows%2010.0&isp=Blix%20Solutions&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1NTk4Mjc0IiwiaGFzaCI6Ijg5ZTI5OTJmOTgzMmQ0NTdmM2UzYjMwNTgyNTdhNTEzNzY0ZTA1ZTYifQ%3D%3D&td=ss.redirectsstm.click&bemobdata=c%3D9d3cfb88-732e-4913-aea9-285ef38b55ed..l%3D1d0487b4-9fb7-4f40-81bf-c0181f0b1e90..a%3D0..b%3D6 HTTP/1.1
Host: 7ktpj.bemobtracks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: openresty
date: Sun, 05 Feb 2023 11:57:55 GMT
content-type: text/html; charset=utf-8
content-length: 238
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
location: https://cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=BLBPCCGPELMBLjNyAtfdr8
set-cookie: bemob-uniq-visit:75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3=1; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Mon, 06 Feb 2023 11:57:55 GMT; HttpOnly; Secure; SameSite=None
bemob-rotation:75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3:random:e59840d95b1a632cb6ff2b38396af467=0-0-5; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Mon, 06 Feb 2023 11:57:55 GMT; HttpOnly; Secure; SameSite=None
bemob-click-id=BLBPCCGPELMBLjNyAtfdr8; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Mon, 06 Feb 2023 11:57:55 GMT; HttpOnly; Secure; SameSite=None
vary: Accept
x-response-time: 7.976ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.43.61.95101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.61.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3jacP/5DwYxaNY0QEGu05A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Nf5X4AAKJYX9C9Ajmx3KnPfDMh4=
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash ce972f880cc34b465aae86740c08cca1
08267d06c67f34da53973389f13f016ae31d518d
346291f825867afd7e7b7671934fc2cb98d12b267aced6c0d26271a6d82c3be7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 11:57:55 GMT
Etag: "63deb3dd-1d7"
Last-Modified: Sun, 05 Feb 2023 10:30:09 GMT
Server: ECS (dcb/7F5D)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u3W90QXKmac3akC6m2nHjanOAbaEx7uRbGm_4f7ZbGozNDPCM3PPXQ==
Age: 5266
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2243
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 11:57:57 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2243
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 11:57:57 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2243
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 11:57:57 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2243
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 11:57:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:30:31 GMT
age: 1646
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WVfpilnwhnRXBhJkHBWjxxoP09f7SqlRk8CdWRWOubIIwe0CX89bUA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 49679
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5beaead015b2b4fb6d36009926ba0378
67e7c49ea7648fc6d1dffc22588862c993b785b7
6ae0cec9ade23fd53e9c1407b0324a8060892a65a6b675ccffa4a4c82b66f1ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 280f7003-2696-4a82-bd50-82b0a2b66faf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsSpoEA0oAMFSBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3170-35dcb9513c891af201b973d1;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 03:43:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IxfTibTq6T_wq9a5YCIBZLBb70BI7AOLEAYMYYuMZPhvVKjDbFfrvA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:52:08 GMT
etag: "67e7c49ea7648fc6d1dffc22588862c993b785b7"
content-type: image/jpeg
age: 50749
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75caf9549ac23c827c10d6baabb84884
e8391e4046acb91cd4a6113974fda1c44dcd3865
a01e3a9aaa0b0fa156303bcbf38c1c45ea6abe8d0a052734b05ea4da82f176c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad342374-789b-497a-b212-29d0b2aaced0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7060
x-amzn-requestid: 9379b64e-3a3f-4b8d-aba2-bc3cd7dab98f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3cgFCkIAMFrhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c4f-6ac6da215407497043249929;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:51 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75uKxGlJDSXzIUgR5Rm4f13SClTT1UIDLgbkTrFDEDvKmGmViQ3Djg==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:25:50 GMT
age: 48727
etag: "e8391e4046acb91cd4a6113974fda1c44dcd3865"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 2036
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 29698
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8ca48fe3f4b906619f2023ba7e57cc12
56cd653988ae3c4a352743b0fa11ae991f550e60
cd75b994b7cdb9a0c02e292f639f5f40471ad33af2c5aab589be6db72fd045df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CD75B994B7CDB9A0C02E292F639F5F40471AD33AF2C5AAB589BE6DB72FD045DF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18436
Expires: Sun, 05 Feb 2023 17:05:15 GMT
Date: Sun, 05 Feb 2023 11:57:59 GMT
Connection: keep-alive
cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=BLBPCCGPELMBLjNyAtfdr8
52.31.164.125302 Found 961 B URL HTTP/2 cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=BLBPCCGPELMBLjNyAtfdr8
IP 52.31.164.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 89e8c3495833f10a964129cea4b0ca1c
ccbebed8d7899468e570c051b0b306daa6fc5af7
b5d37c2b013a82fcaebeb04ccab4b3ea9f68239e9ba3031c1e5cd7d56b023946
GET /?a=43588&c=318080&co=91932&mt=18&s2=BLBPCCGPELMBLjNyAtfdr8 HTTP/1.1
Host: cddtsecure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sun, 05 Feb 2023 11:57:56 GMT
content-type: text/html;charset=ISO-8859-1
location: https://ujn.nowsubmission.com//?kw=43588&s1=045815bafae34844ab20635e011927761e1bf&s2=
server: nginx
set-cookie: gdm_click_adv_freq_v2_1_001=B6XtSNf0/Fok3GcB4BTdMraHC2H0TOjwEXaZxYgEnzsu7XbETsDEw7jYtsXQ9rCR; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/; Secure; SameSite=None
gdm_click_adv_freq_v1_1_001=B6XtSNf0/Fok3GcB4BTdMraHC2H0TOjwEXaZxYgEnzsu7XbETsDEw7jYtsXQ9rCR; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/
gdm_click_freq_v2_1_001=bfK8z5UDo04kDjzc8YCbxgRlTD5DJBSnawPlMRW1iwD3PPXONgjYHEevrg5oxsOG; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/; Secure; SameSite=None
gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/; Secure; SameSite=None
gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/
gdm_click_freq_v1_1_001=bfK8z5UDo04kDjzc8YCbxgRlTD5DJBSnawPlMRW1iwD3PPXONgjYHEevrg5oxsOG; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/
gdm_uid_v2_1_001=cLKk/TR2wKu4UxxTYl3ugA+Tldzg7GBOQPPcF+erYFeout3uZFGh/XHtBPpzqrpI; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/; Secure; SameSite=None
gdm_sid_v1_3_001=i6xGcrA4eYmuRCM28OQO2eSp1ctE67k2+CUYFyu2wk/py51J4htgM7/BSYCDOCL78fnYrIZOwFm9q0IOWQD0hgFW7pNLfTw8Iq+uNlyAnvOR7RorlrbZAeiseMPdGP69F/TOlXnZWwcR0ljEI/hTXtbVNWSQf1iIuV6QnFN9MlouGujd0H8uAl1oRZLcPHRTJr51oBZWQCaWaGv7Ij44C+TTkM+GePOThC6qFoYMJSl+Z4uNcc1bieoNOF0f8QxNPYtmoQeY0rFf2BewavUmUyX6O2PAcXvvOc3p+h/WJR986z2nAYTrm+MRdb9hwSW6hhhgWXLP1li6RyRlAYlIgMHuEk4TfR8EVxmsRdEQ8ObZOgZqKMd5Md4IxjUZQADIU9VKKQx3x/UqA6lkCjjTXmtJYT+jXKP/oYsaqXz7cAgP8x+bOMaIiym67wfV+JUBjGzhXBHuq9VCjFwGKWZ+9L+dhhKtMhNsGbGdZ820xADkKo+hGBS4PkhTjRIr/F+lIvZRvfRkS9gz9x4Cb9Kq8hVj7UgCOEICBxnc9Icd8bnmqxBGgp2Bxn3zoP4PvjiIQvqQZ9VF20N7amOVjYzglF/aidGnZNRYXJTheNAQJyEU7gv7dN1p39BlQxfM5oxIjo5FMz7gk6/hbrJ4kBnpKGNJcxoV96SexWn2c6N8MY6HthpY0UfoNJ8BND5Wz0P4amSnR5eW7u1eA++Oj1oKZetCnIJK+5dFk7GZa1VgsSgt7m0WWvTBk9LNuyfRZeBs/ufb0FJLr3OQ35KUMYR6oHR7u/wqBR7aiFpnji/JnBIEpNorE6xIH0hYaeywotW0nrZQp9Fll7m02ZhDXFwG2EfzEYPQo1HqWaM4Fo27v5lKbI06/Z5eUtEGQJ4UPuCuEd0eba/jvXVQrL3PMwTOVVnN82lKNqCM49PnLoAizh2Qa0ve2HHjAcBdYZPvAt6FN892SDF3h2Wl3xry5dPJkyg2zirJWHqARsWqKWQDeqmBbkE3TodWcMlDfJ+/2ejjSJlee8kijWlr068vel401Q==; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/
gdm_uid_v1_1_001=cLKk/TR2wKu4UxxTYl3ugA+Tldzg7GBOQPPcF+erYFeout3uZFGh/XHtBPpzqrpI; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/
gdm_sid_v2_3_001=i6xGcrA4eYmuRCM28OQO2eSp1ctE67k2+CUYFyu2wk/py51J4htgM7/BSYCDOCL78fnYrIZOwFm9q0IOWQD0hgFW7pNLfTw8Iq+uNlyAnvOR7RorlrbZAeiseMPdGP69F/TOlXnZWwcR0ljEI/hTXtbVNWSQf1iIuV6QnFN9MlouGujd0H8uAl1oRZLcPHRTJr51oBZWQCaWaGv7Ij44C+TTkM+GePOThC6qFoYMJSl+Z4uNcc1bieoNOF0f8QxNPYtmoQeY0rFf2BewavUmUyX6O2PAcXvvOc3p+h/WJR986z2nAYTrm+MRdb9hwSW6hhhgWXLP1li6RyRlAYlIgMHuEk4TfR8EVxmsRdEQ8ObZOgZqKMd5Md4IxjUZQADIU9VKKQx3x/UqA6lkCjjTXmtJYT+jXKP/oYsaqXz7cAgP8x+bOMaIiym67wfV+JUBjGzhXBHuq9VCjFwGKWZ+9L+dhhKtMhNsGbGdZ820xADkKo+hGBS4PkhTjRIr/F+lIvZRvfRkS9gz9x4Cb9Kq8hVj7UgCOEICBxnc9Icd8bnmqxBGgp2Bxn3zoP4PvjiIQvqQZ9VF20N7amOVjYzglF/aidGnZNRYXJTheNAQJyEU7gv7dN1p39BlQxfM5oxIjo5FMz7gk6/hbrJ4kBnpKGNJcxoV96SexWn2c6N8MY6HthpY0UfoNJ8BND5Wz0P4amSnR5eW7u1eA++Oj1oKZetCnIJK+5dFk7GZa1VgsSgt7m0WWvTBk9LNuyfRZeBs/ufb0FJLr3OQ35KUMYR6oHR7u/wqBR7aiFpnji/JnBIEpNorE6xIH0hYaeywotW0nrZQp9Fll7m02ZhDXFwG2EfzEYPQo1HqWaM4Fo27v5lKbI06/Z5eUtEGQJ4UPuCuEd0eba/jvXVQrL3PMwTOVVnN82lKNqCM49PnLoAizh2Qa0ve2HHjAcBdYZPvAt6FN892SDF3h2Wl3xry5dPJkyg2zirJWHqARsWqKWQDeqmBbkE3TodWcMlDfJ+/2ejjSJlee8kijWlr068vel401Q==; Domain=.cddtsecure.com; Expires=Sat, 06-May-2023 11:57:56 GMT; Path=/; Secure; SameSite=None
content-language: en-US
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
X-Firefox-Spdy: h2
ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
179.61.143.121200 OK 3.5 kB URL HTTP/1.1 ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e6dd68d6bd9ef33bcdd61b1461b23d12
fb00f06209564c4a394180a4d0c3d2d93c081566
87c8ee1960d1abe71cab6d5a7bdab73a6e6e2ff62cf53816c08af785d7c7e464
Analyzer Verdict Alert fortinet Phishing
GET /t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6Im5TMG1ySWRuNkdXTEhLbUdsUE5XU0E9PSIsInZhbHVlIjoialZsMkttcnpIVGhabWtrZVpsaE5tQXEzR2tRYVV3dDlBL1g0eVpZQ2tnWkNUSXlBQWJoQjl0c3dQMU52SGpiN2dXU2Jmbm5ZU1ZyQ2dLYVJta2lZcDE3dy8zUDJDQWtxTWxtUTBpaVB0TmJDTWFIWHRaRDZpLzdLUm5FUmJHYk8iLCJtYWMiOiIxNWQwNzg1YzU3NzZkYjdhMmNjNTIwM2I0NjcxYjIzZjQ1MjU3ZTFiMTdhOWQ0NWY3ZWQ0YzRjZTRlY2NkNGQyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Sun, 05 Feb 2023 11:57:59 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
service-worker-allowed: /
cache-control: no-cache, private
x-redir: true
set-cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D; expires=Sun, 05 Feb 2023 13:57:59 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-encoding: gzip
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:58:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:58:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
code.jquery.com/jquery-1.11.3.min.js
69.16.175.10200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.11.3.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32038)
Hash 1c8acbf5f411ace3b76578a1fd1a603e
b1bbee9db24d885c25afd2e5a7720e4f79b6b991
e37464521b5447580a641b775ddb258a76f3bc7a3ca5a34eb452b12908b350a9
GET /jquery-1.11.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:58:00 GMT
content-encoding: gzip
content-length: 33261
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-176d5"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675598280.dop001.sk1.t,1675598280.cds254.sk1.hn,1675598280.cds216.sk1.c
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
142.250.74.170200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32072)
Hash d38e2944bbc9ae54b8947a2bd0b9a932
782a825679b248d38979c2d7ecae257873344437
65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32954
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 15:56:41 GMT
expires: Sat, 03 Feb 2024 15:56:41 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 158479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:58:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
142.250.74.106200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
IP 142.250.74.106:0
Hash d65063dcae08e3a0302dc320fbd4836b
ca32b2462d0d5474ae000a331160a13497f4df92
90b7e204bc23fb09e4da9e71daffa469f3b7f4340e4ffb4f1538e0e4289600b7
GET /css?family=Roboto+Condensed%7COpen+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 11:58:00 GMT
date: Sun, 05 Feb 2023 11:58:00 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
179.61.143.121200 OK 25 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
Hash bc84bd3caee9a7b227a5054179477e02
bc1b53ceedb9b91f4d4bec2037126b4d05c20912
d86b239f3ad7fc29593df1655848824493b2299a203c9be2f67adae10f94309e
GET /templates/templates/spin-casino_MASTER/css/style.css HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "bc84bd3caee9a7b227a5054179477e02"
content-type: text/css
content-length: 25401
x-varnish: 4872349 65539
age: 482747
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/o/2XXQ6DLP/5602b994-a54c-11ed-8970-67425e2b10e6/?push=true
179.61.143.121302 Found 818 B URL HTTP/1.1 ujn.nowsubmission.com/o/2XXQ6DLP/5602b994-a54c-11ed-8970-67425e2b10e6/?push=true
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (325)
Hash 891b0d7abb58dbe948f0160ba15b7a12
913e5672abea56edb3eef164f462f6fb5f77db07
edaf92cf3085449d3f80579d26ab57a510ec5b6c033750571c1c966121e0d55a
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/5602b994-a54c-11ed-8970-67425e2b10e6/?push=true HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
date: Sun, 05 Feb 2023 11:58:00 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=5676cd48-a54c-11ed-8824-c13e498442f7&&push=true
x-redir: true
set-cookie: yredir_session=eyJpdiI6Im1hdnhtcmFPaC9TM3N2ODh0L2NRNFE9PSIsInZhbHVlIjoiQ0FOVlJ1UG43REhBT2hOVWtEQnVZaC96SXhERUdhb2xQUmJ6LzVKV1V3U3dPdzFYTTZjM09VeTZZV3BGUHlzRkVENnpWR3gydDRIZVpHcHlFNENCdUppemZYaHExL3FidDZ3QVNOVkdGNnpnNXBBanBYb214SUU2MDFpZGxOWVciLCJtYWMiOiI5NmQ0OTU0NzBmNjVlYTdjMjkzMjM1OTJlZjgyMTI1ZTg1YWY3Mjg4MzEwODE4ZTE5YWY0ZTY2ZmViNGZmOGU3IiwidGFnIjoiIn0%3D; expires=Sun, 05 Feb 2023 13:58:00 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e7ed2e105553a34a5bef8619ee00ebb6
c835a9a711f9766586630abeb7e30c177d46a4bf
65c9bf0673bbc28d4222cc3c071302fd7fc1756ce4e15f51470bd30369a83420
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1861
Cache-Control: max-age=129130
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:58:00 GMT
Etag: "63dee7ed-116"
Expires: Mon, 06 Feb 2023 23:50:10 GMT
Last-Modified: Sat, 04 Feb 2023 23:19:09 GMT
Server: ECS (amb/6BA7)
X-Cache: HIT
Content-Length: 278
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/loader.gif
179.61.143.121200 OK 2.9 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/loader.gif
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type GIF image data, version 89a, 128 x 15\012- data
Hash 35de537ece3bfee3ab3f7af4c19e2151
9139201df5d36e1b2b9a8a6566683c95a49e0006
2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5
GET /templates/templates/spin-casino_MASTER/images/loader.gif HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "35de537ece3bfee3ab3f7af4c19e2151"
content-type: image/gif
content-length: 2892
x-varnish: 5374472 131077
age: 482747
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay2.png
179.61.143.121200 OK 19 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay2.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash 90f8155b00c6e9ec624a12e8a67bd264
fbf3b21af8cc2c2d44879f19f5893dbe696113f1
677aebad5741b57c1a3a51f8a65cd295a7aae1d656958313a882ef199f046418
GET /templates/templates/spin-casino_MASTER/images/overlay2.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "90f8155b00c6e9ec624a12e8a67bd264"
content-type: image/png
content-length: 18646
x-varnish: 4872356 98306
age: 482748
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay.png
179.61.143.121200 OK 19 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash a3f2c95451c2201b26033d755a0164c9
f150487dacf8607e49c31abebaf034e34ef8e8aa
bd03836c50a13a9d0c5868a5656f4112f69909cc52c50ca21de772da164e13a2
GET /templates/templates/spin-casino_MASTER/images/overlay.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "a3f2c95451c2201b26033d755a0164c9"
content-type: image/png
content-length: 18661
x-varnish: 5107688 6
age: 482748
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin1.png
179.61.143.121200 OK 85 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin1.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash 827076646858c6cc499ec675c45b147d
4b6bf3459af50ba8db76d31f9dc3876b50a4c5fe
bc50750cd41cbabc77efc8143fb1b210c983a23e5c954b65b02562958b922e63
GET /templates/templates/spin-casino_MASTER/images/spin1.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "827076646858c6cc499ec675c45b147d"
content-type: image/png
content-length: 85123
x-varnish: 5349925 131074
age: 482747
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin2.png
179.61.143.121200 OK 88 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin2.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash f12f850a9ec2daa0b2dbb07e11252122
012a03ac053a0367ef9cdb76685a77d61f3d8a22
ada8eb4421bf605c058c123aa95bd5e4590b4507c68809f563c921e4db31ea8a
GET /templates/templates/spin-casino_MASTER/images/spin2.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "f12f850a9ec2daa0b2dbb07e11252122"
content-type: image/png
content-length: 88130
x-varnish: 5195018 32774
age: 482747
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
179.61.143.121200 OK 171 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size 171 kB (171408 bytes)
Hash 276c26514be610b5c6fa413756b33671
43c532ff2dc2ce6ed8360fc5d05116b222036e4b
453150bf90ff9debe217f3734a4d3cf4bf6ed9017635d4f2d867096132ad4e28
GET /templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6ImlqZ08vNmNQQWZET1J2alBHTjVnMUE9PSIsInZhbHVlIjoiSEVtWWljMUdvblBlYk41VzBVTmYxKzB4TFJzS3NYQ0hiTThMTnlCaHFSQnRZdGg2VUtQdEdaM3pFc0IzaG1ROCtlWDNRR3ZDM1BEVCtEM1FFL2J3SlBIUm1MQkhHdWErSFZQKzMwZ0hLYlJsY0dlZXhNRWd4bEs3TlJJSWttTmEiLCJtYWMiOiIxMjFkZDZkOWYwOWZkZTIxYWU1ZWExMmZmMTUwOWE0Mjc5NWE0YjkyNzY2ZmI2ODNlZDcyYzEyNjU1ODg4MzI3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 23:43:15 GMT
last-modified: Mon, 30 Jan 2023 22:01:35 GMT
etag: "276c26514be610b5c6fa413756b33671"
content-type: image/png
content-length: 171408
x-varnish: 5285205 399171
age: 476086
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=5676cd48-a54c-11ed-8824-c13e498442f7&&push=true
172.64.128.25200 OK 778 B URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=5676cd48-a54c-11ed-8824-c13e498442f7&&push=true
IP 172.64.128.25:0
File type ASCII text, with CRLF line terminators
Hash 7965867df3555496383e4f4ec59e80d4
d17e544dfc46d41de54302c681df67376a2a8b40
9015ce29edf8b08012882e0a9e8988e4c758d6ec976d8f637b47b82b29e278d0
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=5676cd48-a54c-11ed-8824-c13e498442f7&&push=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ujn.nowsubmission.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:58:00 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Sun, 05 Feb 2023 11:58:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UfjIsK5VzmIB1dqSekZpoLac7qpbhkvLnMDBLERE%2BHWI3C63401Ud24%2FugCY3WQQH4e6LHl3y0ewDBNZFsdVngyHBSB0EUXCflrBVcjlpBBStGCG%2B0hF7rdav%2FbOt0SVjcy5oeYgOuxc0O2biA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794b78c6af26742f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:58:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ujn.nowsubmission.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 01:03:45 GMT
expires: Fri, 02 Feb 2024 01:03:45 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
age: 298456
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif
179.61.143.121200 OK 23 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type GIF image data, version 89a, 500 x 150\012- data
Hash f79f189bde401dfac7723f7c963d0ef8
83530e9d6248767d661c4996c14414621c857ed6
bdc936e847facab60f4b4a9153dc8145ebccdeca49becc4cd684e007cd0459ca
GET /templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
Cookie: yredir_session=eyJpdiI6Im1hdnhtcmFPaC9TM3N2ODh0L2NRNFE9PSIsInZhbHVlIjoiQ0FOVlJ1UG43REhBT2hOVWtEQnVZaC96SXhERUdhb2xQUmJ6LzVKV1V3U3dPdzFYTTZjM09VeTZZV3BGUHlzRkVENnpWR3gydDRIZVpHcHlFNENCdUppemZYaHExL3FidDZ3QVNOVkdGNnpnNXBBanBYb214SUU2MDFpZGxOWVciLCJtYWMiOiI5NmQ0OTU0NzBmNjVlYTdjMjkzMjM1OTJlZjgyMTI1ZTg1YWY3Mjg4MzEwODE4ZTE5YWY0ZTY2ZmViNGZmOGU3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:14 GMT
last-modified: Wed, 25 Jan 2023 21:32:00 GMT
etag: "f79f189bde401dfac7723f7c963d0ef8"
content-type: image/gif
content-length: 23095
x-varnish: 5107690 163843
age: 482747
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 11:58:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
179.61.143.121200 OK 90 B URL HTTP/1.1 ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6Im1hdnhtcmFPaC9TM3N2ODh0L2NRNFE9PSIsInZhbHVlIjoiQ0FOVlJ1UG43REhBT2hOVWtEQnVZaC96SXhERUdhb2xQUmJ6LzVKV1V3U3dPdzFYTTZjM09VeTZZV3BGUHlzRkVENnpWR3gydDRIZVpHcHlFNENCdUppemZYaHExL3FidDZ3QVNOVkdGNnpnNXBBanBYb214SUU2MDFpZGxOWVciLCJtYWMiOiI5NmQ0OTU0NzBmNjVlYTdjMjkzMjM1OTJlZjgyMTI1ZTg1YWY3Mjg4MzEwODE4ZTE5YWY0ZTY2ZmViNGZmOGU3IiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=c02022e0-d818-9f79-bd3f-eb93b001e57c
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Mon, 30 Jan 2023 21:52:13 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 5374476 8
age: 482748
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/favicon.ico
179.61.143.121403 Forbidden 243 B URL HTTP/1.1 ujn.nowsubmission.com/favicon.ico
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type XML 1.0 document text\012- XML document, ASCII text
Hash f32f16b6b8675138da65d215cde75d7f
4d4b92e9af571e5781f6683cdee06e95fbc80fba
ef05fab47ab573c0c0736f0dfc33352ac33ef6eada75b7f4bbd9e3119a0cc029
GET /favicon.ico HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/5602b994-a54c-11ed-8970-67425e2b10e6/560670ac-a54c-11ed-98a9-873da2b357ae
Cookie: yredir_session=eyJpdiI6Im1hdnhtcmFPaC9TM3N2ODh0L2NRNFE9PSIsInZhbHVlIjoiQ0FOVlJ1UG43REhBT2hOVWtEQnVZaC96SXhERUdhb2xQUmJ6LzVKV1V3U3dPdzFYTTZjM09VeTZZV3BGUHlzRkVENnpWR3gydDRIZVpHcHlFNENCdUppemZYaHExL3FidDZ3QVNOVkdGNnpnNXBBanBYb214SUU2MDFpZGxOWVciLCJtYWMiOiI5NmQ0OTU0NzBmNjVlYTdjMjkzMjM1OTJlZjgyMTI1ZTg1YWY3Mjg4MzEwODE4ZTE5YWY0ZTY2ZmViNGZmOGU3IiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=c02022e0-d818-9f79-bd3f-eb93b001e57c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Mon, 30 Jan 2023 21:52:12 GMT
x-varnish: 5107691 163845
age: 482747
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
172.64.128.25200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
IP 172.64.128.25:0
GET /javascripts/trackpush-v2-vapid.js?v=1&custom=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 11:58:01 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 5215
last-modified: Sun, 05 Feb 2023 10:31:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dhx%2FuFo9NIhDa7JiwAw%2BsXZfyNvUpuc8koS8v6Qpc7ZlmhBmWzbn2ncxma%2BdD5xSFTmqigedEgDNuHXweLZENyzwO3bpvYQ5OrkdC8903Ve1m118KDSOvlhN%2B3eqKgjuwrIBJMtHlmgfxRra%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794b78c878dd742f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2