s.lottohunts.com/win_click?tid=5xpllkg3i16qa4bzwbdwgg088,16516981,5,&ctrack=1674729252.2085746182
94.237.93.242200 OK 4.3 kB URL HTTP/1.1 s.lottohunts.com/win_click?tid=5xpllkg3i16qa4bzwbdwgg088,16516981,5,&ctrack=1674729252.2085746182
IP 94.237.93.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5882)
Hash 0f42b9c24f09f8629b4cd9cfaeb8f1e4
e3c92b03ac0ef63ff47d34cb744114216d58882a
0013a6ece64b9d4e467c57866c0fd17a9aed9abfd6b9d7a2761bb2bcdc9f9f14
Analyzer Verdict Alert quad9 Sinkholed
GET /win_click?tid=5xpllkg3i16qa4bzwbdwgg088,16516981,5,&ctrack=1674729252.2085746182 HTTP/1.1
Host: s.lottohunts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Thu, 26 Jan 2023 10:34:28 GMT
Log-Id: 164c3afd-f63e-497f-ae78-d2368d155598
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkxtMWhTVmpqWXo0WmY4cXlYaDlIbWc9PSIsInZhbHVlIjoiUHExU0lLY3pLTVlzSy9tVjd1TlVXN0tpTXFQc0gycGVLMk9IOStXQjhmbWl6WjlIOFZTTXZFUXg1RVdCWXcxWFhscm1UV1g0bGd5em5tdldveVJZajZWQUNadWhlMno0UVVyUnJiYWFuWEZtcWVaSEJOamhrcHl0bk13d0JBVnEiLCJtYWMiOiIxMmI3MDE2ODdmZmM5MzgzYTZmMWE0ZTM5N2Y3YTIxNDg4OGVhM2E1YjU1YjRjOTg3MTcwOTJlODE0NGFmYTk4IiwidGFnIjoiIn0%3D; expires=Thu, 26-Jan-2023 12:34:28 GMT; Max-Age=7200; path=/
ivr_offers_session=eyJpdiI6Ik5wcitRMDM5LzdHU1JjLzJBOGNXZ0E9PSIsInZhbHVlIjoiVitmL0Q1UXd2N1JEY05zbWtYVVBreVpRMTVPUW43VHNJbUhGSWhPbDAvbU1zdmhMRjgwSTNIOHRhNWJHRFN4dUxYdUtxUWYzblhOMWRzSFlvT2h0cHlzUHZMUW9aa09VbzVuaHpBMW5sMGljMFZMVjJ0bnlVR0ROMlBnTjRqanIiLCJtYWMiOiI4MzI2YTYxZGNmMGI2NjQzM2MzYmY5OTRiZTg4YTZiZmNiN2QwZDY0MGRhNjIxYTUzZjRmMGYwNmZjMWJhNmJhIiwidGFnIjoiIn0%3D; expires=Thu, 26-Jan-2023 12:34:28 GMT; Max-Age=7200; path=/; httponly
SESS_TRAF=eyJpdiI6Ilo1MG5kNXdUcWx4ZjIrTENndjlhZVE9PSIsInZhbHVlIjoiSjNRSzliY3U1OVhuRHdURjFQVnU1YytGeld1WE1JQWlUbCtWdkpUYmROeXdjdHhldEdhakEzMkFGcDk1aGdQR2VndVE0eUlycGR4S016ZGxTWk1sbnF5aWtnS0dRMnZZSWNFYjIyU3VLN1J0QkN6dG5yd293UGJNcGllQ1FxeGdaUWhLeW04blFsSXhBeFNVR1lDK203S2NFM3lsb2JHSjVzWWpQVVNjd2RRPSIsIm1hYyI6IjUwYWE1YjQ3YjI2Y2ExMmVlNmY5ZjA3NzExMjk3N2NmZjY1MDU3NzZkYTI2Y2UwMTg1NDA1YmFkMmI5MTgxNTMiLCJ0YWciOiIifQ%3D%3D; path=/; httponly
visit=eyJpdiI6Ii9xL3pKbHN2cTJuRkZRUC9PRTQxY0E9PSIsInZhbHVlIjoiZjlFd1RYM01ISGFkSksvVWhQNnJmeUxVQ2lsZlJyaXVCWXBHTlVLV2FhYVJqc0ExdVVEandTby9uN0o2cEdUMCIsIm1hYyI6IjdjYTNjNjA1Njk2MDQ5MzY1NjhiYmEyODlkMjU2ZGM5ZWRkMWIxMGZiOTE5MTliMWIwMzg5ZGUxMzBiZWY2MTEiLCJ0YWciOiIifQ%3D%3D; expires=Fri, 27-Jan-2023 10:34:28 GMT; Max-Age=86400; path=/; httponly
iy4Clmu1zoFLxyqEOU6ih97Gg7M7jbI9lFcqrCUS=eyJpdiI6ImgxbDlmZGdpdGdSb2dRV0dqbmlpSlE9PSIsInZhbHVlIjoiRHVjbGxrYzBPaTRLb3N3aXRXMzdhS0dxTjM4U2FVcVlra1hLbjVOMGl1MndyZlFQTHB2cVh3YVo2bC9TdEF1UWp6di9BdXBrRkdLYlZCa0pFMzNiKzNQb1hlazN0a3pGK1FPS2pmYlJFR0h6THI0WFdhMlp6ZHhiZVlCOEV5YVBtZkNPTXlxak8vZGw4OW5UaGZRL2FqdHhFSWtDd2tTODRna3BqRWJnNVROZ3RNNnZFVFVmRWJSM0FjSm9mS3I5bzk5SXZGenBnOXBPZ0dOTDRnTkI5bTU3blhBV3l6WjVTdUhTUEduRlNkWVU4bmZzMWpDdHNXbENNcVpta2xwZytHbmx2UDRINmpZa3R5a243NnRxOXA5bGRaS1BJa2ZELzJMVUl5WDcxSVFxWVQ4Y05NZWxLNlBjdzNBWUROOWtZdGF2ckVMTlFVZUU0dHFrQTB4NHQ3bnlHbCtSaTErNDlBMlQxZDB1MmFjTjJXa2xERnkvKzIrdU5EZmlYb2FLUXVJN3gxMkZzeGswYzIvNWtudDZhM3lVWGNZeUZwSjBISEduN2pzQlo4QWN2eXk2VlJVRkl3YnJuK214MkFWY1BWNzQwejlvclBoZjh0QjFXOEQxbmtEMmxrck55eFRXZUpwR2l2VURtbUU9IiwibWFjIjoiZjg4ZDkwNGMyYzNlNzczMDI2Zjc2NTUxYTJhNWViYjQyNDk2OTljNTIwNzE3MTgwM2ZmZWI5YzUwZjY3NjcxOSIsInRhZyI6IiJ9; expires=Thu, 26-Jan-2023 12:34:28 GMT; Max-Age=7200; path=/; httponly
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2628
Expires: Thu, 26 Jan 2023 11:18:16 GMT
Date: Thu, 26 Jan 2023 10:34:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e46725831d8d722872bf68d752f4c5
cf37793a1b73e3f84fe6c37fb27382c83b49dbc0
0582b6180687dd95c7fd728f1b9db4495b807151e309b608ad203d69708f9da6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0582B6180687DD95C7FD728F1B9DB4495B807151E309B608AD203D69708F9DA6"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12036
Expires: Thu, 26 Jan 2023 13:55:04 GMT
Date: Thu, 26 Jan 2023 10:34:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16813
Expires: Thu, 26 Jan 2023 15:14:41 GMT
Date: Thu, 26 Jan 2023 10:34:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 09:42:53 GMT
content-type: application/json
age: 3095
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YRMRceThH7l6pHcYlfeN0lRaPEqiWGpVCjPmEjmTkrOwB3QMNPtzQchCSY1c2v2D8cnfwGzICDQ=
x-amz-request-id: 8J1FCMNR9B02T10E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 10:20:03 GMT
age: 865
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 10:34:28 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
s.lottohunts.com/css/offers/win_click/app.css?id=7647922dda2c0c096fcad3e5c6537a83
94.237.93.242200 OK 2.1 kB URL HTTP/1.1 s.lottohunts.com/css/offers/win_click/app.css?id=7647922dda2c0c096fcad3e5c6537a83
IP 94.237.93.242:0
File type ASCII text, with very long lines (9593)
Hash f2cab1694db32baeb47f97db6d5acbb0
7e7471ed5a842dd15a494c731bc49db68ccb942e
3fe5fd2265c2e583f180aa3f7b906ef83e6d51695afa3865e25bd3f6ff8d650c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /css/offers/win_click/app.css?id=7647922dda2c0c096fcad3e5c6537a83 HTTP/1.1
Host: s.lottohunts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.lottohunts.com/win_click?tid=5xpllkg3i16qa4bzwbdwgg088,16516981,5,&ctrack=1674729252.2085746182
Cookie: XSRF-TOKEN=eyJpdiI6IkxtMWhTVmpqWXo0WmY4cXlYaDlIbWc9PSIsInZhbHVlIjoiUHExU0lLY3pLTVlzSy9tVjd1TlVXN0tpTXFQc0gycGVLMk9IOStXQjhmbWl6WjlIOFZTTXZFUXg1RVdCWXcxWFhscm1UV1g0bGd5em5tdldveVJZajZWQUNadWhlMno0UVVyUnJiYWFuWEZtcWVaSEJOamhrcHl0bk13d0JBVnEiLCJtYWMiOiIxMmI3MDE2ODdmZmM5MzgzYTZmMWE0ZTM5N2Y3YTIxNDg4OGVhM2E1YjU1YjRjOTg3MTcwOTJlODE0NGFmYTk4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik5wcitRMDM5LzdHU1JjLzJBOGNXZ0E9PSIsInZhbHVlIjoiVitmL0Q1UXd2N1JEY05zbWtYVVBreVpRMTVPUW43VHNJbUhGSWhPbDAvbU1zdmhMRjgwSTNIOHRhNWJHRFN4dUxYdUtxUWYzblhOMWRzSFlvT2h0cHlzUHZMUW9aa09VbzVuaHpBMW5sMGljMFZMVjJ0bnlVR0ROMlBnTjRqanIiLCJtYWMiOiI4MzI2YTYxZGNmMGI2NjQzM2MzYmY5OTRiZTg4YTZiZmNiN2QwZDY0MGRhNjIxYTUzZjRmMGYwNmZjMWJhNmJhIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo1MG5kNXdUcWx4ZjIrTENndjlhZVE9PSIsInZhbHVlIjoiSjNRSzliY3U1OVhuRHdURjFQVnU1YytGeld1WE1JQWlUbCtWdkpUYmROeXdjdHhldEdhakEzMkFGcDk1aGdQR2VndVE0eUlycGR4S016ZGxTWk1sbnF5aWtnS0dRMnZZSWNFYjIyU3VLN1J0QkN6dG5yd293UGJNcGllQ1FxeGdaUWhLeW04blFsSXhBeFNVR1lDK203S2NFM3lsb2JHSjVzWWpQVVNjd2RRPSIsIm1hYyI6IjUwYWE1YjQ3YjI2Y2ExMmVlNmY5ZjA3NzExMjk3N2NmZjY1MDU3NzZkYTI2Y2UwMTg1NDA1YmFkMmI5MTgxNTMiLCJ0YWciOiIifQ%3D%3D; visit=eyJpdiI6Ii9xL3pKbHN2cTJuRkZRUC9PRTQxY0E9PSIsInZhbHVlIjoiZjlFd1RYM01ISGFkSksvVWhQNnJmeUxVQ2lsZlJyaXVCWXBHTlVLV2FhYVJqc0ExdVVEandTby9uN0o2cEdUMCIsIm1hYyI6IjdjYTNjNjA1Njk2MDQ5MzY1NjhiYmEyODlkMjU2ZGM5ZWRkMWIxMGZiOTE5MTliMWIwMzg5ZGUxMzBiZWY2MTEiLCJ0YWciOiIifQ%3D%3D; iy4Clmu1zoFLxyqEOU6ih97Gg7M7jbI9lFcqrCUS=eyJpdiI6ImgxbDlmZGdpdGdSb2dRV0dqbmlpSlE9PSIsInZhbHVlIjoiRHVjbGxrYzBPaTRLb3N3aXRXMzdhS0dxTjM4U2FVcVlra1hLbjVOMGl1MndyZlFQTHB2cVh3YVo2bC9TdEF1UWp6di9BdXBrRkdLYlZCa0pFMzNiKzNQb1hlazN0a3pGK1FPS2pmYlJFR0h6THI0WFdhMlp6ZHhiZVlCOEV5YVBtZkNPTXlxak8vZGw4OW5UaGZRL2FqdHhFSWtDd2tTODRna3BqRWJnNVROZ3RNNnZFVFVmRWJSM0FjSm9mS3I5bzk5SXZGenBnOXBPZ0dOTDRnTkI5bTU3blhBV3l6WjVTdUhTUEduRlNkWVU4bmZzMWpDdHNXbENNcVpta2xwZytHbmx2UDRINmpZa3R5a243NnRxOXA5bGRaS1BJa2ZELzJMVUl5WDcxSVFxWVQ4Y05NZWxLNlBjdzNBWUROOWtZdGF2ckVMTlFVZUU0dHFrQTB4NHQ3bnlHbCtSaTErNDlBMlQxZDB1MmFjTjJXa2xERnkvKzIrdU5EZmlYb2FLUXVJN3gxMkZzeGswYzIvNWtudDZhM3lVWGNZeUZwSjBISEduN2pzQlo4QWN2eXk2VlJVRkl3YnJuK214MkFWY1BWNzQwejlvclBoZjh0QjFXOEQxbmtEMmxrck55eFRXZUpwR2l2VURtbUU9IiwibWFjIjoiZjg4ZDkwNGMyYzNlNzczMDI2Zjc2NTUxYTJhNWViYjQyNDk2OTljNTIwNzE3MTgwM2ZmZWI5YzUwZjY3NjcxOSIsInRhZyI6IiJ9
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:34:28 GMT
Content-Type: text/css
Last-Modified: Sun, 22 Jan 2023 09:02:19 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"63ccfb9b-259d"
Expires: Fri, 26 Jan 2024 10:34:28 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 62e63716fcc733958e144d580f3c8cee
98172818ecffaa5691beb153ea7f66475223c4b5
40a23cffe552ec694203b99efca3fa26fb1d99a69ea16e6eccb3531e654c7bcf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40A23CFFE552EC694203B99EFCA3FA26FB1D99A69EA16E6ECCB3531E654C7BCF"
Last-Modified: Thu, 26 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1662
Expires: Thu, 26 Jan 2023 11:02:10 GMT
Date: Thu, 26 Jan 2023 10:34:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 62e63716fcc733958e144d580f3c8cee
98172818ecffaa5691beb153ea7f66475223c4b5
40a23cffe552ec694203b99efca3fa26fb1d99a69ea16e6eccb3531e654c7bcf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40A23CFFE552EC694203B99EFCA3FA26FB1D99A69EA16E6ECCB3531E654C7BCF"
Last-Modified: Thu, 26 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1662
Expires: Thu, 26 Jan 2023 11:02:10 GMT
Date: Thu, 26 Jan 2023 10:34:28 GMT
Connection: keep-alive
s.lottohunts.com/img/offers/win_click/themes/casino/logo.jpg
94.237.93.242200 OK 1.1 kB URL HTTP/2 s.lottohunts.com/img/offers/win_click/themes/casino/logo.jpg
IP 94.237.93.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 59x53, components 3\012- data
Hash 522d1e219e18130a449ecb91cf406caa
c06cda06fc92fc37352f8704e00aca1ce20e12dc
bb1f8783891ce9f064d95967a30bb0cad330cab1093ef7ed422045db3de312e6
Analyzer Verdict Alert quad9 Sinkholed
GET /img/offers/win_click/themes/casino/logo.jpg HTTP/1.1
Host: s.lottohunts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s.lottohunts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 10:34:28 GMT
content-type: image/jpeg
content-length: 1132
last-modified: Sun, 22 Jan 2023 09:02:19 GMT
etag: "63ccfb9b-46c"
expires: Fri, 26 Jan 2024 10:34:28 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
s.lottohunts.com/js/offers/win_click/app.js?id=ce2b05a4683fc27bd94003cd10f46053
94.237.93.242200 OK 80 kB URL HTTP/1.1 s.lottohunts.com/js/offers/win_click/app.js?id=ce2b05a4683fc27bd94003cd10f46053
IP 94.237.93.242:0
File type Unicode text, UTF-8 text, with very long lines (65443)
Hash eca5e4c2d565a1c0f7cf4999b78325be
661c69bfb847b329aedbe25549ce462390e140d2
a4888685c2bafd047a550f0a9800fe18321b71be45d6f2053ea22dc5909df749
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /js/offers/win_click/app.js?id=ce2b05a4683fc27bd94003cd10f46053 HTTP/1.1
Host: s.lottohunts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.lottohunts.com/win_click?tid=5xpllkg3i16qa4bzwbdwgg088,16516981,5,&ctrack=1674729252.2085746182
Cookie: XSRF-TOKEN=eyJpdiI6IkxtMWhTVmpqWXo0WmY4cXlYaDlIbWc9PSIsInZhbHVlIjoiUHExU0lLY3pLTVlzSy9tVjd1TlVXN0tpTXFQc0gycGVLMk9IOStXQjhmbWl6WjlIOFZTTXZFUXg1RVdCWXcxWFhscm1UV1g0bGd5em5tdldveVJZajZWQUNadWhlMno0UVVyUnJiYWFuWEZtcWVaSEJOamhrcHl0bk13d0JBVnEiLCJtYWMiOiIxMmI3MDE2ODdmZmM5MzgzYTZmMWE0ZTM5N2Y3YTIxNDg4OGVhM2E1YjU1YjRjOTg3MTcwOTJlODE0NGFmYTk4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik5wcitRMDM5LzdHU1JjLzJBOGNXZ0E9PSIsInZhbHVlIjoiVitmL0Q1UXd2N1JEY05zbWtYVVBreVpRMTVPUW43VHNJbUhGSWhPbDAvbU1zdmhMRjgwSTNIOHRhNWJHRFN4dUxYdUtxUWYzblhOMWRzSFlvT2h0cHlzUHZMUW9aa09VbzVuaHpBMW5sMGljMFZMVjJ0bnlVR0ROMlBnTjRqanIiLCJtYWMiOiI4MzI2YTYxZGNmMGI2NjQzM2MzYmY5OTRiZTg4YTZiZmNiN2QwZDY0MGRhNjIxYTUzZjRmMGYwNmZjMWJhNmJhIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo1MG5kNXdUcWx4ZjIrTENndjlhZVE9PSIsInZhbHVlIjoiSjNRSzliY3U1OVhuRHdURjFQVnU1YytGeld1WE1JQWlUbCtWdkpUYmROeXdjdHhldEdhakEzMkFGcDk1aGdQR2VndVE0eUlycGR4S016ZGxTWk1sbnF5aWtnS0dRMnZZSWNFYjIyU3VLN1J0QkN6dG5yd293UGJNcGllQ1FxeGdaUWhLeW04blFsSXhBeFNVR1lDK203S2NFM3lsb2JHSjVzWWpQVVNjd2RRPSIsIm1hYyI6IjUwYWE1YjQ3YjI2Y2ExMmVlNmY5ZjA3NzExMjk3N2NmZjY1MDU3NzZkYTI2Y2UwMTg1NDA1YmFkMmI5MTgxNTMiLCJ0YWciOiIifQ%3D%3D; visit=eyJpdiI6Ii9xL3pKbHN2cTJuRkZRUC9PRTQxY0E9PSIsInZhbHVlIjoiZjlFd1RYM01ISGFkSksvVWhQNnJmeUxVQ2lsZlJyaXVCWXBHTlVLV2FhYVJqc0ExdVVEandTby9uN0o2cEdUMCIsIm1hYyI6IjdjYTNjNjA1Njk2MDQ5MzY1NjhiYmEyODlkMjU2ZGM5ZWRkMWIxMGZiOTE5MTliMWIwMzg5ZGUxMzBiZWY2MTEiLCJ0YWciOiIifQ%3D%3D; iy4Clmu1zoFLxyqEOU6ih97Gg7M7jbI9lFcqrCUS=eyJpdiI6ImgxbDlmZGdpdGdSb2dRV0dqbmlpSlE9PSIsInZhbHVlIjoiRHVjbGxrYzBPaTRLb3N3aXRXMzdhS0dxTjM4U2FVcVlra1hLbjVOMGl1MndyZlFQTHB2cVh3YVo2bC9TdEF1UWp6di9BdXBrRkdLYlZCa0pFMzNiKzNQb1hlazN0a3pGK1FPS2pmYlJFR0h6THI0WFdhMlp6ZHhiZVlCOEV5YVBtZkNPTXlxak8vZGw4OW5UaGZRL2FqdHhFSWtDd2tTODRna3BqRWJnNVROZ3RNNnZFVFVmRWJSM0FjSm9mS3I5bzk5SXZGenBnOXBPZ0dOTDRnTkI5bTU3blhBV3l6WjVTdUhTUEduRlNkWVU4bmZzMWpDdHNXbENNcVpta2xwZytHbmx2UDRINmpZa3R5a243NnRxOXA5bGRaS1BJa2ZELzJMVUl5WDcxSVFxWVQ4Y05NZWxLNlBjdzNBWUROOWtZdGF2ckVMTlFVZUU0dHFrQTB4NHQ3bnlHbCtSaTErNDlBMlQxZDB1MmFjTjJXa2xERnkvKzIrdU5EZmlYb2FLUXVJN3gxMkZzeGswYzIvNWtudDZhM3lVWGNZeUZwSjBISEduN2pzQlo4QWN2eXk2VlJVRkl3YnJuK214MkFWY1BWNzQwejlvclBoZjh0QjFXOEQxbmtEMmxrck55eFRXZUpwR2l2VURtbUU9IiwibWFjIjoiZjg4ZDkwNGMyYzNlNzczMDI2Zjc2NTUxYTJhNWViYjQyNDk2OTljNTIwNzE3MTgwM2ZmZWI5YzUwZjY3NjcxOSIsInRhZyI6IiJ9
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:34:28 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sun, 22 Jan 2023 09:02:19 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"63ccfb9b-3b27f"
Expires: Fri, 26 Jan 2024 10:34:28 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
s.lottohunts.com/img/prizes/iphone-14/default@0.5x.png
94.237.93.242200 OK 5.3 kB URL HTTP/2 s.lottohunts.com/img/prizes/iphone-14/default@0.5x.png
IP 94.237.93.242:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 690405dcbcd7e4230f747dc6ed50af82
725b37ab28b407cfa6f3c7bbb005ded1c8393477
e2d184b35e5bdc7916d85dca09ef2e4a292563a14cf9cda0eea65a3a9861ac5e
GET /img/prizes/iphone-14/default@0.5x.png HTTP/1.1
Host: s.lottohunts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://s.lottohunts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 10:34:28 GMT
content-type: image/png
content-length: 5264
last-modified: Sun, 22 Jan 2023 09:00:50 GMT
etag: "63ccfb42-1490"
expires: Fri, 26 Jan 2024 10:34:28 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
s.lottohunts.com/js/app.js?id=6d3f301a23511c6130f426d36e3a2ece
94.237.93.242200 OK 64 kB URL HTTP/1.1 s.lottohunts.com/js/app.js?id=6d3f301a23511c6130f426d36e3a2ece
IP 94.237.93.242:0
File type Unicode text, UTF-8 text, with very long lines (65474)
Hash 0107912654020d68f386b2e5517addc7
1411c38efac9f9685d74c93d3256cdde4924c9cb
558cc77a0e1685f9a071680dd048c5741e950302463258885a2a605840208369
Analyzer Verdict Alert quad9 Sinkholed
GET /js/app.js?id=6d3f301a23511c6130f426d36e3a2ece HTTP/1.1
Host: s.lottohunts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.lottohunts.com/win_click?tid=5xpllkg3i16qa4bzwbdwgg088,16516981,5,&ctrack=1674729252.2085746182
Cookie: XSRF-TOKEN=eyJpdiI6IkxtMWhTVmpqWXo0WmY4cXlYaDlIbWc9PSIsInZhbHVlIjoiUHExU0lLY3pLTVlzSy9tVjd1TlVXN0tpTXFQc0gycGVLMk9IOStXQjhmbWl6WjlIOFZTTXZFUXg1RVdCWXcxWFhscm1UV1g0bGd5em5tdldveVJZajZWQUNadWhlMno0UVVyUnJiYWFuWEZtcWVaSEJOamhrcHl0bk13d0JBVnEiLCJtYWMiOiIxMmI3MDE2ODdmZmM5MzgzYTZmMWE0ZTM5N2Y3YTIxNDg4OGVhM2E1YjU1YjRjOTg3MTcwOTJlODE0NGFmYTk4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik5wcitRMDM5LzdHU1JjLzJBOGNXZ0E9PSIsInZhbHVlIjoiVitmL0Q1UXd2N1JEY05zbWtYVVBreVpRMTVPUW43VHNJbUhGSWhPbDAvbU1zdmhMRjgwSTNIOHRhNWJHRFN4dUxYdUtxUWYzblhOMWRzSFlvT2h0cHlzUHZMUW9aa09VbzVuaHpBMW5sMGljMFZMVjJ0bnlVR0ROMlBnTjRqanIiLCJtYWMiOiI4MzI2YTYxZGNmMGI2NjQzM2MzYmY5OTRiZTg4YTZiZmNiN2QwZDY0MGRhNjIxYTUzZjRmMGYwNmZjMWJhNmJhIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo1MG5kNXdUcWx4ZjIrTENndjlhZVE9PSIsInZhbHVlIjoiSjNRSzliY3U1OVhuRHdURjFQVnU1YytGeld1WE1JQWlUbCtWdkpUYmROeXdjdHhldEdhakEzMkFGcDk1aGdQR2VndVE0eUlycGR4S016ZGxTWk1sbnF5aWtnS0dRMnZZSWNFYjIyU3VLN1J0QkN6dG5yd293UGJNcGllQ1FxeGdaUWhLeW04blFsSXhBeFNVR1lDK203S2NFM3lsb2JHSjVzWWpQVVNjd2RRPSIsIm1hYyI6IjUwYWE1YjQ3YjI2Y2ExMmVlNmY5ZjA3NzExMjk3N2NmZjY1MDU3NzZkYTI2Y2UwMTg1NDA1YmFkMmI5MTgxNTMiLCJ0YWciOiIifQ%3D%3D; visit=eyJpdiI6Ii9xL3pKbHN2cTJuRkZRUC9PRTQxY0E9PSIsInZhbHVlIjoiZjlFd1RYM01ISGFkSksvVWhQNnJmeUxVQ2lsZlJyaXVCWXBHTlVLV2FhYVJqc0ExdVVEandTby9uN0o2cEdUMCIsIm1hYyI6IjdjYTNjNjA1Njk2MDQ5MzY1NjhiYmEyODlkMjU2ZGM5ZWRkMWIxMGZiOTE5MTliMWIwMzg5ZGUxMzBiZWY2MTEiLCJ0YWciOiIifQ%3D%3D; iy4Clmu1zoFLxyqEOU6ih97Gg7M7jbI9lFcqrCUS=eyJpdiI6ImgxbDlmZGdpdGdSb2dRV0dqbmlpSlE9PSIsInZhbHVlIjoiRHVjbGxrYzBPaTRLb3N3aXRXMzdhS0dxTjM4U2FVcVlra1hLbjVOMGl1MndyZlFQTHB2cVh3YVo2bC9TdEF1UWp6di9BdXBrRkdLYlZCa0pFMzNiKzNQb1hlazN0a3pGK1FPS2pmYlJFR0h6THI0WFdhMlp6ZHhiZVlCOEV5YVBtZkNPTXlxak8vZGw4OW5UaGZRL2FqdHhFSWtDd2tTODRna3BqRWJnNVROZ3RNNnZFVFVmRWJSM0FjSm9mS3I5bzk5SXZGenBnOXBPZ0dOTDRnTkI5bTU3blhBV3l6WjVTdUhTUEduRlNkWVU4bmZzMWpDdHNXbENNcVpta2xwZytHbmx2UDRINmpZa3R5a243NnRxOXA5bGRaS1BJa2ZELzJMVUl5WDcxSVFxWVQ4Y05NZWxLNlBjdzNBWUROOWtZdGF2ckVMTlFVZUU0dHFrQTB4NHQ3bnlHbCtSaTErNDlBMlQxZDB1MmFjTjJXa2xERnkvKzIrdU5EZmlYb2FLUXVJN3gxMkZzeGswYzIvNWtudDZhM3lVWGNZeUZwSjBISEduN2pzQlo4QWN2eXk2VlJVRkl3YnJuK214MkFWY1BWNzQwejlvclBoZjh0QjFXOEQxbmtEMmxrck55eFRXZUpwR2l2VURtbUU9IiwibWFjIjoiZjg4ZDkwNGMyYzNlNzczMDI2Zjc2NTUxYTJhNWViYjQyNDk2OTljNTIwNzE3MTgwM2ZmZWI5YzUwZjY3NjcxOSIsInRhZyI6IiJ9
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:34:28 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sun, 22 Jan 2023 09:02:19 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
ETag: W/"63ccfb9b-2e42c"
Expires: Fri, 26 Jan 2024 10:34:28 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
s.lottohunts.com/img/offers/win_click/themes/casino/coins.jpg
94.237.93.242200 OK 2.9 kB URL HTTP/1.1 s.lottohunts.com/img/offers/win_click/themes/casino/coins.jpg
IP 94.237.93.242:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 318x128, components 3\012- data
Hash d3f587bb84cb6ee48351820f2ec72a1e
c030fa4453f1e1afd694358a2b3068ccabfbd2a4
3388518b86e14bee824865e93ff4876cb525b1b19cdd30dfada34f4cae3063c2
Analyzer Verdict Alert quad9 Sinkholed
GET /img/offers/win_click/themes/casino/coins.jpg HTTP/1.1
Host: s.lottohunts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.lottohunts.com/css/offers/win_click/app.css?id=7647922dda2c0c096fcad3e5c6537a83
Cookie: XSRF-TOKEN=eyJpdiI6IkxtMWhTVmpqWXo0WmY4cXlYaDlIbWc9PSIsInZhbHVlIjoiUHExU0lLY3pLTVlzSy9tVjd1TlVXN0tpTXFQc0gycGVLMk9IOStXQjhmbWl6WjlIOFZTTXZFUXg1RVdCWXcxWFhscm1UV1g0bGd5em5tdldveVJZajZWQUNadWhlMno0UVVyUnJiYWFuWEZtcWVaSEJOamhrcHl0bk13d0JBVnEiLCJtYWMiOiIxMmI3MDE2ODdmZmM5MzgzYTZmMWE0ZTM5N2Y3YTIxNDg4OGVhM2E1YjU1YjRjOTg3MTcwOTJlODE0NGFmYTk4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik5wcitRMDM5LzdHU1JjLzJBOGNXZ0E9PSIsInZhbHVlIjoiVitmL0Q1UXd2N1JEY05zbWtYVVBreVpRMTVPUW43VHNJbUhGSWhPbDAvbU1zdmhMRjgwSTNIOHRhNWJHRFN4dUxYdUtxUWYzblhOMWRzSFlvT2h0cHlzUHZMUW9aa09VbzVuaHpBMW5sMGljMFZMVjJ0bnlVR0ROMlBnTjRqanIiLCJtYWMiOiI4MzI2YTYxZGNmMGI2NjQzM2MzYmY5OTRiZTg4YTZiZmNiN2QwZDY0MGRhNjIxYTUzZjRmMGYwNmZjMWJhNmJhIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo1MG5kNXdUcWx4ZjIrTENndjlhZVE9PSIsInZhbHVlIjoiSjNRSzliY3U1OVhuRHdURjFQVnU1YytGeld1WE1JQWlUbCtWdkpUYmROeXdjdHhldEdhakEzMkFGcDk1aGdQR2VndVE0eUlycGR4S016ZGxTWk1sbnF5aWtnS0dRMnZZSWNFYjIyU3VLN1J0QkN6dG5yd293UGJNcGllQ1FxeGdaUWhLeW04blFsSXhBeFNVR1lDK203S2NFM3lsb2JHSjVzWWpQVVNjd2RRPSIsIm1hYyI6IjUwYWE1YjQ3YjI2Y2ExMmVlNmY5ZjA3NzExMjk3N2NmZjY1MDU3NzZkYTI2Y2UwMTg1NDA1YmFkMmI5MTgxNTMiLCJ0YWciOiIifQ%3D%3D; visit=eyJpdiI6Ii9xL3pKbHN2cTJuRkZRUC9PRTQxY0E9PSIsInZhbHVlIjoiZjlFd1RYM01ISGFkSksvVWhQNnJmeUxVQ2lsZlJyaXVCWXBHTlVLV2FhYVJqc0ExdVVEandTby9uN0o2cEdUMCIsIm1hYyI6IjdjYTNjNjA1Njk2MDQ5MzY1NjhiYmEyODlkMjU2ZGM5ZWRkMWIxMGZiOTE5MTliMWIwMzg5ZGUxMzBiZWY2MTEiLCJ0YWciOiIifQ%3D%3D; iy4Clmu1zoFLxyqEOU6ih97Gg7M7jbI9lFcqrCUS=eyJpdiI6ImgxbDlmZGdpdGdSb2dRV0dqbmlpSlE9PSIsInZhbHVlIjoiRHVjbGxrYzBPaTRLb3N3aXRXMzdhS0dxTjM4U2FVcVlra1hLbjVOMGl1MndyZlFQTHB2cVh3YVo2bC9TdEF1UWp6di9BdXBrRkdLYlZCa0pFMzNiKzNQb1hlazN0a3pGK1FPS2pmYlJFR0h6THI0WFdhMlp6ZHhiZVlCOEV5YVBtZkNPTXlxak8vZGw4OW5UaGZRL2FqdHhFSWtDd2tTODRna3BqRWJnNVROZ3RNNnZFVFVmRWJSM0FjSm9mS3I5bzk5SXZGenBnOXBPZ0dOTDRnTkI5bTU3blhBV3l6WjVTdUhTUEduRlNkWVU4bmZzMWpDdHNXbENNcVpta2xwZytHbmx2UDRINmpZa3R5a243NnRxOXA5bGRaS1BJa2ZELzJMVUl5WDcxSVFxWVQ4Y05NZWxLNlBjdzNBWUROOWtZdGF2ckVMTlFVZUU0dHFrQTB4NHQ3bnlHbCtSaTErNDlBMlQxZDB1MmFjTjJXa2xERnkvKzIrdU5EZmlYb2FLUXVJN3gxMkZzeGswYzIvNWtudDZhM3lVWGNZeUZwSjBISEduN2pzQlo4QWN2eXk2VlJVRkl3YnJuK214MkFWY1BWNzQwejlvclBoZjh0QjFXOEQxbmtEMmxrck55eFRXZUpwR2l2VURtbUU9IiwibWFjIjoiZjg4ZDkwNGMyYzNlNzczMDI2Zjc2NTUxYTJhNWViYjQyNDk2OTljNTIwNzE3MTgwM2ZmZWI5YzUwZjY3NjcxOSIsInRhZyI6IiJ9
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:34:28 GMT
Content-Type: image/jpeg
Content-Length: 2882
Last-Modified: Sun, 22 Jan 2023 09:02:19 GMT
ETag: "63ccfb9b-b42"
Expires: Fri, 26 Jan 2024 10:34:28 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
s.lottohunts.com/img/offers/win_click/themes/casino/crown.png
94.237.93.242200 OK 1.5 kB URL HTTP/1.1 s.lottohunts.com/img/offers/win_click/themes/casino/crown.png
IP 94.237.93.242:0
File type PNG image data, 80 x 70, 8-bit colormap, non-interlaced\012- data
Hash e4dd11c116316c0e0b8ea35e1a7aaa8f
7fdd03e268e0c7e252fed9dd1ccf58c3a7674546
22c4520224fb0c2a3cce5178fb6ae20ef6f98d5b8294a7d52c4cb8607ca9c1dd
Analyzer Verdict Alert quad9 Sinkholed
GET /img/offers/win_click/themes/casino/crown.png HTTP/1.1
Host: s.lottohunts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://s.lottohunts.com/css/offers/win_click/app.css?id=7647922dda2c0c096fcad3e5c6537a83
Cookie: XSRF-TOKEN=eyJpdiI6IkxtMWhTVmpqWXo0WmY4cXlYaDlIbWc9PSIsInZhbHVlIjoiUHExU0lLY3pLTVlzSy9tVjd1TlVXN0tpTXFQc0gycGVLMk9IOStXQjhmbWl6WjlIOFZTTXZFUXg1RVdCWXcxWFhscm1UV1g0bGd5em5tdldveVJZajZWQUNadWhlMno0UVVyUnJiYWFuWEZtcWVaSEJOamhrcHl0bk13d0JBVnEiLCJtYWMiOiIxMmI3MDE2ODdmZmM5MzgzYTZmMWE0ZTM5N2Y3YTIxNDg4OGVhM2E1YjU1YjRjOTg3MTcwOTJlODE0NGFmYTk4IiwidGFnIjoiIn0%3D; ivr_offers_session=eyJpdiI6Ik5wcitRMDM5LzdHU1JjLzJBOGNXZ0E9PSIsInZhbHVlIjoiVitmL0Q1UXd2N1JEY05zbWtYVVBreVpRMTVPUW43VHNJbUhGSWhPbDAvbU1zdmhMRjgwSTNIOHRhNWJHRFN4dUxYdUtxUWYzblhOMWRzSFlvT2h0cHlzUHZMUW9aa09VbzVuaHpBMW5sMGljMFZMVjJ0bnlVR0ROMlBnTjRqanIiLCJtYWMiOiI4MzI2YTYxZGNmMGI2NjQzM2MzYmY5OTRiZTg4YTZiZmNiN2QwZDY0MGRhNjIxYTUzZjRmMGYwNmZjMWJhNmJhIiwidGFnIjoiIn0%3D; SESS_TRAF=eyJpdiI6Ilo1MG5kNXdUcWx4ZjIrTENndjlhZVE9PSIsInZhbHVlIjoiSjNRSzliY3U1OVhuRHdURjFQVnU1YytGeld1WE1JQWlUbCtWdkpUYmROeXdjdHhldEdhakEzMkFGcDk1aGdQR2VndVE0eUlycGR4S016ZGxTWk1sbnF5aWtnS0dRMnZZSWNFYjIyU3VLN1J0QkN6dG5yd293UGJNcGllQ1FxeGdaUWhLeW04blFsSXhBeFNVR1lDK203S2NFM3lsb2JHSjVzWWpQVVNjd2RRPSIsIm1hYyI6IjUwYWE1YjQ3YjI2Y2ExMmVlNmY5ZjA3NzExMjk3N2NmZjY1MDU3NzZkYTI2Y2UwMTg1NDA1YmFkMmI5MTgxNTMiLCJ0YWciOiIifQ%3D%3D; visit=eyJpdiI6Ii9xL3pKbHN2cTJuRkZRUC9PRTQxY0E9PSIsInZhbHVlIjoiZjlFd1RYM01ISGFkSksvVWhQNnJmeUxVQ2lsZlJyaXVCWXBHTlVLV2FhYVJqc0ExdVVEandTby9uN0o2cEdUMCIsIm1hYyI6IjdjYTNjNjA1Njk2MDQ5MzY1NjhiYmEyODlkMjU2ZGM5ZWRkMWIxMGZiOTE5MTliMWIwMzg5ZGUxMzBiZWY2MTEiLCJ0YWciOiIifQ%3D%3D; iy4Clmu1zoFLxyqEOU6ih97Gg7M7jbI9lFcqrCUS=eyJpdiI6ImgxbDlmZGdpdGdSb2dRV0dqbmlpSlE9PSIsInZhbHVlIjoiRHVjbGxrYzBPaTRLb3N3aXRXMzdhS0dxTjM4U2FVcVlra1hLbjVOMGl1MndyZlFQTHB2cVh3YVo2bC9TdEF1UWp6di9BdXBrRkdLYlZCa0pFMzNiKzNQb1hlazN0a3pGK1FPS2pmYlJFR0h6THI0WFdhMlp6ZHhiZVlCOEV5YVBtZkNPTXlxak8vZGw4OW5UaGZRL2FqdHhFSWtDd2tTODRna3BqRWJnNVROZ3RNNnZFVFVmRWJSM0FjSm9mS3I5bzk5SXZGenBnOXBPZ0dOTDRnTkI5bTU3blhBV3l6WjVTdUhTUEduRlNkWVU4bmZzMWpDdHNXbENNcVpta2xwZytHbmx2UDRINmpZa3R5a243NnRxOXA5bGRaS1BJa2ZELzJMVUl5WDcxSVFxWVQ4Y05NZWxLNlBjdzNBWUROOWtZdGF2ckVMTlFVZUU0dHFrQTB4NHQ3bnlHbCtSaTErNDlBMlQxZDB1MmFjTjJXa2xERnkvKzIrdU5EZmlYb2FLUXVJN3gxMkZzeGswYzIvNWtudDZhM3lVWGNZeUZwSjBISEduN2pzQlo4QWN2eXk2VlJVRkl3YnJuK214MkFWY1BWNzQwejlvclBoZjh0QjFXOEQxbmtEMmxrck55eFRXZUpwR2l2VURtbUU9IiwibWFjIjoiZjg4ZDkwNGMyYzNlNzczMDI2Zjc2NTUxYTJhNWViYjQyNDk2OTljNTIwNzE3MTgwM2ZmZWI5YzUwZjY3NjcxOSIsInRhZyI6IiJ9
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 10:34:28 GMT
Content-Type: image/png
Content-Length: 1530
Last-Modified: Sun, 22 Jan 2023 09:02:19 GMT
ETag: "63ccfb9b-5fa"
Expires: Fri, 26 Jan 2024 10:34:28 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 82b4e5d3533c1412c83acafde6bf0165
cc1d9fb62c29dc9dd3ae5c13a6aa69480c94e9c7
015e8d386040e0dc8cc2477b57ae832faa4035d01044f0eeb08a7f1e58a0bdf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "015E8D386040E0DC8CC2477B57AE832FAA4035D01044F0EEB08A7F1E58A0BDF8"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=960
Expires: Thu, 26 Jan 2023 10:50:28 GMT
Date: Thu, 26 Jan 2023 10:34:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 09:49:01 GMT
age: 2727
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
s3ntry.net/api/18/envelope/?sentry_key=ccd7567c32f347d999f51c043b0ccde6&sentry_version=7
162.55.168.249200 OK 2 B URL HTTP/1.1 s3ntry.net/api/18/envelope/?sentry_key=ccd7567c32f347d999f51c043b0ccde6&sentry_version=7
IP 162.55.168.249:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /api/18/envelope/?sentry_key=ccd7567c32f347d999f51c043b0ccde6&sentry_version=7 HTTP/1.1
Host: s3ntry.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://s.lottohunts.com/
Content-Type: text/plain;charset=UTF-8
Origin: http://s.lottohunts.com
Content-Length: 434
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Jan 2023 10:34:28 GMT
Content-Type: application/json
Content-Length: 2
Connection: close
access-control-allow-origin: http://s.lottohunts.com
access-control-expose-headers: retry-after, x-sentry-rate-limits, x-sentry-error
vary: Origin
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c398b6b39d11d25b8ae9bc5cd94a1c98
640aa8c399ced71d0c2a9f5a90fbaf091b01d642
a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21423
Expires: Thu, 26 Jan 2023 16:31:32 GMT
Date: Thu, 26 Jan 2023 10:34:29 GMT
Connection: keep-alive
push.services.mozilla.com/
34.213.53.184101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.53.184:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RVd4INxThwN3DckKHVemyg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8KWj6X92rpSTnWmsJUqu4EgOwkw=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10895
Expires: Thu, 26 Jan 2023 13:36:05 GMT
Date: Thu, 26 Jan 2023 10:34:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10895
Expires: Thu, 26 Jan 2023 13:36:05 GMT
Date: Thu, 26 Jan 2023 10:34:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10895
Expires: Thu, 26 Jan 2023 13:36:05 GMT
Date: Thu, 26 Jan 2023 10:34:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10895
Expires: Thu, 26 Jan 2023 13:36:05 GMT
Date: Thu, 26 Jan 2023 10:34:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3e6d9a5-dd7d-4337-a00f-a145350a1a29.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3e6d9a5-dd7d-4337-a00f-a145350a1a29.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 653bf5a34e9f99c9eef73a21d98d792f
c70d46aa2210c4f7c397fa20e1225b7d0734ac35
9f928ec6f194340e5543a4bf757aac31d545def67a56ae804a2039a3effd3fe0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3e6d9a5-dd7d-4337-a00f-a145350a1a29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10379
x-amzn-requestid: 419e5a80-cb6d-4904-9545-a0f815149701
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYMREwmIAMFhQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0b4-64c49f7d49687d9e5324ec64;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rZHSgPIPZyea2griEvL-3semlrUDichGSL8Rin4YeYKN909f9e0lyQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:41:09 GMT
age: 46401
etag: "c70d46aa2210c4f7c397fa20e1225b7d0734ac35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c7f25e5-06eb-4d3f-99e2-edacd0739efb.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c7f25e5-06eb-4d3f-99e2-edacd0739efb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cfe699b31f96add9f1439af1ff1191eb
f77a833a69b69eef4a39e404c102f624e96b52c0
44312979ac13221e5c3328ad590f0f3dc7da00380c07c433382cd81c47b717f8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c7f25e5-06eb-4d3f-99e2-edacd0739efb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14856
x-amzn-requestid: e7d931f7-d086-42b9-a1f3-c8253b82eba6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSY_OHw7IAMFj6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d52e-4fd95c5f5a64861720a1ee60;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2yzeIjHl8sUO9s5n2sZfN6DSWOVDVQl-xdSrNmHu-yWXj_7VJJk5qA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:39:30 GMT
age: 10500
etag: "f77a833a69b69eef4a39e404c102f624e96b52c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VATQ0SjZfM_btXwR4M5keLmd-EE6717EHEiXrF2zpHNrli93EhN6Rw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:48:42 GMT
age: 45948
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3177e0c-fa06-470b-bb9e-800d246a5096.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3177e0c-fa06-470b-bb9e-800d246a5096.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e013ee2e3a5287de55de4c2437a279d
f2b0a5738ec9e3b178b2bf5513de3e604b86eadf
f174d5678154412cdbf71f93c345d28cfb8bad7c190fa31dd78e9314c510f7ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3177e0c-fa06-470b-bb9e-800d246a5096.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8648
x-amzn-requestid: 19beb9c1-4e85-47ba-9275-7fb5d25f055f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYMlENLoAMFhIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0b6-016533de5b42b3a573a66c78;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jkExt4JNW6KtzDm8mDdb-AvXWXeyZr14XifDN_XVzKiwFAru_1HcSA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:55:21 GMT
age: 45549
etag: "f2b0a5738ec9e3b178b2bf5513de3e604b86eadf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13cd008fb3e2739ec7caadadbd427655
c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1
a300a4fde1863c8b806d0557d9f0adaed19e1c612989d7e3f79a7bb45e6e74dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8822
x-amzn-requestid: e16ae781-25f3-4b7d-b62b-85b35d6571c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYRwF2KIAMFjDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0d7-377f24bd18dea32564b148bd;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: n2ULSpeRMRZ9CDjmrwd56ti_gPYh9ApC521naXURI2Bh1eiKwjyHZw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:51:26 GMT
age: 45784
etag: "c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cb7be12333fa7ea3353901b4b3215af
4b758cc432874384f330568177eef5a328d7e69a
d6f86c0ddbabd5c4fd7cee72ce4da62ccddd9d29139c9ab033bb1ab8425bae22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11918
x-amzn-requestid: df7df0ae-d70e-4b80-9483-2ecd5c8ee4a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqvPEXMoAMF5Aw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb57fa-04193e0514c1c1e85d9d023b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:11:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fznabMNG3n9Uo4L1jrrewtL_hJnQv8oR2qggeZtruvOLVzpUpcs7Tw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 17:10:40 GMT
etag: "4b758cc432874384f330568177eef5a328d7e69a"
content-type: image/jpeg
age: 62630
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2