furned-mashorses.com/aa76ed61-3e33-48f7-9994-24523785fb7f
18.193.235.10302 0 B URL HTTP/1.1 furned-mashorses.com/aa76ed61-3e33-48f7-9994-24523785fb7f
IP 18.193.235.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aa76ed61-3e33-48f7-9994-24523785fb7f HTTP/1.1
Host: furned-mashorses.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: 0c656ec7-c408-4933-b2cc-7340fd176163-v4=qyJWwbQvH81_h4GOVO6MHgbQBskuflRWgUL6SKYuuQI; cc-v4=ib4o1%2F1vWMtc8k8yXB62WPv%2FM7Dy3N4%2FJjMef2uMmZp4AygAxf3vjS7GmZPfJklODGgjyK4MSr6TlM2ukqQ9hM%2BMD3fPOw0oTKRS%2FRJnKkh51CX%2F8wGbSmoO1sbc4S4yfI6E9H8Y2sRzng4filTyyg%3D%3D
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Thu, 09 Feb 2023 11:05:58 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
Pragma: no-cache
Set-Cookie: aa76ed61-3e33-48f7-9994-24523785fb7f-v4=6_0QiSlOHFdkynYQb9F_YTUTsgTgruIhTyZCYmgYgo8; Max-Age=86400; Expires=Fri, 10-Feb-2023 11:05:58 GMT; Domain=furned-mashorses.com; Path=/; HttpOnly
cep-v4=RjBJeFD7favEvplI3r1KNgCxN4zmDNIO_ktPU96rExKzhoMefoOT4a0htXSyZtVOyqFO0cO2yFQ2aa7gcUxitan9xovgfVd7hIEIQ5SLoa5yF2voQy05xmKx2RuAgQuAndce1iVNPNx8s83_hSyZMzenHGaqZ81GrxVYtIErk70rOxm8o_G9t3AwZfjv-SEHoMmSO8B1dLGF538KPMsRSTQMDZttzpc5MYTM7PN2OilRymXOlFwWjp1rm87hZEb60souG6KEa6AGOtC-joinssiMYatr8V3szDJdUVJ3S_nbQyXVAevc_3571BPGB41nP58oUakTJzwnQzkNj7KhdgpWsAda2oQP5zNOI2h0_TY; Max-Age=86400; Expires=Fri, 10-Feb-2023 11:05:58 GMT; Domain=furned-mashorses.com; Path=/; HttpOnly
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12077
Expires: Thu, 09 Feb 2023 14:27:15 GMT
Date: Thu, 09 Feb 2023 11:05:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 408d1564e8f59e6626e41be4106ce2e6
4149a1f17e8f7c446e7aa4963f3a49b6a00b6164
46e2e79c7977854058dec9cde88f963dd498dd235c3bb15b39a9e5ce1027d7fe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E2E79C7977854058DEC9CDE88F963DD498DD235C3BB15B39A9E5CE1027D7FE"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10212
Expires: Thu, 09 Feb 2023 13:56:10 GMT
Date: Thu, 09 Feb 2023 11:05:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 10:34:15 GMT
content-type: application/json
age: 1903
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5141
Expires: Thu, 09 Feb 2023 12:31:39 GMT
Date: Thu, 09 Feb 2023 11:05:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dzqNXNLfTNMGdOkLr/b3RgJxpgOLA/lqWVcjRPNnPTNHNow0b73qMy9jz5y21eYD7CUORLsgpHw=
x-amz-request-id: 6PG28NKD03EMRFF5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 10:36:20 GMT
age: 1778
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 11:05:58 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 10:51:21 GMT
age: 877
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8e58c66a7be28c79d4d0c8926ca01a19
f891390e8a5c0dbe3a18993d5ffc458b46f17e0a
ceb35518c113a857b49d04ba40858d3ae9d63a3ef6e532c956f452a08bf9bc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEB35518C113A857B49D04BA40858D3AE9D63A3EF6E532C956F452A08BF9BC63"
Last-Modified: Wed, 08 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21590
Expires: Thu, 09 Feb 2023 17:05:48 GMT
Date: Thu, 09 Feb 2023 11:05:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5040
Expires: Thu, 09 Feb 2023 12:29:58 GMT
Date: Thu, 09 Feb 2023 11:05:58 GMT
Connection: keep-alive
superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
209.94.60.101200 OK 2.2 kB URL HTTP/1.1 superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
IP 209.94.60.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (383)
Hash 1c61c0ec3cc29088906d3501d1a9d90e
ae806f371df9e6bfa9831572c0c7f0ffd67fa855
3754e35cee1aae41583eb2fb855cbbb50d8812ea514bc5a514e04dfbb58b8e33
GET /survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5 HTTP/1.1
Host: superofferstc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 11:05:58 GMT
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 08 Feb 2023 11:41:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e38a5d-1737"
Content-Encoding: gzip
superofferstc.com/survey/za/vodacom/cash/css/app.css?id=2fbe2d9a9a40ca9b2489
209.94.60.101200 OK 87 B URL HTTP/1.1 superofferstc.com/survey/za/vodacom/cash/css/app.css?id=2fbe2d9a9a40ca9b2489
IP 209.94.60.101:0
Hash cec18c42b1b37f854c56172f839813b0
3c086f3238cc7973fd302379ad2f3e6cb7c1ed49
0d209be74734590bb522ca2c9de62f4da0fcbac457d44ed8105be57c1e04233f
Analyzer Verdict Alert fortinet Malware
GET /survey/za/vodacom/cash/css/app.css?id=2fbe2d9a9a40ca9b2489 HTTP/1.1
Host: superofferstc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 11:05:59 GMT
Content-Type: text/css
Last-Modified: Wed, 08 Feb 2023 11:41:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e38a4c-45"
Expires: Fri, 09 Feb 2024 11:05:59 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
push.services.mozilla.com/
44.238.238.191101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.238.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eONA1BvkTQORBYlwdnTFLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: J7+9zESAtRuWol9/jQYuiDM+FTs=
superofferstc.com/survey/za/vodacom/cash/css/landers/survey/app.css?id=b58f517ccb85236317fa
209.94.60.101200 OK 1.2 kB URL HTTP/1.1 superofferstc.com/survey/za/vodacom/cash/css/landers/survey/app.css?id=b58f517ccb85236317fa
IP 209.94.60.101:0
File type ASCII text, with very long lines (3508)
Hash 97531ec03b7e740589659fc24447f87b
f3c01a9e9adf371a8b8fe263f54cbeddf79d55e8
59b09d9efa85fd29712c4ef8f7fd928bc8db6d4cfc51b0d2c1c0dfb470753ae3
Analyzer Verdict Alert fortinet Malware
GET /survey/za/vodacom/cash/css/landers/survey/app.css?id=b58f517ccb85236317fa HTTP/1.1
Host: superofferstc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 11:05:59 GMT
Content-Type: text/css
Last-Modified: Wed, 08 Feb 2023 11:41:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e38a57-dd8"
Expires: Fri, 09 Feb 2024 11:05:59 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
superofferstc.com/survey/za/vodacom/cash/js/app.js?id=d95b2f380a2918b995e8
209.94.60.101404 Not Found 106 B URL HTTP/1.1 superofferstc.com/survey/za/vodacom/cash/js/app.js?id=d95b2f380a2918b995e8
IP 209.94.60.101:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 41e26d195447e282a13a3219d61c130c
4eb09944c10ac39f6adeebb6be44c8a1d732bc79
f9ed0f2922c4344a8b293d792c2d81fa68e568256170dbed363adb679d1e7783
GET /survey/za/vodacom/cash/js/app.js?id=d95b2f380a2918b995e8 HTTP/1.1
Host: superofferstc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 09 Feb 2023 11:05:59 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
superofferstc.com/survey/za/vodacom/cash/img/landers/survey/logo/vodacom.png
209.94.60.101200 OK 8.3 kB URL HTTP/1.1 superofferstc.com/survey/za/vodacom/cash/img/landers/survey/logo/vodacom.png
IP 209.94.60.101:0
File type PNG image data, 301 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 884fdd0e85f0d9dee60523d44d3d5a04
0a1c3eae2bd5368dd2dd9a11b483af5c409f97e4
2112b32c05aaab55b4eb8cd1c9f683f6c7f8dfd209a786737233b1b2590d7a7d
GET /survey/za/vodacom/cash/img/landers/survey/logo/vodacom.png HTTP/1.1
Host: superofferstc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 11:05:59 GMT
Content-Type: image/png
Content-Length: 8342
Last-Modified: Wed, 08 Feb 2023 11:41:20 GMT
Connection: keep-alive
ETag: "63e38a60-2096"
Expires: Fri, 09 Feb 2024 11:05:59 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
superofferstc.com/survey/za/vodacom/cash/img/prizes/cash-500-usd/default/default@0.25x.png
209.94.60.101200 OK 2.8 kB URL HTTP/1.1 superofferstc.com/survey/za/vodacom/cash/img/prizes/cash-500-usd/default/default@0.25x.png
IP 209.94.60.101:0
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash e8097f29e561cec2a90805b688363b05
1df3d6d277a91e97620e6075c67048aa360541b0
35acb88ac15dd098eee7a515d0764b8b5a3ed4c8c8d307f7b3115464796973e8
GET /survey/za/vodacom/cash/img/prizes/cash-500-usd/default/default@0.25x.png HTTP/1.1
Host: superofferstc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 11:05:59 GMT
Content-Type: image/png
Content-Length: 2780
Last-Modified: Wed, 08 Feb 2023 11:41:27 GMT
Connection: keep-alive
ETag: "63e38a67-adc"
Expires: Fri, 09 Feb 2024 11:05:59 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c4c43054dcfae56c80b3992138d7b85c
427614a5c7e26751caf6bd41e216575d6fd33fda
0c4c62bd8d3e40850e22ef53421c6e5213a3fc2d5f3120967c8135b080f32710
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C4C62BD8D3E40850E22EF53421C6E5213A3FC2D5F3120967C8135B080F32710"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1773
Expires: Thu, 09 Feb 2023 11:35:32 GMT
Date: Thu, 09 Feb 2023 11:05:59 GMT
Connection: keep-alive
lemouwee.com/pfe/current/micro.tag.min.js?z=5590914&sw=/sw-check-permissions-561c9.js
139.45.197.251200 OK 14 kB URL HTTP/2 lemouwee.com/pfe/current/micro.tag.min.js?z=5590914&sw=/sw-check-permissions-561c9.js
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (41091), with no line terminators
Hash a4f9c7605804c336992eaff3d8f1ab89
3058d9346147a45ee3b513edd579fbb15e0f782f
a43955485fb5d42a0fbd945493dcbffaec69b5187d6985d58e5cd80c0bd54895
GET /pfe/current/micro.tag.min.js?z=5590914&sw=/sw-check-permissions-561c9.js HTTP/1.1
Host: lemouwee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superofferstc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 11:05:59 GMT
content-type: application/javascript
last-modified: Tue, 07 Feb 2023 14:32:43 GMT
etag: W/"63e2610b-a083"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
superofferstc.com/survey/za/vodacom/cash/js/landers/survey/app.js?id=2137f4f9f820aa743623
209.94.60.101200 OK 51 kB URL HTTP/1.1 superofferstc.com/survey/za/vodacom/cash/js/landers/survey/app.js?id=2137f4f9f820aa743623
IP 209.94.60.101:0
File type Unicode text, UTF-8 text, with very long lines (65443)
Hash 831b838b8b9af7fff6c68c382f8ec867
50fb4edc919f538df4c7b454149b2e241bb2973e
65ec4665c3db666682f57a802bdcc8cd0e99e6bc298b95aa625b707ac7f12e6a
GET /survey/za/vodacom/cash/js/landers/survey/app.js?id=2137f4f9f820aa743623 HTTP/1.1
Host: superofferstc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superofferstc.com/survey/za/vodacom/cash/?cep=Mkn9BvjUeLorsql58XDlTZDQGBqhBtRUJJ8nWwdeuEvdum-ThpEVbKLkj9AfJWxpCZpwMBQ9l8rCDZQ7j3fdlG_h--QyBshTEykl4v3a3B7u2cVGt2ogKHnX5SXvM6U2jw_Y4IqUXM2FeiPbUQzBhwIUECIcLNQr95-NLr6_lqBfVGNSnkufcwUvlrSeXBrbAEDVOx6VJpfgZcJOx67dI7oD9ycI9j1ivm6Ox0-4gwoYcFRgGRvTth5oJQ_oiNkyAh8_DAGfE0NCKr1nkPAfH1WH2qFVMmf60hjAuJFzKXuAZbAgwQKsPybRASBJS25-oZoxYBxt2m42EBj3LgSiwulqw_1x2Bu0YDdV_yWv1vk&lptoken=168175e69496250658b5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 Feb 2023 11:05:59 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 08 Feb 2023 11:41:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63e38a5d-24c3b"
Expires: Fri, 09 Feb 2024 11:05:59 GMT
Pragma: public
Cache-Control: max-age=31536000, public
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12482
Expires: Thu, 09 Feb 2023 14:34:02 GMT
Date: Thu, 09 Feb 2023 11:06:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12482
Expires: Thu, 09 Feb 2023 14:34:02 GMT
Date: Thu, 09 Feb 2023 11:06:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12482
Expires: Thu, 09 Feb 2023 14:34:02 GMT
Date: Thu, 09 Feb 2023 11:06:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12482
Expires: Thu, 09 Feb 2023 14:34:02 GMT
Date: Thu, 09 Feb 2023 11:06:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:41:28 GMT
age: 80672
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc04429b-38db-4e0a-96bf-5a6d2bc7e8cf.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc04429b-38db-4e0a-96bf-5a6d2bc7e8cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b42802dc628e38e9631a01b6320040a
c83355f0828815ecbff47d8195d2deed8077e368
d0f093b1769b568a5d68ada359eadfd1ab3360488a20e1deeb99b0a51b649441
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc04429b-38db-4e0a-96bf-5a6d2bc7e8cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11256
x-amzn-requestid: fc079b98-a94a-4945-8e51-9b5941fda799
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8SEOMIAMFomA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb381-72b83330325d280821ecf4c1;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8BUL5SSz4_Jh8-i92w6IGXQEnW6RH2580LbDBIul4S45Mtji53ieTw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:06:10 GMT
age: 46790
etag: "c83355f0828815ecbff47d8195d2deed8077e368"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hLrbI5Acy2RBlg7VqGE2b83zuqgt-bx0kD0nlH8uYaJ8tii2FqMLfw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 14:35:48 GMT
age: 73812
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa8bb3f20238f62a7a6ebb5d0985192a
f6b3839bfb0cf51d63e9eff2de402495906cd19b
db5ad61fdd000a13b6c8952d1614a6ab18e5f7104270d6471df96f773dacf4e4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 92d41e06-632b-43f9-828e-268bc024875c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiGuESYIAMFc_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e416f7-599e0f7d327a69921d447f7e;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:41:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ouX4yFdSvKvEUowCAqs8iTO2SOZuEFa2dGuMDeb_pygK0DbvS8XlHg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:10:46 GMT
age: 46514
etag: "f6b3839bfb0cf51d63e9eff2de402495906cd19b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce710ab5746832fe637fada3e6d63abf
d545c85d4a8cf92dc8b88db0a056623d1ef7a943
40bae4a2fb9dd60e9339d15ad0838f3ca83b5b6275c35cd22878b6783fcd6247
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: 7e2b1875-ecf9-4ee9-8d5a-a911fdd28d16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AColKGwOIAMFyqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e42153-097b982244d3ad7b6f49a392;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 22:25:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Uvdg9MhYDsR9aC-s_chZDKp7_5RzhQfTwXZ0epZVW7TUVdrdADUEfQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 03:49:25 GMT
age: 26195
etag: "d545c85d4a8cf92dc8b88db0a056623d1ef7a943"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnbG_CYddidhGlygFinwMyN81eHxP_vRzxsm7QBIAJzFqwaKTt-POQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:44 GMT
age: 48676
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2