r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb72f04bd7a4410640c0543bb4bd402
7c63b7e220b337b6a4f39864e11d6aa9e26c38ac
b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4391
Expires: Thu, 24 Nov 2022 11:52:45 GMT
Date: Thu, 24 Nov 2022 10:39:34 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 770d09773b5f304acf141fd66a4862b4
5ddc46ab75de26c858a9a6f6d1beaaec9bb181f5
c7bcc6928fa1c0bb225ce8a2f6badd6cb1bd6ea002fb808ed34e8dafbd7b3b26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4615
Cache-Control: max-age=90517
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 10:39:34 GMT
Etag: "637df674-1d7"
Expires: Fri, 25 Nov 2022 11:48:11 GMT
Last-Modified: Wed, 23 Nov 2022 10:31:16 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6780
Expires: Thu, 24 Nov 2022 12:32:34 GMT
Date: Thu, 24 Nov 2022 10:39:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 10:18:58 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1236
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: b2xRe2n93XstvqChOqvGnfQFa+Kph9KIEU0H19qZTVITG9CZqPR/+obk2Rqn+EjE41ANlP8adZs=
x-amz-request-id: JGN39VJY1Z8RM66N
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 09:40:21 GMT
age: 3553
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 10:39:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.instachaat.com/23/main/index.php?cep=xHk3qiOGbGMg5RF2ggsnr7TxHRg5jpxAeKpw_aeDiZxkv_ABFXh9gAauzmNYufer6Ba5EdDeX8h1l5YSW8n0WUqZRox1Be_9mKWYmEwyEqXp4e686Tw-vNGaO3BAAffJRjhd5RlUiGbr8JKT16rvDIZtvnaEwrmoE-sc4NMj11ok6XXY4eb4dZmuhlIeBkSbs8nMgezGBsqVJt2uclcjIA1C2ILiDZTYI7i2zZmPF2LfZE6C2c-pbxiPkSZDQK9kXyZAycEcehMAkiVJZS-paMSUqqXkDlGVx1j4LWTvw_GIeOXpEyzldBIfHcLoNS_dWYBJ_1vBVIQHE_9e4ghF4YjxqtVMGev2gI4qJUfkZpLWSKPGw0YeglBOp_xpV0anZBvM2KYI15KbopM9_gzKvOVOzry7Vn5-Vlt_2hywvJY&lptoken=16b969a028aa81ae6030
34.100.154.146301 Moved Permanently 892 B URL HTTP/1.1 www.instachaat.com/23/main/index.php?cep=xHk3qiOGbGMg5RF2ggsnr7TxHRg5jpxAeKpw_aeDiZxkv_ABFXh9gAauzmNYufer6Ba5EdDeX8h1l5YSW8n0WUqZRox1Be_9mKWYmEwyEqXp4e686Tw-vNGaO3BAAffJRjhd5RlUiGbr8JKT16rvDIZtvnaEwrmoE-sc4NMj11ok6XXY4eb4dZmuhlIeBkSbs8nMgezGBsqVJt2uclcjIA1C2ILiDZTYI7i2zZmPF2LfZE6C2c-pbxiPkSZDQK9kXyZAycEcehMAkiVJZS-paMSUqqXkDlGVx1j4LWTvw_GIeOXpEyzldBIfHcLoNS_dWYBJ_1vBVIQHE_9e4ghF4YjxqtVMGev2gI4qJUfkZpLWSKPGw0YeglBOp_xpV0anZBvM2KYI15KbopM9_gzKvOVOzry7Vn5-Vlt_2hywvJY&lptoken=16b969a028aa81ae6030
IP 34.100.154.146:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (559)
Hash 544b2c51cca86b76ca58825a99af95ac
af50b6ee3e8328aed61bdebe5f1e5e2dc91fb2f1
bf1d7ef762749d4ba1c9920fd25cf46b3eb8bf79924341697baa317f2e5eb7b7
GET /23/main/index.php?cep=xHk3qiOGbGMg5RF2ggsnr7TxHRg5jpxAeKpw_aeDiZxkv_ABFXh9gAauzmNYufer6Ba5EdDeX8h1l5YSW8n0WUqZRox1Be_9mKWYmEwyEqXp4e686Tw-vNGaO3BAAffJRjhd5RlUiGbr8JKT16rvDIZtvnaEwrmoE-sc4NMj11ok6XXY4eb4dZmuhlIeBkSbs8nMgezGBsqVJt2uclcjIA1C2ILiDZTYI7i2zZmPF2LfZE6C2c-pbxiPkSZDQK9kXyZAycEcehMAkiVJZS-paMSUqqXkDlGVx1j4LWTvw_GIeOXpEyzldBIfHcLoNS_dWYBJ_1vBVIQHE_9e4ghF4YjxqtVMGev2gI4qJUfkZpLWSKPGw0YeglBOp_xpV0anZBvM2KYI15KbopM9_gzKvOVOzry7Vn5-Vlt_2hywvJY&lptoken=16b969a028aa81ae6030 HTTP/1.1
Host: www.instachaat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 24 Nov 2022 10:39:34 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 892
Connection: keep-alive
Location: https://www.instachaat.com/23/main/index.php?cep=xHk3qiOGbGMg5RF2ggsnr7TxHRg5jpxAeKpw_aeDiZxkv_ABFXh9gAauzmNYufer6Ba5EdDeX8h1l5YSW8n0WUqZRox1Be_9mKWYmEwyEqXp4e686Tw-vNGaO3BAAffJRjhd5RlUiGbr8JKT16rvDIZtvnaEwrmoE-sc4NMj11ok6XXY4eb4dZmuhlIeBkSbs8nMgezGBsqVJt2uclcjIA1C2ILiDZTYI7i2zZmPF2LfZE6C2c-pbxiPkSZDQK9kXyZAycEcehMAkiVJZS-paMSUqqXkDlGVx1j4LWTvw_GIeOXpEyzldBIfHcLoNS_dWYBJ_1vBVIQHE_9e4ghF4YjxqtVMGev2gI4qJUfkZpLWSKPGw0YeglBOp_xpV0anZBvM2KYI15KbopM9_gzKvOVOzry7Vn5-Vlt_2hywvJY&lptoken=16b969a028aa81ae6030
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 10:11:11 GMT
cache-control: public,max-age=3600
age: 1704
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eb52164d651f5f45416e873aec29eb04
405b29bb7e7cd4367cf82988f8603e53db65f139
ed885e05db822ff30fe951e10b6d4f21e574d053939afca792992a1549a15301
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6144
Cache-Control: max-age=86982
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 10:39:35 GMT
Etag: "637de2ad-1d7"
Expires: Fri, 25 Nov 2022 10:49:17 GMT
Last-Modified: Wed, 23 Nov 2022 09:06:53 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.88.25.203101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.88.25.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eCcEVr0lYIlIS6ElDR05mg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: b9A/s5CENsPfPcOtZwAWBouAvho=
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash d17d887828b3f98acc77fd155b92f7cd
5f771d543e60086148a5c4edfe5928140a2775e4
a0c99e53ec917d0f6be1386718e42ab8e2438d7201cd0119544d9bc2be11543c
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135891
Date: Thu, 24 Nov 2022 10:39:36 GMT
Etag: "637eb9bb-1d7"
Expires: Sat, 26 Nov 2022 00:24:27 GMT
Last-Modified: Thu, 24 Nov 2022 00:24:27 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wqr_i_PckxJ4jcRMLhgTENDxEbIs3pCyvsyzrl7kv9d-4sPV7mTVrw==
ae.etisalatt.com/prizewheel/fonts/SuisseIntl-Regular.woff2
54.230.111.11200 OK 80 kB URL HTTP/2 ae.etisalatt.com/prizewheel/fonts/SuisseIntl-Regular.woff2
IP 54.230.111.11:0
File type Web Open Font Format (Version 2), TrueType, length 79768, version 1.0\012- data
Hash 0cb2891ce4f48dff7e5c080eda8183bc
21b194737d3729714edac200d045a7db779ede56
b07af22f80a5af0f4c1487766d15c7f93ef0943b0044e10220422f14512094db
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/fonts/SuisseIntl-Regular.woff2 HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 79768
last-modified: Thu, 17 Nov 2022 07:12:40 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 15:13:33 GMT
etag: "0cb2891ce4f48dff7e5c080eda8183bc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: z0z1BW_sEa5HxWLZ9-nvydiexH5dK8logfdfjeDowNPE6DS_e1FOtA==
age: 69964
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/fonts/SuisseIntl-SemiBold.woff2
54.230.111.11200 OK 52 kB URL HTTP/2 ae.etisalatt.com/prizewheel/fonts/SuisseIntl-SemiBold.woff2
IP 54.230.111.11:0
File type Web Open Font Format (Version 2), TrueType, length 52304, version 1.0\012- data
Hash 3ad99a5c100306be6c2ec31e047fcf1f
549718e3a8da70946c6b5b0bf7ee9817d7477327
2c8fbf5368e55ff0e5a02e4cf5bb9b827f9659af23485f8b064678f07f6ab7f6
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/fonts/SuisseIntl-SemiBold.woff2 HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 52304
last-modified: Thu, 17 Nov 2022 07:12:40 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 15:13:33 GMT
etag: "3ad99a5c100306be6c2ec31e047fcf1f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: FFs-31ZuFsjVK-gUWZYqFtflBu--sVsu2H2pjU0eTsNX03J2xQo5fA==
age: 69964
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/search.svg
54.230.111.11200 OK 368 B URL HTTP/2 ae.etisalatt.com/prizewheel/img/search.svg
IP 54.230.111.11:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 2d2cb719b2a957b1948e70a9444781a3
9ca28ea6c081a2339e2cf32ba1b03431d2b396a9
d0d99424026d78e5e5c9cf56ba72836e7d52faf2ea898e69f1b89ee98d24e103
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/search.svg HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 368
date: Wed, 23 Nov 2022 11:14:18 GMT
last-modified: Thu, 17 Nov 2022 07:12:38 GMT
etag: "2d2cb719b2a957b1948e70a9444781a3"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: JxsyOQJHhOVjr--6Fcv0Q-Bg7tZ-uqX0_2964GJQnJBAuZWggcIN2g==
age: 84319
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/uae.svg
54.230.111.11200 OK 325 B URL HTTP/2 ae.etisalatt.com/prizewheel/img/uae.svg
IP 54.230.111.11:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with CRLF line terminators
Hash 8ae6708cbab0fe2eeddb8152d87e302c
4356a8be735e79a9b77261d53d0ebbd0ada77b2c
5e8518b8716de2fbd27c171d1626e100cff78483c33b50d4b91f37f2780f297a
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/uae.svg HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 325
last-modified: Thu, 17 Nov 2022 07:12:39 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 15:13:33 GMT
etag: "8ae6708cbab0fe2eeddb8152d87e302c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: PiDQ311MMfozSJ3dgSX_Hex1jJDWxhn6Yokzck3kb1Wa8ze70H-tSg==
age: 69964
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/prizewheel.webp
54.230.111.11200 OK 31 kB URL HTTP/2 ae.etisalatt.com/prizewheel/img/prizewheel.webp
IP 54.230.111.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 4248a5c6c2063318cebff6fcd8d9a890
4b91d45199382e7faa8fd44c4aec09f455bf20f4
d46c09c521e1d4ff4aa70e3697b673ab7c746644bd58ccabf011cafa312d9a27
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/prizewheel.webp HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 30582
last-modified: Thu, 17 Nov 2022 07:12:37 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 15:13:47 GMT
etag: "4248a5c6c2063318cebff6fcd8d9a890"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: fpKt8Di_zaIoWRCawEKrbgwe_7BdGtFdpOtz_921kI7Vgerio0umAw==
age: 69950
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/iphone-13-pro.webp
54.230.111.11200 OK 14 kB URL HTTP/2 ae.etisalatt.com/prizewheel/img/iphone-13-pro.webp
IP 54.230.111.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash f38d9716425e68a47a2344619f9a8544
37cd461d83845e693f695cd41d54184e314ab2d2
213bbef0df4e8023d6cc1233ce04c873c7895ff7daa8835759717446ef2e674e
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/iphone-13-pro.webp HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 14536
last-modified: Thu, 17 Nov 2022 07:12:35 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 15:13:33 GMT
etag: "f38d9716425e68a47a2344619f9a8544"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 3o21uLCdqz_bg73rp1QMe0R43bXw11EciLEy5G2YvMQXA0kqv34QTw==
age: 69964
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/amex-card.svg
54.230.111.11200 OK 728 B URL HTTP/2 ae.etisalatt.com/prizewheel/img/amex-card.svg
IP 54.230.111.11:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (442)
Hash 1e98590c575d77cfe48fc31435d023f8
71eae56d1544692141c2915b7bfb22b2a216f428
95c4f695e62afe789334a5d7daf5787632c66d9383e98a587daa06f4a8126f48
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/amex-card.svg HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 728
last-modified: Thu, 17 Nov 2022 07:12:34 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 15:13:46 GMT
etag: "1e98590c575d77cfe48fc31435d023f8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 2LrNRKdOhn49ROSpxxMEFx2eR1ZTq5ZonBaO6px_19T3shCCoaB1EA==
age: 69951
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/card.svg
54.230.111.11200 OK 394 B URL HTTP/2 ae.etisalatt.com/prizewheel/img/card.svg
IP 54.230.111.11:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 4e5e506bb14a57f7d811018693925919
d52fcc5757c13cc50828a95bc668d6048d8b753c
4a2b069397940679ab99f94c81bf8c6f321640a4eae150bf11ad8ffde21b7386
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/card.svg HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 394
last-modified: Thu, 17 Nov 2022 07:12:34 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 15:13:46 GMT
etag: "4e5e506bb14a57f7d811018693925919"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: gtyjmfVBDPsUneuQ1nWQ56Rb4LhwBKwVvAajwyz3UhOuEJg6pcF6Hw==
age: 69951
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/loader.gif
54.230.111.11200 OK 13 kB URL HTTP/2 ae.etisalatt.com/prizewheel/img/loader.gif
IP 54.230.111.11:0
File type GIF image data, version 89a, 80 x 80\012- data
Hash 33ebb0e5ec119476888a159bc240379a
3cff4e01aff8f5d31c69ed8a1d524f3c3969d3a8
741379665c0e88a3b4358a269c7673989f5d8056ed0fdc5d7da3baf0675a5caf
GET /prizewheel/img/loader.gif HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 13139
last-modified: Thu, 17 Nov 2022 07:12:36 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 24 Nov 2022 06:15:26 GMT
etag: "33ebb0e5ec119476888a159bc240379a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: lKwNB23D9UyJk6xSbhbwMBvCv-9z4bBIeyDkoaai6aG-aTW2Da4-oQ==
age: 15850
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/prizewheel_static.webp
54.230.111.11200 OK 7.6 kB URL HTTP/2 ae.etisalatt.com/prizewheel/img/prizewheel_static.webp
IP 54.230.111.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 24b39078b176ca248faea502d4bb4eb8
d3ff0c1079d55766bafe4f106202ead23b297b0c
9b4891241f589e47eee9eac29338b61ff53597864d355d2a69a5670c72f6b781
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/prizewheel_static.webp HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 7572
last-modified: Thu, 17 Nov 2022 07:12:37 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 15:15:39 GMT
etag: "24b39078b176ca248faea502d4bb4eb8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: dBkRCY_I3kI_3R18F-wRW0P_6PHhtN17q9z4M_epdwHOMiP9OTPxTA==
age: 69838
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash d17d887828b3f98acc77fd155b92f7cd
5f771d543e60086148a5c4edfe5928140a2775e4
a0c99e53ec917d0f6be1386718e42ab8e2438d7201cd0119544d9bc2be11543c
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135891
Date: Thu, 24 Nov 2022 10:39:36 GMT
Etag: "637eb9bb-1d7"
Expires: Sat, 26 Nov 2022 00:24:27 GMT
Last-Modified: Thu, 24 Nov 2022 00:24:27 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MJF60wXWFCejfKVFHEghk6hHddaQ2SFGZ3L8rwQVxU19rSL9fBPlag==
ae.etisalatt.com/prizewheel/profile/001.webp
54.230.111.11200 OK 4.6 kB URL HTTP/2 ae.etisalatt.com/prizewheel/profile/001.webp
IP 54.230.111.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cbcbae1c4221bae18207c5a4b1fb92c7
26a4c72e0c3423cf093102c44807a5bff2cec5e6
85f9561d0f2e0169aaf46364b76ed893be8836f003d18e3256686638f29238d0
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/profile/001.webp HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 4636
last-modified: Thu, 17 Nov 2022 07:12:30 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 24 Nov 2022 06:15:27 GMT
etag: "cbcbae1c4221bae18207c5a4b1fb92c7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: mccSGD1mBwzYI9Yy5RysPD0uXio4C0hVmGgrr6WCWyeZJLEPByUdLg==
age: 15850
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
54.230.111.11200 OK 5.9 kB URL HTTP/2 ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
IP 54.230.111.11:0
Hash 69bc25b723e3c4e5ff86d8e93e824e59
e4ee379da567e1254857376ecc668a0336c31a7a
8067e146fd185061a72e739efd5d18e69efba5f01954164c46f9a17a2c74c681
GET /prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196 HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 22 Nov 2022 14:44:58 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 23 Nov 2022 15:03:41 GMT
etag: W/"5737d3553d7e35e28fa0bbfdb24ecc16"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: R0GGJsAR4X4RMR7icofiSzMwpFSKXWH_ZLsOkXTErFg_PPJUTVEacg==
age: 70556
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/script.js
54.230.111.11200 OK 52 kB URL HTTP/2 ae.etisalatt.com/prizewheel/script.js
IP 54.230.111.11:0
File type Unicode text, UTF-8 text, with very long lines (65442), with CRLF line terminators
Hash 88cf8990fd21c8027931325e77ad9d04
e28426d591f83012f6117809e06c544aa38a5be0
39a3328c7d58af56ab213cfffe2de9cb1c7e6a856f3ac6fb3521d1bac9f904b2
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/script.js HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 07:12:29 GMT
server: AmazonS3
content-encoding: br
date: Wed, 23 Nov 2022 14:53:49 GMT
etag: W/"916dcb4886c7cd4afa6996f6dfb76cb3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 3kSRSkD3XWP52fFPTsDZYo3TXmfA6323zeeCGU_mAmvqdJe2GULmlQ==
age: 71148
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10216
Expires: Thu, 24 Nov 2022 13:29:52 GMT
Date: Thu, 24 Nov 2022 10:39:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10216
Expires: Thu, 24 Nov 2022 13:29:52 GMT
Date: Thu, 24 Nov 2022 10:39:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10216
Expires: Thu, 24 Nov 2022 13:29:52 GMT
Date: Thu, 24 Nov 2022 10:39:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10216
Expires: Thu, 24 Nov 2022 13:29:52 GMT
Date: Thu, 24 Nov 2022 10:39:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:04:28 GMT
age: 20108
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YJuHCuUgkLuFFiQUlrPWgv9grHznufMTU08hi4ZMpQTBmou6BGWrhQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:52 GMT
age: 46304
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bda37a1-533d-48a6-bc76-7ecc9fe2dfc8.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bda37a1-533d-48a6-bc76-7ecc9fe2dfc8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eeac5ead5ce62f0d9e2d4bcefa946208
c2430d901f2b4e4a463e90c540294f334553a246
850a89160f840d7509806c5becd6b074a92613920474195f63d7e7a9cf18d908
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bda37a1-533d-48a6-bc76-7ecc9fe2dfc8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6426
x-amzn-requestid: 6f27f360-dd76-4aee-a9bc-cbd52cd80def
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvx8GtpIAMFvQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e933f-69fa8ba571cc62036406e6bf;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wm_pBVCoReupun-_glC47ejuxaRJ6ViGPKClLnWkDrmT-SewUOXexw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:06:01 GMT
age: 45215
etag: "c2430d901f2b4e4a463e90c540294f334553a246"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:10:24 GMT
age: 12552
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3bafc39-a86e-44d4-9bf3-97302a57c669.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3bafc39-a86e-44d4-9bf3-97302a57c669.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b83dcf4ccde90ad94bb32da4fd35e524
ffd4d9f932aacc8ab123d1ab46c983a3f581d171
cf217cf355e7bea4410efd22e89f5a4de4d154153f587f7cad53533a3fcfe1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3bafc39-a86e-44d4-9bf3-97302a57c669.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8306
x-amzn-requestid: 9506f26d-36cc-47a1-b6ac-b3f720e35981
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b_c81GrAoAMF-4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c751e-68e3f822732b60db1875d538;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 07:07:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HVv2xtKAWEE91Tw-OxF20Sp64pUJ-aTdOU0pSk7YfanuCcM8W1naAw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:52:06 GMT
age: 10050
etag: "ffd4d9f932aacc8ab123d1ab46c983a3f581d171"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 037c0f19435a955d7ed58f65911e8f21
51a54b639617e113bb941d28b59c2571c0ca2e63
c2b15ed9257f220ed83845e1d0b343d21b7df9104c21162ea76b889609b8a404
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff189dcee-7158-4549-abef-95dc2b7f7ca4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9992
x-amzn-requestid: a16f614c-5a5b-4f8b-97cb-c248e0b50753
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvcYEa0IAMFm_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e92b5-3b65b1b17c2a20b44a31aa9f;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:37:57 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OC0uEwrEKZ6UEEg_mpvYcoVBEUSEA_qTttmyRp1xptCRD4Vi4pFbCg==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:13:55 GMT
etag: "51a54b639617e113bb941d28b59c2571c0ca2e63"
content-type: image/jpeg
age: 44741
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
push.m-android.com/js/pub.min.js
108.178.23.116200 OK 1.5 kB URL HTTP/2 push.m-android.com/js/pub.min.js
IP 108.178.23.116:0
File type ASCII text, with very long lines (2752)
Hash 31c303586c1b78e33984bd252b8e2644
8083e2aad4cbf8242a4e6fb53657d49552b85f82
d2c713c2734353dc0ef2896d057021e9b04f35bb7c851d920d390941769c66be
Analyzer Verdict Alert fortinet Malware
GET /js/pub.min.js HTTP/1.1
Host: push.m-android.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 10:39:36 GMT
content-type: application/javascript
content-length: 1482
last-modified: Fri, 09 Sep 2022 11:46:08 GMT
vary: Accept-Encoding
etag: "631b2780-5ca"
content-encoding: gzip
expires: Fri, 25 Nov 2022 10:39:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc946960d46c0a076fb3bd6b74463ff8
9af77dfc2db5705b0d91c66228f8ff3d287fed61
fb3d62ad709e26ca5753ac08db0a45959cb69d11af8cf26514b8e2e33ed4b4f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FB3D62AD709E26CA5753AC08DB0A45959CB69D11AF8CF26514B8E2E33ED4B4F2"
Last-Modified: Tue, 22 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21555
Expires: Thu, 24 Nov 2022 16:38:51 GMT
Date: Thu, 24 Nov 2022 10:39:36 GMT
Connection: keep-alive
link.etisalatt.com/d/.js?lpref=&lpurl=https%3A%2F%2Fae.etisalatt.com%2Fprizewheel%2Findex.html%3Fcpid%3D9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82%26lpid%3D435ea389-2042-42b8-b48b-e6293e001196%23&lpt=Etisalat%20UAE&vtm=1669286376371
3.69.133.112200 OK 3.9 kB URL HTTP/2 link.etisalatt.com/d/.js?lpref=&lpurl=https%3A%2F%2Fae.etisalatt.com%2Fprizewheel%2Findex.html%3Fcpid%3D9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82%26lpid%3D435ea389-2042-42b8-b48b-e6293e001196%23&lpt=Etisalat%20UAE&vtm=1669286376371
IP 3.69.133.112:0
File type ASCII text, with very long lines (1887)
Hash e162e786399667e5b952e4d70ad879e3
8b5e9336164e1b8e5c7951b606a25385e45f4357
f2035a55ffab86cbd9f961a23e17448b31e3c862a7d83fed383175f2b25ebea5
GET /d/.js?lpref=&lpurl=https%3A%2F%2Fae.etisalatt.com%2Fprizewheel%2Findex.html%3Fcpid%3D9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82%26lpid%3D435ea389-2042-42b8-b48b-e6293e001196%23&lpt=Etisalat%20UAE&vtm=1669286376371 HTTP/1.1
Host: link.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 10:39:36 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3915
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: 9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82-v4=btvQLOj3C-xroKgL9S-M026hviW3qXvaPTNJfFN-nBQ; Max-Age=86400; Expires=Fri, 25-Nov-2022 10:39:36 GMT; Domain=link.etisalatt.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=RBKOLvAREUemo9ciKTm3lC08eVLiq8qldDbKKu3nula357bBJ2o10vAfOvlbymSLgKWkdymajnGQyZat8DZsnrPdyxIxG6gtgf0SLLRNZMRs4WOIocw-lOEtt342bcX9BJAacgnfpwSDJ30SItSHj-08KVfc55Xce8KrCAfZBWCBiR_CqptqufnK-IYJro5Krjyi7f0MRlpzfjNl53XOu1HbULPC9wFiS0pcUl5twzYu0MqJORmdUto62PVq5FjKVcEcT23pUTz5mYC6Hcn1Sgz8PJy0TuwTCq-3-VHWUs4C1L9CBNfPQnZwlJWKrNT47CUhpgSBH-5dWgS9Mjgy9ujlPT18R7OcVdKRMLUL18xT0xttWQGCBIueSYjVnr66; Max-Age=86400; Expires=Fri, 25-Nov-2022 10:39:36 GMT; Domain=link.etisalatt.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
push.m-android.com/sw.js
108.178.23.116200 OK 776 B IP 108.178.23.116:0
Hash f72a11763f13b05c1f2379d13387dd05
002fbf7672d3f4655b89b6413d160e4185ce9900
70d744bbd19a0cc35c8d9f1d8ba181c6cdc902f95799ac750da4adc3ad987b11
Analyzer Verdict Alert fortinet Malware
GET /sw.js HTTP/1.1
Host: push.m-android.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 10:39:37 GMT
content-type: application/javascript
content-length: 776
last-modified: Mon, 03 Oct 2022 07:40:54 GMT
vary: Accept-Encoding
etag: "633a9206-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/cart.svg
54.230.111.11200 OK 0 B URL HTTP/2 ae.etisalatt.com/prizewheel/img/cart.svg
IP 54.230.111.11:0
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/cart.svg HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 17 Nov 2022 07:12:34 GMT
server: AmazonS3
content-encoding: br
date: Wed, 23 Nov 2022 14:53:49 GMT
etag: W/"ad8a3c2c7aa3989adac1b8c8958c328d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: qw1h5EStNFk8J_pzfhFR4T8o8bNmK9tik60QUdaAKoqQXhVlIoZm-A==
age: 71148
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/logo.svg
54.230.111.11200 OK 0 B URL HTTP/2 ae.etisalatt.com/prizewheel/img/logo.svg
IP 54.230.111.11:0
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/logo.svg HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 17 Nov 2022 07:12:36 GMT
server: AmazonS3
content-encoding: br
date: Wed, 23 Nov 2022 14:53:49 GMT
etag: W/"adf96b2af4c33acd7e2f1baaaa4736aa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Xo-KuY66p7dO10YieH4p6i9n-HGI0outbWXAw6sV28AnF6VYIyQYjQ==
age: 71148
X-Firefox-Spdy: h2
www.instachaat.com/23/main/index.php?cep=xHk3qiOGbGMg5RF2ggsnr7TxHRg5jpxAeKpw_aeDiZxkv_ABFXh9gAauzmNYufer6Ba5EdDeX8h1l5YSW8n0WUqZRox1Be_9mKWYmEwyEqXp4e686Tw-vNGaO3BAAffJRjhd5RlUiGbr8JKT16rvDIZtvnaEwrmoE-sc4NMj11ok6XXY4eb4dZmuhlIeBkSbs8nMgezGBsqVJt2uclcjIA1C2ILiDZTYI7i2zZmPF2LfZE6C2c-pbxiPkSZDQK9kXyZAycEcehMAkiVJZS-paMSUqqXkDlGVx1j4LWTvw_GIeOXpEyzldBIfHcLoNS_dWYBJ_1vBVIQHE_9e4ghF4YjxqtVMGev2gI4qJUfkZpLWSKPGw0YeglBOp_xpV0anZBvM2KYI15KbopM9_gzKvOVOzry7Vn5-Vlt_2hywvJY&lptoken=16b969a028aa81ae6030
34.100.154.146302 Found 0 B URL HTTP/2 www.instachaat.com/23/main/index.php?cep=xHk3qiOGbGMg5RF2ggsnr7TxHRg5jpxAeKpw_aeDiZxkv_ABFXh9gAauzmNYufer6Ba5EdDeX8h1l5YSW8n0WUqZRox1Be_9mKWYmEwyEqXp4e686Tw-vNGaO3BAAffJRjhd5RlUiGbr8JKT16rvDIZtvnaEwrmoE-sc4NMj11ok6XXY4eb4dZmuhlIeBkSbs8nMgezGBsqVJt2uclcjIA1C2ILiDZTYI7i2zZmPF2LfZE6C2c-pbxiPkSZDQK9kXyZAycEcehMAkiVJZS-paMSUqqXkDlGVx1j4LWTvw_GIeOXpEyzldBIfHcLoNS_dWYBJ_1vBVIQHE_9e4ghF4YjxqtVMGev2gI4qJUfkZpLWSKPGw0YeglBOp_xpV0anZBvM2KYI15KbopM9_gzKvOVOzry7Vn5-Vlt_2hywvJY&lptoken=16b969a028aa81ae6030
IP 34.100.154.146:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
GET /23/main/index.php?cep=xHk3qiOGbGMg5RF2ggsnr7TxHRg5jpxAeKpw_aeDiZxkv_ABFXh9gAauzmNYufer6Ba5EdDeX8h1l5YSW8n0WUqZRox1Be_9mKWYmEwyEqXp4e686Tw-vNGaO3BAAffJRjhd5RlUiGbr8JKT16rvDIZtvnaEwrmoE-sc4NMj11ok6XXY4eb4dZmuhlIeBkSbs8nMgezGBsqVJt2uclcjIA1C2ILiDZTYI7i2zZmPF2LfZE6C2c-pbxiPkSZDQK9kXyZAycEcehMAkiVJZS-paMSUqqXkDlGVx1j4LWTvw_GIeOXpEyzldBIfHcLoNS_dWYBJ_1vBVIQHE_9e4ghF4YjxqtVMGev2gI4qJUfkZpLWSKPGw0YeglBOp_xpV0anZBvM2KYI15KbopM9_gzKvOVOzry7Vn5-Vlt_2hywvJY&lptoken=16b969a028aa81ae6030 HTTP/1.1
Host: www.instachaat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Thu, 24 Nov 2022 10:39:35 GMT
content-type: text/html; charset=UTF-8
location: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/style.css
54.230.111.11200 OK 0 B URL HTTP/2 ae.etisalatt.com/prizewheel/style.css
IP 54.230.111.11:0
GET /prizewheel/style.css HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 17 Nov 2022 07:12:30 GMT
server: AmazonS3
content-encoding: br
date: Wed, 23 Nov 2022 14:53:49 GMT
etag: W/"b40373fb05795bc162f91d9d78aff281"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Yt0kpfogqSWtWXaUsJOuPmGF92yIMiIfS3oIaN4p-rl5AMoNRJMuTQ==
age: 71148
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/master-card.svg
54.230.111.11200 OK 0 B URL HTTP/2 ae.etisalatt.com/prizewheel/img/master-card.svg
IP 54.230.111.11:0
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/master-card.svg HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 17 Nov 2022 07:12:37 GMT
server: AmazonS3
content-encoding: br
date: Wed, 23 Nov 2022 14:53:49 GMT
etag: W/"383d03288df6951e039f2d64cb85b250"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: UylwYliek7WHlefd7w8rhDhtuBs9H_1jb7Gfd1u_tlh4cREF-E1bEA==
age: 71148
X-Firefox-Spdy: h2
ae.etisalatt.com/prizewheel/img/visa-card.svg
54.230.111.11200 OK 0 B URL HTTP/2 ae.etisalatt.com/prizewheel/img/visa-card.svg
IP 54.230.111.11:0
Analyzer Verdict Alert fortinet Phishing
GET /prizewheel/img/visa-card.svg HTTP/1.1
Host: ae.etisalatt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ae.etisalatt.com/prizewheel/index.html?cpid=9191b8c3-9e1f-4ebf-b7a8-6d9be69a3a82&lpid=435ea389-2042-42b8-b48b-e6293e001196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 17 Nov 2022 07:12:39 GMT
server: AmazonS3
content-encoding: br
date: Wed, 23 Nov 2022 14:53:49 GMT
etag: W/"cae299f35ae42f860950fe24b886acc4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: BjN10-GM3lyVgfMoz88WfsvKzKreshr0N2YUae8SFVtcExMlR_V9sw==
age: 71148
X-Firefox-Spdy: h2