r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2396
Expires: Thu, 26 Jan 2023 21:51:28 GMT
Date: Thu, 26 Jan 2023 21:11:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3638
Expires: Thu, 26 Jan 2023 22:12:11 GMT
Date: Thu, 26 Jan 2023 21:11:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 20:35:16 GMT
content-type: application/json
age: 2177
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9940
Expires: Thu, 26 Jan 2023 23:57:13 GMT
Date: Thu, 26 Jan 2023 21:11:33 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: cRBypmA5dfpuZIUsEspFHhddQ/9j/U6Ow3AawA+hRVNOVMQE4sxtS6M4SswMAmXAWyMmXlO3aVc=
x-amz-request-id: TJS8SC5PGNDPK8FG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 20:49:08 GMT
age: 1345
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
zd7bc.toconnectoffer.com/t/a4c85d49aa63/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/f7e7c574-9dbd-11ed-a15a-6bcd4c3cda16
66.195.197.18301 Moved Permanently 0 B URL HTTP/1.1 zd7bc.toconnectoffer.com/t/a4c85d49aa63/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/f7e7c574-9dbd-11ed-a15a-6bcd4c3cda16
IP 66.195.197.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /t/a4c85d49aa63/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/f7e7c574-9dbd-11ed-a15a-6bcd4c3cda16 HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://zd7bc.toconnectoffer.com/t/a4c85d49aa63/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/f7e7c574-9dbd-11ed-a15a-6bcd4c3cda16
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 21:11:33 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 20:41:40 GMT
age: 1793
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ac1ab1844559428eb29b25e8d8d5b94
372138646b00f4466ba5f7c2821b45db11d02a12
45b59ac08cbd0bec3648381d2c23a022d681291474f61fce4574280b06567bd5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45B59AC08CBD0BEC3648381D2C23A022D681291474F61FCE4574280B06567BD5"
Last-Modified: Thu, 26 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21559
Expires: Fri, 27 Jan 2023 03:10:52 GMT
Date: Thu, 26 Jan 2023 21:11:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2581
Expires: Thu, 26 Jan 2023 21:54:34 GMT
Date: Thu, 26 Jan 2023 21:11:33 GMT
Connection: keep-alive
zd7bc.toconnectoffer.com/t/a4c85d49aa63/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/f7e7c574-9dbd-11ed-a15a-6bcd4c3cda16
66.195.197.18200 OK 6.4 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/t/a4c85d49aa63/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/f7e7c574-9dbd-11ed-a15a-6bcd4c3cda16
IP 66.195.197.18:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (985)
Hash 23dd7f870873325bb876bcbe5f0c8ca3
c4398646387d019bb551653acbe76eb58ebd06c7
aeeac6c0c29c57bbb2914c4f54b731ad9d8a79a7171978cdbab2e5d5ff2bc35d
Analyzer Verdict Alert fortinet Phishing
GET /t/a4c85d49aa63/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/f7e7c574-9dbd-11ed-a15a-6bcd4c3cda16 HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Thu, 26 Jan 2023 21:11:33 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
service-worker-allowed: /
cache-control: no-cache, private
x-redir: true
set-cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D; expires=Thu, 26 Jan 2023 23:11:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-encoding: gzip
strict-transport-security: max-age=15768000
push.services.mozilla.com/
54.184.102.146101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.184.102.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: puyru3F7y39+1N3FKff0xw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: JWmyEz+OpRbKh+9qamFkrhsIY+o=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 21:11:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.138200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 03:22:46 GMT
expires: Mon, 22 Jan 2024 03:22:46 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 409727
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 21:11:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/custom_style.css
66.195.197.18200 OK 9.1 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/custom_style.css
IP 66.195.197.18:0
File type ASCII text, with very long lines (341)
Hash d6821948f9d3a80b1f3169f670e1b06c
4e041b3a391424b761c6a55d63d9fd5c25c60565
67aa606c92605d826c400b3e72147f7df5723f1c1abee0bb4c8665a9cb0b4255
GET /templates/templates/mysterybox/files/custom_style.css HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:52 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "d6821948f9d3a80b1f3169f670e1b06c"
content-type: text/css
content-length: 9065
x-varnish: 153013008 150502862
age: 85902
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/en_date.js
66.195.197.18200 OK 1.1 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/en_date.js
IP 66.195.197.18:0
Hash f9d789ef2320020f47db4ed0db2e4323
cf76ef82e090285dfd1fccfbb9c479ebf179ae1c
1999301c84d39ee8b6ea31d6b71f8de51a7470ea855b1080effcc67a2afe6136
Analyzer Verdict Alert fortinet Phishing
GET /templates/templates/mysterybox/files/en_date.js HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:52 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "f9d789ef2320020f47db4ed0db2e4323"
content-type: application/javascript
content-length: 1125
service-worker-allowed: /
x-varnish: 153946974 150981842
age: 85902
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/platform.js
66.195.197.18200 OK 41 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/platform.js
IP 66.195.197.18:0
File type ASCII text, with very long lines (568)
Hash ccad5ec1b46e291191a730fa8f9545bb
3a9ab890a0268080c79fcf3739ef82779d9ff453
5450fd792e0070751798a1b0923d0aef6e0fae66f81b0a17f5bed483e8a1234c
Analyzer Verdict Alert fortinet Phishing
GET /templates/templates/mysterybox/files/platform.js HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:52 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "ccad5ec1b46e291191a730fa8f9545bb"
content-type: application/javascript
content-length: 40635
service-worker-allowed: /
x-varnish: 153820001 150981844
age: 85902
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17786
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 21:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17786
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 21:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17786
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 21:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17786
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 21:11:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7458f7a9b2070055df6f1d496794e43e
0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9
373097662c419eef9f4a19ce9f3bcead70f6eafbf0acf44806685eece43ce251
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12758
x-amzn-requestid: c3540562-8c62-4957-9528-7ae952daebaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9gf1E87oAMFpsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c87acb-49fd3f78275937e24d23fca3;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 23:03:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mjK4GJ3UCEuHk4XqmXdZCWHTVvJeX8Z2HFaem2GYzqfqlPSd_h6DfA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:33:59 GMT
age: 49056
etag: "0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VATQ0SjZfM_btXwR4M5keLmd-EE6717EHEiXrF2zpHNrli93EhN6Rw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:48:42 GMT
age: 84173
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b242645f0cc22e3b12c132e6d03722ac
dec70f83182de58e03bfcb95fc240b7c33f20674
59a2d8c972d27598dfe38637197f90053186c4f68b80a5a90283cb11ddaf8a31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6609
x-amzn-requestid: 129067f4-c79b-493d-8863-2eb6c1565ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZABF4IIAMFsig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d533-4908ab6e5c751213084de3c6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hUp-Y119Uly8FlGe1Wr8b-_pNoyg_iV-KaNaC7Fo44iN_sDU3BnCbA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:35:29 GMT
age: 48966
etag: "dec70f83182de58e03bfcb95fc240b7c33f20674"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71e9b44e-6d59-411b-90e8-54e0efae62a5.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71e9b44e-6d59-411b-90e8-54e0efae62a5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 41fd0074a6ce752b1271302feade4cee
6311d1365504f06cb7516606c56c502d553c9d16
544c508899fe8855b0975a87cb0bf35663ab4ad0ec8fd057b3962d50cc001b8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71e9b44e-6d59-411b-90e8-54e0efae62a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7365
x-amzn-requestid: c2a8ae3d-47f8-415f-bf08-78dd12ede3d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYRwEUbIAMFnag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0d7-38f72fec78120cf113c7a4f7;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rB4HXb1BDKiMZ5Xsb_U1UzBInPftuAryrVUhcE7v6C5qprrGRFooFg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:51:26 GMT
age: 84009
etag: "6311d1365504f06cb7516606c56c502d553c9d16"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f62e9b7bdca82d18c945851912d8fea8
a7ca44d337c43bc5c6145b26778661c71cc50484
5da02cc405c1cada55813ffe376844375f1d6ad222cbb63405348b1f5132a0b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9595
x-amzn-requestid: c257bfbe-1bd7-4540-bbfa-e4c49a2624a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXwfGigoAMFvBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a002-226c08656eeefbfa3c2dddb6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k9njnQmggD7UkVJzZqSzo90HJJjTjGK0QIoPU0HWYKrSstjM6s1rOw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:57:18 GMT
age: 83657
etag: "a7ca44d337c43bc5c6145b26778661c71cc50484"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17e1b6f3caa98b0e0972802408dd3f93
07e48bf3565e00d093d72dd4ada606f5d39a4838
7094ef64e04573bea7a81bbcc8ab59d721c5ef433e3fa9203e5861040ced549c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9285
x-amzn-requestid: 526bd945-31d8-490e-af9d-5e6fc6ea3561
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYT2HzvoAMFYYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0e5-6812fe4354bbdac4472e7e81;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QEH9CmjfV8QZFNxFz_tEk06i_ELUSNC2QjdTF4K3xc3vS651BZ3NlQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:52:28 GMT
age: 83947
etag: "07e48bf3565e00d093d72dd4ada606f5d39a4838"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f21b2cf82a09069961fb587420889904
4b30e18a5bfd6bf2206a54b34b4281ef457f53b9
f738769018f3a22475ead9dc026b8496406d3c6fd63be96b12beec251d54e739
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=94125
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 21:11:35 GMT
Etag: "63d1b934-118"
Expires: Fri, 27 Jan 2023 23:20:20 GMT
Last-Modified: Wed, 25 Jan 2023 23:20:20 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f21b2cf82a09069961fb587420889904
4b30e18a5bfd6bf2206a54b34b4281ef457f53b9
f738769018f3a22475ead9dc026b8496406d3c6fd63be96b12beec251d54e739
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=94125
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 21:11:35 GMT
Etag: "63d1b934-118"
Expires: Fri, 27 Jan 2023 23:20:20 GMT
Last-Modified: Wed, 25 Jan 2023 23:20:20 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 280
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/exit.png
66.195.197.18200 OK 525 B URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/exit.png
IP 66.195.197.18:0
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 7b53e9c6d14fab18765c748a00d43c93
afe0633605e88df340fa3e0238c315eec766fe2f
fdc34fd73310984f22db0235f635024c80a884c451322931892dd722567ceaaf
GET /templates/templates/mysterybox/files/exit.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:54 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "7b53e9c6d14fab18765c748a00d43c93"
content-type: image/png
content-length: 525
x-varnish: 153946990 151047454
age: 85902
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/box_c.png
66.195.197.18200 OK 8.8 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/box_c.png
IP 66.195.197.18:0
File type PNG image data, 241 x 184, 8-bit/color RGBA, non-interlaced\012- data
Hash 9b0b641f72293ea5bb5e43b8158b31a9
e04f96aac3e342f60df32c92ef54b9b316b1fb59
6b2c28e1e03c021256d67916384b83f706500edfa701080150d78bd9fab51bf2
GET /templates/templates/mysterybox/files/box_c.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:54 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "9b0b641f72293ea5bb5e43b8158b31a9"
content-type: image/png
content-length: 8814
x-varnish: 153946993 150532581
age: 85902
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/media/template-images/amazon-gifty/300x200.jpg
66.195.197.18200 OK 8.9 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/media/template-images/amazon-gifty/300x200.jpg
IP 66.195.197.18:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x188, components 3\012- data
Hash 84a8bbaca8417fd1e291aee2691f177a
de159352c056c3d0cf6ca2f597438c77d9e0be5d
efe3f366b51058a7e97b1960bc48874e8d39447aed0e898b9fbf694b9909b091
GET /media/template-images/amazon-gifty/300x200.jpg HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 26 Jan 2023 03:12:50 GMT
last-modified: Wed, 19 Oct 2022 20:31:23 GMT
etag: "84a8bbaca8417fd1e291aee2691f177a"
cache-control: max-age=604800
content-type: image/jpeg
content-length: 8850
x-varnish: 153850456 152061686
age: 64726
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/assets/box_o_t.png
66.195.197.18200 OK 2.4 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/assets/box_o_t.png
IP 66.195.197.18:0
File type PNG image data, 241 x 79, 8-bit colormap, non-interlaced\012- data
Hash fc33ce5887eb7b5a81b9377a68698114
bb99be3eac1dbe6ebec9a1e5f08b0f183b79a2c6
f9e2740fb819e3748066a670f88ad743cfc3068d5ce2a99fbd1fa731537f6127
GET /templates/templates/mysterybox/assets/box_o_t.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:56 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "fc33ce5887eb7b5a81b9377a68698114"
content-type: image/png
content-length: 2430
x-varnish: 153013034 150981867
age: 85900
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/media/template-images/amazon-gifty/300x200.jpg.png
66.195.197.18403 Forbidden 243 B URL HTTP/1.1 zd7bc.toconnectoffer.com/media/template-images/amazon-gifty/300x200.jpg.png
IP 66.195.197.18:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash bc08e303416da940c6f6d2b54bfafb2e
e472f9883d03b52fad7e8a320174dbbea3fe72c0
f4e2d0b305f7896f0efd0f06761aced06227ffeae45224453261c3dd08cbd5d3
GET /media/template-images/amazon-gifty/300x200.jpg.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Thu, 26 Jan 2023 03:12:49 GMT
x-varnish: 153820003 152061694
age: 64726
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/assets/box_o_b.png
66.195.197.18200 OK 3.4 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/assets/box_o_b.png
IP 66.195.197.18:0
File type PNG image data, 241 x 134, 8-bit colormap, non-interlaced\012- data
Hash 44da211f58be2b1f3aaa2aa3aa3055ed
59f5e9a8e6f5874a7521dec4fdd6878d7924bb75
ed16388bac328613e7ff4fa6933545b80a53cbcb528997e574a6f1b19f5aeeb2
GET /templates/templates/mysterybox/assets/box_o_b.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:21:35 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "44da211f58be2b1f3aaa2aa3aa3055ed"
content-type: image/png
content-length: 3394
x-varnish: 153343018 151260517
age: 85801
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/gift.gif
66.195.197.18200 OK 16 kB URL HTTP/1.1 zd7bc.toconnectoffer.com/templates/templates/mysterybox/files/gift.gif
IP 66.195.197.18:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash 573c467d7a0b1c4c009ba98927dfa335
78d9c7efaeed568b74f1e4d1b4eb67e51dbbb9f1
c4f1d8867d03d437694f1cac0c9df3a7f5006fb8df474023bfa1d78f88843ce8
GET /templates/templates/mysterybox/files/gift.gif HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:19:54 GMT
last-modified: Wed, 25 Jan 2023 20:29:51 GMT
etag: "573c467d7a0b1c4c009ba98927dfa335"
content-type: image/gif
content-length: 15606
x-varnish: 153946991 150532583
age: 85902
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/_common/js/service-workers/neptuneads/service-worker.js
66.195.197.18200 OK 90 B URL HTTP/1.1 zd7bc.toconnectoffer.com/_common/js/service-workers/neptuneads/service-worker.js
IP 66.195.197.18:0
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlFJM0s0SVJORkV4U3gvNDhQWmFIVHc9PSIsInZhbHVlIjoiVVVKOHlYRFgrelRZSE0va2VGWXhoa2R2aW50OVVSNS85YXdJS0VJNy8rSDJQM3pkbmcvSUEwQ1FSTDNNNXMvZUZYdlkyVEYvWGxvbHBHTmdsOGxpVWhRUFVPNW9Ja0t6YU5mZTdFMkYxVTE3K2ZtM0xRSXpHY1doYVY0SmFEd2MiLCJtYWMiOiIwMzcyYWRjMzgyMGY3NTAzYThiYWM5NDM2MjFhMmEyNTRjZTUxY2ZjM2M1MTcxYjkxOWU3YThlNWJkNjk0ZWU3IiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=41e43ea0-1d54-4991-bd0c-55b9400557f8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Wed, 25 Jan 2023 21:11:22 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 153637294 151162932
age: 86414
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/media/template-images/amazon-gifty/300x200.jpg.png
66.195.197.18403 Forbidden 243 B URL HTTP/1.1 zd7bc.toconnectoffer.com/media/template-images/amazon-gifty/300x200.jpg.png
IP 66.195.197.18:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash bc08e303416da940c6f6d2b54bfafb2e
e472f9883d03b52fad7e8a320174dbbea3fe72c0
f4e2d0b305f7896f0efd0f06761aced06227ffeae45224453261c3dd08cbd5d3
GET /media/template-images/amazon-gifty/300x200.jpg.png HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IlFJM0s0SVJORkV4U3gvNDhQWmFIVHc9PSIsInZhbHVlIjoiVVVKOHlYRFgrelRZSE0va2VGWXhoa2R2aW50OVVSNS85YXdJS0VJNy8rSDJQM3pkbmcvSUEwQ1FSTDNNNXMvZUZYdlkyVEYvWGxvbHBHTmdsOGxpVWhRUFVPNW9Ja0t6YU5mZTdFMkYxVTE3K2ZtM0xRSXpHY1doYVY0SmFEd2MiLCJtYWMiOiIwMzcyYWRjMzgyMGY3NTAzYThiYWM5NDM2MjFhMmEyNTRjZTUxY2ZjM2M1MTcxYjkxOWU3YThlNWJkNjk0ZWU3IiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=41e43ea0-1d54-4991-bd0c-55b9400557f8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Thu, 26 Jan 2023 03:12:49 GMT
x-varnish: 153946997 152061694
age: 64726
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
zd7bc.toconnectoffer.com/o/2XXQ6DLP/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/?push=true
66.195.197.18302 Found 0 B URL HTTP/1.1 zd7bc.toconnectoffer.com/o/2XXQ6DLP/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/?push=true
IP 66.195.197.18:0
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/f7e2b836-9dbd-11ed-8ff2-aff5a4145a63/?push=true HTTP/1.1
Host: zd7bc.toconnectoffer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IndHMzFZd21PQ0FVV1NSeVpOV0hVL0E9PSIsInZhbHVlIjoiTUtpNjl1MTJvWWhEa3JhbGNGTjMwRG5mc0xPdExZalh0eUZMQ1phSWRjNU8weWx4c2Z5WFVmWXRYUXprR3E4NWIvQUdobWVINDZTaklZSkJGYVFqQ1lReURoazZta1NHY0FJYVUwaVNvMy9PSzJoRWU3S3ZFZDdhaUxLbkY3M1AiLCJtYWMiOiI5ZjNiMjdlODhkYWEwNmU4M2IwMGQ3NTEwMDQ2M2MxNzIzNWYzMDBlYzJjMWEzNWFlMTc5NDhkYmE3YWE3ODIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
date: Thu, 26 Jan 2023 21:11:35 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=03ba3e72-9dbe-11ed-9e83-5ff84d1c5d0c&&push=true
x-redir: true
set-cookie: yredir_session=eyJpdiI6IlFJM0s0SVJORkV4U3gvNDhQWmFIVHc9PSIsInZhbHVlIjoiVVVKOHlYRFgrelRZSE0va2VGWXhoa2R2aW50OVVSNS85YXdJS0VJNy8rSDJQM3pkbmcvSUEwQ1FSTDNNNXMvZUZYdlkyVEYvWGxvbHBHTmdsOGxpVWhRUFVPNW9Ja0t6YU5mZTdFMkYxVTE3K2ZtM0xRSXpHY1doYVY0SmFEd2MiLCJtYWMiOiIwMzcyYWRjMzgyMGY3NTAzYThiYWM5NDM2MjFhMmEyNTRjZTUxY2ZjM2M1MTcxYjkxOWU3YThlNWJkNjk0ZWU3IiwidGFnIjoiIn0%3D; expires=Thu, 26 Jan 2023 23:11:35 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
172.64.128.25200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
IP 172.64.128.25:0
GET /javascripts/trackpush-v2-vapid.js?v=1&custom=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 21:11:35 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 3953
last-modified: Thu, 26 Jan 2023 20:05:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OevUcZrGU41mboQaSW79Y4Wo36CHgx1W7jYSoK%2FLRQFKuy3fD8Nsr8U823ZBn5LJqcvcHOuzgR%2FYRU7XM82OziG4crJBWsO1uyl3w%2BPdWfKAoB9JjjQOnpMUS1jaB3eybraVHV6JDH6eDZaNag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78fc3df0286b24d1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=03ba3e72-9dbe-11ed-9e83-5ff84d1c5d0c&&push=true
172.64.128.25200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=03ba3e72-9dbe-11ed-9e83-5ff84d1c5d0c&&push=true
IP 172.64.128.25:0
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=03ba3e72-9dbe-11ed-9e83-5ff84d1c5d0c&&push=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 21:11:35 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Thu, 26 Jan 2023 21:11:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dq8pIwM0Hh45HMYqWY1lgzgQLixphXFv4OJE6RezBRdklV1vM6nNYSDiFXYRanAZLNMrECPuaK50dwOKcXpIxuzS87xR%2BLodwbEYh%2F9MRW6mN2noa%2FTmQwt8zRIzLfsT5L9QF93IEhBnb%2Bi6lA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78fc3dee6d9624d1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2