r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b39c3955aa73765d5c9cbe0d4c52f83
b13bf774f0189207d90d846b86b68fcf2f64f868
f6fea261b800d26e329ced17006c9f5d10b6c490dac3b2276cc7b0e2aa38316c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6FEA261B800D26E329CED17006C9F5D10B6C490DAC3B2276CC7B0E2AA38316C"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9295
Expires: Thu, 16 Feb 2023 04:51:59 GMT
Date: Thu, 16 Feb 2023 02:17:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 584dc97b4a725bab46f43b0c52ea2f21
4c7d5484aca5c64746185fa7a1e6103672fd6beb
726714a5ebdaa8dda3c669eedad6503ffd2a822cfd0bbdf5eb8a1d8ad43ad5bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "726714A5EBDAA8DDA3C669EEDAD6503FFD2A822CFD0BBDF5EB8A1D8AD43AD5BD"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17516
Expires: Thu, 16 Feb 2023 07:09:00 GMT
Date: Thu, 16 Feb 2023 02:17:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 16 Feb 2023 01:37:27 GMT
content-type: application/json
age: 2377
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e4879878d8594ad779e96e43ceadae35
e81c37ddd67123e47ea15707896b807a306d8d7e
c50069d7380586c743cddc2678baab9bb04400c70c28c3102650264ef806319c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C50069D7380586C743CDDC2678BAAB9BB04400C70C28C3102650264EF806319C"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2699
Expires: Thu, 16 Feb 2023 03:02:03 GMT
Date: Thu, 16 Feb 2023 02:17:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Dc09kgXiT+m5yGbiWzWbJzQPsEmmaUEoc2F/2IFJV4ju/ZS8h580jpYt0lH8yN2OXQcXaO2EltVv4LgFKkAXtw==
x-amz-request-id: J1EEJD74D39ZA2FW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 16 Feb 2023 01:49:10 GMT
age: 1674
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0bb75bdfe561fbb9e6fe0f7599e7715d
1347dde919491fd4494c2d18fd125e99cb4e370b
9e266ad1e612bfc5cbf4211ec47117049661c4a0adec982484b031439dcb3af9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9E266AD1E612BFC5CBF4211EC47117049661C4A0ADEC982484B031439DCB3AF9"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14111
Expires: Thu, 16 Feb 2023 06:12:15 GMT
Date: Thu, 16 Feb 2023 02:17:04 GMT
Connection: keep-alive
n1sav.bemobtrcks.com/go/9cbcc6c1-1395-4d50-a15a-256b4de9f3a7
3.70.16.242302 Found 510 B URL HTTP/2 n1sav.bemobtrcks.com/go/9cbcc6c1-1395-4d50-a15a-256b4de9f3a7
IP 3.70.16.242:0
File type HTML document, ASCII text, with very long lines (510), with no line terminators
Hash 40ebd8f2e89aa684156ed42fcde23ddd
6899c80c8532b1530b3861a19d22dd8897d87ad9
d00905ab780ed7c4342276dcd9e64966c8bbf5834ab3e4e2fa218e6710a891a9
Analyzer Verdict Alert openphish Orange
GET /go/9cbcc6c1-1395-4d50-a15a-256b4de9f3a7 HTTP/1.1
Host: n1sav.bemobtrcks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: openresty
date: Thu, 16 Feb 2023 02:17:04 GMT
content-type: text/html; charset=utf-8
content-length: 510
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
location: https://www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
set-cookie: bemob-uniq-visit:9cbcc6c1-1395-4d50-a15a-256b4de9f3a7=1; Domain=n1sav.bemobtrcks.com; Path=/; Expires=Fri, 17 Feb 2023 02:17:04 GMT; HttpOnly; Secure; SameSite=None
bemob-rotation:9cbcc6c1-1395-4d50-a15a-256b4de9f3a7:random:1bfa7885017691586472af7a62c800b5=0-0-0; Domain=n1sav.bemobtrcks.com; Path=/; Expires=Fri, 17 Feb 2023 02:17:04 GMT; HttpOnly; Secure; SameSite=None
bemob-track-url=https%3A%2F%2Fwww.mobilewinselection.com%2Fbemob%2Fiframe%2Fromanian%2Fromania%2Forange%2Fsurvey-lander-cash%3Fclick_id%3D9tMM28MJDM96YAaZVEVNCO%26bemobdata%3Dc%253D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%253D36ce4b1f-f95c-4059-b890-c2b90574a385..a%253D0..b%253D0; Domain=n1sav.bemobtrcks.com; Path=/; Expires=Fri, 17 Feb 2023 02:17:04 GMT; HttpOnly; Secure; SameSite=None
vary: Accept
x-response-time: 8.709ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 16 Feb 2023 02:17:04 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
78.46.179.10301 Moved Permanently 519 B URL HTTP/2 www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
IP 78.46.179.10:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 19f2572222e2e23de4bb90a3c489c210
cd7c88fb79edaa19d8afb38be87c078eac694dc6
2fd7cb75e4efb17d57f02aecca0babfc22c68bb1fbf36489650be1139336881b
GET /bemob/iframe/romanian/romania/orange/survey-lander-cash?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0 HTTP/1.1
Host: www.mobilewinselection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
location: https://www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
content-length: 519
content-type: text/html; charset=iso-8859-1
date: Thu, 16 Feb 2023 02:17:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
78.46.179.10200 OK 6.0 kB URL HTTP/2 www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
IP 78.46.179.10:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (383)
Hash 47c0a283495202ff5bede73c3cf8d117
6d9bd2ebf61450bcbb32b68c824917efc344d316
3a52b1b6811ed8c3ebf20d971d2e9fd4c3c0218ba998f23ea3e8e3dc9cef5a93
GET /bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0 HTTP/1.1
Host: www.mobilewinselection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 14:18:56 GMT
etag: "177d-5f33f8bbfb092"
accept-ranges: bytes
content-length: 6013
content-type: text/html
date: Thu, 16 Feb 2023 02:17:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/css/app.css?id=2fbe2d9a9a40ca9b2489
78.46.179.10200 OK 69 B URL HTTP/2 www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/css/app.css?id=2fbe2d9a9a40ca9b2489
IP 78.46.179.10:0
ASN #24940 Hetzner Online GmbH
Hash 2fbe2d9a9a40ca9b2489f46d1b5520c1
a8b5e5629deabf1912d969b4036ed3c9159756bb
94d8599586a5ee9c62dc15b45ca083b69d060d0c12bf2be3673b19a9820216ea
Analyzer Verdict Alert fortinet Phishing
GET /bemob/iframe/romanian/romania/orange/survey-lander-cash/css/app.css?id=2fbe2d9a9a40ca9b2489 HTTP/1.1
Host: www.mobilewinselection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 14:20:19 GMT
etag: "45-5f33f90b72d38"
accept-ranges: bytes
content-length: 69
content-type: text/css
date: Thu, 16 Feb 2023 02:17:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/css/landers/survey/app.css?id=b58f517ccb85236317fa
78.46.179.10200 OK 3.5 kB URL HTTP/2 www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/css/landers/survey/app.css?id=b58f517ccb85236317fa
IP 78.46.179.10:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (3508)
Hash b58f517ccb85236317faed6f2f276f94
f8036bae79943dc93ef568342f103690ebe6b331
4c95a2c7c370e3ea727269117605e6911a440309feab22ce29641fb4e561a8ad
Analyzer Verdict Alert fortinet Phishing
GET /bemob/iframe/romanian/romania/orange/survey-lander-cash/css/landers/survey/app.css?id=b58f517ccb85236317fa HTTP/1.1
Host: www.mobilewinselection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 14:23:18 GMT
etag: "dd8-5f33f9b607db6"
accept-ranges: bytes
content-length: 3544
content-type: text/css
date: Thu, 16 Feb 2023 02:17:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/img/landers/survey/logo/default.svg
78.46.179.10200 OK 2.9 kB URL HTTP/2 www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/img/landers/survey/logo/default.svg
IP 78.46.179.10:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2747)
Hash 4b289660adaec3ad254bc42cf76520b0
f33b31a3ce09216cf6dd0908117432128713c19d
1650a55972e67336ecb88a13d5c20aa714e16be88bc5c96e0c5ae942e10271ba
Analyzer Verdict Alert fortinet Phishing
GET /bemob/iframe/romanian/romania/orange/survey-lander-cash/img/landers/survey/logo/default.svg HTTP/1.1
Host: www.mobilewinselection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 14:25:59 GMT
etag: "b6f-5f33fa4f2c08c"
accept-ranges: bytes
content-length: 2927
content-type: image/svg+xml
date: Thu, 16 Feb 2023 02:17:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/img/prizes/cash-500-usd/default/default@0.25x.png
78.46.179.10200 OK 2.8 kB URL HTTP/2 www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/img/prizes/cash-500-usd/default/default@0.25x.png
IP 78.46.179.10:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash e8097f29e561cec2a90805b688363b05
1df3d6d277a91e97620e6075c67048aa360541b0
35acb88ac15dd098eee7a515d0764b8b5a3ed4c8c8d307f7b3115464796973e8
GET /bemob/iframe/romanian/romania/orange/survey-lander-cash/img/prizes/cash-500-usd/default/default@0.25x.png HTTP/1.1
Host: www.mobilewinselection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 14:25:59 GMT
etag: "adc-5f33fa4f456cc"
accept-ranges: bytes
content-length: 2780
content-type: image/png
date: Thu, 16 Feb 2023 02:17:04 GMT
server: Apache
X-Firefox-Spdy: h2
www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/js/app.js?id=d95b2f380a2918b995e8
78.46.179.10200 OK 19 kB URL HTTP/2 www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/js/app.js?id=d95b2f380a2918b995e8
IP 78.46.179.10:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (18572)
Hash d95b2f380a2918b995e8fa85a7f09153
f097600e1f6eca95f371781388433b8ad03c607f
ae821888487a02515eecf251b7709134b5a2e58c00418f90bca93088208531d3
GET /bemob/iframe/romanian/romania/orange/survey-lander-cash/js/app.js?id=d95b2f380a2918b995e8 HTTP/1.1
Host: www.mobilewinselection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 14:20:20 GMT
etag: "48ad-5f33f90b9dcb8"
accept-ranges: bytes
content-length: 18605
content-type: application/javascript
date: Thu, 16 Feb 2023 02:17:04 GMT
server: Apache
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Last-Modified, Alert, Backoff, Content-Type, Pragma, Expires, Cache-Control, Retry-After, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 16 Feb 2023 02:14:54 GMT
age: 131
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/js/landers/survey/app.js?id=2137f4f9f820aa743623
78.46.179.10200 OK 151 kB URL HTTP/2 www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/js/landers/survey/app.js?id=2137f4f9f820aa743623
IP 78.46.179.10:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65443)
Size 151 kB (150587 bytes)
Hash 2137f4f9f820aa7436234fb4df0b05db
becb1f18c0434e75b313bd239676d9a6756eae17
49e2a340cf92a6bdd23b8edf440dabc23d8256441ab8805ceb18d59f3d7708b9
GET /bemob/iframe/romanian/romania/orange/survey-lander-cash/js/landers/survey/app.js?id=2137f4f9f820aa743623 HTTP/1.1
Host: www.mobilewinselection.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilewinselection.com/bemob/iframe/romanian/romania/orange/survey-lander-cash/?click_id=9tMM28MJDM96YAaZVEVNCO&bemobdata=c%3D9cbcc6c1-1395-4d50-a15a-256b4de9f3a7..l%3D36ce4b1f-f95c-4059-b890-c2b90574a385..a%3D0..b%3D0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 Jan 2023 14:23:19 GMT
etag: "24c3b-5f33f9b64d316"
accept-ranges: bytes
content-length: 150587
content-type: application/javascript
date: Thu, 16 Feb 2023 02:17:04 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash da414f16f76d1d483f37bbce98c8d8f9
00e26eb701f399ff5faed9530e352ca9c8e52a41
058a3cd4cc5f4a6976788de4ffd11d81d592d9ee7e6a149d4a9ab760b9abd97a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "058A3CD4CC5F4A6976788DE4FFD11D81D592D9EE7E6A149D4A9AB760B9ABD97A"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 16 Feb 2023 08:17:05 GMT
Date: Thu, 16 Feb 2023 02:17:05 GMT
Connection: keep-alive
psothoms.com/pfe/current/micro.tag.min.js?z=5653160&sw=/sw-check-permissions-d1fba.js
139.45.197.251200 OK 15 kB URL HTTP/2 psothoms.com/pfe/current/micro.tag.min.js?z=5653160&sw=/sw-check-permissions-d1fba.js
IP 139.45.197.251:0
Hash 5e2b348ab2453f9f68e3516433662210
f65292ecd67c243c50026f428dd3ea87e19db616
2208848dea1c8cb6df4731c0de4d60b493708baf20224f40c5778ba3c5566748
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=5653160&sw=/sw-check-permissions-d1fba.js HTTP/1.1
Host: psothoms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mobilewinselection.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 16 Feb 2023 02:17:05 GMT
content-type: application/javascript
last-modified: Tue, 07 Feb 2023 14:32:43 GMT
etag: W/"63e2610b-a083"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
psothoms.com/zone?&pub=0&zone_id=5653160&is_mobile=false&domain=www.mobilewinselection.com&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 psothoms.com/zone?&pub=0&zone_id=5653160&is_mobile=false&domain=www.mobilewinselection.com&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /zone?&pub=0&zone_id=5653160&is_mobile=false&domain=www.mobilewinselection.com&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: psothoms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.mobilewinselection.com
Connection: keep-alive
Referer: https://www.mobilewinselection.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 16 Feb 2023 02:17:05 GMT
content-length: 0
x-trace-id: 6b201170c0e65323c24d3cfc008f6acc
access-control-allow-origin: https://www.mobilewinselection.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.38.186.64101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.186.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TM1iqGiKVeAQlF3jMvst1Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: znDOpGRNjgzn3bUkWidFofcv828=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c9333ebd8634e6b287e0b58265edf328
6ea57e1529609f015e198c72d2455c758f5b45ab
6bc07733856e4fbefbb42e5ad6423539ccbc855c66cf4279bf515997ea8933d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BC07733856E4FBEFBB42E5AD6423539CCBC855C66CF4279BF515997EA8933D2"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6428
Expires: Thu, 16 Feb 2023 04:04:14 GMT
Date: Thu, 16 Feb 2023 02:17:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c9333ebd8634e6b287e0b58265edf328
6ea57e1529609f015e198c72d2455c758f5b45ab
6bc07733856e4fbefbb42e5ad6423539ccbc855c66cf4279bf515997ea8933d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BC07733856E4FBEFBB42E5AD6423539CCBC855C66CF4279BF515997EA8933D2"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6428
Expires: Thu, 16 Feb 2023 04:04:14 GMT
Date: Thu, 16 Feb 2023 02:17:06 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c9333ebd8634e6b287e0b58265edf328
6ea57e1529609f015e198c72d2455c758f5b45ab
6bc07733856e4fbefbb42e5ad6423539ccbc855c66cf4279bf515997ea8933d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BC07733856E4FBEFBB42E5AD6423539CCBC855C66CF4279BF515997EA8933D2"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6428
Expires: Thu, 16 Feb 2023 04:04:14 GMT
Date: Thu, 16 Feb 2023 02:17:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F088042eb-8368-43cc-87ea-092286978e94.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F088042eb-8368-43cc-87ea-092286978e94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebf2b034739bd071054ebf80a1ff595d
7e4585aeab4a996e3fbfd37968bb02931da854a9
d6a6c170482ba37606716f8ef9c6edcbc8b77f3105459b1c5d65687ac1371c16
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F088042eb-8368-43cc-87ea-092286978e94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10755
x-amzn-requestid: 2f618b25-3ded-41b9-bccc-342418ee044f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AZmNwFUjIAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ed50be-44bde92d5eb1132233a6b160;Sampled=0
x-amzn-remapped-date: Wed, 15 Feb 2023 21:38:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bmiv1bevUuK-iqhxFkFwOWWFkG281vjBZG2tY8_9_NINkaLZW7Pl4g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 15 Feb 2023 21:55:01 GMT
age: 15725
etag: "7e4585aeab4a996e3fbfd37968bb02931da854a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fe38f96-4b04-43d2-9644-5b2f7cd0c0c9.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fe38f96-4b04-43d2-9644-5b2f7cd0c0c9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 504b69ec2b6350345c36777959b0765a
c302824325b8f0839c7de54af9c5bd02541e4269
6e3a5b1cd7d17a9f448b8189d5683567269b3b3d461838770482283898008f39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fe38f96-4b04-43d2-9644-5b2f7cd0c0c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14477
x-amzn-requestid: 2544b5cc-3fb0-4536-88ec-8cb9044fb612
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ANtsXFBYoAMF6tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e88fe8-452901f67af9f5d95ccc61c3;Sampled=0
x-amzn-remapped-date: Sun, 12 Feb 2023 07:06:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 18cnMMCsvwUvJVsvM8s2v0k3P6WL1kzo4S9dOvsskdYEBk748cj3Cw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 15 Feb 2023 05:17:43 GMT
age: 75563
etag: "c302824325b8f0839c7de54af9c5bd02541e4269"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fbf08b9-9c96-48f8-978f-f74255aeda16.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fbf08b9-9c96-48f8-978f-f74255aeda16.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1dc057a780f575d4975ebdd480946364
2f6ce606ec30aa95dfb52af523f12c28efcd18e4
a9937cdfabaf18eff0dbeaa95ed93023e52d12167193ced665b354f85b672aef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fbf08b9-9c96-48f8-978f-f74255aeda16.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5443
x-amzn-requestid: f0c2fa8d-5f99-4cf0-965e-c3cc3360033e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AZlygFtwoAMFwqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ed500f-4aca9e2c157dce49115f97a5;Sampled=0
x-amzn-remapped-date: Wed, 15 Feb 2023 21:35:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XgON0GAGU7hD34yUORZmIryWobZ9unpPofXS07vU-O3A254SeczQFA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 15 Feb 2023 21:38:57 GMT
etag: "2f6ce606ec30aa95dfb52af523f12c28efcd18e4"
content-type: image/jpeg
age: 16689
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33b1c914-808f-4087-bb21-b717b26f3496.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33b1c914-808f-4087-bb21-b717b26f3496.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4e84c4a1c0ed65e3bf372657fd7e496
e38c5908a977b024db07283a627c865988a1ed19
0fcfe03ec49c359f171162e3fca564bb105e50f191ed73fc79d54a71ca560410
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33b1c914-808f-4087-bb21-b717b26f3496.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5697
x-amzn-requestid: 72be2345-9c59-4845-95eb-25df25ec9717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AZlzzHc8IAMFRMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ed5018-3ce084a057dfb9a8400c743b;Sampled=0
x-amzn-remapped-date: Wed, 15 Feb 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XE6c9P_jyohdKOZ_iwMTKI1V1Si2UQ8qznV7u4PfAbzjyq7qMxj-gA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 15 Feb 2023 21:59:59 GMT
age: 15427
etag: "e38c5908a977b024db07283a627c865988a1ed19"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9d3d9db-55d4-4430-857b-e062406727dd.jpeg
34.120.237.76200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9d3d9db-55d4-4430-857b-e062406727dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 74582100d5b61f9773dd3436fbbfbc20
7db7cac233e40cbc057e85403b7a60b20593a4e5
eacbab03bcbc1a1a8cdc9bb2c8d793eb29c7f577489cd453e7ddc08fe9ee48e5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9d3d9db-55d4-4430-857b-e062406727dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4056
x-amzn-requestid: e06bcf49-9a6c-4889-8dba-1ca146183716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AZmVwHvyoAMF7HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ed50f1-2dd38ed55b4756940d312d97;Sampled=0
x-amzn-remapped-date: Wed, 15 Feb 2023 21:38:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: o6QrZzWOHeMy79WVpgwAsFFAJUqQQo3ygrbyw9s7rVHPh_lo6j9xQA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 15 Feb 2023 21:38:57 GMT
etag: "7db7cac233e40cbc057e85403b7a60b20593a4e5"
content-type: image/jpeg
age: 16689
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b55a8d4-1301-49f2-9706-b2bb9f909c17.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b55a8d4-1301-49f2-9706-b2bb9f909c17.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 977edf6be4f932d59a6596cc9e44589b
2a69bb5ba8ccee0c588f7e967772b6fb02725d35
7983b819d2086190b557ce50778e7077731c1f3373f60d50b503c70b7d523f01
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b55a8d4-1301-49f2-9706-b2bb9f909c17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9443
x-amzn-requestid: e39cca19-cc8c-47c1-8c5d-169fb7625e2c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AQl5UEmkIAMFe2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e9b6a1-5694cc0b1b4bc66921e1bec2;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 04:03:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XdnZ15kEUXvNTmoeD13oauToQDVRBFxV9L3qiYE9onPvMxp6EBpcoQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 15 Feb 2023 23:17:16 GMT
age: 10790
etag: "2a69bb5ba8ccee0c588f7e967772b6fb02725d35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2