Overview

URL investonim.com/taiwan?utm_source=ad_20&utm_medium=tw.msn.com&utm_campaign=Investonim%20<%E7%94%B7%E5%AD%90%E5%A4%B1%E6%A5%AD%EF%BC%8C%E7%84%A1%E6%B3%95%E9%A4%8A&utm_content=%E5%8F%B0%E7%81%A3%E9%8A%80%E8%A1%8C%E4%B8%8D%E6%83%B3%E8%AE%93%E4%BD%A0%E7%9C%8B%E9%80%99%E5%80%8B%EF%BC%8C%E4%BD%86%E4%BB%96%E5%80%91%E7%8F%BE%E5%9C%A8%E4%B8%8D%E8%83%BD%E9%98%BB
IP188.114.97.1
ASNCLOUDFLARENET
Location Colombia
Report completed2022-09-19 06:47:22 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed
2022-09-19 2 fin-report.net Sinkholed


Files

No files detected



Passive DNS (12)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-19 04:27:41 UTC 104.17.25.14
mnemonic passive DNS fin-report.net (14) 0 2022-07-29 09:30:08 UTC 2022-09-02 01:09:15 UTC 188.114.96.1 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-18 06:05:25 UTC 143.204.55.25
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-18 06:05:26 UTC 54.149.83.187
mnemonic passive DNS investonim.com (2) 0 2022-07-27 10:22:59 UTC 2022-09-14 06:04:46 UTC 188.114.97.1 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-18 04:48:15 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-19 00:31:19 UTC 93.184.220.29
mnemonic passive DNS e1.o.lencr.org (6) 6159 2021-08-20 07:36:30 UTC 2022-09-18 08:12:25 UTC 23.36.77.32
mnemonic passive DNS img-getpocket.cdn.mozilla.net (3) 1631 2017-09-01 03:40:57 UTC 2022-09-18 04:20:51 UTC 34.120.237.76
mnemonic passive DNS use.fontawesome.com (1) 942 2017-01-30 04:43:25 UTC 2022-09-18 05:59:20 UTC 172.64.168.32
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-09-19 01:04:25 UTC 143.204.55.27
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-18 05:00:37 UTC 23.36.76.226


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 188.114.97.1

Date UQ / IDS / BL URL IP
2022-11-30 04:34:19 +0000
0 - 0 - 2 bsbd-wuppertal.de/ 188.114.97.1
2022-11-30 04:31:58 +0000
0 - 0 - 1 allegeturbulent.top/ 188.114.97.1
2022-11-30 04:28:36 +0000
0 - 0 - 1 chorusembargo.top/ 188.114.97.1
2022-11-30 04:15:51 +0000
0 - 0 - 2 inventstrand.top/ 188.114.97.1
2022-11-30 04:13:11 +0000
0 - 0 - 3 bcdghiq12jk345ef--loading.3mkzx41dr8.xyz/spec (...) 188.114.97.1

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-30 04:43:03 +0000
0 - 0 - 1 cdn.socialites.io/banner.html 104.21.234.41
2022-11-30 04:42:32 +0000
0 - 0 - 2 neexulro.net/-100005IPOZ/http:?rndad=18068870 (...) 104.21.0.99
2022-11-30 04:40:56 +0000
0 - 0 - 3 medlyves-test.me/ 172.67.148.69
2022-11-30 04:40:19 +0000
19 - 0 - 0 sea-lion-app-k3uwt.ondigitalocean.app/werrx01 (...) 104.16.244.78
2022-11-30 04:38:58 +0000
0 - 0 - 4 g90pc.top/?y=ep1669214228 172.67.221.113

Last 1 reports on domain: investonim.com

Date UQ / IDS / BL URL IP
2022-09-19 06:47:22 +0000
0 - 0 - 14 investonim.com/taiwan?utm_source=ad_20&utm_me (...) 188.114.97.1

No other reports with similar screenshot



JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (37)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 06:12:39 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VDFkNNAuArCqvgqgher4mwYa7MqkCO3GunJwm1fhZwlH1StieW_dxw==
Age: 2072


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15661
Expires: Mon, 19 Sep 2022 11:08:12 GMT
Date: Mon, 19 Sep 2022 06:47:11 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iern2Aqb7RFttFLhWpGbTDVaxQ2qbvVswCrIxzE_FbXFzSaq74NywQ==
age: 7918
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /taiwan?utm_source=ad_20&utm_medium=tw.msn.com&utm_campaign=Investonim%20%3C%E7%94%B7%E5%AD%90%E5%A4%B1%E6%A5%AD%EF%BC%8C%E7%84%A1%E6%B3%95%E9%A4%8A&utm_content=%E5%8F%B0%E7%81%A3%E9%8A%80%E8%A1%8C%E4%B8%8D%E6%83%B3%E8%AE%93%E4%BD%A0%E7%9C%8B%E9%80%99%E5%80%8B%EF%BC%8C%E4%BD%86%E4%BB%96%E5%80%91%E7%8F%BE%E5%9C%A8%E4%B8%8D%E8%83%BD%E9%98%BB HTTP/1.1 
Host: investonim.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         188.114.97.1
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 19 Sep 2022 06:47:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://investonim.com/taiwan?utm_source=ad_20&utm_medium=tw.msn.com&utm_campaign=Investonim%20%3C%E7%94%B7%E5%AD%90%E5%A4%B1%E6%A5%AD%EF%BC%8C%E7%84%A1%E6%B3%95%E9%A4%8A&utm_content=%E5%8F%B0%E7%81%A3%E9%8A%80%E8%A1%8C%E4%B8%8D%E6%83%B3%E8%AE%93%E4%BD%A0%E7%9C%8B%E9%80%99%E5%80%8B%EF%BC%8C%E4%BD%86%E4%BB%96%E5%80%91%E7%8F%BE%E5%9C%A8%E4%B8%8D%E8%83%BD%E9%98%BB
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=om9FLA57xlw0fGJlprBa%2FyQWZuK%2BbNjqa5KTnx0IE1btbw%2FQGoEGo4T8%2BiFAUh2ZvhUCQ30b7GMpIfi%2FGLUGwPq%2BGsYKAH8duMOhuqTpW%2BQTC2PzbkF0gdCR3xP3%2FHfMkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74d05e55c989b50c-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (425)
Size:   758
Md5:    4b87b4c104bc21943424fc63e524fdea
Sha1:   13ccee8779014cb9449a49aa52f8d2a5c6e232b4
Sha256: 0f22d0cd079a9ca08e9ed5af474709c77ea3fd27a43bf1b7b8ca145eb6b8edd3
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 19 Sep 2022 06:47:11 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 19 Sep 2022 06:03:22 GMT
Cache-Control: max-age=3600
Expires: Mon, 19 Sep 2022 06:17:23 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 90sCBjjzaVfLAUhA6FGo7ltdOCWRHBkX7jN8RuwvTrnfpZtGLgC5wQ==
Age: 2629


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4739
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 06:47:11 GMT
Last-Modified: Mon, 19 Sep 2022 05:28:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5eX5LtWQEIZ0pIazdKmNBw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.149.83.187
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LcESkzlIZszvZyQEdjfsyY/mAOA=

                                        
                                            GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 19 Sep 2022 06:47:12 GMT
content-length: 26909
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14e4a"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 2284556
expires: Sat, 09 Sep 2023 06:47:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bn3aUacLINyLyq6d3vrM4nXl%2BDKEPPcAsdNfysGyiUFZjj3IkmXSyhtB9BBy5DcEa1QM2diTiFD50AYaryqyjly%2FvsG7QQbDKsVG5LdnRvOBxSn7wBZpKU2HPdZJbXVMabMsUa6A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74d05e6068d6b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32065)
Size:   26909
Md5:    63827323c175768ccb0e8ed54589a3e5
Sha1:   9760e238d6ecced66396798559f70593793d801e
Sha256: 196f9479a27db836a2a7454e222f0cb52d4eeb162e0a50e69401ba1a8d81b564
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "A3238D75885122B724465A4C6668989C5EEC4E35AF31B515A309464500278A54"
Last-Modified: Sun, 18 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 19 Sep 2022 12:47:12 GMT
Date: Mon, 19 Sep 2022 06:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "A3238D75885122B724465A4C6668989C5EEC4E35AF31B515A309464500278A54"
Last-Modified: Sun, 18 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21554
Expires: Mon, 19 Sep 2022 12:46:26 GMT
Date: Mon, 19 Sep 2022 06:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "951D9545E967DCA92FBAB1A1299A38DFB7383D96222BD4E53BEAF32D14D011C1"
Last-Modified: Sat, 17 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 19 Sep 2022 12:47:12 GMT
Date: Mon, 19 Sep 2022 06:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "951D9545E967DCA92FBAB1A1299A38DFB7383D96222BD4E53BEAF32D14D011C1"
Last-Modified: Sat, 17 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 19 Sep 2022 12:47:12 GMT
Date: Mon, 19 Sep 2022 06:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "951D9545E967DCA92FBAB1A1299A38DFB7383D96222BD4E53BEAF32D14D011C1"
Last-Modified: Sat, 17 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21556
Expires: Mon, 19 Sep 2022 12:46:28 GMT
Date: Mon, 19 Sep 2022 06:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "951D9545E967DCA92FBAB1A1299A38DFB7383D96222BD4E53BEAF32D14D011C1"
Last-Modified: Sat, 17 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21555
Expires: Mon, 19 Sep 2022 12:46:28 GMT
Date: Mon, 19 Sep 2022 06:47:13 GMT
Connection: keep-alive

                                        
                                            GET /landings/G9wr22QWusP6/img/f4.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 40325
last-modified: Fri, 22 Jul 2022 08:53:02 GMT
etag: "62da656e-9d85"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOx7fqrAIknU9bztp2p3PdVbwSf8vvDpqChTFVCdEf4%2FlD8dY7HcCBmUNcwRZypJ7bI1XbzqhKuhzW6HciQcwkvmpMZg90W5OwFvyz%2BNpYY%2F492hGgm%2B8q6x93Mt9AUmCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8d5b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:07:22 11:53:02], baseline, precision 8, 568x342, components 3\012- data
Size:   40325
Md5:    86703d80c0631de5c9b0faec22b0d85f
Sha1:   c8452f4c86d7793827f77622cfd8dc2de33eb55f
Sha256: 1e9ef0ff3204d3a5a2ae6ed0ed36ec8dd170da996d7e07baf4fd6867101bfb7d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/img/s3.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 72276
last-modified: Wed, 13 Jul 2022 12:32:08 GMT
etag: "62cebb48-11a54"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8CcW2VlblEpL7%2B3%2FzhejyAOq0NCSheSAQ4bvRGEcFxq0%2BekO%2BQFno2Y1OIF0ypNRPe8JerhuFUMCZpK%2F4uNqtuY6MmUvDMOoEYSh4AlMPI1rJHHxfD03GjwpLOSSDBBM0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8cfb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:07:13 15:32:08], baseline, precision 8, 892x876, components 3\012- data
Size:   72276
Md5:    be30a84363c31543e00df1cedf4a09b5
Sha1:   cc5db8d857704c1334025a95e22f4ea072662621
Sha256: 145c78efdc4eda391e0b87fd7f754bbc67472fe4e9f019450ae846f1a0b26f10

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/img/f3.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 104154
last-modified: Wed, 06 Jul 2022 13:20:56 GMT
etag: "62c58c38-196da"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i1lWlyDIXnJJ0OV3ox3TfWqiHUhm2F0XNZ2mpL%2FBa966EAkxDg4PYLytnN01fzRwgROVSxeEvd2WeB9thYPAzvi03icNt8BsQ8rZn8gKiDuSGdnCm7sIeFKUUp0d536L2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8d2b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=3733, bps=218, compression=none, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D600, orientation=upper-left, width=5592], progressive, precision 8, 1200x801, components 3\012- data
Size:   104154
Md5:    9344669a36d15b32965d6b389a1283cc
Sha1:   c9f1e04f9723e9f93b83684517f866779da05b34
Sha256: 24f7fa866ea5d1f79be5b86728a8dfe613e671a1a99beaec797055ff0794dd9b

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3596
Expires: Mon, 19 Sep 2022 07:47:09 GMT
Date: Mon, 19 Sep 2022 06:47:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3596
Expires: Mon, 19 Sep 2022 07:47:09 GMT
Date: Mon, 19 Sep 2022 06:47:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E64C0C03925BDFAA2520D90339C90D1F8D98C432441ADB771DFE1E818220F06F"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3596
Expires: Mon, 19 Sep 2022 07:47:09 GMT
Date: Mon, 19 Sep 2022 06:47:13 GMT
Connection: keep-alive

                                        
                                            GET /taiwan?utm_source=ad_20&utm_medium=tw.msn.com&utm_campaign=Investonim%20%3C%E7%94%B7%E5%AD%90%E5%A4%B1%E6%A5%AD%EF%BC%8C%E7%84%A1%E6%B3%95%E9%A4%8A&utm_content=%E5%8F%B0%E7%81%A3%E9%8A%80%E8%A1%8C%E4%B8%8D%E6%83%B3%E8%AE%93%E4%BD%A0%E7%9C%8B%E9%80%99%E5%80%8B%EF%BC%8C%E4%BD%86%E4%BB%96%E5%80%91%E7%8F%BE%E5%9C%A8%E4%B8%8D%E8%83%BD%E9%98%BB HTTP/1.1 
Host: investonim.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         188.114.97.1
HTTP/2 301 Moved Permanently
content-type: text/html; charset=iso-8859-1
                                        
date: Mon, 19 Sep 2022 06:47:11 GMT
location: https://investonim.com/taiwan/?utm_source=ad_20&utm_medium=tw.msn.com&utm_campaign=Investonim%20%3C%E7%94%B7%E5%AD%90%E5%A4%B1%E6%A5%AD%EF%BC%8C%E7%84%A1%E6%B3%95%E9%A4%8A&utm_content=%E5%8F%B0%E7%81%A3%E9%8A%80%E8%A1%8C%E4%B8%8D%E6%83%B3%E8%AE%93%E4%BD%A0%E7%9C%8B%E9%80%99%E5%80%8B%EF%BC%8C%E4%BD%86%E4%BB%96%E5%80%91%E7%8F%BE%E5%9C%A8%E4%B8%8D%E8%83%BD%E9%98%BB
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zPjwP0xe7AJgVdAn6kf7wmFSlXAm1OKwedO%2BvDmojc8Ba9CayI0puqxG%2BEObO4LVP5y7mbT6XamBDVeFkzGRqCjOfTYGwYacHwUepw2zVN8s%2B49Jp9ijZGe4wJgIzXNpXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74d05e580f951bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   8325
Md5:    171f4e3a2608ccbeebde918c7747e882
Sha1:   c7960c39ba3a5ada79a09e816a1d403dcae1a492
Sha256: 001a26e4d5399ea26251021c8de22147bf9a1c8c6749b2cd96f05fe7a0580975
                                        
                                            GET /landings/G9wr22QWusP6/img/portrain_photo.png HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 62730
last-modified: Thu, 07 Jul 2022 09:13:20 GMT
etag: "62c6a3b0-f50a"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nGnXvP6lKI6ijTYjmACsXV5snwRUgoHWsi0%2F%2F8C3ZSq0b833RLrLYq0IBNi9ZtpENaE1gXtPF1t2Tluq%2BwtM2BVtSrfLxNC95%2FJudB0z1D3iybwJsqv3LdRL6RU1GRS3NA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8cbb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 206 x 220, 8-bit/color RGBA, non-interlaced\012- data
Size:   62730
Md5:    06b3bd9bbcf702e104605c67f3a14d8c
Sha1:   1996689d42640567071d9aff0dc1919bd7edb0a9
Sha256: dc8e958ca8340742752692bf43c0587f8f5ec2a85b57387a304703a140f80ae3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6428
x-amzn-requestid: 7dd3072b-403a-4bb4-b8c4-58a6d7c254f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YRmgCGJVIAMFk5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d5133-0756be8c75da02a857e36a2f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 03:08:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nD62kVNMZRvoZaM85m1kNlgU-KOj2X7tqhy9cPxGJFaBHCMVEsvWXQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:45 GMT
age: 32008
etag: "480182fd29c7edd369339847b85e4e2580cef0f6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6428
Md5:    893f3495f1f575e946a57c8e8411b2a5
Sha1:   480182fd29c7edd369339847b85e4e2580cef0f6
Sha256: 097d868881231eae089ac8b97d5dc290583477f63dc35b7458ed4898e0db3e0c
                                        
                                            GET /landings/G9wr22QWusP6/css/logo.css HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
last-modified: Fri, 13 May 2022 15:22:00 GMT
etag: W/"627e7798-195"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJCvUcjQyeQOCL1Y0MmfhaTVA9b9Hw9r%2Fvs09I0e%2Fg4zY7X785lEVqPSXn4U6AVBm4Wp4ToCvyDPhiXET4IHPxL9vtDt75FsqbvQqhio9ZhRIisyB8gOinDVTqPe2qcjVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61d90cb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text
Size:   8918
Md5:    6e4dc1e0f1317870ca3767bec5e6194e
Sha1:   1647341cc9839e207771c559d0943dd462288bc3
Sha256: 99112f8ff428702556cc2ac33cb41de6ef32c760cd67165da290734472597e90

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a5d9ce-7d6b-4006-832c-dda7f7999129.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9371
x-amzn-requestid: dd94b1a0-f6a1-4e41-8b97-9c9904b6f6b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRFF6rIAMFY2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf39-289c5acb4e5bcb715b689f55;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ru8zmqf8FBNIJatpnkFCgjq49arUFR2o8pqE50dzLOXsgsyaf5oMKg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 10:16:51 GMT
age: 73822
etag: "3f24ca8e9c96f3c9ca2e95946f1f67d242c7e5df"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9371
Md5:    f99c08fdd1a74ec569e02207b9919df8
Sha1:   3f24ca8e9c96f3c9ca2e95946f1f67d242c7e5df
Sha256: 7b5f48166db186dcf19987f5f91cb03cbd069ec74de8ea42059626019b00fc14
                                        
                                            GET /releases/v5.0.4/css/all.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://investonim.com
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.168.32
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
x-amz-id-2: M4TFMkJDrQlK7DsNv3nS9VjahPO71lyRn+5ZwInTPFimQ4AiGcQvX684D+puXI28ubkC3a/qr7Y=
x-amz-request-id: NPT48842QG7CH1Y3
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:27:48 GMT
etag: W/"bc230296e25b578ef593d18e06365424"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5UCgiPanq%2FUJ81BDUk%2FB%2BfD8sUuGiBIj97e0Z5fdDrOK1AlITpRpxVz6U3Kc3AAO5CXx7WnKsIEKF4tut4pk4ck0UUiSmLexL5hGWc9qQEck1QM6cFTgaCVlpeLmiwPCDeEQBsM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74d05e60c9f27759-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (33714)
Size:   16868
Md5:    6cb65196a5a088be720efeb58dd642b4
Sha1:   3e4699724b3f24f8810bfa84868d5eff050474ef
Sha256: a3fc6dee3a73eb42d8371e1242ab42b12e4ff37631c5b8c54c6d5bae9b9ee908
                                        
                                            GET /landings/G9wr22QWusP6/css/style.css HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
last-modified: Wed, 06 Jul 2022 16:32:10 GMT
etag: W/"62c5b90a-2f99"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YPM0HKqCdymQVM7ShQco%2F4ZQvG7cMqlb5jsCrTXFJtPJkt7D50hm20IEPaj7M0OQ3uTClpmYZ6XemqPP4jP28ohWnks4XK0t7hJnWOqG1Bq81oFXpmGUP5BAxEkfNE63CQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8c7b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text
Size:   10780
Md5:    04173acc839140855da3fe46efaf9d99
Sha1:   14af555266473a551ebbe9c19669075dfce7410c
Sha256: 772a492f73d64140152befd63d15ae432f41adea1584137aa0617a48c3ce6219

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad78a6f9-e73d-465c-b7fd-7c8b261e5825.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4878
x-amzn-requestid: 2d39705a-e054-428a-a3c8-fc0b12e70724
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeH-EGvAoAMFZSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322538d-6ca748d854879c6b0d6194cd;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:19:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: f_oUXd6cq-KWQHisWISSBu2cMNK706Zy8EhLTx1Ij8YVkKYJNpwPjA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 04:20:07 GMT
age: 8826
etag: "e1b634652b4112c30f80745059523cbfce09365a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4878
Md5:    672ffe8377dcaf5bad2d7e4534441984
Sha1:   e1b634652b4112c30f80745059523cbfce09365a
Sha256: a4b6bcfb246be2d02b5d04b49f9d8c13fef8661abc7d9f146d5cc9c766fc96f1
                                        
                                            GET /landings/G9wr22QWusP6/img/bitcoin_future_side_step1.png HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 54247
last-modified: Wed, 13 Jul 2022 12:28:46 GMT
etag: "62ceba7e-d3e7"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uGZw86z5bnThDbVVDPwe4hPtzngQCrukoBJyAlu5drlF6v24IPyX%2B2Yz5STRYHD2pOsadAH5kvsO%2FHBhMAJJ%2B8ZXDdjWNgoLn5%2Bceqw9ysx3raW%2FHiawTy2VWOtkGwZ20A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8ccb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 402 x 492, 8-bit/color RGBA, non-interlaced\012- data
Size:   54247
Md5:    75d0bcb64776fc5d1310be6bd52ec4a2
Sha1:   0290a70ef1139f80091164b2591c890ab10e1638
Sha256: 0bddd4e0eec29930d944d4cd9cc5df4af40caf2537fddfbf827538818b28a906

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/img/f5.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 122234
last-modified: Wed, 06 Jul 2022 13:24:12 GMT
etag: "62c58cfc-1dd7a"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rYrcJQEloOObcAlHF5jc0ef7JahR4uiAz5VjBq%2BLlpxnN%2FPWgTJ0%2BcW8yT0aPPCL9flYDlF0KxoBgb0tm4dDXnZT%2FobyoC%2FZ6IGmYp%2BnOa%2B0GZl7TagJlHnQQWp2qj%2FayA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8d7b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=3733, bps=218, compression=none, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D600, orientation=upper-left, width=5592], progressive, precision 8, 1200x801, components 3\012- data
Size:   122234
Md5:    417754765431d36259cbb1b3b4fb372b
Sha1:   5e5be37da20484ae723898eee08dc5733beb5b2f
Sha256: 2048784d60728b5a08517f25dd61d09c925ec702a9e0edaf976dc2b3023be486

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/img/s2.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 38123
last-modified: Wed, 13 Jul 2022 12:28:48 GMT
etag: "62ceba80-94eb"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ur5X2r9NudnaZYu4nj62uVhwb8MvnLRfWH5tNFqw1VKFkXBCIg88fJbeWRGJkDDebGs7R2SN%2BaSK00%2BTlQLUcMxwNJmiCjzef7%2FZXyWywjdcdLS3M5gcawrQ52L4Fj6IIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8ceb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:06:20 12:14:02], baseline, precision 8, 786x546, components 3\012- data
Size:   38123
Md5:    b73e8b34eaf79ac1d0fd9ca75bb5b499
Sha1:   bb8141764f3eaeebee1174e10770ac38bbf64388
Sha256: e63153481af9148e82e659be35ee2ec9b7ae0c5fd07d2bde077f4af4efec4e3b

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/img/f6.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 17957
last-modified: Wed, 06 Jul 2022 13:30:26 GMT
etag: "62c58e72-4625"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=81ZowkzVy7Uem7KFAhDTB2xLn1Sfgc61fuscEAkVTj1l7NEvL81soD6cM1hxfVNEpTaAnDNgA5bGic9XQfD%2F2mYkdPab%2BNleKh4SZDC1bDsRham821lM5whfTJY%2Bz7zoBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8deb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 600x275, components 3\012- data
Size:   17957
Md5:    048074f1531f9d08cc3056bdc9ad8c6b
Sha1:   be66adc2383adc933774b88897bd96da142437e9
Sha256: 98b42f84d252c4c47ccfacd58b38b05f28df5317f11bf6a7fea881329c5190e8

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/img/f7.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 106363
last-modified: Wed, 06 Jul 2022 13:24:44 GMT
etag: "62c58d1c-19f7b"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vS9LYafTTB2T%2BSJ%2BsRnxhyOm82tN4UFh5UmWzZvpvTVEc5evtDdZixTa18UmXWtP%2FTzNJtv5O67rq%2B%2FKRY%2FzZ8N2etm%2BfRn181oYX7Fz5YPxMdd4b3Sa7EXU0r2X8PObuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8e2b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=3733, bps=218, compression=none, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D600, orientation=upper-left, width=5592], progressive, precision 8, 1200x801, components 3\012- data
Size:   106363
Md5:    ed11d42c8c904ef594a7ea90ea8ead4a
Sha1:   e7c33c7f09d8c71a72e36b4f2b234ed7953b72f3
Sha256: 8067493bdbcc16e85de61fe05a1b2758c40356eaa86eeba4da6f3c57117d1d66

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/img/f2.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 170423
last-modified: Wed, 06 Jul 2022 13:26:34 GMT
etag: "62c58d8a-299b7"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oTVDD6Gxl%2BwM5qhG2jB14bnr3tw7%2BdI4loZ4psGuZvf3FYoy%2Ba1ydNjYRMPirQYRY1RhZnTc9RzuBJZx8wN6YYclrvxbdwKrRIiRPkbhGpSZqdQKz57EA1HTY9SyloVWqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8d0b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=3733, bps=218, compression=none, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D600, orientation=upper-left, width=5592], progressive, precision 8, 1200x801, components 3\012- data
Size:   170423
Md5:    adf6879bdf71d1602058f6bab53c246e
Sha1:   c83caa0d8fc5dafad7464053d645c16f0703b09f
Sha256: 14f55026311232ccb0cd29930077f2b20f03a032f7b01959697f7f6e977d67b9

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/img/f8.jpg HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
content-length: 690459
last-modified: Wed, 06 Jul 2022 13:22:38 GMT
etag: "62c58c9e-a891b"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59Du4q1tAAbfuTYv%2B7tbitV2UNZfTjJeFK3ThR3MncgQJopah9EHA3WYS5YvEifsOQZ55d8JnGoHE94%2Fp5e0Jss8IYTGFSxqgxXA6OQdizkVGrBZqJqN1fhXvzrtfZ%2BF%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61b8c9b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=17, height=3733, bps=218, compression=none, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D600, orientation=upper-left, width=5592], progressive, precision 8, 1200x801, components 3\012- data
Size:   690459
Md5:    ba01b8f53ff80a21b10012499a26c84c
Sha1:   0396f857e41fc832862937f383e9b4dd15886b21
Sha256: 7bdf32fc8d3bd4105589264deaa508adfc83037fa37daaf16b524702239d9c59

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landings/G9wr22QWusP6/css/bootstrap.min.css HTTP/1.1 
Host: fin-report.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://investonim.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.114.96.1
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 19 Sep 2022 06:47:13 GMT
last-modified: Fri, 13 May 2022 15:22:00 GMT
etag: W/"627e7798-1e4ea"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HhQY4IW%2FeM%2BEGKm%2B2DaZWJTp4VTipoIk3fXc%2FIdSsYmJ7cwRCMpQ2cZAO%2BmujqIfU3KewWSjg%2BTkS7Q8f2ge9HxId4l2qyTKGKqnMWW9p%2FneiUPR4O7XeZxCZsvjUBIT9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d05e61c8e7b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed