firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 20:13:14 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iIpU2_iFsBsBQJ90mAUzEr6nA2GH0EW1bk6gs_9XxI53zQ70OwXswQ==
Age: 2639
0my.lotstolink.com/t/a4c85d49aa63/c8f882cc-3926-11ed-b27b-5901a3d12244/c8fd6c60-3926-11ed-b6b8-8d3c0c92aaf3
144.202.71.48301 Moved Permanently 0 B URL HTTP/1.1 0my.lotstolink.com/t/a4c85d49aa63/c8f882cc-3926-11ed-b27b-5901a3d12244/c8fd6c60-3926-11ed-b6b8-8d3c0c92aaf3
IP 144.202.71.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /t/a4c85d49aa63/c8f882cc-3926-11ed-b27b-5901a3d12244/c8fd6c60-3926-11ed-b6b8-8d3c0c92aaf3 HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://0my.lotstolink.com/t/a4c85d49aa63/c8f882cc-3926-11ed-b27b-5901a3d12244/c8fd6c60-3926-11ed-b6b8-8d3c0c92aaf3
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6219
Expires: Tue, 20 Sep 2022 22:40:52 GMT
Date: Tue, 20 Sep 2022 20:57:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Lv-tXMHfrvm8Yocp0W9VyIIFqwyCSLMBb9z7IeDfQgWxbgs5qEu0sg==
age: 58920
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 20:57:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 20 Sep 2022 20:03:22 GMT
Expires: Tue, 20 Sep 2022 20:31:23 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: agpj2qhDwy2Oezmh1cdfkxxohPG-71Hq8okZUuiDirajqAly1WTVdg==
Age: 3232
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6957798f75a23ec312bac2c3a20aef3e
f0c5c9f0f7ffafce7953f7e1806d9b2ebb94554b
73bbb56379552a78a9814c9cf45dfe2a633c33a25d9113e7d7fcdc6884bc48df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73BBB56379552A78A9814C9CF45DFE2A633C33A25D9113E7D7FCDC6884BC48DF"
Last-Modified: Sun, 18 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3442
Expires: Tue, 20 Sep 2022 21:54:36 GMT
Date: Tue, 20 Sep 2022 20:57:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5729
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 20:57:14 GMT
Last-Modified: Tue, 20 Sep 2022 19:21:45 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
0my.lotstolink.com/t/a4c85d49aa63/c8f882cc-3926-11ed-b27b-5901a3d12244/c8fd6c60-3926-11ed-b6b8-8d3c0c92aaf3
144.202.71.48200 OK 6.3 kB URL HTTP/1.1 0my.lotstolink.com/t/a4c85d49aa63/c8f882cc-3926-11ed-b27b-5901a3d12244/c8fd6c60-3926-11ed-b6b8-8d3c0c92aaf3
IP 144.202.71.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (985)
Hash 362f7f871561f46ef1bd99c39cb2e891
83a0b41317045b91cc22f94eb6ce03d98fddd096
3bcae553f49c79f3836d7b6561567875d85b423f8f6c2c914c5ce247013fde6e
Analyzer Verdict Alert fortinet Phishing
GET /t/a4c85d49aa63/c8f882cc-3926-11ed-b27b-5901a3d12244/c8fd6c60-3926-11ed-b6b8-8d3c0c92aaf3 HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Tue, 20 Sep 2022 20:57:14 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
service-worker-allowed: /
cache-control: no-cache, private
x-redir: true
set-cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; expires=Tue, 20 Sep 2022 22:57:14 GMT; Max-Age=7200; path=/; samesite=lax
yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D; expires=Tue, 20 Sep 2022 22:57:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-encoding: gzip
strict-transport-security: max-age=15768000
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 20:57:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.106200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.106:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 15:58:28 GMT
expires: Thu, 14 Sep 2023 15:58:28 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 536326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 20:57:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
0my.lotstolink.com/templates/templates/mysterybox/files/custom_style.css
144.202.71.48200 OK 9.1 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/custom_style.css
IP 144.202.71.48:0
File type ASCII text, with very long lines (341)
Hash d6821948f9d3a80b1f3169f670e1b06c
4e041b3a391424b761c6a55d63d9fd5c25c60565
67aa606c92605d826c400b3e72147f7df5723f1c1abee0bb4c8665a9cb0b4255
GET /templates/templates/mysterybox/files/custom_style.css HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 18 Sep 2022 13:40:03 GMT
last-modified: Thu, 15 Sep 2022 17:57:04 GMT
etag: "d6821948f9d3a80b1f3169f670e1b06c"
content-type: text/css
content-length: 9065
x-varnish: 141329642 137254302
age: 199032
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
push.services.mozilla.com/
34.214.236.46101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.236.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HWWrXnBWZW30XB98Rq/hNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: i0Z/ujgjOw+i8vAePn7CTyoRkXE=
0my.lotstolink.com/templates/templates/mysterybox/files/en_date.js
144.202.71.48200 OK 1.1 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/en_date.js
IP 144.202.71.48:0
Hash f9d789ef2320020f47db4ed0db2e4323
cf76ef82e090285dfd1fccfbb9c479ebf179ae1c
1999301c84d39ee8b6ea31d6b71f8de51a7470ea855b1080effcc67a2afe6136
Analyzer Verdict Alert fortinet Phishing
GET /templates/templates/mysterybox/files/en_date.js HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 18 Sep 2022 13:40:03 GMT
last-modified: Thu, 15 Sep 2022 17:57:04 GMT
etag: "f9d789ef2320020f47db4ed0db2e4323"
content-type: application/javascript
content-length: 1125
service-worker-allowed: /
x-varnish: 141138588 137254306
age: 199032
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/files/platform.js
144.202.71.48200 OK 41 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/platform.js
IP 144.202.71.48:0
File type ASCII text, with very long lines (568)
Hash ccad5ec1b46e291191a730fa8f9545bb
3a9ab890a0268080c79fcf3739ef82779d9ff453
5450fd792e0070751798a1b0923d0aef6e0fae66f81b0a17f5bed483e8a1234c
Analyzer Verdict Alert fortinet Phishing
GET /templates/templates/mysterybox/files/platform.js HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 18 Sep 2022 13:40:03 GMT
last-modified: Thu, 15 Sep 2022 17:57:04 GMT
etag: "ccad5ec1b46e291191a730fa8f9545bb"
content-type: application/javascript
content-length: 40635
service-worker-allowed: /
x-varnish: 141138590 137254309
age: 199032
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/o/2XXQ6DLP/c8f882cc-3926-11ed-b27b-5901a3d12244
144.202.71.48302 Found 762 B URL HTTP/1.1 0my.lotstolink.com/o/2XXQ6DLP/c8f882cc-3926-11ed-b27b-5901a3d12244
IP 144.202.71.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 90ec7679de6556d3d9e7c90fc5f1f907
629736bba327b1ab9222ded9b52beeac6c583123
0b6306064e0581c7f55e3c92fe161e7276f939a3d9f742b795cebf1823522d01
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/c8f882cc-3926-11ed-b27b-5901a3d12244 HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
date: Tue, 20 Sep 2022 20:57:15 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=ce45c5c8-3926-11ed-8378-e95f01a43006&
x-redir: true
set-cookie: XSRF-TOKEN=eyJpdiI6IkJsWjloS0o0ZC9IRHdTSmMrYnNuc2c9PSIsInZhbHVlIjoiT3VaUk9xckpjWjhxZDk1eEtwQ244R1hsWVpNMW1LNmtnNUFkbHJQU2VzZW5KQ25PWUxwNC83UFlxUlBJTDk2YUpzQUQwaVNxa1pLQ0NzYTVTOWhvRVZyeXkvL09pNG9QVVJQYjNIYXZCT2VKRUptTkNqZTVCeWFoaXVIVWJ6ZTYiLCJtYWMiOiJmNzZjZDBkOTc1YTlkMWM1YzczMTE3YWNkZDBmNGMxOTE5YjU5ZDMwZDBjNWI1NjU4NGZkM2I4OTRmM2NkZGVmIiwidGFnIjoiIn0%3D; expires=Tue, 20 Sep 2022 22:57:15 GMT; Max-Age=7200; path=/; samesite=lax
yredir_session=eyJpdiI6ImdXVU5HQ0FrTDhUVU52eTVNdzhLZlE9PSIsInZhbHVlIjoiTUJFS3JJS1hzVWNtZG0zVTVTd2JYNkJCSzVpRmZEakZ2b05QdzBxNDhQakJJNWllVkRMTW5oY2xGRDQ1Qm42bVQ5dXVMT1BveDcyaGdVVk5EaWJxdFJYc0ZyODgvU3ZpMXdmNEtVNWQrSEllZTViM2RGVVRLdEVvQlJ0SzcrQXkiLCJtYWMiOiIwY2RlZDQxZGNlZWY2ZmUxZGI5OTliMTBiZDUwNWNmNTAwZWVhOTRkN2QyMGE2MGMxMWE1ZTIxZjg0MmZiMTVmIiwidGFnIjoiIn0%3D; expires=Tue, 20 Sep 2022 22:57:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
0my.lotstolink.com/media/template-images/mcdonalds-plain/300x200.jpg
144.202.71.48200 OK 12 kB URL HTTP/1.1 0my.lotstolink.com/media/template-images/mcdonalds-plain/300x200.jpg
IP 144.202.71.48:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x194, components 3\012- data
Hash 1cc562ab493c3230d17880438cfad3f6
93ca91efcb7689169f1d3fae6f0fdb14b2461ea5
5be3b4c4a1344d8c09f4fc5b78377c63280d046973060dc127820d1c4df1e4d0
GET /media/template-images/mcdonalds-plain/300x200.jpg HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 15 Sep 2022 18:42:04 GMT
last-modified: Tue, 17 May 2022 15:08:46 GMT
etag: "1cc562ab493c3230d17880438cfad3f6"
content-type: image/jpeg
content-length: 12390
x-varnish: 141138593 131237296
age: 440111
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/assets/box_o_t.png
144.202.71.48200 OK 2.4 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/assets/box_o_t.png
IP 144.202.71.48:0
File type PNG image data, 241 x 79, 8-bit colormap, non-interlaced\012- data
Hash fc33ce5887eb7b5a81b9377a68698114
bb99be3eac1dbe6ebec9a1e5f08b0f183b79a2c6
f9e2740fb819e3748066a670f88ad743cfc3068d5ce2a99fbd1fa731537f6127
GET /templates/templates/mysterybox/assets/box_o_t.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 18 Sep 2022 13:40:04 GMT
last-modified: Thu, 15 Sep 2022 17:57:04 GMT
etag: "fc33ce5887eb7b5a81b9377a68698114"
content-type: image/png
content-length: 2430
x-varnish: 141299395 137436731
age: 199031
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/files/box_c.png
144.202.71.48200 OK 8.8 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/box_c.png
IP 144.202.71.48:0
File type PNG image data, 241 x 184, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b0b641f72293ea5bb5e43b8158b31a9
e04f96aac3e342f60df32c92ef54b9b316b1fb59
6b2c28e1e03c021256d67916384b83f706500edfa701080150d78bd9fab51bf2
GET /templates/templates/mysterybox/files/box_c.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 18 Sep 2022 13:40:04 GMT
last-modified: Thu, 15 Sep 2022 17:57:04 GMT
etag: "9b0b641f72293ea5bb5e43b8158b31a9"
content-type: image/png
content-length: 8814
x-varnish: 140381427 137347937
age: 199032
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/files/exit.png
144.202.71.48200 OK 525 B URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/exit.png
IP 144.202.71.48:0
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 7b53e9c6d14fab18765c748a00d43c93
afe0633605e88df340fa3e0238c315eec766fe2f
fdc34fd73310984f22db0235f635024c80a884c451322931892dd722567ceaaf
GET /templates/templates/mysterybox/files/exit.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 18 Sep 2022 13:40:04 GMT
last-modified: Thu, 15 Sep 2022 17:57:04 GMT
etag: "7b53e9c6d14fab18765c748a00d43c93"
content-type: image/png
content-length: 525
x-varnish: 141329646 137436729
age: 199031
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/media/template-images/mcdonalds-plain/300x200.jpg.png
144.202.71.48403 Forbidden 243 B URL HTTP/1.1 0my.lotstolink.com/media/template-images/mcdonalds-plain/300x200.jpg.png
IP 144.202.71.48:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash a2eadae1ada32baf92f3d3004ed9865c
e967e1114c0f6293ae3f6dfe3bceed644f57d343
0261e64799a16056917292a3dbd14511e782f97a36d79697eda1fe0cf58e98df
GET /media/template-images/mcdonalds-plain/300x200.jpg.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Thu, 15 Sep 2022 18:41:24 GMT
x-varnish: 141171330 130752360
age: 440150
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/files/gift.gif
144.202.71.48200 OK 16 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/files/gift.gif
IP 144.202.71.48:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash 573c467d7a0b1c4c009ba98927dfa335
78d9c7efaeed568b74f1e4d1b4eb67e51dbbb9f1
c4f1d8867d03d437694f1cac0c9df3a7f5006fb8df474023bfa1d78f88843ce8
GET /templates/templates/mysterybox/files/gift.gif HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 18 Sep 2022 13:40:04 GMT
last-modified: Thu, 15 Sep 2022 17:57:04 GMT
etag: "573c467d7a0b1c4c009ba98927dfa335"
content-type: image/gif
content-length: 15606
x-varnish: 140989673 137254314
age: 199031
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/templates/templates/mysterybox/assets/box_o_b.png
144.202.71.48200 OK 3.4 kB URL HTTP/1.1 0my.lotstolink.com/templates/templates/mysterybox/assets/box_o_b.png
IP 144.202.71.48:0
File type PNG image data, 241 x 134, 8-bit colormap, non-interlaced\012- data
Hash 44da211f58be2b1f3aaa2aa3aa3055ed
59f5e9a8e6f5874a7521dec4fdd6878d7924bb75
ed16388bac328613e7ff4fa6933545b80a53cbcb528997e574a6f1b19f5aeeb2
GET /templates/templates/mysterybox/assets/box_o_b.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlQ4VjdDRnZIWnBFaVZscmIwVkZ0VlE9PSIsInZhbHVlIjoid2h2SDlYZm9QZi9nOTFmOHVXNlh4SEJLQUdabVJ6TjdMeDNJTWVFbmhPMUdXakJ4NThvaS80QXVjaVhZdEZrVGhMV3FCQXFnaXlYUGVsaEtRNUdOeStsWnRGY1VsajF0R2I5UkVpc2VQaWhFNVNCTWczZk55OFVQenVlOXpGL2MiLCJtYWMiOiJkNGQxMGFjYzQ1YzkzZDg4ZDY2OTZiYzAzMThkODU1ZTJkYTFiN2EyYmNhOTFlMjhkZGQ3YmQ2ZWZjZWE4ZTNjIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImVtdGdTWkNqNDlHYm94MzFCWnB5Vnc9PSIsInZhbHVlIjoiU2h0SHdMdzVxN2xuT0htb2gvN3h5R2h1d1FIaGU5L3NCTlJsMUgzUzNrQWN5T3d4Sk5WVzlISnU4VGxsYUtUYWFFckF0dnFPNmtIOXZFTDN2TTV2SnV0M05kRUVMUjhMK3lSdXZYdlhwZjhNZkZsNTVsQVNZREIwdWc2ay9pVFgiLCJtYWMiOiJkNGQ2ZDFkZGFkZTUzYjNlODJjNmJlNWI1MjcyNGMyMzU1NjA2ZDdjNjZlOTgyMzY1YTI5ZmQyOTJhMWM2ZmJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Sun, 18 Sep 2022 13:40:04 GMT
last-modified: Thu, 15 Sep 2022 17:57:04 GMT
etag: "44da211f58be2b1f3aaa2aa3aa3055ed"
content-type: image/png
content-length: 3394
x-varnish: 140381432 137283551
age: 199032
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/_common/js/service-workers/neptuneads/service-worker.js
144.202.71.48200 OK 90 B URL HTTP/1.1 0my.lotstolink.com/_common/js/service-workers/neptuneads/service-worker.js
IP 144.202.71.48:0
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkJsWjloS0o0ZC9IRHdTSmMrYnNuc2c9PSIsInZhbHVlIjoiT3VaUk9xckpjWjhxZDk1eEtwQ244R1hsWVpNMW1LNmtnNUFkbHJQU2VzZW5KQ25PWUxwNC83UFlxUlBJTDk2YUpzQUQwaVNxa1pLQ0NzYTVTOWhvRVZyeXkvL09pNG9QVVJQYjNIYXZCT2VKRUptTkNqZTVCeWFoaXVIVWJ6ZTYiLCJtYWMiOiJmNzZjZDBkOTc1YTlkMWM1YzczMTE3YWNkZDBmNGMxOTE5YjU5ZDMwZDBjNWI1NjU4NGZkM2I4OTRmM2NkZGVmIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImdXVU5HQ0FrTDhUVU52eTVNdzhLZlE9PSIsInZhbHVlIjoiTUJFS3JJS1hzVWNtZG0zVTVTd2JYNkJCSzVpRmZEakZ2b05QdzBxNDhQakJJNWllVkRMTW5oY2xGRDQ1Qm42bVQ5dXVMT1BveDcyaGdVVk5EaWJxdFJYc0ZyODgvU3ZpMXdmNEtVNWQrSEllZTViM2RGVVRLdEVvQlJ0SzcrQXkiLCJtYWMiOiIwY2RlZDQxZGNlZWY2ZmUxZGI5OTliMTBiZDUwNWNmNTAwZWVhOTRkN2QyMGE2MGMxMWE1ZTIxZjg0MmZiMTVmIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=f5c6b6cf-ad2b-b2f0-1aa2-1f165a71d4a2
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Tue, 20 Sep 2022 10:22:42 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 141171333 140265746
age: 38074
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
0my.lotstolink.com/media/template-images/mcdonalds-plain/300x200.jpg.png
144.202.71.48403 Forbidden 243 B URL HTTP/1.1 0my.lotstolink.com/media/template-images/mcdonalds-plain/300x200.jpg.png
IP 144.202.71.48:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash a2eadae1ada32baf92f3d3004ed9865c
e967e1114c0f6293ae3f6dfe3bceed644f57d343
0261e64799a16056917292a3dbd14511e782f97a36d79697eda1fe0cf58e98df
GET /media/template-images/mcdonalds-plain/300x200.jpg.png HTTP/1.1
Host: 0my.lotstolink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkJsWjloS0o0ZC9IRHdTSmMrYnNuc2c9PSIsInZhbHVlIjoiT3VaUk9xckpjWjhxZDk1eEtwQ244R1hsWVpNMW1LNmtnNUFkbHJQU2VzZW5KQ25PWUxwNC83UFlxUlBJTDk2YUpzQUQwaVNxa1pLQ0NzYTVTOWhvRVZyeXkvL09pNG9QVVJQYjNIYXZCT2VKRUptTkNqZTVCeWFoaXVIVWJ6ZTYiLCJtYWMiOiJmNzZjZDBkOTc1YTlkMWM1YzczMTE3YWNkZDBmNGMxOTE5YjU5ZDMwZDBjNWI1NjU4NGZkM2I4OTRmM2NkZGVmIiwidGFnIjoiIn0%3D; yredir_session=eyJpdiI6ImdXVU5HQ0FrTDhUVU52eTVNdzhLZlE9PSIsInZhbHVlIjoiTUJFS3JJS1hzVWNtZG0zVTVTd2JYNkJCSzVpRmZEakZ2b05QdzBxNDhQakJJNWllVkRMTW5oY2xGRDQ1Qm42bVQ5dXVMT1BveDcyaGdVVk5EaWJxdFJYc0ZyODgvU3ZpMXdmNEtVNWQrSEllZTViM2RGVVRLdEVvQlJ0SzcrQXkiLCJtYWMiOiIwY2RlZDQxZGNlZWY2ZmUxZGI5OTliMTBiZDUwNWNmNTAwZWVhOTRkN2QyMGE2MGMxMWE1ZTIxZjg0MmZiMTVmIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=f5c6b6cf-ad2b-b2f0-1aa2-1f165a71d4a2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Thu, 15 Sep 2022 18:41:24 GMT
x-varnish: 141329648 130752360
age: 440151
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Tue, 20 Sep 2022 21:34:09 GMT
Date: Tue, 20 Sep 2022 20:57:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Tue, 20 Sep 2022 21:34:09 GMT
Date: Tue, 20 Sep 2022 20:57:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Tue, 20 Sep 2022 21:34:09 GMT
Date: Tue, 20 Sep 2022 20:57:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Tue, 20 Sep 2022 21:34:09 GMT
Date: Tue, 20 Sep 2022 20:57:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Tue, 20 Sep 2022 21:34:09 GMT
Date: Tue, 20 Sep 2022 20:57:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a7d863845e96c5927e812f325c08c16
b8484fb5443344b03e52dd56b1d6c5682eb6221a
fcb382029332a44deaf212298b618074a752d674d0c735a1b8b861ab4bb6ff0f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9865
x-amzn-requestid: 7eeeff5b-cb13-4060-96a6-bf5a4be57331
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugokGQVoAMFXmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e169-4211dbbe1a22d0255a45aff0;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:38:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zDPKSOJ7SJImKcluUMhGvVMHv4t2oKLD2AJfGKAFSfedsdSA4VgZ_g==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:02:56 GMT
etag: "b8484fb5443344b03e52dd56b1d6c5682eb6221a"
content-type: image/jpeg
age: 82460
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca0c1a7f205ad07f1cce80b26448873
0e14f5062e40ce94346494ff947bfcf74b5e88c1
ebc960279032671136749823c126ec807334d9eaf2b019abcc63b41bcdbf4a7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9873
x-amzn-requestid: 7171299f-e6e3-40ef-a292-33779346e1ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI-FDIIAMF-xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-31f9413434a6b00e77e7709b;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: evL3aL1ULo6B2a8Rp6iILKCX7F14O9HMSbEqkEY3XHFhmMptE8FaVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 21:50:04 GMT
age: 83232
etag: "0e14f5062e40ce94346494ff947bfcf74b5e88c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ed7323b395e757f7766ea0045efdaca
8b91bc3069a3217bc719c27959d578b353b5d9dc
8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11832
x-amzn-requestid: 75065a71-5f2d-4987-915b-9bddc772c76a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI_EsLIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-1248d25405209da3353d4a4a;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7sCevVX1nGXxZxnrXSURjUcap1a7vCZwrMMIXfzcBPR1srMxJHLGUg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:07:05 GMT
age: 82211
etag: "8b91bc3069a3217bc719c27959d578b353b5d9dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c283017ec789693602177a2785177e21
ff8286c4d2cf87a1865d56d082bc5235dba60ad7
520db2567ad5529d35d2ac63b94d4186848382e9c86d0c4355ab979b34f0e0ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11145
x-amzn-requestid: dcb726a6-2f43-4170-a53c-4f0d2883309e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yuh7yHfHIAMFu4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e37e-11bf06e96123e01c11854cbb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:47:42 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DwufJXA1yHz_jnJL0PWjCQYF9fa3jlJ0e-2hIomInAXCpmPISX3mjg==
via: 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:02:33 GMT
age: 82483
etag: "ff8286c4d2cf87a1865d56d082bc5235dba60ad7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30fbdfee7ec4513a5ff3dfcb7282f816
a852edb64a7220532aa619ab2a440c3a7e11b97a
4adee59f97bea412c6a0a786d0a27e431a497198b9047a75841b0a530803bdfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9543
x-amzn-requestid: 17be04c9-54f0-4988-82dd-f13911a2a629
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugINHN1IAMF8iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09a-35496b4c21c23dec75257964;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y3urrVdjZEds_DKf3yL2XfaOy-5UPBwU-YVWe5eKYsDpl3JPmqffsw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:23:30 GMT
age: 81226
etag: "a852edb64a7220532aa619ab2a440c3a7e11b97a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 02:46:17 GMT
age: 65459
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=ce45c5c8-3926-11ed-8378-e95f01a43006&
172.64.110.28200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=ce45c5c8-3926-11ed-8378-e95f01a43006&
IP 172.64.110.28:0
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=ce45c5c8-3926-11ed-8378-e95f01a43006& HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 20:57:15 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Tue, 20 Sep 2022 20:57:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0tug%2Ff1f0FX0nxahSOI8YycTV1lwF1036w%2FJ0h57IoqdkC%2FlFFD%2F6GmOJN4qiTxkX4r7d8HsXK8jKa5jOIW8zIa8WnusI1isRI9qOYyy1DRpH2zStMPtA%2BP0h4gr7Qj%2FPAbMMVNgQjRgh515Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd78ee5a01888b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
172.64.110.28200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
IP 172.64.110.28:0
GET /javascripts/trackpush-v2-vapid.js?v=1&custom=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 20:57:15 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 5562
last-modified: Tue, 20 Sep 2022 19:24:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bPDgTm41In5C4FcZ9Uq20oFc6n9R%2BdluwiU9XU8XaN9cWL2tDbJD1bC7YM47jH0UBgmeWWW2YQZypNwoH2JED4MkHd5Atu8gvmp97v6i%2Fb0%2BZO92OcIFMdg56EF4g%2Fr7hyVTMezuXxCbh3NIIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74dd78f06c82888b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2