Overview

URL https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
IP20.208.40.95
ASNMICROSOFT-CORP-MSN-AS-BLOCK
Location Switzerland
Report completed2022-07-07 01:12:55 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Added / Verified Severity Host Comment
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
2022-07-06 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ E-Devlet (Turkey)
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/ Phishing
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/files/form-progress.svg Phishing
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/files/btnRight.svg Phishing
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/files/btnLeft.svg Phishing
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/files/jcryption.js Phishing
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/files/jquery-3.4.1.min.js Phishing
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/datach.php?ip=91.90.42.154 Phishing
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/datach.php?ip=91.90.42.154 Phishing
2022-07-07 2 mturkiye-gov-tr-guvenli-aidat-iade.ml/datach.php?ip=91.90.42.154 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (14)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] kit.fontawesome.com (1) 1868 2019-03-29 02:12:52 UTC 2022-07-06 04:56:05 UTC 104.18.23.52
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-07-06 04:47:23 UTC 54.148.90.190
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-07-06 17:02:11 UTC 34.120.237.76
[Mnemonic Passive DNS] mturkiye-gov-tr-guvenli-aidat-iade.ml (12) 0 No data No data 20.208.40.95 Unknown ranking
[Mnemonic Passive DNS] fonts.googleapis.com (1) 8877 2017-01-30 04:59:43 UTC 2019-10-16 05:12:41 UTC 216.58.211.10
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-07-06 19:05:02 UTC 93.184.220.29
[Mnemonic Passive DNS] r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-07-06 04:41:34 UTC 23.36.77.32
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-07-06 04:55:23 UTC 54.230.111.14
[Mnemonic Passive DNS] ajax.googleapis.com (1) 12905 2017-01-30 05:00:30 UTC 2019-10-16 05:01:16 UTC 142.250.74.42
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.7
[Mnemonic Passive DNS] ocsp.pki.goog (5) 175 2017-06-14 07:23:31 UTC 2022-07-06 04:42:12 UTC 142.250.74.3
[Mnemonic Passive DNS] fonts.gstatic.com (1) 0 2017-01-30 04:59:51 UTC 2022-07-06 04:41:59 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
[Mnemonic Passive DNS] ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-07-06 04:55:58 UTC 151.101.86.133


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 20.208.40.95

Date UQ / IDS / BL URL IP
2022-08-18 13:11:34 +0000
0 - 0 - 2 mturkiye-gov-tr-guvenli-iade-sistemi.ml/ 20.208.40.95
2022-07-19 15:07:06 +0000
0 - 0 - 15 mturkiyegov-online-geri-iade-sistemi.ml/ 20.208.40.95
2022-07-17 22:20:57 +0000
0 - 0 - 14 https://mturkiyegov-online-geri-iade-portali.ml/ 20.208.40.95
2022-07-17 22:20:40 +0000
0 - 0 - 11 https://mturkiyegov-online-geri-iade-portali.cf/ 20.208.40.95
2022-07-17 22:20:17 +0000
0 - 0 - 20 https://mturkiyegov-geri-iade-sistemim.gq/ 20.208.40.95
2022-07-17 22:19:17 +0000
0 - 0 - 9 https://mturkiyegov-online-geri-iade-sistemi.ml/ 20.208.40.95
2022-07-17 22:17:39 +0000
0 - 0 - 19 https://mturkiyegov-online-iade-sistemim.gq/ 20.208.40.95
2022-07-17 19:34:17 +0000
0 - 0 - 14 https://mturkiyegov-online-geri-iade-portali.ml/ 20.208.40.95
2022-07-17 19:33:59 +0000
0 - 0 - 12 https://mturkiyegov-online-geri-iade-portali.cf/ 20.208.40.95
2022-07-17 19:33:37 +0000
0 - 0 - 13 https://mturkiyegov-geri-iade-sistemim.gq/ 20.208.40.95

Last 10 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Date UQ / IDS / BL URL IP
2022-08-20 05:04:46 +0000
0 - 0 - 9 coinase-log.azurewebsites.net/ 20.118.48.8
2022-08-20 05:04:45 +0000
0 - 0 - 9 coinase-log.azurewebsites.net/ 20.118.48.8
2022-08-20 04:39:34 +0000
0 - 0 - 9 auth-web2fa.dvrlists.com/ 20.114.231.246
2022-08-20 04:25:57 +0000
0 - 0 - 4 livetrack.in/EmployeeMasterImages/qace.jpg 52.172.211.121
2022-08-20 03:35:53 +0000
0 - 0 - 9 auth-web2fa.dvrlists.com/ 20.114.231.246
2022-08-20 02:05:09 +0000
0 - 0 - 2 pncssecure.tk/login.php 20.24.19.179
2022-08-20 01:33:41 +0000
0 - 0 - 9 www.x3p6j.net/ 20.187.83.107
2022-08-20 00:47:58 +0000
0 - 0 - 2 https://healthydiet4all.com/word/custom_templ (...) 52.166.136.210
2022-08-20 00:42:40 +0000
0 - 0 - 2 cn1.ab101.cc/ 52.246.141.111
2022-08-19 23:01:09 +0000
0 - 0 - 4 livetrack.in/EmployeeMasterImages/qace.jpg 52.172.211.121

Last 3 reports on domain: mturkiye-gov-tr-guvenli-aidat-iade.ml

Date UQ / IDS / BL URL IP
2022-07-06 21:05:27 +0000
0 - 0 - 23 https://mturkiye-gov-tr-guvenli-aidat-iade.ml/ 20.208.40.95
2022-07-06 18:06:33 +0000
0 - 0 - 17 https://mturkiye-gov-tr-guvenli-aidat-iade.ml/ 20.208.40.95
2022-07-06 15:12:34 +0000
0 - 0 - 18 https://mturkiye-gov-tr-guvenli-aidat-iade.ml/ 20.208.40.95


JavaScript

Executed Scripts (8)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (41)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 07 Jul 2022 00:56:25 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qDiCZX3XCjPAsaBYmun4sLjwVTfefE0vBLl_tbq8LHifTGqjx-m7Vg==
Age: 977


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "78A5DCFAF2D93D9C87CFB6DBC56100E9F22965D4500554BA65F71CB7D84DD666"
Last-Modified: Wed, 06 Jul 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9168
Expires: Thu, 07 Jul 2022 03:45:30 GMT
Date: Thu, 07 Jul 2022 01:12:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "222D7E1E8D24FE2C107A0ECE55BBC11329F875D2AE913FBD733EBEEEBDEE103C"
Last-Modified: Tue, 05 Jul 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6703
Expires: Thu, 07 Jul 2022 03:04:25 GMT
Date: Thu, 07 Jul 2022 01:12:42 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.14
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Tue, 21 Jun 2022 12:10:22 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 06 Jul 2022 03:26:46 GMT
etag: "581454acdd98f34fd3fbabd0977ade29"
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NPJLRH_P__kvvAae5JycxNzAV94ftD0IxqpGLo4ZpTb9qyrn_s_rfw==
age: 78357
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    581454acdd98f34fd3fbabd0977ade29
Sha1:   d8d86c0b513137aeb85de01cea7b272c35eb6ab4
Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
                                        
                                            GET / HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:42 GMT
content-type: text/html; charset=UTF-8
content-length: 2779
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.20, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size:   2779
Md5:    ee541730eff524b73c9612da75529e90
Sha1:   b547ac9ddc6baf0e63adb18ffb29bc5d9aad9018
Sha256: ef9fcff828017ef17b095890d3521d56643fe720139b5b9d4a05f2b0505da7b1

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 07 Jul 2022 01:12:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 07 Jul 2022 01:12:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/jquery/1.6.4/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.42
HTTP/2 200 OK
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32222
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Jul 2022 15:18:32 GMT
expires: Tue, 04 Jul 2023 15:18:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 208450
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32769)
Size:   32222
Md5:    beb03c9ee6d13748648309584590d515
Sha1:   a491b316cdd4df32dabb7a3a1d85919681911dda
Sha256: acec62a91cdd6d2b03731fcc7e988094b3c38c9269276f09f9a842e6433ee008
                                        
                                            GET /css?family=Open+Sans&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
                                        
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 07 Jul 2022 01:12:43 GMT
date: Thu, 07 Jul 2022 01:12:43 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1083
Md5:    60b322360f97657cba0c0a11bbf9c0ec
Sha1:   cc63b674189228c6e23c75c5a559c21d5df394ad
Sha256: fca593da5b56e34ccafe222915872f7da6e57f0186bf8bdf7962529bf4d3bd0a
                                        
                                            GET /files/form-progress.svg HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:42 GMT
content-type: image/svg+xml
content-length: 1068
last-modified: Wed, 22 Jan 2020 13:58:16 GMT
etag: "5e2854f8-42c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1068), with no line terminators
Size:   1068
Md5:    d57db381e336134adc11990f2f6863f5
Sha1:   67cfcefdf4c388118a149ad1749274419d1aa553
Sha256: ff7498da718b1f50faeefae71e24ceadf4575da0692b84c9a1ad359daa1f2ff2

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing
                                        
                                            GET /files/1.png HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:42 GMT
content-type: image/png
content-length: 1855
last-modified: Wed, 22 Jan 2020 13:58:16 GMT
etag: "5e2854f8-73f"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 165 x 40, 8-bit colormap, non-interlaced\012- data
Size:   1855
Md5:    7847c396db234c92dc4b1bb4b759c011
Sha1:   cd8357fc05042cb787267f01fe0c38ba6526e0e4
Sha256: b2f75fb62c0bf3c51f8eebc14891cf56976638fda4b0d23f90e2ee6dbd8f3b18

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 07 Jul 2022 01:12:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /files/btnRight.svg HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/files/giris.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:43 GMT
content-type: image/svg+xml
content-length: 448
x-accel-version: 0.01
last-modified: Wed, 22 Jan 2020 20:58:48 GMT
etag: "1c0-59cc0ca76f200"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (448), with no line terminators
Size:   448
Md5:    88ad4932ed76ce15aa1ebfddd1c20af0
Sha1:   cc5358add4c962e8903f515362474bd92c2daf21
Sha256: 14e8e481e7afcaae3200f172bd49bf7146ea2a23d3fdf0ba71d5fdbbd0c8c5a4

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing
                                        
                                            GET /files/header.png HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:43 GMT
content-type: image/png
content-length: 49215
last-modified: Sat, 25 Jan 2020 14:02:38 GMT
etag: "5e2c4a7e-c03f"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1280 x 185, 8-bit/color RGBA, non-interlaced\012- data
Size:   49215
Md5:    9e2a1c0bcabe7c920122c08bb94c40b6
Sha1:   74660a76edfda051874af1141b8c8e6356d94032
Sha256: 25e78364cf34f3b0596135ac8e14bcb4b15b275aa8ed39e11d6453288798b76a

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
                                        
                                            GET /files/btnLeft.svg HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/files/giris.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:43 GMT
content-type: image/svg+xml
content-length: 393
x-accel-version: 0.01
last-modified: Wed, 22 Jan 2020 22:22:38 GMT
etag: "189-59cc1f646a780"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (393), with no line terminators
Size:   393
Md5:    5a1bb1e91af3b4c72eb2a509af3fe4ce
Sha1:   8b6218cd141ce0b85da3f2b7e09693267711eb10
Sha256: 945f7d25e8f885da3c77668f74ecacefa894dc535ac048f57a56e2b2fc2560df

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 07 Jul 2022 01:12:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /files/jcryption.js HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:42 GMT
content-type: application/javascript
last-modified: Wed, 22 Jan 2020 13:58:16 GMT
etag: W/"5e2854f8-12046"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   19510
Md5:    349d186734836ff248609f6cd7e00d3a
Sha1:   f3992b0353a5c4d716ab20652e1039454db5dba9
Sha256: 2b46f93822956ce675d56476152abbd9f26cb8295f0c8774336fffc9cc94d27e

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing
                                        
                                            GET /s/opensans/v29/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVIGxA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mturkiye-gov-tr-guvenli-aidat-iade.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Jul 2022 19:58:57 GMT
expires: Thu, 06 Jul 2023 19:58:57 GMT
cache-control: public, max-age=31536000
age: 18826
last-modified: Wed, 11 May 2022 19:25:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data
Size:   12956
Md5:    1909967d5e51895484f5c673a6f63e7c
Sha1:   96c29ffda44f77bb3e73312aa6569f93689168a4
Sha256: e3d26484862a274c11531b15e625eb52b36842c97f7376fef654372d69565978
                                        
                                            GET /files/jquery-3.4.1.min.js HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:42 GMT
content-type: application/javascript
last-modified: Sun, 15 Mar 2020 15:14:32 GMT
etag: W/"5e6e4658-15851"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   46617
Md5:    4c5ba265127f37c61331a5546b947e9a
Sha1:   177d8f99be3b35fd69823f909f0e4b3cb72ad4c9
Sha256: a6d4efc94d63a4bcdec51aa03a949ee522f8ce78dd08bc472d03fc1c2a7c837c

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 07 Jul 2022 01:12:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /datach.php?ip=91.90.42.154 HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://mturkiye-gov-tr-guvenli-aidat-iade.ml
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Cookie: top-menu-state=closed
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:43 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.0.20, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Content-Type, Last-Modified, Alert, Backoff, Pragma, Expires, Content-Length, Cache-Control
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 07 Jul 2022 00:34:56 GMT
Cache-Control: max-age=3600
Expires: Thu, 07 Jul 2022 01:11:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wHwoCt2lzdhy3EqyxOmrtLUVZxRcDAvkZkD4Sfb6Ivn2C7-VGg2_aQ==
Age: 2267


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         151.101.86.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Expires: Sun, 10 Jul 2022 22:20:07 GMT
ETag: "d9191d042ca2858ecd288c909d082e3b928746f0"
Last-Modified: Wed, 06 Jul 2022 22:20:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Content-Length: 1432
Accept-Ranges: bytes
Date: Thu, 07 Jul 2022 01:12:43 GMT
Age: 829
Connection: keep-alive
X-Served-By: cache-qpg1222-QPG, cache-bma1630-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1657156364.697218,VS0,VE1


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    e193e15fc8e704b3243d0018daf7f8a1
Sha1:   d9191d042ca2858ecd288c909d082e3b928746f0
Sha256: e160870237939938c0ab9021ff61acedaa54c7a97651e2b9375fcd66c0d5b344
                                        
                                            GET /files/favicon.png HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Cookie: top-menu-state=closed
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:43 GMT
content-type: image/png
content-length: 27074
last-modified: Sat, 25 Jan 2020 14:09:50 GMT
etag: "5e2c4c2e-69c2"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced\012- data
Size:   27074
Md5:    758401c06ba03339626bacc22e94b802
Sha1:   c2c545832889602ff5af1bdaa7051e10801ad907
Sha256: eeddc36d9c542c9d3ab1be57f637ceee9887c868e9b3d6e337b9d2101bb568fe

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4137
Cache-Control: 'max-age=158059'
Date: Thu, 07 Jul 2022 01:12:43 GMT
Last-Modified: Thu, 07 Jul 2022 00:03:46 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /5c7848169a.js HTTP/1.1 
Host: kit.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mturkiye-gov-tr-guvenli-aidat-iade.ml
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.23.52
HTTP/2 200 OK
                                        
date: Thu, 07 Jul 2022 01:12:42 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: Fv8M4o6aGER_5ow1diwh
cf-cache-status: REVALIDATED
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 726cb6a44a65b506-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   19131
Md5:    65b6e8a5c1da496973138997d6e96190
Sha1:   d498a67cd0e1e159abfa8fceaf4041264df637fc
Sha256: 52b37ba83020e4989addc47371c7f920e470fed6ddb29207d27ba596efc420de
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: s92LtFl8y6I8oDh2GkxLXw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.148.90.190
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4XG5s/AZc9qHfYWNOeavQjMgr8g=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4905
Expires: Thu, 07 Jul 2022 02:34:30 GMT
Date: Thu, 07 Jul 2022 01:12:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4905
Expires: Thu, 07 Jul 2022 02:34:30 GMT
Date: Thu, 07 Jul 2022 01:12:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4905
Expires: Thu, 07 Jul 2022 02:34:30 GMT
Date: Thu, 07 Jul 2022 01:12:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4905
Expires: Thu, 07 Jul 2022 02:34:30 GMT
Date: Thu, 07 Jul 2022 01:12:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4905
Expires: Thu, 07 Jul 2022 02:34:30 GMT
Date: Thu, 07 Jul 2022 01:12:45 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0584e039-a479-41c4-ad51-d842dbd32f7c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5198
x-amzn-requestid: f56b5dea-3209-4e32-985e-fbcb45c70e71
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0xnWFKCIAMFe2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4fc95-159a1632285a681d7478353a;Sampled=0
x-amzn-remapped-date: Wed, 06 Jul 2022 03:08:05 GMT
x-amz-cf-pop: SFO20-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jh8Cn-5251TNBafhSRsz0jUA8md-ZKQpjj_N1YYcUaVnJAYIdFAQ2A==
via: 1.1 21e2c668bb54ebb4456425e394c3356a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 03:19:59 GMT
age: 78766
etag: "76b2ac44ab4590c5345063d314975f483a61cb1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5198
Md5:    cd4e7dda9491e473d4b36a87915a82df
Sha1:   76b2ac44ab4590c5345063d314975f483a61cb1f
Sha256: f1e7681478f46029c90d707def4755f3d91a9f0b1d3509008bfca84d84a9634a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf054370-6b80-40cd-a42e-91d4d8e3c37e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7271
x-amzn-requestid: 3fa97801-72ce-40f1-9609-10406e6d70ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UoS0BFjuoAMFw8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62bffe7f-103b3e9a2928a3ed39c62b1b;Sampled=0
x-amzn-remapped-date: Sat, 02 Jul 2022 08:14:55 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TrgAb-pYFci7r56srzmwDp_mnZ6ApHI6KRaOyrHTYgJHmLcx6iNr1g==
via: 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 21:50:30 GMT
age: 12135
etag: "949707b56fd4aa6464f5f4a5d52b18ab72d307ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7271
Md5:    1d4f4e3ad0f3ca501b797538d0f3aaac
Sha1:   949707b56fd4aa6464f5f4a5d52b18ab72d307ff
Sha256: 66cf72056531f6151e2e72d48f07f1ba063753316160fe165cb00e125efbca90
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1f48beb-da86-42f3-b5da-39fa82b568cb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7249
x-amzn-requestid: 74cbc653-182e-4ef0-9fe5-901ddaa4edaf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UoBIEGKqIAMFp8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62bfe233-383f73a750696511624ff453;Sampled=0
x-amzn-remapped-date: Sat, 02 Jul 2022 06:14:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BVo4WA3x-2hGSrOBQTIcT5yjiYcdzQby4NDOrnrWpREFtHG5x52Jzg==
via: 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 09:18:45 GMT
age: 57240
etag: "2f79d1e28bb827f7fa60b6675dba8022c28a1a3d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7249
Md5:    5c958b0c904620aff5f5f8a74f80d9f9
Sha1:   2f79d1e28bb827f7fa60b6675dba8022c28a1a3d
Sha256: 8bba608d028bbb678f021eaca3364856f930069f44b647346e649eca4c383955
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13136825-0301-44c6-8c81-faf21628fe4c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6737
x-amzn-requestid: 9a9c33df-daa2-49fb-ba8e-fd5a3149828e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UeP9ZG93oAMFX6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62bbf9ef-248528170cf451be2662dbef;Sampled=0
x-amzn-remapped-date: Wed, 29 Jun 2022 07:06:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GZWZ5vCdHbLeGN4FdZbd8ysfjqcGd-7MsBW_steUpJ38jyLd16JNtw==
via: 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 03:53:29 GMT
age: 76756
etag: "5e2f835320ab350cdd1c3ad1ceb71db2bb27b84f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6737
Md5:    44f59062cacc44be268845c493de29de
Sha1:   5e2f835320ab350cdd1c3ad1ceb71db2bb27b84f
Sha256: c37305dfa7a241e526c7246a6eb71360dbfa2fe5d7f369f37ef7ddbfe1b97749
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce2fc71a-842c-433d-8506-e191aa0edcd6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 4243
x-amzn-requestid: 7529aa91-0ea7-442d-a0b7-c3c74f0d5d5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UthU8HNdoAMFpUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c215b9-527e994b56eb0630557d6dd5;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 22:18:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DQPLClNEQSPyiJJEq83p-1_lCk1cLIqpXQuPUQA2EzYd4kc0D9ILaw==
via: 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 04:44:24 GMT
age: 73701
etag: "5f4a7a2dcc9ffbb5bb61859a6337ec9c8f11f1f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4243
Md5:    4dadb5bd9157f2899ea250117bf6655e
Sha1:   5f4a7a2dcc9ffbb5bb61859a6337ec9c8f11f1f3
Sha256: 236f94db1ce5926743b6f0692509ab20c17fca595b5c062133a9d24fc80d6f0d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94470e3-8873-4e4e-909a-df8539096335.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 12294
x-amzn-requestid: e6b35bb1-bc6b-4b98-aa16-cff64cf3e4b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ua_AwHdPIAMFSzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62baab9e-4659e88772f9e8551e06800a;Sampled=0
x-amzn-remapped-date: Tue, 28 Jun 2022 07:19:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EWsndyPnvdV629tcpvI0HUzSA6Ocbb0acwQ6v5i0VWoEeGIKaF7fcw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 21:59:49 GMT
age: 11576
etag: "7bb8eb688c64b18a63cd78ec3c59079a65e6f9b7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12294
Md5:    8b57e1aba0bce88ae13af9ccf60089bd
Sha1:   7bb8eb688c64b18a63cd78ec3c59079a65e6f9b7
Sha256: 84a48013d8c91a7ae77719feb3d5996409197bdafe93a9e6deb02dbeffe0cb4b
                                        
                                            POST /datach.php?ip=91.90.42.154 HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://mturkiye-gov-tr-guvenli-aidat-iade.ml
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Cookie: top-menu-state=closed
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:46 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.0.20, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing
                                        
                                            POST /datach.php?ip=91.90.42.154 HTTP/1.1 
Host: mturkiye-gov-tr-guvenli-aidat-iade.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://mturkiye-gov-tr-guvenli-aidat-iade.ml
Connection: keep-alive
Referer: https://mturkiye-gov-tr-guvenli-aidat-iade.ml/
Cookie: top-menu-state=closed
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

                                         
                                         20.208.40.95
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 01:12:49 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.0.20, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: E-Devlet (Turkey)
    - fortinet: Phishing