Overview

URL comilar-efferiff.icu/5a74d436-d033-4dea-9b5f-83bd4d08dc67
IP18.193.146.82
ASNAMAZON-02
Location Germany
Report completed2022-11-25 11:00:44 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-25 2 comilar-efferiff.icu/5a74d436-d033-4dea-9b5f-83bd4d08dc67 Malware
2022-11-25 2 securely-send.com/storage/CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK.js Phishing
2022-11-25 2 spinningwheel.online/landing/br-pt/ Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (12)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-25 06:03:02 UTC 34.102.187.140
mnemonic passive DNS e1.o.lencr.org (2) 6159 No data No data 23.36.76.226
mnemonic passive DNS cdn.onesignal.com (1) 3015 2015-04-22 13:41:50 UTC 2022-11-25 05:57:43 UTC 104.18.226.52
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.38.227.80
mnemonic passive DNS spinningwheel.online (1) 0 2019-07-09 12:45:22 UTC 2022-11-25 10:11:29 UTC 104.21.1.17 Unknown ranking
mnemonic passive DNS comilar-efferiff.icu (1) 202270 2020-05-04 10:08:02 UTC 2022-11-25 06:59:20 UTC 18.193.146.82
mnemonic passive DNS r3.o.lencr.org (7) 344 No data No data 23.36.77.32
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-25 05:51:47 UTC 34.117.237.239
mnemonic passive DNS securely-send.com (1) 289562 2019-12-16 23:44:57 UTC 2022-11-24 22:56:38 UTC 161.35.78.172
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 18.193.146.82

Date UQ / IDS / BL URL IP
2022-12-02 00:19:43 +0000
0 - 0 - 12 bl.trackham.com/f9908105-7257-45be-97c0-99904 (...) 18.193.146.82
2022-12-01 21:51:14 +0000
0 - 0 - 1 walter-larence.com/e90c5688-f303-43ee-8f72-7d (...) 18.193.146.82
2022-12-01 11:07:14 +0000
0 - 0 - 1 walter-larence.com/32090fb9-a01d-4354-a8dc-ba (...) 18.193.146.82
2022-11-30 21:40:38 +0000
0 - 0 - 11 bl.trackham.com/f9908105-7257-45be-97c0-99904 (...) 18.193.146.82
2022-11-30 07:34:34 +0000
0 - 0 - 1 walter-larence.com/f8756588-2326-45d7-95cb-b1 (...) 18.193.146.82

Last 5 reports on ASN: AMAZON-02

Date UQ / IDS / BL URL IP
2022-12-02 02:08:56 +0000
0 - 0 - 1 123.indiancredits.com/document/232691-ban-cha (...) 3.19.116.195
2022-12-02 02:07:48 +0000
0 - 0 - 7 echo4.bluehornet.com/ct/101664260:7O1oKaVN7:m (...) 15.254.29.160
2022-12-02 02:06:33 +0000
0 - 0 - 2 52.62.144.52/234/vbc.exe 52.62.144.52
2022-12-02 02:05:42 +0000
0 - 0 - 1 thepiratebay.com.de/torrent/10836235/10musume (...) 54.153.56.183
2022-12-02 02:04:41 +0000
0 - 0 - 2 52.62.144.52/234/vbc.exe 52.62.144.52

Last 4 reports on domain: comilar-efferiff.icu

Date UQ / IDS / BL URL IP
2022-11-27 15:11:22 +0000
0 - 0 - 3 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2- (...) 18.193.146.82
2022-11-25 11:00:44 +0000
0 - 0 - 3 comilar-efferiff.icu/5a74d436-d033-4dea-9b5f- (...) 18.193.146.82
2022-11-24 07:06:57 +0000
0 - 0 - 6 comilar-efferiff.icu/e4caf37b-5cda-4660-8134- (...) 18.193.146.82
2022-11-23 12:01:26 +0000
0 - 0 - 1 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2- (...) 18.193.146.82

Last 4 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-28 09:17:54 +0000
0 - 0 - 2 convertmb.com/0a1ca9d4-80a6-4a54-bc5b-e33a5c70f460 23.22.112.25
2022-11-27 15:11:22 +0000
0 - 0 - 3 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2- (...) 18.193.146.82
2022-11-24 07:06:57 +0000
0 - 0 - 6 comilar-efferiff.icu/e4caf37b-5cda-4660-8134- (...) 18.193.146.82
2022-11-23 12:01:26 +0000
0 - 0 - 1 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2- (...) 18.193.146.82


JavaScript

Executed Scripts (13)


Executed Evals (1)

#1 JavaScript::Eval (size: 7186, repeated: 1) - SHA256: fedf6845c5282b18f341591bd5eefb6c11a6ca5d165fccbb718cbd4e34d00916

                                        const iFrameX_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = class {
    constructor({
        attr, content, append, config
    }) {
        this.attr = attr || {};
        this.content = content || [];
        this.body = document.querySelector(append) || document.querySelector('body');
        this.id = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
        this.events = [];
        this.iframe = null;
        this.debug = config.debug || false;
        this.action = (typeof config.action === 'function') ? config.action : function(msg) {};
    };
    init() {
        this._createIframe((iframe) => {
            if (iframe) {
                this._addElements(this.content);
            }
        });
    };
    _createIframe(callback) {
        if (!this.iframe) {
            let iframe = document.createElement('iframe');
            iframe.setAttribute('iframe-id', this.id);
            iframe.setAttribute('style', 'display:none');
            const attr = Object.keys(this.attr);
            if (attr.length > 0) {
                attr.map((i) => {
                    iframe.setAttribute(i, this.attr[i]);
                });
            }
            this.body.appendChild(iframe);
            this.iframe = document.querySelector(`[iframe-id="${this.id}"]`);
            this._addEventListener();
            (typeof callback === 'function') && callback(iframe);
        } else {
            console.error('An iframe already exists, please instance a new iFrameX.');
            (typeof callback === 'function') && callback(null);
        }
    };
    _addElements(elements) {
        function _createAndBind(i) {
            const el = document.createElement(i.type);
            if (i.content && i.content !== '') {
                if (i.type === 'script' || i.type === 'style') {
                    el.appendChild(document.createTextNode(i.content));
                } else {
                    el.innerHTML = i.content;
                }
            };
            (i.attr) && Object.keys(i.attr).map((a) => {
                el.setAttribute(a, i.attr[a]);
            });
            return el;
        }
        if (Array.isArray(elements) && elements.length > 0) {
            elements.map((obj) => {
                let el = (!obj.append) ? 'body' : obj.append;
                setTimeout(() => this.iframe.contentWindow.document.querySelector(el).appendChild(_createAndBind(obj)), 1);
            });
        } else if (typeof elements === 'object') {
            let el = (!elements.append) ? 'body' : elements.append;
            setTimeout(() => this.iframe.contentWindow.document.querySelector(el).appendChild(_createAndBind(elements)), 1);
        }
    };
    _addEventListener() {
        this._addElements({
            type: 'script',
            content: this._bindEvent('window', `'message'`, this.action)
        });
    };
    _bindEvent(element, eventName, eventHandler) {
        let event = null;
        element = (element === 'window') ? element : `document.querySelector(${element})`;
        if (window.addEventListener) {
            event = `${element}.addEventListener(${eventName}, ${eventHandler}, false);`
        } else if (window.attachEvent) {
            event = `${element}.attachEvent(on${eventName}, ${eventHandler});`
        }
        return event;
    };
};
document.getElementById('CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK').innerHTML = '';
let link_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = 'https://www.bet365.com/olp/open-account?affiliate=365_01240407';
let w_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = window.innerWidth;
if ('https://www.bet365.com/olp/open-account?affiliate=365_01240407') {
    if (w_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK < 768) {
        link_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = 'https://www.bet365.com/olp/open-account?affiliate=365_01240407';
    }
}
let iframe_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = null;
const content_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = {
    attr: {
        id: 'iframex_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK',
        attr: {
            src: link_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK,
            width: '0',
            height: '0',
            id: 'iframe_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = new iFrameX_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK(content_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK);
setTimeout(function() {
    iframe_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK.init()
}, 1 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK").remove();
}, 10 * 1000);
let link_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = 'https://betway.com/bwp/br-boas-vindas-e-sports/pt-br?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160';
let w_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = window.innerWidth;
if ('https://betway.com/bwp/br-boas-vindas-e-sports/pt-br?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160') {
    if (w_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK < 768) {
        link_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = 'https://betway.com/bwp/br-boas-vindas-e-sports/pt-br?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160';
    }
}
let iframe_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = null;
const content_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = {
    attr: {
        id: 'iframex_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK',
        attr: {
            src: link_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK,
            width: '0',
            height: '0',
            id: 'iframe_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = new iFrameX_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK(content_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK);
setTimeout(function() {
    iframe_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK.init()
}, 1 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_0_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK").remove();
}, 10 * 1000);
let link_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = 'https://affpa.top/L?tag=d_471851m_29217c_MCD2&site=471851&ad=29217';
let w_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = window.innerWidth;
if ('https://affpa.top/L?tag=d_471851m_29217c_MCD2&site=471851&ad=29217') {
    if (w_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK < 768) {
        link_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = 'https://affpa.top/L?tag=d_471851m_29217c_MCD2&site=471851&ad=29217';
    }
}
let iframe_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = null;
const content_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = {
    attr: {
        id: 'iframex_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK',
        attr: {
            src: link_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK,
            width: '0',
            height: '0',
            id: 'iframe_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = new iFrameX_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK(content_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK);
setTimeout(function() {
    iframe_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK.init()
}, 1 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_1_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK").remove();
}, 10 * 1000);
let link_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = 'https://gml-grp.com/C.ashx?btag=a_17997b_2187c_&affid=5971&siteid=17997&adid=2187&c=';
let w_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = window.innerWidth;
if ('https://gml-grp.com/C.ashx?btag=a_17997b_2187c_&affid=5971&siteid=17997&adid=2187&c=') {
    if (w_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK < 768) {
        link_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = 'https://gml-grp.com/C.ashx?btag=a_17997b_2187c_&affid=5971&siteid=17997&adid=2187&c=';
    }
}
let iframe_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = null;
const content_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = {
    attr: {
        id: 'iframex_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK',
        attr: {
            src: link_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK,
            width: '0',
            height: '0',
            id: 'iframe_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK = new iFrameX_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK(content_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK);
setTimeout(function() {
    iframe_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK.init()
}, 1 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_2_CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK").remove();
}, 10 * 1000);
                                    

Executed Writes (0)



HTTP Transactions (28)


Request Response
                                        
                                            GET /5a74d436-d033-4dea-9b5f-83bd4d08dc67 HTTP/1.1 
Host: comilar-efferiff.icu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         18.193.146.82
HTTP/1.1 302
                                        
Server: nginx
Date: Fri, 25 Nov 2022 11:00:32 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://spinningwheel.online/landing/br-pt/
Pragma: no-cache
Set-Cookie: 5a74d436-d033-4dea-9b5f-83bd4d08dc67-v4=6fvOZj1fjXdYWl5Lf6KYKamGpJ2KQwhJziXU4Cg0LoI; Max-Age=86400; Expires=Sat, 26-Nov-2022 11:00:32 GMT; Domain=comilar-efferiff.icu; Path=/; HttpOnly cc-v4=OEmr4DoD4GunD%2FV4oWxEprGmwBFcfEL2PqJ%2FZKoYxZwZmRs3aw8BPyCYF99Ng1%2BLmde8ci2r%2FsaXaoFJx4GSz8PQ8qO3BwgdK2zhGSGZZTjYE3xAW1O8dZQm2zRX0hy0H0tQ26D%2BJpmxGqU7eR%2FFoA%3D%3D; Max-Age=31536000; Expires=Sat, 25-Nov-2023 11:00:32 GMT; Domain=comilar-efferiff.icu; Path=/; HttpOnly


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5810
Expires: Fri, 25 Nov 2022 12:37:22 GMT
Date: Fri, 25 Nov 2022 11:00:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5809
Cache-Control: max-age=90448
Date: Fri, 25 Nov 2022 11:00:32 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:08:00 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16472
Expires: Fri, 25 Nov 2022 15:35:04 GMT
Date: Fri, 25 Nov 2022 11:00:32 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 10:19:05 GMT
cache-control: public,max-age=3600
age: 2487
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: EdkR7pVPZUdNkP6lePB3F/74bjHHKuLPRUwUaWuwVL38xvTOjWZISxcnKSNf8hfQV2qij5VY7XU=
x-amz-request-id: SDQ849EMKB37HX8J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 10:40:46 GMT
age: 1186
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 25 Nov 2022 11:00:32 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "49460D88D790D50B25E5CEE1848EBD49A0454481B3359B55068E342EFBEF8D8D"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18955
Expires: Fri, 25 Nov 2022 16:16:27 GMT
Date: Fri, 25 Nov 2022 11:00:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "49460D88D790D50B25E5CEE1848EBD49A0454481B3359B55068E342EFBEF8D8D"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18954
Expires: Fri, 25 Nov 2022 16:16:27 GMT
Date: Fri, 25 Nov 2022 11:00:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3571
Cache-Control: max-age=165260
Date: Fri, 25 Nov 2022 11:00:33 GMT
Etag: "638074ea-116"
Expires: Sun, 27 Nov 2022 08:54:53 GMT
Last-Modified: Fri, 25 Nov 2022 07:55:22 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /sdks/OneSignalSDK.js HTTP/1.1 
Host: cdn.onesignal.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.226.52
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 25 Nov 2022 11:00:33 GMT
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 2948
expires: Mon, 28 Nov 2022 11:00:33 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 76f9e19adc37b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9097)
Size:   3144
Md5:    ef61c74554d4c1185074f1d68a56d03b
Sha1:   c759800cf01a765d34152b32b0d8cbb909269fcb
Sha256: 846c99457a5c8ea51dcc1f51b1ca4d6b4874f7eb9a20aa604249e08a3d47d784
                                        
                                            GET /storage/CMfzk5vgr9Lvrwrfdw6xZUJvKGqTtyeK.js HTTP/1.1 
Host: securely-send.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         161.35.78.172
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.18.0 (Ubuntu)
date: Fri, 25 Nov 2022 11:00:33 GMT
content-length: 34344
last-modified: Sat, 05 Nov 2022 16:34:19 GMT
etag: "6366908b-8628"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (34344), with no line terminators
Size:   34344
Md5:    ff769f48c51106ce93fc7ba702ae2dbb
Sha1:   fe050f90ffa2b775b388fa6a41f6f1ba70ea5636
Sha256: 91bf494713737cd1a9ff732176f588e494515750199b680c65fb1a947c078649

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5674
Cache-Control: max-age=171652
Date: Fri, 25 Nov 2022 11:00:33 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:41:25 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   1261
Md5:    8887fd1f50e09c5afcf0f1f82a0b9ce5
Sha1:   f7096b941d7da0093757929bb6ae012ad692ec59
Sha256: 99a2a0f013ebf76730405924d2350dc1164e7465e73c7333ec8c2e011536e1ee
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 10:11:11 GMT
cache-control: public,max-age=3600
age: 2962
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dPObB33xRx+3ctyAuT12ag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.38.227.80
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QeuB4/8/+YoYQrcZhFkUskuVEnE=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13886
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 11:00:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13886
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 11:00:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13886
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 11:00:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13886
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 11:00:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13886
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 11:00:34 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 02:07:28 GMT
age: 31986
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    4006a9037ab5f28dca62b0aa7a704c41
Sha1:   74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
Sha256: 556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11249
x-amzn-requestid: 8f679d7f-2ea5-4e47-b78d-79af59435a62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFPHYHkAIAMFpBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec562-26108a785e910dc3355d58f1;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 01:14:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NKwpIdw2RZNZNh69AF5GNvunA_QfRGClvzcRP3zYwn7c8BLBlt097g==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 08:37:15 GMT
age: 8599
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11249
Md5:    481c033b9ffd030ff0de6e35cf788b47
Sha1:   85d3baad9217af2b5d75c019d2ef95dbb919a788
Sha256: 02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oWSNdsrz59sJC2znLnFqa_Zm3T14_d6j-rjzDQe4yV22Dy2Qc4Swaw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:45 GMT
age: 47149
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11743
Md5:    8784bb7a8b88736a6016f712e3183bf3
Sha1:   b0ddc1555d2506177adcdcea77864d75f1245d07
Sha256: 8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9e23502-5ace-42f4-a990-42412dc7e04e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6385
x-amzn-requestid: 4c2a84f7-f038-4f5a-86c2-5c8ce1a48c6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cI5NVFMAoAMFn7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63803bee-45c6411c2430e2375f530dd8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 03:52:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fj82i9qJmEiUy2DOkkowq8WRyzupMwNyQqu110sJ3o72HEW4yb7bjQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:22:46 GMT
age: 13068
etag: "9b8aafcda0e22edcc16d3048f4b88659d3b42419"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6385
Md5:    f6292a2988fb4505d0098553b8e99ddc
Sha1:   9b8aafcda0e22edcc16d3048f4b88659d3b42419
Sha256: 16b7b473229c5e519ab81b385c50277424f3f3b2a5d7647035e84ba58e44f3be
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q53jN1uOtSdeThbk2_0UF6Rl3g4_-_TW7uK1_6Z5oDwSTSRk8XRjyQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:08 GMT
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
age: 48326
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8006
Md5:    8b6ee13d43732f7c764a49500d092865
Sha1:   5d15fd672e968d59b541e4d5d0d01cd5e69f4075
Sha256: fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4dfd2143-7cf2-4a28-b8bf-bc3121d6a4d8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10950
x-amzn-requestid: 9bb73841-83d9-48b2-8c79-f00a57612b4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFNstFeZoAMFopQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec31d-4e6aafd367c7740c77df133b;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 01:04:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5e4ptr__XHPd9Qsf8lEDqiZGKptuB9en72UAucNWxlGG_mEbhpFgdA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:43:51 GMT
age: 11803
etag: "18800e21d05596f7b64213072dee7dda5c1faf61"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10950
Md5:    4abf25d4a15ce58edadd54994b3434a2
Sha1:   18800e21d05596f7b64213072dee7dda5c1faf61
Sha256: 633138e70f43e2be9cc447967044c4070bfc4d9285e5228361bebe255dc286e2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:47:08 GMT
age: 47613
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /landing/br-pt/ HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.21.1.17
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Fri, 25 Nov 2022 11:00:32 GMT
link: <https://spinningwheel.online/wp-json/>; rel="https://api.w.org/", <https://spinningwheel.online/wp-json/wp/v2/pages/39>; rel="alternate"; type="application/json", <https://spinningwheel.online/?p=39>; rel=shortlink
vary: Accept-Encoding
x-litespeed-cache: hit
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dWO%2B5S4xzBuQZgwPm5LGTjLlTxV3Z7u7vXwxe69HiI0uxzURKm1tKCelcb9tIItIyHXUGJMefQ5Dr6QvI5DaPyhePSHTF3HHFwBJS2Gu%2BeSCzi1w9Q6N%2BG0Uaxc7%2BWpNiQC50401Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f9e19918c3b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware