www.freakywin.net/win_gold_min?tid=5x6b8yc4g75iljsr5brksc4os,16501424,5,1043&ctrack=1670530781.3486444506&p=1043&pi=mbep&click_id=wj3f2m4pbonhnk1l2od7ic72&prize=cash-500-usd
94.237.84.54200 OK 3.9 kB URL HTTP/1.1 www.freakywin.net/win_gold_min?tid=5x6b8yc4g75iljsr5brksc4os,16501424,5,1043&ctrack=1670530781.3486444506&p=1043&pi=mbep&click_id=wj3f2m4pbonhnk1l2od7ic72&prize=cash-500-usd
IP 94.237.84.54:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5882)
Hash 60aed8f76fd574f912b1e32b7a78437d
10c5eee69b5db472d404d42ed4abbd3a405cf72d
51b887321103b478d4ed445c90311e7bced681cfd2f942023f1add8bcaccfbf3
GET /win_gold_min?tid=5x6b8yc4g75iljsr5brksc4os,16501424,5,1043&ctrack=1670530781.3486444506&p=1043&pi=mbep&click_id=wj3f2m4pbonhnk1l2od7ic72&prize=cash-500-usd HTTP/1.1
Host: www.freakywin.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Thu, 08 Dec 2022 20:20:00 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6InJPNG5FRTV0RGZCQkN0UTV2MWkvWFE9PSIsInZhbHVlIjoibnVoeGxYUm8xNDlCQU4ybmVLUU93cTlieFZsV1Nnby96SUMybG9IWXFXT3JCbGcyanM0WG5XVmwvWTc0bG9IWUZxNmlSbER5NTJrc2dzY3EzT3dCck95ZDV5RFpVdytkZktrVEd5WFFGZDFXWkpIRFhadFMwYXphVGlJengvem4iLCJtYWMiOiI0ZmE5YzI0Y2I3NjkyZDhlZGVhZDE1Mzg5OTEyZTkxZDg2YjEzNDgzYTk5Y2NhZWQ3MzJlODc3MjNmMzI0ZWFlIiwidGFnIjoiIn0%3D; expires=Thu, 08-Dec-2022 22:20:00 GMT; Max-Age=7200; path=/
ivr_offers_session=eyJpdiI6ImdIVlo0Tks5YngwOE81TjRRMFc1NVE9PSIsInZhbHVlIjoiZldKeEVSN29WSXRPTE9NSmZuOHQxOHlGZ0t3UEhNSXhtazdvUC9HWGpCMmpLZU9rbUR4ajY0RTF3ZVBEbXUwNk9JSmRTdnIxT3ZqenAydDA2cjJrbEYxY0UrdkdEQ1FndElaTjV0ZGtmMGtNZ1NCY3YvQ0ZGZ2JXNCtkL0RrZ0EiLCJtYWMiOiJjNDAxNDNjYjYyZmI0MTZmNDM2N2MwMGMwZDA1NTJhNDIwNTQ3NTY0MTgwZDViZjE3YjFkZDg5NzU3NDIyNjViIiwidGFnIjoiIn0%3D; expires=Thu, 08-Dec-2022 22:20:00 GMT; Max-Age=7200; path=/; httponly
SESS_TRAF=eyJpdiI6IkdVTm1UWnJIazhIanRaS1BQcU5QS0E9PSIsInZhbHVlIjoiM2NaQys1NklRbzdhWlArK1JrRjhoKytiOHJEcGxCY1BFQm9jNENIMUNCMkhGeExGQ1FHOUEvUVZZV2dYSkhlc2lBS0hlcmIyZVhVNndFRzNnSTM4NHRZa0lKV3ZaQ3ZtNTlweTNHMHRza3JhVTNFcVByeEw0VndlK0pCTDdOOHdHNGdVVFNKVHJEN0V6QTlSbklwNUJtTnU3aGFLamVDdjRqYjNPRm5JOW54bGtWbFNNUEpwZjNRK08rai9vaWpTendoOVZ5NHYvY2MxSzR0UzZFK2NiczNjdmU1OFo4aG1waDhhZlljclVwVzY3NVBrSjBqUExkS3FaOG51VGVSWmdKeDVURGEzY1FWUUdOdjBBZFhLNUMvT3N0cXhoZGRJczlHUm1JTHpRS3c9IiwibWFjIjoiNDE3N2QwYjAxN2NmYzM3MzhmOGMwMDFkYzk4Y2UzZGU1YmQxZDRmYzA1Y2VhZDQ0NmJhYTRkMzBiNzMxNjdiMiIsInRhZyI6IiJ9; path=/; httponly
visit=eyJpdiI6Ikl2YVJWaHdyd2U0QWM5Y0VXbEdIekE9PSIsInZhbHVlIjoiQ1hoYklycEI4aTQwNElBczB3VWFIem1DRUtycUFxTlBoT2xzNUdpRjNwYWxUUU5YQmRicUdYKzVLZ2kwNnpmUyIsIm1hYyI6IjI0MjJiODA0YzE5OGE0M2VmMWM3ZDM3Y2NiZDY3YmQyZTgyNGFlNDBmOTg3YTE5OGFjMWJiYmFkYjIyZWFhNTciLCJ0YWciOiIifQ%3D%3D; expires=Fri, 09-Dec-2022 20:20:00 GMT; Max-Age=86400; path=/; httponly
T9PtuGaAhb8CCUV3TUF12nhmrVq69IRziOwNfgXI=eyJpdiI6ImV3bUQ5UWkxMHpKVW42enovVkhidXc9PSIsInZhbHVlIjoibDlITXpjU0lMamZtbjNTSGNCQ0lZdzU4dmgrRzVkL295bktUakNLdEFtQjYvTkVtNndkZTVDOUh1WTZzenIwbnNlZUlWSWdiTG5vQ21hMGpiak9Dd1JnbVNjUnJyTFRNUkdVRHIxWnk0ZUI5MVJkelpJMTdneHdPWklmVHVzV2VWaGdkRVduTHFBTFlMRWlleWNXYTA0UDZDOWo1RlZHbFc1NU4rVWI3NkVnOTl2STRTa1ludnlCOFF1clNwZ1ZpWGh1MFRkeFlCRnBQYWZ0c3htWXYxRjRDclR3VHg2MURSb1ZleEFJakhRSHBmVFdJQjNYa0U4RldRL2k4cVNwOTE1ekpaR2dWU3UwT1hYcXVkVWlBcksxMWtIQ1NGandtTEprZEhYYmZMZUJ2bTNMNDYyNEdNUFNnQUkzazVYUVpSU3E0YWIxNW9aWDVBUHB5NmJpZkFNRHd2Y1JyNjNWWEhIdmJOcUtidE9qZ1R2bGd2RFRWRm0vTHV0a0pwbjY2U0phUWo3dEtQWTlZeFBtamtrcjVpZ3pSY0tsOWo3bnVGeDRQMVkzSVNFRUtyWmNPT0ZzOEhJM3NhK3RDR2NVeTEvaW9oRC9hYUlSb2ZXNEJWWHpNbWNoK2tlaDNYODZDOHpwMnI3UnVyTWVNRXAyYnN3OTJJSmg0bFpsV2hTbnJFWHhGMzFPODFHS2VuOGFieStqekphcUNiNVNYY1NjaEMzbFMyMjJOK1N1cmZkaGM2WUVaczlCOXgzS1hNZExRbmtwQmt3dXFKd3h0dzl0NThhWHlUUT09IiwibWFjIjoiODc3ZDA1NGMzNTE0ZTljMjZhMDY1Y2JiZGU5NmEwMDg5OTE1NzkxZTViYjg0MDc0NjIxZTYxMDgzYzRiODc0YiIsInRhZyI6IiJ9; expires=Thu, 08-Dec-2022 22:20:00 GMT; Max-Age=7200; path=/; httponly
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3370
Expires: Thu, 08 Dec 2022 21:16:10 GMT
Date: Thu, 08 Dec 2022 20:20:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18304
Expires: Fri, 09 Dec 2022 01:25:04 GMT
Date: Thu, 08 Dec 2022 20:20:00 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 20:08:13 GMT
content-type: application/json
age: 707
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2832
Expires: Thu, 08 Dec 2022 21:07:12 GMT
Date: Thu, 08 Dec 2022 20:20:00 GMT
Connection: keep-alive
www.freakywin.net/css/offers/win_gold_min/app.css?id=b42914e86a05f14d49590f76856d77f3
94.237.84.54200 OK 1.0 kB URL HTTP/1.1 www.freakywin.net/css/offers/win_gold_min/app.css?id=b42914e86a05f14d49590f76856d77f3
IP 94.237.84.54:0
File type ASCII text, with very long lines (2967)
Hash 1afbacdf62ccbc91b0b13ff53e2b805b
8a56e95e2c1ccb375e17b861c533d68655e3ea44
c692e7a804aba79cadd4fc88c0fd5c48b4843d01e8d3ca19c3da4d77662935cd
Analyzer Verdict Alert fortinet Phishing
GET /css/offers/win_gold_min/app.css?id=b42914e86a05f14d49590f76856d77f3 HTTP/1.1
Host: www.freakywin.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.freakywin.net/win_gold_min?tid=5x6b8yc4g75iljsr5brksc4os,16501424,5,1043&ctrack=1670530781.3486444506&p=1043&pi=mbep&click_id=wj3f2m4pbonhnk1l2od7ic72&prize=cash-500-usd
Cookie: XSRF-TOKEN=eyJpdiI6InJPNG5FRTV0RGZCQkN0UTV2MWkvWFE9PSIsInZhbHVlIjoibnVoeGxYUm8xNDlCQU4ybmVLUU93cTlieFZsV1Nnby96SUMybG9IWXFXT3JCbGcyanM0WG5XVmwvWTc0bG9IWUZxNmlSbER5NTJrc2dzY3EzT3dCck95ZDV5RFpVdytkZktrVEd5WFFGZDFXWkpIRFhadFMwYXphVGlJengvem4iLCJtYWMiOiI0ZmE5YzI0Y2I3NjkyZDhlZGVhZDE1Mzg5OTEyZTkxZDg2YjEzNDgzYTk5Y2NhZWQ3MzJlODc3MjNmMzI0ZWFlIiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6ImdIVlo0Tks5YngwOE81TjRRMFc1NVE9PSIsInZhbHVlIjoiZldKeEVSN29WSXRPTE9NSmZuOHQxOHlGZ0t3UEhNSXhtazdvUC9HWGpCMmpLZU9rbUR4ajY0RTF3ZVBEbXUwNk9JSmRTdnIxT3ZqenAydDA2cjJrbEYxY0UrdkdEQ1FndElaTjV0ZGtmMGtNZ1NCY3YvQ0ZGZ2JXNCtkL0RrZ0EiLCJtYWMiOiJjNDAxNDNjYjYyZmI0MTZmNDM2N2MwMGMwZDA1NTJhNDIwNTQ3NTY0MTgwZDViZjE3YjFkZDg5NzU3NDIyNjViIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6IkdVTm1UWnJIazhIanRaS1BQcU5QS0E9PSIsInZhbHVlIjoiM2NaQys1NklRbzdhWlArK1JrRjhoKytiOHJEcGxCY1BFQm9jNENIMUNCMkhGeExGQ1FHOUEvUVZZV2dYSkhlc2lBS0hlcmIyZVhVNndFRzNnSTM4NHRZa0lKV3ZaQ3ZtNTlweTNHMHRza3JhVTNFcVByeEw0VndlK0pCTDdOOHdHNGdVVFNKVHJEN0V6QTlSbklwNUJtTnU3aGFLamVDdjRqYjNPRm5JOW54bGtWbFNNUEpwZjNRK08rai9vaWpTendoOVZ5NHYvY2MxSzR0UzZFK2NiczNjdmU1OFo4aG1waDhhZlljclVwVzY3NVBrSjBqUExkS3FaOG51VGVSWmdKeDVURGEzY1FWUUdOdjBBZFhLNUMvT3N0cXhoZGRJczlHUm1JTHpRS3c9IiwibWFjIjoiNDE3N2QwYjAxN2NmYzM3MzhmOGMwMDFkYzk4Y2UzZGU1YmQxZDRmYzA1Y2VhZDQ0NmJhYTRkMzBiNzMxNjdiMiIsInRhZyI6IiJ9; visit=eyJpdiI6Ikl2YVJWaHdyd2U0QWM5Y0VXbEdIekE9PSIsInZhbHVlIjoiQ1hoYklycEI4aTQwNElBczB3VWFIem1DRUtycUFxTlBoT2xzNUdpRjNwYWxUUU5YQmRicUdYKzVLZ2kwNnpmUyIsIm1hYyI6IjI0MjJiODA0YzE5OGE0M2VmMWM3ZDM3Y2NiZDY3YmQyZTgyNGFlNDBmOTg3YTE5OGFjMWJiYmFkYjIyZWFhNTciLCJ0YWciOiIifQ%3D%3D; T9PtuGaAhb8CCUV3TUF12nhmrVq69IRziOwNfgXI=eyJpdiI6ImV3bUQ5UWkxMHpKVW42enovVkhidXc9PSIsInZhbHVlIjoibDlITXpjU0lMamZtbjNTSGNCQ0lZdzU4dmgrRzVkL295bktUakNLdEFtQjYvTkVtNndkZTVDOUh1WTZzenIwbnNlZUlWSWdiTG5vQ21hMGpiak9Dd1JnbVNjUnJyTFRNUkdVRHIxWnk0ZUI5MVJkelpJMTdneHdPWklmVHVzV2VWaGdkRVduTHFBTFlMRWlleWNXYTA0UDZDOWo1RlZHbFc1NU4rVWI3NkVnOTl2STRTa1ludnlCOFF1clNwZ1ZpWGh1MFRkeFlCRnBQYWZ0c3htWXYxRjRDclR3VHg2MURSb1ZleEFJakhRSHBmVFdJQjNYa0U4RldRL2k4cVNwOTE1ekpaR2dWU3UwT1hYcXVkVWlBcksxMWtIQ1NGandtTEprZEhYYmZMZUJ2bTNMNDYyNEdNUFNnQUkzazVYUVpSU3E0YWIxNW9aWDVBUHB5NmJpZkFNRHd2Y1JyNjNWWEhIdmJOcUtidE9qZ1R2bGd2RFRWRm0vTHV0a0pwbjY2U0phUWo3dEtQWTlZeFBtamtrcjVpZ3pSY0tsOWo3bnVGeDRQMVkzSVNFRUtyWmNPT0ZzOEhJM3NhK3RDR2NVeTEvaW9oRC9hYUlSb2ZXNEJWWHpNbWNoK2tlaDNYODZDOHpwMnI3UnVyTWVNRXAyYnN3OTJJSmg0bFpsV2hTbnJFWHhGMzFPODFHS2VuOGFieStqekphcUNiNVNYY1NjaEMzbFMyMjJOK1N1cmZkaGM2WUVaczlCOXgzS1hNZExRbmtwQmt3dXFKd3h0dzl0NThhWHlUUT09IiwibWFjIjoiODc3ZDA1NGMzNTE0ZTljMjZhMDY1Y2JiZGU5NmEwMDg5OTE1NzkxZTViYjg0MDc0NjIxZTYxMDgzYzRiODc0YiIsInRhZyI6IiJ9
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 20:20:00 GMT
Content-Type: text/css
Last-Modified: Wed, 07 Dec 2022 13:15:00 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"639091d4-bbb"
Expires: Fri, 08 Dec 2023 20:20:00 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 20:20:00 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: QqvjCT4kafNk4hTHj38oEA1dJWrI9JNNp6cvcqm3PVQDSC0DjwNiNzlZvRGgMVQcGsr+C8vrp5s=
x-amz-request-id: Y4JZXV0ABR946D19
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 19:48:02 GMT
age: 1918
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
www.freakywin.net/js/offers/win_gold_min/app.js?id=31305e2720f269592ceadf252b57ec8e
94.237.84.54200 OK 77 kB URL HTTP/1.1 www.freakywin.net/js/offers/win_gold_min/app.js?id=31305e2720f269592ceadf252b57ec8e
IP 94.237.84.54:0
File type Unicode text, UTF-8 text, with very long lines (65443)
Hash daf21126d49944ff63158971fefed9cb
009464c33bfa9c7c10ad8f7e86ddac300c70b141
974bb2e49a3b232a0d59691173cbd4742420b52f916aa53ede1ea09f1ab99007
GET /js/offers/win_gold_min/app.js?id=31305e2720f269592ceadf252b57ec8e HTTP/1.1
Host: www.freakywin.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.freakywin.net/win_gold_min?tid=5x6b8yc4g75iljsr5brksc4os,16501424,5,1043&ctrack=1670530781.3486444506&p=1043&pi=mbep&click_id=wj3f2m4pbonhnk1l2od7ic72&prize=cash-500-usd
Cookie: XSRF-TOKEN=eyJpdiI6InJPNG5FRTV0RGZCQkN0UTV2MWkvWFE9PSIsInZhbHVlIjoibnVoeGxYUm8xNDlCQU4ybmVLUU93cTlieFZsV1Nnby96SUMybG9IWXFXT3JCbGcyanM0WG5XVmwvWTc0bG9IWUZxNmlSbER5NTJrc2dzY3EzT3dCck95ZDV5RFpVdytkZktrVEd5WFFGZDFXWkpIRFhadFMwYXphVGlJengvem4iLCJtYWMiOiI0ZmE5YzI0Y2I3NjkyZDhlZGVhZDE1Mzg5OTEyZTkxZDg2YjEzNDgzYTk5Y2NhZWQ3MzJlODc3MjNmMzI0ZWFlIiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6ImdIVlo0Tks5YngwOE81TjRRMFc1NVE9PSIsInZhbHVlIjoiZldKeEVSN29WSXRPTE9NSmZuOHQxOHlGZ0t3UEhNSXhtazdvUC9HWGpCMmpLZU9rbUR4ajY0RTF3ZVBEbXUwNk9JSmRTdnIxT3ZqenAydDA2cjJrbEYxY0UrdkdEQ1FndElaTjV0ZGtmMGtNZ1NCY3YvQ0ZGZ2JXNCtkL0RrZ0EiLCJtYWMiOiJjNDAxNDNjYjYyZmI0MTZmNDM2N2MwMGMwZDA1NTJhNDIwNTQ3NTY0MTgwZDViZjE3YjFkZDg5NzU3NDIyNjViIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6IkdVTm1UWnJIazhIanRaS1BQcU5QS0E9PSIsInZhbHVlIjoiM2NaQys1NklRbzdhWlArK1JrRjhoKytiOHJEcGxCY1BFQm9jNENIMUNCMkhGeExGQ1FHOUEvUVZZV2dYSkhlc2lBS0hlcmIyZVhVNndFRzNnSTM4NHRZa0lKV3ZaQ3ZtNTlweTNHMHRza3JhVTNFcVByeEw0VndlK0pCTDdOOHdHNGdVVFNKVHJEN0V6QTlSbklwNUJtTnU3aGFLamVDdjRqYjNPRm5JOW54bGtWbFNNUEpwZjNRK08rai9vaWpTendoOVZ5NHYvY2MxSzR0UzZFK2NiczNjdmU1OFo4aG1waDhhZlljclVwVzY3NVBrSjBqUExkS3FaOG51VGVSWmdKeDVURGEzY1FWUUdOdjBBZFhLNUMvT3N0cXhoZGRJczlHUm1JTHpRS3c9IiwibWFjIjoiNDE3N2QwYjAxN2NmYzM3MzhmOGMwMDFkYzk4Y2UzZGU1YmQxZDRmYzA1Y2VhZDQ0NmJhYTRkMzBiNzMxNjdiMiIsInRhZyI6IiJ9; visit=eyJpdiI6Ikl2YVJWaHdyd2U0QWM5Y0VXbEdIekE9PSIsInZhbHVlIjoiQ1hoYklycEI4aTQwNElBczB3VWFIem1DRUtycUFxTlBoT2xzNUdpRjNwYWxUUU5YQmRicUdYKzVLZ2kwNnpmUyIsIm1hYyI6IjI0MjJiODA0YzE5OGE0M2VmMWM3ZDM3Y2NiZDY3YmQyZTgyNGFlNDBmOTg3YTE5OGFjMWJiYmFkYjIyZWFhNTciLCJ0YWciOiIifQ%3D%3D; T9PtuGaAhb8CCUV3TUF12nhmrVq69IRziOwNfgXI=eyJpdiI6ImV3bUQ5UWkxMHpKVW42enovVkhidXc9PSIsInZhbHVlIjoibDlITXpjU0lMamZtbjNTSGNCQ0lZdzU4dmgrRzVkL295bktUakNLdEFtQjYvTkVtNndkZTVDOUh1WTZzenIwbnNlZUlWSWdiTG5vQ21hMGpiak9Dd1JnbVNjUnJyTFRNUkdVRHIxWnk0ZUI5MVJkelpJMTdneHdPWklmVHVzV2VWaGdkRVduTHFBTFlMRWlleWNXYTA0UDZDOWo1RlZHbFc1NU4rVWI3NkVnOTl2STRTa1ludnlCOFF1clNwZ1ZpWGh1MFRkeFlCRnBQYWZ0c3htWXYxRjRDclR3VHg2MURSb1ZleEFJakhRSHBmVFdJQjNYa0U4RldRL2k4cVNwOTE1ekpaR2dWU3UwT1hYcXVkVWlBcksxMWtIQ1NGandtTEprZEhYYmZMZUJ2bTNMNDYyNEdNUFNnQUkzazVYUVpSU3E0YWIxNW9aWDVBUHB5NmJpZkFNRHd2Y1JyNjNWWEhIdmJOcUtidE9qZ1R2bGd2RFRWRm0vTHV0a0pwbjY2U0phUWo3dEtQWTlZeFBtamtrcjVpZ3pSY0tsOWo3bnVGeDRQMVkzSVNFRUtyWmNPT0ZzOEhJM3NhK3RDR2NVeTEvaW9oRC9hYUlSb2ZXNEJWWHpNbWNoK2tlaDNYODZDOHpwMnI3UnVyTWVNRXAyYnN3OTJJSmg0bFpsV2hTbnJFWHhGMzFPODFHS2VuOGFieStqekphcUNiNVNYY1NjaEMzbFMyMjJOK1N1cmZkaGM2WUVaczlCOXgzS1hNZExRbmtwQmt3dXFKd3h0dzl0NThhWHlUUT09IiwibWFjIjoiODc3ZDA1NGMzNTE0ZTljMjZhMDY1Y2JiZGU5NmEwMDg5OTE1NzkxZTViYjg0MDc0NjIxZTYxMDgzYzRiODc0YiIsInRhZyI6IiJ9
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 20:20:00 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 07 Dec 2022 13:15:00 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"639091d4-39ccc"
Expires: Fri, 08 Dec 2023 20:20:00 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
www.freakywin.net/js/app.js?id=28ab47316d5c99b9123c18225c41012d
94.237.84.54200 OK 64 kB URL HTTP/1.1 www.freakywin.net/js/app.js?id=28ab47316d5c99b9123c18225c41012d
IP 94.237.84.54:0
File type Unicode text, UTF-8 text, with very long lines (65474)
Hash 0aa37a76f35e312ae74dee1d9df62f9f
f918aeda726bf387794ed1ced02a6cac935d3ca1
bbe27fde7966ca0ed21fec5a15c7b766ea75842b47a7d65e3d2ccf9100e24329
Analyzer Verdict Alert fortinet Phishing
GET /js/app.js?id=28ab47316d5c99b9123c18225c41012d HTTP/1.1
Host: www.freakywin.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.freakywin.net/win_gold_min?tid=5x6b8yc4g75iljsr5brksc4os,16501424,5,1043&ctrack=1670530781.3486444506&p=1043&pi=mbep&click_id=wj3f2m4pbonhnk1l2od7ic72&prize=cash-500-usd
Cookie: XSRF-TOKEN=eyJpdiI6InJPNG5FRTV0RGZCQkN0UTV2MWkvWFE9PSIsInZhbHVlIjoibnVoeGxYUm8xNDlCQU4ybmVLUU93cTlieFZsV1Nnby96SUMybG9IWXFXT3JCbGcyanM0WG5XVmwvWTc0bG9IWUZxNmlSbER5NTJrc2dzY3EzT3dCck95ZDV5RFpVdytkZktrVEd5WFFGZDFXWkpIRFhadFMwYXphVGlJengvem4iLCJtYWMiOiI0ZmE5YzI0Y2I3NjkyZDhlZGVhZDE1Mzg5OTEyZTkxZDg2YjEzNDgzYTk5Y2NhZWQ3MzJlODc3MjNmMzI0ZWFlIiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6ImdIVlo0Tks5YngwOE81TjRRMFc1NVE9PSIsInZhbHVlIjoiZldKeEVSN29WSXRPTE9NSmZuOHQxOHlGZ0t3UEhNSXhtazdvUC9HWGpCMmpLZU9rbUR4ajY0RTF3ZVBEbXUwNk9JSmRTdnIxT3ZqenAydDA2cjJrbEYxY0UrdkdEQ1FndElaTjV0ZGtmMGtNZ1NCY3YvQ0ZGZ2JXNCtkL0RrZ0EiLCJtYWMiOiJjNDAxNDNjYjYyZmI0MTZmNDM2N2MwMGMwZDA1NTJhNDIwNTQ3NTY0MTgwZDViZjE3YjFkZDg5NzU3NDIyNjViIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6IkdVTm1UWnJIazhIanRaS1BQcU5QS0E9PSIsInZhbHVlIjoiM2NaQys1NklRbzdhWlArK1JrRjhoKytiOHJEcGxCY1BFQm9jNENIMUNCMkhGeExGQ1FHOUEvUVZZV2dYSkhlc2lBS0hlcmIyZVhVNndFRzNnSTM4NHRZa0lKV3ZaQ3ZtNTlweTNHMHRza3JhVTNFcVByeEw0VndlK0pCTDdOOHdHNGdVVFNKVHJEN0V6QTlSbklwNUJtTnU3aGFLamVDdjRqYjNPRm5JOW54bGtWbFNNUEpwZjNRK08rai9vaWpTendoOVZ5NHYvY2MxSzR0UzZFK2NiczNjdmU1OFo4aG1waDhhZlljclVwVzY3NVBrSjBqUExkS3FaOG51VGVSWmdKeDVURGEzY1FWUUdOdjBBZFhLNUMvT3N0cXhoZGRJczlHUm1JTHpRS3c9IiwibWFjIjoiNDE3N2QwYjAxN2NmYzM3MzhmOGMwMDFkYzk4Y2UzZGU1YmQxZDRmYzA1Y2VhZDQ0NmJhYTRkMzBiNzMxNjdiMiIsInRhZyI6IiJ9; visit=eyJpdiI6Ikl2YVJWaHdyd2U0QWM5Y0VXbEdIekE9PSIsInZhbHVlIjoiQ1hoYklycEI4aTQwNElBczB3VWFIem1DRUtycUFxTlBoT2xzNUdpRjNwYWxUUU5YQmRicUdYKzVLZ2kwNnpmUyIsIm1hYyI6IjI0MjJiODA0YzE5OGE0M2VmMWM3ZDM3Y2NiZDY3YmQyZTgyNGFlNDBmOTg3YTE5OGFjMWJiYmFkYjIyZWFhNTciLCJ0YWciOiIifQ%3D%3D; T9PtuGaAhb8CCUV3TUF12nhmrVq69IRziOwNfgXI=eyJpdiI6ImV3bUQ5UWkxMHpKVW42enovVkhidXc9PSIsInZhbHVlIjoibDlITXpjU0lMamZtbjNTSGNCQ0lZdzU4dmgrRzVkL295bktUakNLdEFtQjYvTkVtNndkZTVDOUh1WTZzenIwbnNlZUlWSWdiTG5vQ21hMGpiak9Dd1JnbVNjUnJyTFRNUkdVRHIxWnk0ZUI5MVJkelpJMTdneHdPWklmVHVzV2VWaGdkRVduTHFBTFlMRWlleWNXYTA0UDZDOWo1RlZHbFc1NU4rVWI3NkVnOTl2STRTa1ludnlCOFF1clNwZ1ZpWGh1MFRkeFlCRnBQYWZ0c3htWXYxRjRDclR3VHg2MURSb1ZleEFJakhRSHBmVFdJQjNYa0U4RldRL2k4cVNwOTE1ekpaR2dWU3UwT1hYcXVkVWlBcksxMWtIQ1NGandtTEprZEhYYmZMZUJ2bTNMNDYyNEdNUFNnQUkzazVYUVpSU3E0YWIxNW9aWDVBUHB5NmJpZkFNRHd2Y1JyNjNWWEhIdmJOcUtidE9qZ1R2bGd2RFRWRm0vTHV0a0pwbjY2U0phUWo3dEtQWTlZeFBtamtrcjVpZ3pSY0tsOWo3bnVGeDRQMVkzSVNFRUtyWmNPT0ZzOEhJM3NhK3RDR2NVeTEvaW9oRC9hYUlSb2ZXNEJWWHpNbWNoK2tlaDNYODZDOHpwMnI3UnVyTWVNRXAyYnN3OTJJSmg0bFpsV2hTbnJFWHhGMzFPODFHS2VuOGFieStqekphcUNiNVNYY1NjaEMzbFMyMjJOK1N1cmZkaGM2WUVaczlCOXgzS1hNZExRbmtwQmt3dXFKd3h0dzl0NThhWHlUUT09IiwibWFjIjoiODc3ZDA1NGMzNTE0ZTljMjZhMDY1Y2JiZGU5NmEwMDg5OTE1NzkxZTViYjg0MDc0NjIxZTYxMDgzYzRiODc0YiIsInRhZyI6IiJ9
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 20:20:00 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 07 Dec 2022 13:15:00 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"639091d4-2e42c"
Expires: Fri, 08 Dec 2023 20:20:00 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dadb4ab46af9709ff9051fa4ee7c06a8
47f84ba6187e8310bc2e7f7605a25ca5b35af1e1
735d2fbde579416abac047a051f81791c888b1c8126a199935ce9248ad4f2d60
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "735D2FBDE579416ABAC047A051F81791C888B1C8126A199935CE9248AD4F2D60"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18594
Expires: Fri, 09 Dec 2022 01:29:54 GMT
Date: Thu, 08 Dec 2022 20:20:00 GMT
Connection: keep-alive
www.freakywin.net/img/prizes/cash-500-usd/default/default@0.75x.png
94.237.84.54200 OK 14 kB URL HTTP/2 www.freakywin.net/img/prizes/cash-500-usd/default/default@0.75x.png
IP 94.237.84.54:0
File type PNG image data, 300 x 300, 8-bit colormap, non-interlaced\012- data
Hash 8a0e556cacd7eae426890d0b9c82592e
321c72a9a18d8967c967c0067a9ebc9030eb08a1
bab0791c1c042dafa1ab7f295943c515cd66458ef193f5da56734f1804c5e63a
GET /img/prizes/cash-500-usd/default/default@0.75x.png HTTP/1.1
Host: www.freakywin.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.freakywin.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 20:20:00 GMT
content-type: image/png
content-length: 14072
last-modified: Wed, 07 Dec 2022 13:13:34 GMT
etag: "6390917e-36f8"
expires: Fri, 08 Dec 2023 20:20:00 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b1657bbdf2ff72d735e63883c39e38d2
27290737c160e9ba00af147e60753d9c0c76103d
d5a4bcea95541ec441fa072006d3cf7d6df9a97f2fb1d64e9960a53a3993db42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5A4BCEA95541EC441FA072006D3CF7D6DF9A97F2FB1D64E9960A53A3993DB42"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12171
Expires: Thu, 08 Dec 2022 23:42:52 GMT
Date: Thu, 08 Dec 2022 20:20:01 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 20:07:55 GMT
age: 726
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
s3ntry.net/api/18/envelope/?sentry_key=ccd7567c32f347d999f51c043b0ccde6&sentry_version=7
162.55.168.249200 OK 2 B URL HTTP/1.1 s3ntry.net/api/18/envelope/?sentry_key=ccd7567c32f347d999f51c043b0ccde6&sentry_version=7
IP 162.55.168.249:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /api/18/envelope/?sentry_key=ccd7567c32f347d999f51c043b0ccde6&sentry_version=7 HTTP/1.1
Host: s3ntry.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.freakywin.net/
Content-Type: text/plain;charset=UTF-8
Origin: http://www.freakywin.net
Content-Length: 434
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Dec 2022 20:20:01 GMT
Content-Type: application/json
Content-Length: 2
Connection: close
access-control-allow-origin: http://www.freakywin.net
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
vary: Origin
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2849
Cache-Control: max-age=135260
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:20:01 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 09:54:21 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.228.207.167101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.228.207.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XkH3r92hLa4lLQThnaujaw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: an2433u4UT70Gehvksnzs1ezGw4=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16667
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 20:20:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: etWGqF-8tXSwaeZVTPK4g9CV5ZbdYv5ZDjF5Yx2PSNnTsreewpbhdA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 08:48:08 GMT
age: 41514
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24d89b69ba37bf23c5d576aff4063caf
3d46a21b4da571d7e4962e335c18a28ca5f81ecf
09b52cdab278805c6e7282f469a02768ee62fc9ef09a6623a337e3d3aaa446fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7268
x-amzn-requestid: ae5c231c-b1be-498a-a242-e8d641f3fe8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFDgEzUoAMFgyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911baf-10f06dc37cac69631c823fd9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:03:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QSv756DvAzOQnKae5wVg75wrQS6oDGPkfIZka86FNQ2vizBnZ7sIDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:12:45 GMT
age: 76037
etag: "3d46a21b4da571d7e4962e335c18a28ca5f81ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
d1u65k3qj4t7ya.cloudfront.net/carriers/telenor.svg
54.230.245.69200 OK 10 kB URL HTTP/2 d1u65k3qj4t7ya.cloudfront.net/carriers/telenor.svg
IP 54.230.245.69:0
Hash f3468c90cb81f4c79516e1b915174d95
04b512311205fda6cdfbfeea99edcf08c6b8394b
92be883202b24bf73ec0e3e92e8a35242a75bba81c3dded71fb944b9eaf5295c
GET /carriers/telenor.svg HTTP/1.1
Host: d1u65k3qj4t7ya.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.freakywin.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 01 Jul 2022 12:26:39 GMT
x-amz-storage-class: REDUCED_REDUNDANCY
server: AmazonS3
content-encoding: gzip
date: Thu, 08 Dec 2022 03:48:02 GMT
etag: W/"22ac04ea759d608fe69bc0db24dc915c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: e0VL2tHEyKqFpZrMc3flbnxIc16IYA3JtyOnLHgZKYCQcHjaxO_J9Q==
age: 59520
X-Firefox-Spdy: h2
d1u65k3qj4t7ya.cloudfront.net/carriers/telia.svg
54.230.245.69200 OK 9.2 kB URL HTTP/2 d1u65k3qj4t7ya.cloudfront.net/carriers/telia.svg
IP 54.230.245.69:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (895)
Hash 23f39a8e6411d4d7b56fcf60184b2319
f58ff97e7822a8b55e99074ef9d826aa784dd47a
61074cf61c18913d60f66c74eaa26f0ad7659fc6c44d1530b2b280b7dc0cd740
GET /carriers/telia.svg HTTP/1.1
Host: d1u65k3qj4t7ya.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.freakywin.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 01 Jul 2022 12:26:39 GMT
x-amz-storage-class: REDUCED_REDUNDANCY
server: AmazonS3
content-encoding: br
date: Thu, 08 Dec 2022 20:16:34 GMT
etag: W/"c87c4b7324d0c7760e2c3c5ffb645dd7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Sdsgm0hT8Ipl5-d4RiHFlM79txb9w7w87TK1VvegfE-wJtnG68StSA==
age: 4225
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:16:35 GMT
age: 75807
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc231183-b100-4921-9a48-0bac91da0d2b.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc231183-b100-4921-9a48-0bac91da0d2b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 280c788841ca669f2c8556f03ee85b68
c15a4519a69eb6b5cc624344a7c3d99335a095d9
451a816aa2129c3a7712a01b96daee492ae2ab25c4940405063098f3b7ad10ae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc231183-b100-4921-9a48-0bac91da0d2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6032
x-amzn-requestid: 22b80af7-87cf-4719-8bc8-927077cc3aa1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4hoFraoAMFpVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639107a3-42927c064ee65d3b23121b36;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6M8oH6MMBavZDrPB-1sohGs3gJK1LjDbeDYZ0OAIlTLqJ6LdGbkCTg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:59:08 GMT
age: 80454
etag: "c15a4519a69eb6b5cc624344a7c3d99335a095d9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2