7ktpj.bemobtracks.com/go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=3a81647a-0259-4887-8cf0-c5965e5728f7&osv=macOS%2010.15.7&isp=Chrome&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1OTczODk5IiwiaGFzaCI6IjViYmI2ZmJhODQ3YWJiODMzOTMxYWUxYjFmMzZjOTRjYzYyMWJkNGUifQ==&td=ss.redirectsstm.click&bemobdata=c=b0d24532-96f8-4bf6-921e-b70733b2740a..l=3a81647a-0259-4887-8cf0-c5965e5728f7..a=0..b=2..r=ss.redirectsstm.click
3.70.16.242302 Found 238 B URL HTTP/1.1 7ktpj.bemobtracks.com/go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=3a81647a-0259-4887-8cf0-c5965e5728f7&osv=macOS%2010.15.7&isp=Chrome&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1OTczODk5IiwiaGFzaCI6IjViYmI2ZmJhODQ3YWJiODMzOTMxYWUxYjFmMzZjOTRjYzYyMWJkNGUifQ==&td=ss.redirectsstm.click&bemobdata=c=b0d24532-96f8-4bf6-921e-b70733b2740a..l=3a81647a-0259-4887-8cf0-c5965e5728f7..a=0..b=2..r=ss.redirectsstm.click
IP 3.70.16.242:0
File type HTML document, ASCII text, with no line terminators
Hash 6d5194def313d8b877d7dbdda1ee7278
1499402fa91a4bc411fda5b880884b99fa7b25c3
da354969c9f5a382c95b1207db76454f96dda2c479615d3b38cec2c0134ae72f
GET /go/75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3?ts=08e29a07-b84a-41cf-a9c0-1cb114072fbc&camp=&zone=&landid=3a81647a-0259-4887-8cf0-c5965e5728f7&osv=macOS%2010.15.7&isp=Chrome&tid=08e29a07-b84a-41cf-a9c0-1cb114072fbc&key=eyJ0aW1lc3RhbXAiOiIxNjc1OTczODk5IiwiaGFzaCI6IjViYmI2ZmJhODQ3YWJiODMzOTMxYWUxYjFmMzZjOTRjYzYyMWJkNGUifQ==&td=ss.redirectsstm.click&bemobdata=c=b0d24532-96f8-4bf6-921e-b70733b2740a..l=3a81647a-0259-4887-8cf0-c5965e5728f7..a=0..b=2..r=ss.redirectsstm.click HTTP/1.1
Host: 7ktpj.bemobtracks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: openresty
Date: Thu, 09 Feb 2023 20:18:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 238
Connection: keep-alive
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
Access-Control-Allow-Origin: *
Location: https://cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=WfbZiG9crKYPkyXxM1A7iZ
Set-Cookie: bemob-uniq-visit:75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3=1; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Fri, 10 Feb 2023 20:18:38 GMT; HttpOnly
bemob-rotation:75ef24d0-aa3e-4f3b-86d4-929dd1c8dad3:random:e59840d95b1a632cb6ff2b38396af467=0-0-5; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Fri, 10 Feb 2023 20:18:38 GMT; HttpOnly
bemob-click-id=WfbZiG9crKYPkyXxM1A7iZ; Domain=7ktpj.bemobtracks.com; Path=/; Expires=Fri, 10 Feb 2023 20:18:38 GMT; HttpOnly
Vary: Accept
X-Response-Time: 8.236ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84247d80b610d0c6da587141b21323ae
46461f8709d099f5295998f41aaafa5be4387ea6
bee5e9e0d7b4a24609950ceb40194bffb482c36152d376bb119e7cc3aba488dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BEE5E9E0D7B4A24609950CEB40194BFFB482C36152D376BB119E7CC3ABA488DC"
Last-Modified: Thu, 09 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10636
Expires: Thu, 09 Feb 2023 23:15:54 GMT
Date: Thu, 09 Feb 2023 20:18:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 408d1564e8f59e6626e41be4106ce2e6
4149a1f17e8f7c446e7aa4963f3a49b6a00b6164
46e2e79c7977854058dec9cde88f963dd498dd235c3bb15b39a9e5ce1027d7fe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E2E79C7977854058DEC9CDE88F963DD498DD235C3BB15B39A9E5CE1027D7FE"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13910
Expires: Fri, 10 Feb 2023 00:10:28 GMT
Date: Thu, 09 Feb 2023 20:18:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 19:34:16 GMT
content-type: application/json
age: 2662
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 50a2f8cdbbd1059f5318753155bba7ef
405e63ea4683be44f876feae34b5cb645ff751f2
f6ac743a5a17d64d2858fec5791050d2dc8074ddd823826c93e67bffdb2f0868
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6AC743A5A17D64D2858FEC5791050D2DC8074DDD823826C93E67BFFDB2F0868"
Last-Modified: Thu, 09 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12498
Expires: Thu, 09 Feb 2023 23:46:56 GMT
Date: Thu, 09 Feb 2023 20:18:38 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: W5cHzpL8bmKdeQHTZ78Kgdj8ubLRbGZkgVjHxdyIIEmHZnfS+p/Ay/niMMnZpLvGW/PjUjXiFdX327nJePmePQ==
x-amz-request-id: ATK9J87HQ22R940E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 19:36:29 GMT
age: 2529
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:18:39 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 7b7370a579c499cb71ad03d14fd18192
4ae55631734bf5ce1f87d1a2a1059e00508f3c91
5444c403ab580f6c3df580145438eed0220d078cf712de431d2b6b69aba014aa
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 09 Feb 2023 20:18:39 GMT
Etag: "63e3f9d9-1d7"
Last-Modified: Thu, 09 Feb 2023 19:50:40 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IFhTBtPFLIZhKBtU6UCDXmbX_1D5E3auAqAwuhQYYB62SAk9R4_iLQ==
Age: 1680
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 20:14:53 GMT
age: 226
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10708
Expires: Thu, 09 Feb 2023 23:17:07 GMT
Date: Thu, 09 Feb 2023 20:18:39 GMT
Connection: keep-alive
push.services.mozilla.com/
35.155.255.170101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.255.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0DpasyZ2qAnV7FqvL1poVA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZgjGnVyFtujJy9/tmasYZtn1SCg=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 07134c7b4226ae1b86f700a1458e7937
432c328b5a358d9416bd240708c122a66d26c66b
043de5dc370e0ae7b5747cc95a4bb0036f6c0381144c90a41ffeb8ba3f3d5ccb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "043DE5DC370E0AE7B5747CC95A4BB0036F6C0381144C90A41FFEB8BA3F3D5CCB"
Last-Modified: Tue, 07 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12053
Expires: Thu, 09 Feb 2023 23:39:33 GMT
Date: Thu, 09 Feb 2023 20:18:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10986
Expires: Thu, 09 Feb 2023 23:21:47 GMT
Date: Thu, 09 Feb 2023 20:18:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10986
Expires: Thu, 09 Feb 2023 23:21:47 GMT
Date: Thu, 09 Feb 2023 20:18:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10986
Expires: Thu, 09 Feb 2023 23:21:47 GMT
Date: Thu, 09 Feb 2023 20:18:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d7814305f961caded310b6f2089219b
efcb6a067bb023865823625e67d9de60d44685e0
3c01637a052e2394774fc8f6dd37a284afaf76b423219ecd26a89c2d8b69c121
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9846
x-amzn-requestid: 4e6cc2be-bc18-4d66-b338-833a05d0d998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsaDlGV4oAMFoZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3d49-14fc32183d3c6afb3a64c27d;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 04:34:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BNBH60bI_wBqaKAFD_FeZHbzfIeJh9-x-JiMsF0Uh9pxKHFPdAH6Vw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:02:08 GMT
age: 80193
etag: "efcb6a067bb023865823625e67d9de60d44685e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y-1zzLzVegi0T-SAyTpUuFD6iVVYbuL5u71dc74BY2l7PrxVu-am5w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
age: 81844
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnbG_CYddidhGlygFinwMyN81eHxP_vRzxsm7QBIAJzFqwaKTt-POQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:44 GMT
age: 81837
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 764b732e88dd1e9c1824529b24b3dffc
2ba954a51c2972b267ae0536e343e608aa9aa7f4
a1efdf03b14bb05cf8e407b92476592c35fa2d27c5e66705322abdb4c6412a06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8150
x-amzn-requestid: 3834493a-4162-4cc9-b67c-541cc9be895b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8IH0TIAMFWqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb380-3746ff7b0a6894366efa848e;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I3qmC4D6qdsheK8VO3oKbPDU7XV1r9_XEPMcExKnvATDkVUsJHjHbg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 01:59:42 GMT
age: 65939
etag: "2ba954a51c2972b267ae0536e343e608aa9aa7f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0c5e12696e3ee13041d043084828210
c48927fb23f59e0949d388086c197699c8f19d1b
47838e958555ff6799d4d1d3994913943726daba5294cd89afe9036628ef6fdb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: fa797448-32c3-4438-a192-5291c48b1d85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKFq9oAMFgog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-46ff32923a2763b45a5194f4;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2olwTLHKbCas7GcQiRz22bk_I646VcTxN3Yv_ObBVgeGC0l73GNh8A==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "c48927fb23f59e0949d388086c197699c8f19d1b"
content-type: image/jpeg
age: 81844
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b11f9f70f5e8af4de6d9fc5b9f50ccbe
753cb08c3f8c7c0750d113253790a08db01986bc
d4b77ba995ea274fd169fc9bc66919b23e72a8edb88d6184bf3d7f3ab398c645
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11036
x-amzn-requestid: 4bd4976c-9500-4d6d-a447-dd2873987d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswexHCYIAMFzag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-61d430202cbbf52823f38c49;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1mDt4mKlkZG2_zBPhwB_lbzJ0Im0FlnjmJMa7gcopuv14gwqtwlA2w==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
age: 81844
etag: "753cb08c3f8c7c0750d113253790a08db01986bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=WfbZiG9crKYPkyXxM1A7iZ
63.33.9.29302 Found 961 B URL HTTP/2 cddtsecure.com/?a=43588&c=318080&co=91932&mt=18&s2=WfbZiG9crKYPkyXxM1A7iZ
IP 63.33.9.29:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash f85628bab24e6dc4347f3014cdcba3c0
25ff72a4a2dbf70850a8511a49e4578969523c24
34ff88adfdc07a7a57b64f746dec17a092cf8af78d245d972b88cce478583863
GET /?a=43588&c=318080&co=91932&mt=18&s2=WfbZiG9crKYPkyXxM1A7iZ HTTP/1.1
Host: cddtsecure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 09 Feb 2023 20:18:39 GMT
content-type: text/html;charset=ISO-8859-1
location: https://ujn.nowsubmission.com//?kw=43588&s1=d924bc89c04c4eb9b9d964f781d768871e1bf&s2=
server: nginx
set-cookie: gdm_click_freq_v1_1_001=bfK8z5UDo04kDjzc8YCbxknFoLeCFS+FQbPB29aeug7vYxPGpYyQoAI1/pz2B0EL; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/
gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/; Secure; SameSite=None
gdm_click_adv_freq_v2_1_001=B6XtSNf0/Fok3GcB4BTdMlXZgS+DYfVPtV2Uyz9yibYGTOoyMfhc/lUS/HtEH5m6; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/; Secure; SameSite=None
gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/
gdm_click_freq_v2_1_001=bfK8z5UDo04kDjzc8YCbxknFoLeCFS+FQbPB29aeug7vYxPGpYyQoAI1/pz2B0EL; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/; Secure; SameSite=None
gdm_click_adv_freq_v1_1_001=B6XtSNf0/Fok3GcB4BTdMlXZgS+DYfVPtV2Uyz9yibYGTOoyMfhc/lUS/HtEH5m6; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/
gdm_sid_v1_3_001=c80XQx/jm7un6jDbHxHdIcw1//hXIo3YRlZ98cMxho72+fxEHR69cQe2gLbMGrifAXzmzAkC1xaoZ5YIiyR+OYLKhcPFdvcaaQf8nmhcl2UYA7jm6C424//TlZAWbCPOrWwQTHp6aVkW5uruS1W54TpVbftdgR8v1MCPEmSjM30qrdiilTxwtY0npRtu2QEKvZ8G3GZytn+ou6MgGZFNUUA1YeqhZ3ZX2OSTZel0M+mCpXpLRRHX2/wqzIjbFCBEkVZpcyo8sdayL+z2xgc5Zt5vmEpn8DJbY5TmS8HnIKEWQLdVACNByCEZHZSCW1+xR1S2ijZRHloTofv5EUsJi1UAvKSge7xNUhVuAVVF8cByAk6bzpcXIeVU+/tnl2BbVs/mwgwGqg73JV396QfAQhbN91Nq1zXEPbvXjkmNiJ8pZD4kS7qhTupNYDrheFUDMsTIbPkJFWkDCztcMeIK/Tz1XTJVG8GPnW809qcaZO2RTsDB76v16MT+0SQqrozpLFK+cnAMVRfuwMeFoZLCb/Uvnyxqsm4lv/3Bd/ExZ5VSvEwrcdgU5e9rGyONkbzDI0qoCd0XtSTaShll2hbX7bDrZ9wOs5A3yXKyv+YzSAQB/OhEPLRZbh6sd3+1Q9Ylt1LhAtRWq6K4ys59tmgqVy7hfzGZibGOOMiKEhaXMYHLX5p3ec1TOjQie1tRZeMQIKLz3YvuQ1xR5BpXiecSjHcJCATZevbJ2oBzkiqL+qALPvMyaPK0ORbJfRamdUpz1sWM/LdH67IjuyplDny/YDTawYok7p2sCH9QfXph3fmZxv2aRKJrJBibEgBNBE7kglUP2WymDVHyTG2YfT6n1ZimF4NXAoxLyw9g45wmA9P5E0Ig/zG4dgWb4/VUA/dZNGD4ORiITyc+w6LPsUtX6p9tWwBHFsZ2bhM3taQIiOPjEMVAYLIbBzOz2XT1RtPIue08mMJKtZ7ymLAPQyTLOKIFwuEAT2lEvcpt3KiIsPkzfhALVgWrXHBBuu07MWf7//70xcd+r9Jxa21ECjxfMQ==; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/
gdm_sid_v2_3_001=c80XQx/jm7un6jDbHxHdIcw1//hXIo3YRlZ98cMxho72+fxEHR69cQe2gLbMGrifAXzmzAkC1xaoZ5YIiyR+OYLKhcPFdvcaaQf8nmhcl2UYA7jm6C424//TlZAWbCPOrWwQTHp6aVkW5uruS1W54TpVbftdgR8v1MCPEmSjM30qrdiilTxwtY0npRtu2QEKvZ8G3GZytn+ou6MgGZFNUUA1YeqhZ3ZX2OSTZel0M+mCpXpLRRHX2/wqzIjbFCBEkVZpcyo8sdayL+z2xgc5Zt5vmEpn8DJbY5TmS8HnIKEWQLdVACNByCEZHZSCW1+xR1S2ijZRHloTofv5EUsJi1UAvKSge7xNUhVuAVVF8cByAk6bzpcXIeVU+/tnl2BbVs/mwgwGqg73JV396QfAQhbN91Nq1zXEPbvXjkmNiJ8pZD4kS7qhTupNYDrheFUDMsTIbPkJFWkDCztcMeIK/Tz1XTJVG8GPnW809qcaZO2RTsDB76v16MT+0SQqrozpLFK+cnAMVRfuwMeFoZLCb/Uvnyxqsm4lv/3Bd/ExZ5VSvEwrcdgU5e9rGyONkbzDI0qoCd0XtSTaShll2hbX7bDrZ9wOs5A3yXKyv+YzSAQB/OhEPLRZbh6sd3+1Q9Ylt1LhAtRWq6K4ys59tmgqVy7hfzGZibGOOMiKEhaXMYHLX5p3ec1TOjQie1tRZeMQIKLz3YvuQ1xR5BpXiecSjHcJCATZevbJ2oBzkiqL+qALPvMyaPK0ORbJfRamdUpz1sWM/LdH67IjuyplDny/YDTawYok7p2sCH9QfXph3fmZxv2aRKJrJBibEgBNBE7kglUP2WymDVHyTG2YfT6n1ZimF4NXAoxLyw9g45wmA9P5E0Ig/zG4dgWb4/VUA/dZNGD4ORiITyc+w6LPsUtX6p9tWwBHFsZ2bhM3taQIiOPjEMVAYLIbBzOz2XT1RtPIue08mMJKtZ7ymLAPQyTLOKIFwuEAT2lEvcpt3KiIsPkzfhALVgWrXHBBuu07MWf7//70xcd+r9Jxa21ECjxfMQ==; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/; Secure; SameSite=None
gdm_uid_v2_1_001=jZdEwnaMLCcGxSMLdTcA2HQ9y6ivXjn1NTd35wR+1HsRTdvZTru7fEzmNAoMJUxC; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/; Secure; SameSite=None
gdm_uid_v1_1_001=jZdEwnaMLCcGxSMLdTcA2HQ9y6ivXjn1NTd35wR+1HsRTdvZTru7fEzmNAoMJUxC; Domain=.cddtsecure.com; Expires=Wed, 10-May-2023 20:18:39 GMT; Path=/
content-language: en-US
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
X-Firefox-Spdy: h2
ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
179.61.143.121200 OK 3.5 kB URL HTTP/1.1 ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 89ab6a0a1271f1bc5b7db54f38a39e8c
c2fb1979fdc5df060dc0b1bb1c6f23f672c5b9fb
6777d9e50c0b86e5f7123be1a7732d9be25273fc22e42ce5bbabee7f7c5afd13
Analyzer Verdict Alert fortinet Phishing
GET /t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7 HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6IkQvSThVeEpUU011c2Q1bGl4ckQwN1E9PSIsInZhbHVlIjoiLzgzckdodDVRWU9raVRyck9hck8zNjEwaEIvZ3RCMmRkeVh1ZXdBazhzVXQzQ2Q1WnpEVGNGNDlkR3JFN2xBeDZTWGtEdCtXNjhUMGcvSXVYWkozOXJxckFmWWVEemtzWkJlTC9uWE1sK3VDWmdIanp5V0hNcWpKa0N2OFBMSnEiLCJtYWMiOiJmZDZhYTE5MzMxYmQwM2JiZTEwMGU3ZGZlZDYyZGJkNTVkOTVhNzFjOTMwODcxYmU2ZTMwYTg2Y2ExYmU1NGMwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Thu, 09 Feb 2023 20:18:42 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
service-worker-allowed: /
cache-control: no-cache, private
x-redir: true
set-cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D; expires=Thu, 09 Feb 2023 22:18:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
content-encoding: gzip
strict-transport-security: max-age=15768000
code.jquery.com/jquery-1.11.3.min.js
69.16.175.10200 OK 33 kB URL HTTP/2 code.jquery.com/jquery-1.11.3.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32038)
Hash 1c8acbf5f411ace3b76578a1fd1a603e
b1bbee9db24d885c25afd2e5a7720e4f79b6b991
e37464521b5447580a641b775ddb258a76f3bc7a3ca5a34eb452b12908b350a9
GET /jquery-1.11.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:18:42 GMT
content-encoding: gzip
content-length: 33261
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-176d5"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675973922.dop016.sk1.t,1675973922.cds220.sk1.hn,1675973922.cds216.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 764f6498bfc9fce44fcfaca97119697f
d285cc1f81ca9f23891ff68c2380e0f9e9e96e0c
8d1b5c3b41446c6b296d3a8c96bfdfca8f1a68cc8aa2008ea1b86a8194281f5e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:18:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 764f6498bfc9fce44fcfaca97119697f
d285cc1f81ca9f23891ff68c2380e0f9e9e96e0c
8d1b5c3b41446c6b296d3a8c96bfdfca8f1a68cc8aa2008ea1b86a8194281f5e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:18:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
142.250.74.170200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32072)
Hash d38e2944bbc9ae54b8947a2bd0b9a932
782a825679b248d38979c2d7ecae257873344437
65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32954
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 15:56:41 GMT
expires: Sat, 03 Feb 2024 15:56:41 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 534121
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
142.250.74.74200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700
IP 142.250.74.74:0
Hash 85ec3a1a1fcce4072cc0ad3010deb58b
fbbb862f48fbaf0e86f426fef83ca23989e3e503
943f844e294eb5b1e062aa10d259e21ed6356f4cadbeb2b41aaefddbb1111261
GET /css?family=Roboto+Condensed%7COpen+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 Feb 2023 20:18:42 GMT
date: Thu, 09 Feb 2023 20:18:42 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 764f6498bfc9fce44fcfaca97119697f
d285cc1f81ca9f23891ff68c2380e0f9e9e96e0c
8d1b5c3b41446c6b296d3a8c96bfdfca8f1a68cc8aa2008ea1b86a8194281f5e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:18:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
179.61.143.121200 OK 25 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
Hash bc84bd3caee9a7b227a5054179477e02
bc1b53ceedb9b91f4d4bec2037126b4d05c20912
d86b239f3ad7fc29593df1655848824493b2299a203c9be2f67adae10f94309e
GET /templates/templates/spin-casino_MASTER/css/style.css HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:33:49 GMT
last-modified: Tue, 07 Feb 2023 12:00:07 GMT
etag: "bc84bd3caee9a7b227a5054179477e02"
content-type: text/css
content-length: 25401
x-varnish: 1202466 65570
age: 114294
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 69caa4a765bc86c2f527858968a23e72
0cd0541cac422e1df0f84e7b9fb11e211cca3688
e41109e26d7bc65a53e43a45ca7cd1ed0f617257bb27269c91d40ffef95068e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=97225
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:18:43 GMT
Etag: "63e42dec-117"
Expires: Fri, 10 Feb 2023 23:19:08 GMT
Last-Modified: Wed, 08 Feb 2023 23:19:08 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 69caa4a765bc86c2f527858968a23e72
0cd0541cac422e1df0f84e7b9fb11e211cca3688
e41109e26d7bc65a53e43a45ca7cd1ed0f617257bb27269c91d40ffef95068e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=97225
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:18:43 GMT
Etag: "63e42dec-117"
Expires: Fri, 10 Feb 2023 23:19:08 GMT
Last-Modified: Wed, 08 Feb 2023 23:19:08 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:18:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ujn.nowsubmission.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 15:42:36 GMT
expires: Wed, 07 Feb 2024 15:42:36 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
age: 189367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:18:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay.png
179.61.143.121200 OK 19 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash a3f2c95451c2201b26033d755a0164c9
f150487dacf8607e49c31abebaf034e34ef8e8aa
bd03836c50a13a9d0c5868a5656f4112f69909cc52c50ca21de772da164e13a2
GET /templates/templates/spin-casino_MASTER/images/overlay.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:34:01 GMT
last-modified: Tue, 07 Feb 2023 12:00:07 GMT
etag: "a3f2c95451c2201b26033d755a0164c9"
content-type: image/png
content-length: 18661
x-varnish: 1202469 23
age: 114282
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif
179.61.143.121200 OK 23 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type GIF image data, version 89a, 500 x 150\012- data
Hash f79f189bde401dfac7723f7c963d0ef8
83530e9d6248767d661c4996c14414621c857ed6
bdc936e847facab60f4b4a9153dc8145ebccdeca49becc4cd684e007cd0459ca
GET /templates/templates/spin-casino_MASTER/images/gratorama-progjackpot-v3.gif HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/css/style.css
Cookie: yredir_session=eyJpdiI6ImxzV1hKWStEZkNHcEZGaGhJVUZDMmc9PSIsInZhbHVlIjoiODJCRFZSbzFCaDN4c0U2bnM0eU4yWFpvUVlnK0JWK3UzNDNPQ09aVlR3akdGMjc4UGJHeDNFcHVGSEw0eTlhV3JXZHVvQ05XaFNsU1VXT29Pc2dPUWZPb3NYM3FhR2NVOVA4Q3ltWGtZZUdrRXlqVVlneGdZcGRZdi9wYm9CMlkiLCJtYWMiOiJmODU2YmIxNTk5NWRjZmM0ZDE5MzgxMjViZTRhNjAyY2I1NTE4ODliNzI1YmFhMTg4YWU2YzVlNGJiNDBhZmRkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:34:02 GMT
last-modified: Tue, 07 Feb 2023 12:00:07 GMT
etag: "f79f189bde401dfac7723f7c963d0ef8"
content-type: image/gif
content-length: 23095
x-varnish: 1345256 98333
age: 114282
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay2.png
179.61.143.121200 OK 19 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/overlay2.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 300 x 325, 8-bit/color RGBA, non-interlaced\012- data
Hash 90f8155b00c6e9ec624a12e8a67bd264
fbf3b21af8cc2c2d44879f19f5893dbe696113f1
677aebad5741b57c1a3a51f8a65cd295a7aae1d656958313a882ef199f046418
GET /templates/templates/spin-casino_MASTER/images/overlay2.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:34:01 GMT
last-modified: Tue, 07 Feb 2023 12:00:07 GMT
etag: "90f8155b00c6e9ec624a12e8a67bd264"
content-type: image/png
content-length: 18646
x-varnish: 1202470 163904
age: 114282
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/loader.gif
179.61.143.121200 OK 2.9 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/loader.gif
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type GIF image data, version 89a, 128 x 15\012- data
Hash 35de537ece3bfee3ab3f7af4c19e2151
9139201df5d36e1b2b9a8a6566683c95a49e0006
2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5
GET /templates/templates/spin-casino_MASTER/images/loader.gif HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:34:02 GMT
last-modified: Tue, 07 Feb 2023 12:00:07 GMT
etag: "35de537ece3bfee3ab3f7af4c19e2151"
content-type: image/gif
content-length: 2892
x-varnish: 1202472 163907
age: 114282
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
179.61.143.121200 OK 90 B URL HTTP/1.1 ujn.nowsubmission.com/_common/js/service-workers/neptuneads/service-worker.js
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type ASCII text, with no line terminators
Hash 1060884cf64d39c3fb28309d83ead97c
6c370dffa201da316e7dc11ff7ac7fec556a1273
d299b7fe0f0da619c1a2c016f631cf004b8a7f92fdb0104dfb6fc0ab03105123
Analyzer Verdict Alert fortinet Phishing
GET /_common/js/service-workers/neptuneads/service-worker.js HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: yredir_session=eyJpdiI6ImxzV1hKWStEZkNHcEZGaGhJVUZDMmc9PSIsInZhbHVlIjoiODJCRFZSbzFCaDN4c0U2bnM0eU4yWFpvUVlnK0JWK3UzNDNPQ09aVlR3akdGMjc4UGJHeDNFcHVGSEw0eTlhV3JXZHVvQ05XaFNsU1VXT29Pc2dPUWZPb3NYM3FhR2NVOVA4Q3ltWGtZZUdrRXlqVVlneGdZcGRZdi9wYm9CMlkiLCJtYWMiOiJmODU2YmIxNTk5NWRjZmM0ZDE5MzgxMjViZTRhNjAyY2I1NTE4ODliNzI1YmFhMTg4YWU2YzVlNGJiNDBhZmRkIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=e1be2171-c87e-2327-691a-e57aac9ab33a
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:33:35 GMT
last-modified: Fri, 20 May 2022 14:50:35 GMT
etag: "1060884cf64d39c3fb28309d83ead97c"
content-type: application/javascript
content-length: 90
service-worker-allowed: /
x-varnish: 1345257 65539
age: 114309
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/favicon.ico
179.61.143.121403 Forbidden 243 B URL HTTP/1.1 ujn.nowsubmission.com/favicon.ico
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type XML 1.0 document text\012- XML document, ASCII text
Hash ea8de93d06c6a354449d0f337a427519
a4d5a1f2c1a9a8d30c58a772f44dba703b419a18
3395d18c1da2859d4ab45ad2d7f5fe2ba080dab5a73bc5b667315d7d7c5c571e
GET /favicon.ico HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImxzV1hKWStEZkNHcEZGaGhJVUZDMmc9PSIsInZhbHVlIjoiODJCRFZSbzFCaDN4c0U2bnM0eU4yWFpvUVlnK0JWK3UzNDNPQ09aVlR3akdGMjc4UGJHeDNFcHVGSEw0eTlhV3JXZHVvQ05XaFNsU1VXT29Pc2dPUWZPb3NYM3FhR2NVOVA4Q3ltWGtZZUdrRXlqVVlneGdZcGRZdi9wYm9CMlkiLCJtYWMiOiJmODU2YmIxNTk5NWRjZmM0ZDE5MzgxMjViZTRhNjAyY2I1NTE4ODliNzI1YmFhMTg4YWU2YzVlNGJiNDBhZmRkIiwidGFnIjoiIn0%3D; _NeptuneAdsPushSubscriberID=e1be2171-c87e-2327-691a-e57aac9ab33a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 403 Forbidden
content-type: application/xml
date: Wed, 08 Feb 2023 12:33:34 GMT
x-varnish: 1345261 6
age: 114309
via: 1.1 varnish (Varnish/7.0)
content-length: 243
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
179.61.143.121200 OK 171 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size 171 kB (171408 bytes)
Hash 276c26514be610b5c6fa413756b33671
43c532ff2dc2ce6ed8360fc5d05116b222036e4b
453150bf90ff9debe217f3734a4d3cf4bf6ed9017635d4f2d867096132ad4e28
GET /templates/templates/spin-casino_MASTER/images/kr_reel.fs8.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:40:40 GMT
last-modified: Tue, 07 Feb 2023 12:00:07 GMT
etag: "276c26514be610b5c6fa413756b33671"
content-type: image/png
content-length: 171408
x-varnish: 1202467 295323
age: 113883
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin2.png
179.61.143.121200 OK 88 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin2.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash f12f850a9ec2daa0b2dbb07e11252122
012a03ac053a0367ef9cdb76685a77d61f3d8a22
ada8eb4421bf605c058c123aa95bd5e4590b4507c68809f563c921e4db31ea8a
GET /templates/templates/spin-casino_MASTER/images/spin2.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:34:02 GMT
last-modified: Tue, 07 Feb 2023 12:00:07 GMT
etag: "f12f850a9ec2daa0b2dbb07e11252122"
content-type: image/png
content-length: 88130
x-varnish: 1202477 262146
age: 114283
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin1.png
179.61.143.121200 OK 85 kB URL HTTP/1.1 ujn.nowsubmission.com/templates/templates/spin-casino_MASTER/images/spin1.png
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
File type PNG image data, 639 x 479, 8-bit/color RGBA, non-interlaced\012- data
Hash 827076646858c6cc499ec675c45b147d
4b6bf3459af50ba8db76d31f9dc3876b50a4c5fe
bc50750cd41cbabc77efc8143fb1b210c983a23e5c954b65b02562958b922e63
GET /templates/templates/spin-casino_MASTER/images/spin1.png HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Wed, 08 Feb 2023 12:34:02 GMT
last-modified: Tue, 07 Feb 2023 12:00:07 GMT
etag: "827076646858c6cc499ec675c45b147d"
content-type: image/png
content-length: 85123
x-varnish: 1257899 229379
age: 114282
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
strict-transport-security: max-age=15768000
ujn.nowsubmission.com/o/2XXQ6DLP/f1d9460e-a8b6-11ed-b278-df77c73e25d1/?push=true
179.61.143.121302 Found 0 B URL HTTP/1.1 ujn.nowsubmission.com/o/2XXQ6DLP/f1d9460e-a8b6-11ed-b278-df77c73e25d1/?push=true
IP 179.61.143.121:0
ASN #61317 Ipxo Uk Limited
Analyzer Verdict Alert fortinet Phishing
GET /o/2XXQ6DLP/f1d9460e-a8b6-11ed-b278-df77c73e25d1/?push=true HTTP/1.1
Host: ujn.nowsubmission.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/t/8f0d93c8664e/f1d9460e-a8b6-11ed-b278-df77c73e25d1/f1dd06b8-a8b6-11ed-bb48-9fec0b901fb7
Cookie: yredir_session=eyJpdiI6ImNqMmd2QkNQNkpkM2NWazNEQitvU0E9PSIsInZhbHVlIjoibmU0S2t5ZzU0eGQ4bGZnc0R1VmdDSHp0VlUxSTZmcUF6U2hLUFV4Rjc5bTFxZTA3MW5ac3gxbHFsWmJWTUNlWVY4YWlvdnQ3ZDNzaU9iK1J6RTZEbERIYXZoL2prZnpwNlZ1amNjTkh5NVJUT0loWWppUGw4djNkSnhudnlabkgiLCJtYWMiOiI5NjUzOGVmMDQ2MDI4MTM0MDM5MTVhODVmZGEwNDJmNTEyYzY3MjVhMGNlZmE1ZGUwYjFkNzAwOWI1MjlhZTg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
date: Thu, 09 Feb 2023 20:18:42 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
cache-control: no-cache, private
location: https://pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=f2d1862a-a8b6-11ed-9236-817ef68b785b&&push=true
x-redir: true
set-cookie: yredir_session=eyJpdiI6ImxzV1hKWStEZkNHcEZGaGhJVUZDMmc9PSIsInZhbHVlIjoiODJCRFZSbzFCaDN4c0U2bnM0eU4yWFpvUVlnK0JWK3UzNDNPQ09aVlR3akdGMjc4UGJHeDNFcHVGSEw0eTlhV3JXZHVvQ05XaFNsU1VXT29Pc2dPUWZPb3NYM3FhR2NVOVA4Q3ltWGtZZUdrRXlqVVlneGdZcGRZdi9wYm9CMlkiLCJtYWMiOiJmODU2YmIxNTk5NWRjZmM0ZDE5MzgxMjViZTRhNjAyY2I1NTE4ODliNzI1YmFhMTg4YWU2YzVlNGJiNDBhZmRkIiwidGFnIjoiIn0%3D; expires=Thu, 09 Feb 2023 22:18:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=15768000
pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=f2d1862a-a8b6-11ed-9236-817ef68b785b&&push=true
172.64.128.25200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=f2d1862a-a8b6-11ed-9236-817ef68b785b&&push=true
IP 172.64.128.25:0
GET /tracker-v2-vapid.js?aff_id=1163&custom=v2&s2=f2d1862a-a8b6-11ed-9236-817ef68b785b&&push=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ujn.nowsubmission.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:18:43 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: MISS
last-modified: Thu, 09 Feb 2023 20:18:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tL2hru2vrBC9XM1s7QX1J4jB6azOh2%2FvGs5Ix5swFpib71ITDWJKhFg3AbKFRYqhHZE9XEhdJgJ17SYaC62QnC8X64gE%2FEjJ739mQ4wASxqHnf1vQIfm7TuS1arKR3k16fZBlRA08Y3oNuwYtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f4bbd6faf75dd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
172.64.128.25200 OK 0 B URL HTTP/2 pushrev.neptuneadspush.com/javascripts/trackpush-v2-vapid.js?v=1&custom=true
IP 172.64.128.25:0
GET /javascripts/trackpush-v2-vapid.js?v=1&custom=true HTTP/1.1
Host: pushrev.neptuneadspush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ujn.nowsubmission.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:18:43 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 6359
last-modified: Thu, 09 Feb 2023 18:32:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gewi%2BAwHg1eGN1oBCPV6JVkemmgD10Pd97zRzYryqd4e76ZMboe3wGkddpnYUdjVCaNLkXPt3qhDsFV3gCSstB0JWY2ypP6fLj%2BnW18eLU8vNJXQzcL%2BXoR8kadd1lyREzvue9N0UudoRm3%2B4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f4bbf3a1875dd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2