Overview

URL ghjhgol.tk/mnm/
IP66.96.147.117
ASNBIZLAND-SD
Location United States
Report completed2022-08-05 18:30:41 UTC
StatusLoading report..
urlquery Alerts Phishing website detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Added / Verified Severity Host Comment
2022-08-05 2 shopget24.com Sinkholed


Files

No files detected



Passive DNS (15)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] cdnjs.cloudflare.com (1) 235 2014-04-23 07:31:51 UTC 2022-05-16 10:07:49 UTC 104.17.25.14
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-08-05 06:49:03 UTC 34.120.237.76
[Mnemonic Passive DNS] maxcdn.bootstrapcdn.com (1) 724 2017-01-30 05:00:47 UTC 2021-03-05 11:52:46 UTC 104.18.10.207
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.35
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-08-05 05:06:42 UTC 54.230.111.99
[Mnemonic Passive DNS] code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2022-08-05 05:01:28 UTC 69.16.175.10
[Mnemonic Passive DNS] shopget24.com (1) 0 2018-08-23 13:37:43 UTC 2022-08-05 14:03:40 UTC 104.219.248.46 Unknown ranking
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-08-05 05:06:17 UTC 35.80.180.169
[Mnemonic Passive DNS] ghjhgol.tk (3) 0 No data No data 66.96.147.117 Unknown ranking
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] ocsp.digicert.com (3) 86 2012-11-29 12:49:49 UTC 2022-08-05 10:07:16 UTC 93.184.220.29
[Mnemonic Passive DNS] ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-08-05 04:56:14 UTC 142.250.74.3
[Mnemonic Passive DNS] r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-08-05 04:57:18 UTC 23.36.76.226
[Mnemonic Passive DNS] ajax.googleapis.com (1) 12905 2017-01-30 05:00:30 UTC 2019-10-16 05:01:16 UTC 142.250.74.42
[Mnemonic Passive DNS] ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-08-05 17:03:49 UTC 104.18.32.68


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 66.96.147.117

Date UQ / IDS / BL URL IP
2022-08-07 20:02:15 +0000
0 - 0 - 46 unitedhorus.com/ 66.96.147.117
2022-08-07 05:15:11 +0000
0 - 0 - 2 ipessolutions.com/ 66.96.147.117
2022-08-07 05:15:00 +0000
0 - 0 - 2 ipessolutions.com/ 66.96.147.117
2022-08-06 10:54:31 +0000
2 - 0 - 2 https://ghjhgol.tk/mnm/ 66.96.147.117
2022-07-27 19:43:10 +0000
0 - 0 - 0 https://www.dealctr.com/ext/bai.php 66.96.147.117
2022-07-21 01:34:43 +0000
0 - 0 - 11 jumazi.com/tmp/ssss.php 66.96.147.117
2022-07-07 07:17:25 +0000
0 - 0 - 2 scaviolaw.com/ 66.96.147.117
2022-06-26 22:22:45 +0000
0 - 0 - 1 nriloan.jctoursandtravels.in/files/nodisexur.pdf 66.96.147.117
2022-06-24 11:40:47 +0000
0 - 0 - 1 nriloan.jctoursandtravels.in/files/nodisexur.pdf 66.96.147.117
2022-06-21 21:13:02 +0000
0 - 0 - 1 nriloan.jctoursandtravels.in/files/nodisexur.pdf 66.96.147.117

Last 10 reports on ASN: BIZLAND-SD

Date UQ / IDS / BL URL IP
2022-08-08 16:09:50 +0000
0 - 0 - 3 visionnextgroup.net/saharaUK/2UXmSjlPLoroRMOj (...) 66.96.133.4
2022-08-08 15:43:24 +0000
0 - 0 - 3 wanderlustphtravel.com/cgi-bin/QphfoQq4t/ 66.96.147.96
2022-08-08 15:11:06 +0000
0 - 0 - 3 https://dhsoftware.com.au/downloads/SpacesIns (...) 66.96.147.160
2022-08-08 14:25:06 +0000
0 - 0 - 5 humancultivation.com/ 66.96.162.147
2022-08-08 10:31:03 +0000
0 - 0 - 1 firop.com/ 207.148.248.143
2022-08-08 09:49:27 +0000
0 - 0 - 2 digallstate.com/?q=3as1Jpn1Teib82Rrpnfl+MYDd4 (...) 66.96.162.128
2022-08-08 03:48:42 +0000
0 - 0 - 1 alwillislifecenter.org/ckfinder/userfiles/files/ 66.96.147.96
2022-08-08 03:12:43 +0000
0 - 0 - 1 datawys.com/FILE/Invoice-361567 66.96.147.96
2022-08-07 20:02:15 +0000
0 - 0 - 46 unitedhorus.com/ 66.96.147.117
2022-08-07 20:01:15 +0000
0 - 0 - 2 chronospace.net/ 66.96.162.129

Last 1 reports on domain: ghjhgol.tk

Date UQ / IDS / BL URL IP
2022-08-06 10:54:31 +0000
2 - 0 - 2 https://ghjhgol.tk/mnm/ 66.96.147.117


JavaScript

Executed Scripts (6)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (31)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 05 Aug 2022 18:00:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -HXtRwecWKtVLdpgAG2nrDsCKJfN4JSsLedJ7qbs4Jh4Ojk8ZK_Jtg==
Age: 1772


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F055127A4794D0F76CB4DF8F290DF8E259258A63398A700F592C859DFFE9AC34"
Last-Modified: Thu, 04 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9106
Expires: Fri, 05 Aug 2022 21:02:17 GMT
Date: Fri, 05 Aug 2022 18:30:31 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-09-19-18-34-07.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.99
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Sun, 31 Jul 2022 18:34:08 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 05 Aug 2022 04:15:27 GMT
etag: "578b9ff83ff3950ab2a3d1a8344d2938"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DiTp3rlXw6JgFJoBy5TO7jyxAHr8x2iPCcoDM9dNCq4Vr2tdFXmsug==
age: 51305
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    578b9ff83ff3950ab2a3d1a8344d2938
Sha1:   39d48b67ba6aa45ec01767725e726cf9b0c87a70
Sha256: 35c99da9a5463a4788ceab7cf4b027bb25506cde28ace36c70d0bc924138f2f5
                                        
                                            GET /mnm/ HTTP/1.1 
Host: ghjhgol.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         66.96.147.117
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 05 Aug 2022 18:30:31 GMT
Content-Length: 207
Connection: keep-alive
Server: Apache/2
Location: https://ghjhgol.tk/mnm/
Cache-Control: max-age=3600
Expires: Fri, 05 Aug 2022 19:30:31 GMT
Age: 1


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   207
Md5:    65b373093ff99cdef12ca478d2b478b5
Sha1:   d6729247eed4a103943423623b07e8716e8b2ca3
Sha256: f10dfcad6b8790838eadcbc00ab57d8b66a47db542a647d64935f6e9d3a98695
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 05 Aug 2022 18:30:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D5828AAB8F17345437BE2F5B496DB764A79B98120707BC21A4E0E44E2D675E5A"
Last-Modified: Thu, 04 Aug 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21557
Expires: Sat, 06 Aug 2022 00:29:48 GMT
Date: Fri, 05 Aug 2022 18:30:31 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 05 Aug 2022 17:35:27 GMT
Expires: Fri, 05 Aug 2022 18:30:38 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vK9YnXPwf_ZIMTBaDiEkfsxpp8mcbWhDenuEpr66Z63F7A2MwfI4gw==
Age: 3304


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4036
Cache-Control: max-age=139446
Date: Fri, 05 Aug 2022 18:30:31 GMT
Etag: "62eccfb9-1d7"
Expires: Sun, 07 Aug 2022 09:14:37 GMT
Last-Modified: Fri, 05 Aug 2022 08:07:21 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 05 Aug 2022 18:30:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 05 Aug 2022 18:30:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /mnm/ HTTP/1.1 
Host: ghjhgol.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         66.96.147.117
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 05 Aug 2022 18:30:31 GMT
Content-Length: 679652
Connection: keep-alive
Server: Apache/2
X-Powered-By: PHP/7.4.10
Age: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (49679), with CRLF line terminators
Size:   679652
Md5:    6216465d51662fd223c5a80bb91cf54e
Sha1:   6ce88f43b49ff0cc3efe9b5f35955d72b183d1be
Sha256: 34c8dbd1f703745751e2b6a3a4e9a4dac2b4452d6183e10661241aedd4e7e41c
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KqZMHmroNBsI1RVzUIoJIA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.80.180.169
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5RT5Kx9o05wHrVK4dmUX9+YmAiY=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5288
Cache-Control: 'max-age=158059'
Date: Fri, 05 Aug 2022 18:30:32 GMT
Last-Modified: Fri, 05 Aug 2022 17:02:25 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /jquery-3.2.1.slim.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ghjhgol.tk
Connection: keep-alive
Referer: https://ghjhgol.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.10
HTTP/2 200 OK
                                        
date: Fri, 05 Aug 2022 18:30:32 GMT
content-encoding: gzip
content-length: 23856
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-10fdd"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1659724232.dop069.sk1.t,1659724232.cds210.sk1.hn,1659724232.cds253.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32012)
Size:   23856
Md5:    30f5157a965bc792a83e9bacfe265f03
Sha1:   8330886371fe27f3cbac509e0ac9712207574c66
Sha256: 4d12cab1f84ec2ac780bc8e0d865d9c61025be579c78d6532d76f0574d17fca0
                                        
                                            GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ghjhgol.tk
Connection: keep-alive
Referer: https://ghjhgol.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
                                        
date: Fri, 05 Aug 2022 18:30:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5170394
expires: Wed, 26 Jul 2023 18:30:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tC0feBBiwDLK9fnjx%2BoWG%2BKOyg476FEs80%2BHKlo%2BIBUo8wOQXCSFpBx48HmTLTKQPGft6Vx0o7OkVhScj%2BqqY7wMfd25yOUvvN1FB7ZzxLGURExRq9UtAyIMZv6pQCfy9Q2cE%2FA7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 73619ac3dcdab4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19015)
Size:   6157
Md5:    7b4114faa411d059a9a5ac4b5b4d9dee
Sha1:   277da4486916fa3a4ab3375f47bc98f58dbf90f6
Sha256: 60b3528de2f7d48cbb335d19dddef756aaacc70f73d4254a2ef17978a14ca0d9
                                        
                                            GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ghjhgol.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.42
HTTP/2 200 OK
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 30 Jul 2022 15:00:14 GMT
expires: Sun, 30 Jul 2023 15:00:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 531018
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32065)
Size:   30028
Md5:    6d973c8b7e2439d958e09c0a1ab9fe50
Sha1:   05ae0830200c20b9a2dfd5a825adc400481a60fb
Sha256: f3c122dc227e829ed96b2a754296809201bd78abbad7ba50ef5079654e1cc894
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5288
Cache-Control: 'max-age=158059'
Date: Fri, 05 Aug 2022 18:30:32 GMT
Last-Modified: Fri, 05 Aug 2022 17:02:25 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ghjhgol.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ghjhgol.tk/mnm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         66.96.147.117
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Fri, 05 Aug 2022 18:30:32 GMT
Content-Length: 0
Connection: keep-alive
Server: Apache/2
Cache-Control: max-age=86400
Age: 5252

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 05 Aug 2022 18:30:32 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 05 Aug 2022 09:40:07 GMT
Expires: Fri, 12 Aug 2022 09:40:07 GMT
ETag: D35E01190E047A1F425D10EE042177273AB01A0F
Cache-Control: max-age=572374,s-maxage=1800,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp14
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 73619ac5bfe3b4f3-OSL

                                        
                                            GET /images/sampledata/hack-run.png HTTP/1.1 
Host: shopget24.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ghjhgol.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.219.248.46
HTTP/2 200 OK
                                        
x-powered-by: PHP/7.2.34
content-type: image/png
cache-control: public, max-age=604800
expires: Fri, 12 Aug 2022 18:30:32 GMT
content-length: 0
date: Fri, 05 Aug 2022 18:30:32 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing website detected
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632"
Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14775
Expires: Fri, 05 Aug 2022 22:36:48 GMT
Date: Fri, 05 Aug 2022 18:30:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632"
Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14775
Expires: Fri, 05 Aug 2022 22:36:48 GMT
Date: Fri, 05 Aug 2022 18:30:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632"
Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14775
Expires: Fri, 05 Aug 2022 22:36:48 GMT
Date: Fri, 05 Aug 2022 18:30:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632"
Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14775
Expires: Fri, 05 Aug 2022 22:36:48 GMT
Date: Fri, 05 Aug 2022 18:30:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D129895DD82ACE0D70FE0D261B7C2E924E869686CEDF20C238EFA6BFDF5E632"
Last-Modified: Wed, 03 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14775
Expires: Fri, 05 Aug 2022 22:36:48 GMT
Date: Fri, 05 Aug 2022 18:30:33 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc784bce7-8d03-4e3d-9cb0-d693727bdedd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 12738
x-amzn-requestid: 75aa2a01-23f9-4d26-9393-0e34bdb7d919
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: WW5NRF3DIAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62ec3bee-129cb6d10824a106136f1901;Sampled=0
x-amzn-remapped-date: Thu, 04 Aug 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: zCQQHy19EggGF1tdmZM8bsFtgu2HFsgt7x7SZQkUD5_Yu1gg8HHAgQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 9b34a4c8b07eed6c2ff20b5adbbfa7c4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 04 Aug 2022 21:48:46 GMT
age: 74507
etag: "9f64c3f3eb43707d06563dfbc45973fd8cec914f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12738
Md5:    0cc5d2ca53e113f75d06592dc99af438
Sha1:   9f64c3f3eb43707d06563dfbc45973fd8cec914f
Sha256: 26c5a16d97987bce61cbaab0c193d70f6700d39d2b5ec35b34a0745dd776e735
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44742514-d09b-47c6-b87d-280489ead14e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 9292
x-amzn-requestid: c6a6620d-ba85-449e-a929-fb7d2b692c6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: WW5OTFm9oAMFuQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62ec3bf4-446d4a213934612121414e0e;Sampled=0
x-amzn-remapped-date: Thu, 04 Aug 2022 21:36:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rw5y6PQ9wifAQH8BbmWL1fKqEO8zXfPDR1mI6CzVGfhHaUdPCQ6vCw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 04 Aug 2022 21:58:00 GMT
age: 73953
etag: "969984181328d015607367853b091829686da82f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9292
Md5:    34a74b92d9fc09b11d5e239c1f7238d8
Sha1:   969984181328d015607367853b091829686da82f
Sha256: 09c99cdf79f21a52764e9c264ce1da90b0e74ddd28b1bba5bc3fc3f208570a66
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bda9d1d-e7d2-4beb-b172-566cac219173.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6163
x-amzn-requestid: 687c508e-a82c-4e31-a3a8-278b79ddfbd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: WW5OfEHTIAMFk_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62ec3bf6-7d981f0f11fb67e03c1baec9;Sampled=0
x-amzn-remapped-date: Thu, 04 Aug 2022 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: O8wKpJxcUDxg7LXn7DOYkTE4nBhiiuqiBV-Cvihtz_jTQBTdQwGQnQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 04 Aug 2022 21:55:42 GMT
age: 74091
etag: "fa8b28cdfe5354ac9167a3d6f9483598c01157a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6163
Md5:    e7a0cfb1de3d318660096ee50bd33b69
Sha1:   fa8b28cdfe5354ac9167a3d6f9483598c01157a5
Sha256: b46f623cdc849a089e3734ec6ac559b0d04400f07dad90919afbb5fb0297a513
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F448d0020-d91f-4138-b1bd-9bbecaf65774.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 11782
x-amzn-requestid: e044f94d-aac8-42d9-bcac-a7f3e21581f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: WU2pWGLYIAMFVWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62eb6b08-6e73803124ab26410b0c17a7;Sampled=0
x-amzn-remapped-date: Thu, 04 Aug 2022 06:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qUG0oDxQAmUzKrcztll5qgS4ImYX4iGSX9l-M5zy9MyTcLRem2t28A==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Thu, 04 Aug 2022 21:58:16 GMT
etag: "ee8c9f384f56c61e411103777ef2d6bb2474e8ca"
content-type: image/jpeg
age: 73937
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11782
Md5:    b6540b9516a65201b6f1cfd96b33a8d8
Sha1:   ee8c9f384f56c61e411103777ef2d6bb2474e8ca
Sha256: 2733ee415e0a18811bf109f42e2e571fc044f2bfc162665e2af87b9875522af2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5534e-9801-465a-96f2-766e87153fdf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 10876
x-amzn-requestid: 9a0a5e75-6e57-4de8-b478-a8919b69dc3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: WREGbHBIIAMF68w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62e9e6f5-10b310e1661fa629091afaa5;Sampled=0
x-amzn-remapped-date: Wed, 03 Aug 2022 03:09:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kA7FoSF9LP1MzgXi_nkKEUPv68ccmZBUboS6HJoqdY6LDTrW4rem1A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 05 Aug 2022 03:15:00 GMT
age: 54933
etag: "edbc581f04ef31a8ed767099ec75036fbf8325aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10876
Md5:    509c8b427f9f5d83e4151c7fdbf41584
Sha1:   edbc581f04ef31a8ed767099ec75036fbf8325aa
Sha256: 332aeca25dca05eec3575a3523401f1a1b8d47be703c75341154fdae9e7b8fc6
                                        
                                            GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ghjhgol.tk
Connection: keep-alive
Referer: https://ghjhgol.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.10.207
HTTP/2 200 OK
                                        
date: Fri, 05 Aug 2022 18:30:32 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 06/09/2022 14:01:47
cdn-edgestorageid: 756
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-proxyver: 1.02
cdn-requestid: 8b12a39c78418707d90517d5d57ec773
cdn-cache: HIT
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 73619ac39c90b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65325)
Size:   31163
Md5:    1cfdcb682de4a9cec722509c70b7adca
Sha1:   12f5170335a138ca64c49364843a3bae2feccabb
Sha256: debf51942a1629f7ff1f36765bdc0fce49fffe72a62ca62788c7bf54b78fb7b9