Overview

URL guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=149b338a84a803bf30ebfccd17257559&placement=17131853&campaign=646114
IP172.67.221.233
ASNCLOUDFLARENET
Location United States
Report completed2022-09-20 23:20:14 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-20 2 guroshied.com/custjs_new.js?2 Phishing
2022-09-20 2 guroshied.com/extjs.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-20 2 fatededers.com Sinkholed
2022-09-20 2 fatededers.com Sinkholed
2022-09-20 2 fatededers.com Sinkholed
2022-09-20 2 fatededers.com Sinkholed
2022-09-20 2 fatededers.com Sinkholed
2022-09-20 2 fatededers.com Sinkholed


Files

No files detected



Passive DNS (15)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.pki.goog (5) 175 2017-06-14 07:23:31 UTC 2022-09-20 04:47:45 UTC 142.250.74.3
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-20 17:37:01 UTC 34.120.237.76
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-20 22:15:52 UTC 142.250.74.10
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-20 04:47:04 UTC 34.117.237.239
mnemonic passive DNS zerossl.ocsp.sectigo.com (2) 4049 2020-05-09 19:05:29 UTC 2022-09-20 10:30:44 UTC 104.18.32.68
mnemonic passive DNS tartator.com (5) 0 2022-05-09 13:49:00 UTC 2022-09-20 18:18:07 UTC 178.162.196.156 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-20 19:59:48 UTC 93.184.220.29
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-20 17:35:13 UTC 143.204.55.35
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-20 05:19:24 UTC 143.204.55.35
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-20 10:15:13 UTC 104.17.25.14
mnemonic passive DNS fatededers.com (6) 0 2022-07-05 09:19:50 UTC 2022-09-20 11:31:19 UTC 54.164.227.218 Unknown ranking
mnemonic passive DNS guroshied.com (3) 0 2022-07-04 16:41:09 UTC 2022-09-20 23:09:00 UTC 172.67.221.233 Unknown ranking
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-20 04:47:45 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-09-20 04:47:05 UTC 23.36.77.32
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-20 05:36:22 UTC 35.86.38.2


Recent reports on same IP/ASN/Domain/Screenshot

Last 2 reports on IP: 172.67.221.233

Date UQ / IDS / BL URL IP
2022-09-20 23:20:14 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233
2022-09-07 22:50:55 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-29 01:16:39 +0000
0 - 0 - 11 audiobookshare.com/play-SPehxsvkUmU/essential (...) 104.21.81.35
2022-11-29 01:16:53 +0000
0 - 0 - 1 storageapi.fleek.co/7ba9fdde-c922-4adc-bc3c-c (...) 104.18.7.145
2022-11-29 01:16:31 +0000
0 - 0 - 1 storageapi.fleek.co/4d115254-059e-4b54-b1a8-b (...) 104.18.6.145
2022-11-29 01:16:11 +0000
0 - 0 - 2 storageapi.fleek.co/04e23bdf-69e4-4498-82dc-2 (...) 104.18.7.145
2022-11-29 01:16:04 +0000
0 - 0 - 2 contactocenit.com/wp-content/themes/twentythi (...) 104.21.92.21

Last 2 reports on domain: guroshied.com

Date UQ / IDS / BL URL IP
2022-09-20 23:20:14 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233
2022-09-07 22:50:55 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-26 21:12:00 +0000
0 - 0 - 1 izjec2.jammennaps.com/land?c=DHU7EXg3rvaMPk2k (...) 104.21.46.108
2022-09-21 04:40:00 +0000
0 - 0 - 6 myrosticary.com/land?c=LApDwnDcbJHPwouPhdyzv9 (...) 104.21.55.177
2022-09-18 15:12:40 +0000
0 - 0 - 6 jammennaps.com/land?c=SF6sR9SSZ7-RjR0U8KagBAx (...) 104.21.46.108
2022-09-07 22:50:55 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233
2022-09-02 07:56:08 +0000
0 - 0 - 8 updates-center.com/land?c=-rhG3YR1wiS5Sq8XyyK (...) 104.21.34.136


JavaScript

Executed Scripts (7)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (43)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 23:13:20 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JtIbA3z5eqF_89q1OClMRyx6sQmTInuiOheS1e_QEAnQwHn72p0CtA==
Age: 402


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            GET /land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=149b338a84a803bf30ebfccd17257559&placement=17131853&campaign=646114 HTTP/1.1 
Host: guroshied.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.221.233
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Tue, 20 Sep 2022 23:20:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRUxQBxlUlXdPDB2L3L5qX%2B6ap%2FRhV7lwEOCSeOQsXNZF9WruhLCIpxRGtb1c5%2FBXtXOouH%2BsF%2BfwKhq400vpiiFeGx8CcgtS305P0pby0Vrf4crhxGTDTeFwwZzGXcy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74de4a179e5cb4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4213)
Size:   11134
Md5:    053e3f389fbbadbb39106cd001b4c4b3
Sha1:   3214b7f645f36b67cc896f9b5e1484b3bcb076a5
Sha256: 52be64a3af17ffbd653cce4f727eeadd8abd98fe26c1107e4c75e8f14424f6e6
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9920
Expires: Wed, 21 Sep 2022 02:05:22 GMT
Date: Tue, 20 Sep 2022 23:20:02 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: J198ZXKL2NjTcny0jrAX_BAR_JxtRIrmCfrYGFHLesfUldayCmyFVA==
age: 67489
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 20 Sep 2022 23:20:02 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 20 Sep 2022 23:20:03 GMT
content-length: 1399
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-1359"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1659806
expires: Sun, 10 Sep 2023 23:20:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LyzDy5D744Ru%2BLxBFomjwaM1nMeTVHP%2BKFBkiMcRNTL5XssRDxa1qSOnCyXdvaVHuRqz%2BlkG%2FJ8eyv3nt9HcFpPwul%2BWk0sUM1l81IzY02Dq%2B8CZ2CWCD5YsOXbnQDxtB5zq3Sja"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74de4a1abb3c0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (4862)
Size:   1399
Md5:    a08c3702f999b6cbd18c635f8e88421f
Sha1:   2938a9a742af0e1e7de5b58ad293c61d2838014b
Sha256: 3b512cbaa646370f0897e5e1e7cbab220a2382de70f24e994e88ef4f5121a39c
                                        
                                            GET /custjs_new.js?2 HTTP/1.1 
Host: guroshied.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=149b338a84a803bf30ebfccd17257559&placement=17131853&campaign=646114

                                         
                                         172.67.221.233
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 20 Sep 2022 23:20:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Apr 2022 10:45:19 GMT
ETag: W/"6262873f-157a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Exa%2Fhz2akH1R8iisGAajQZuB8yTNPyPpplEcoe%2F9oqhTH3qv2vHX7qpoK%2BjZSnP4ctS8vMYk7NZ1MX%2BbZb0a0KOzeVIFuYq8kkJxhaNgi1MGS8fjkoG3tYk3DH2xQLez"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74de4a1a994f1c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (695)
Size:   1590
Md5:    d8e176179eb941e357e851bfd5cf5bcb
Sha1:   e298d110d19ac03b47dd2fc0cdea0b54aa6de1c8
Sha256: ebf9cfbffad5f7f5a2b261313b4f1d13f22fb4aa91da303c8bcb86133522e1f3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 23:20:03 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 21:30:29 GMT
Expires: Mon, 26 Sep 2022 21:30:28 GMT
Etag: "18212aa02f8105a5bf8141f57d845ceafde37a3a"
Cache-Control: max-age=511224,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74de4a1b0e8eb512-OSL

                                        
                                            GET /extjs.js HTTP/1.1 
Host: guroshied.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=149b338a84a803bf30ebfccd17257559&placement=17131853&campaign=646114

                                         
                                         172.67.221.233
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 20 Sep 2022 23:20:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 02 Sep 2020 15:57:50 GMT
ETag: W/"5f4fc0fe-16464"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bzIyPjF89zjeNg2nTtfjbLmPC%2FjD2j%2F0GhrAxufVAHr%2FNtMzM5sa2ioUoRKQBo4coKzkX08f04%2FKXlGSS6JcxxWlyMnLTc%2Fs8FZ2R46n4JeVNJXK59t%2FlcfB%2B7F15WTd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74de4a1a7800b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   31773
Md5:    11a98db15f8eabc5eea2782e7514019d
Sha1:   53ca23e5ffee821b765d9db3f9bc9f036547a532
Sha256: 69b47b6ee0175fe05398905d566382f5fee9a642bb6f6ef2ded95594db7e136a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sdk.js?sid=a2acd55d-8e4f-445a-b49c-d7526e66f43c&lid=19 HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.14.1
Date: Tue, 20 Sep 2022 23:20:03 GMT
Content-Length: 46272
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Cache-Status: MISS


--- Additional Info ---
Magic:  ASCII text, with very long lines (46272), with no line terminators
Size:   46272
Md5:    c4b65c7a7f77c5c853561eed938388b0
Sha1:   c479009375b0604efa17c4f5165e0d6443dae0e3
Sha256: 99fc2df2666b998f2db2ae7d3c21c327ecbf08ffa8c1e9edd8f95c8afa116a02
                                        
                                            POST /hit HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------119348924216153015681671234657
Content-Length: 696
Origin: http://guroshied.com
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.14.1
Date: Tue, 20 Sep 2022 23:20:03 GMT
Content-Length: 2
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Set-Cookie: av_sw_hit=1; expires=Wed, 21 Sep 2022 23:20:03 GMT; secure; SameSite=None


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    e0aa021e21dddbd6d8cecec71e9cf564
Sha1:   9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
Sha256: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
                                        
                                            POST /api/report HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------305002356321560024052131300639
Content-Length: 446
Origin: http://guroshied.com
Connection: keep-alive
Referer: http://guroshied.com/
Cookie: av_sw_hit=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.14.1
Date: Tue, 20 Sep 2022 23:20:03 GMT
Content-Length: 2
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    e0aa021e21dddbd6d8cecec71e9cf564
Sha1:   9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
Sha256: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 23:20:03 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 21:30:29 GMT
Expires: Mon, 26 Sep 2022 21:30:28 GMT
Etag: "18212aa02f8105a5bf8141f57d845ceafde37a3a"
Cache-Control: max-age=511224,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74de4a1d0f9db512-OSL

                                        
                                            POST /api/report HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------371890688213596683732592078827
Content-Length: 503
Origin: http://guroshied.com
Connection: keep-alive
Referer: http://guroshied.com/
Cookie: av_sw_hit=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.14.1
Date: Tue, 20 Sep 2022 23:20:03 GMT
Content-Length: 2
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    e0aa021e21dddbd6d8cecec71e9cf564
Sha1:   9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
Sha256: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
                                        
                                            GET /redirect/e?t=4&sid=a2acd55d-8e4f-445a-b49c-d7526e66f43c&click_id=149b338a84a803bf30ebfccd17257559&placement=17131853&d=1&sub1=&sub2=&sub3=&sub4=&sub5= HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 301 Moved Permanently
                                        
Server: nginx/1.14.1
Date: Tue, 20 Sep 2022 23:20:03 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Location: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=149b338a84a803bf30ebfccd17257559&type=TBD&pt=17131853&cid_ext=
X-Cache-Status: MISS

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 20 Sep 2022 23:03:22 GMT
Cache-Control: max-age=3600
Expires: Tue, 20 Sep 2022 23:32:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1m3sUBb2rpIcwBuzb3WtawW92NzvMltvZGsfNAi4HEBIlTXICwDWSg==
Age: 1001


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2545
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 23:20:03 GMT
Last-Modified: Tue, 20 Sep 2022 22:37:38 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "24E24546993F76C18853B81A04B47E09E940CF88BEB9BFE240A8D64D1059C9BF"
Last-Modified: Sun, 18 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21545
Expires: Wed, 21 Sep 2022 05:19:08 GMT
Date: Tue, 20 Sep 2022 23:20:03 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IY2uwk1LdvT/LjwJCdoxiA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.86.38.2
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +zzvRRyIDU8BIWGD3puJ2wl67po=

                                        
                                            GET /click.php?key=gck6f7m1a4lq403d4q3f&click_id=149b338a84a803bf30ebfccd17257559&type=TBD&pt=17131853&cid_ext= HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://guroshied.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.20.2
Date: Tue, 20 Sep 2022 23:20:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=2ta4xs4ki4; expires=Wed, 21-Sep-2022 23:20:04 GMT; Max-Age=86400; path=/; secure; SameSite=none uclickhash=2ta4xs4ki4-2ta4xs4ki4-xsvr-gxa9-h98p-y9uq-y9my-053687; expires=Wed, 21-Sep-2022 23:20:04 GMT; Max-Age=86400; path=/; secure; SameSite=none
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   537
Md5:    8fb1689c385c76e6f7cd748f3a9ddc95
Sha1:   84736048c4fdd7a1406e42191f9fb7870dea56b2
Sha256: 3e4aa8540ee9bd06311ebd35d14fbd839f9d8b1aab9db3b25bd72377a9aefa80

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 23:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /landers/artygazzzz_bk_ru_len_2_[sergk]_us/css/style.min.css HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=149b338a84a803bf30ebfccd17257559&type=TBD&pt=17131853&cid_ext=
Cookie: uclick=2ta4xs4ki4; uclickhash=2ta4xs4ki4-2ta4xs4ki4-xsvr-gxa9-h98p-y9uq-y9my-053687
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.20.2
Date: Tue, 20 Sep 2022 23:20:04 GMT
Content-Length: 2285
Last-Modified: Thu, 10 Feb 2022 17:16:58 GMT
Connection: keep-alive
ETag: "6205488a-8ed"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (2284)
Size:   2285
Md5:    cd828a3775fdacaf456ebed7d0778730
Sha1:   442dc08eed3e4d67f6d9259049f5834cf02f6f6c
Sha256: fdfa92545f7fecc27d31ed21f3b1a30ef9718a503466ffc39ea6517467d2f133

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 23:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 23:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /landers/artygazzzz_bk_ru_len_2_[sergk]_us/js/main.min.js HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=149b338a84a803bf30ebfccd17257559&type=TBD&pt=17131853&cid_ext=
Cookie: uclick=2ta4xs4ki4; uclickhash=2ta4xs4ki4-2ta4xs4ki4-xsvr-gxa9-h98p-y9uq-y9my-053687
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.20.2
Date: Tue, 20 Sep 2022 23:20:04 GMT
Content-Length: 0
Last-Modified: Thu, 10 Feb 2022 17:16:58 GMT
Connection: keep-alive
ETag: "6205488a-0"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 23:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fatededers.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 08:31:01 GMT
expires: Wed, 20 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
age: 53343
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 23:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /landers/artygazzzz_bk_ru_len_2_[sergk]_us/images/image.png HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=149b338a84a803bf30ebfccd17257559&type=TBD&pt=17131853&cid_ext=
Cookie: uclick=2ta4xs4ki4; uclickhash=2ta4xs4ki4-2ta4xs4ki4-xsvr-gxa9-h98p-y9uq-y9my-053687
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.20.2
Date: Tue, 20 Sep 2022 23:20:04 GMT
Content-Length: 64015
Last-Modified: Thu, 10 Feb 2022 17:16:58 GMT
Connection: keep-alive
ETag: "6205488a-fa0f"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   64015
Md5:    9f0c9a2e604545c2caebcd9d75f2fbe4
Sha1:   46a479455f9a8db336777cc0dcd99a825deaf952
Sha256: 908b94b9569636a318067e5f34187eafaa30d4b31df7f7e6838e86d993007cc2

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=149b338a84a803bf30ebfccd17257559&type=TBD&pt=17131853&cid_ext=
Cookie: uclick=2ta4xs4ki4; uclickhash=2ta4xs4ki4-2ta4xs4ki4-xsvr-gxa9-h98p-y9uq-y9my-053687
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.20.2
Date: Tue, 20 Sep 2022 23:20:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   114
Md5:    c872da7f0a50e2f749f7f67f548a214e
Sha1:   da9c7f5900a38def04bc0c5b6723ca82f48efa57
Sha256: ba92b5ba25874214592410d33ab6c9225814a010ed538aa33982812d589e86a9

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landers/artygazzzz_bk_ru_len_2_[sergk]_us/images/bg.png HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/landers/artygazzzz_bk_ru_len_2_[sergk]_us/css/style.min.css
Cookie: uclick=2ta4xs4ki4; uclickhash=2ta4xs4ki4-2ta4xs4ki4-xsvr-gxa9-h98p-y9uq-y9my-053687
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.20.2
Date: Tue, 20 Sep 2022 23:20:04 GMT
Content-Length: 259534
Last-Modified: Thu, 10 Feb 2022 17:16:58 GMT
Connection: keep-alive
ETag: "6205488a-3f5ce"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 934 x 537, 8-bit/color RGB, non-interlaced\012- data
Size:   259534
Md5:    c75ec192b763d45b9a72fde5ea838e37
Sha1:   7042ef5e29a6033998e1ddd2d428932c0ddd814c
Sha256: fbbdd52dc2b86be54d0e8104c3c21dc962c22cd0caa599d1cbfec8e88e230fff

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14194
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 23:20:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14194
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 23:20:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14194
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 23:20:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14194
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 23:20:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14194
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 23:20:05 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60ffb31d-d07d-4e81-9477-522f011ae13e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8861
x-amzn-requestid: 633bd414-3046-498e-b45e-443bdb81eb17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO2UwF1gIAMFqZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3751-25fbda4b6eeebacb3653cb7b;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:05:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hWWL9AI9hrcMkmsRwlUKw2T1bzHO5V738WchD9QiEJJlFqe7p7do4Q==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 03:25:34 GMT
age: 71671
etag: "56f228d7358ba9deef000f53214dc7c1dc358109"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8861
Md5:    a504981ee10d8341b64f19001464ae8a
Sha1:   56f228d7358ba9deef000f53214dc7c1dc358109
Sha256: 0ea3b6ed12f3adf9d56e7d9b61f284d28107d99f28ee4e66b4c078a9a1a0cbee
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6b35a1c-f445-4b05-b56e-ce2ad0ef2a9a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6897
x-amzn-requestid: 509dc368-dd1c-4be7-94ff-64dbd53c199f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YoqoRG2WIAMFw6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63268b01-1cb916c251fd5f2f3cf10435;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 03:05:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JB1bt_R_dtA1cgaQinaQjtvsvxI8URaFudTBsF5IA0itMeTng3ERhA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 02:18:07 GMT
age: 75718
etag: "91df60162a8322469cada0dd8eb93619f28aec1a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6897
Md5:    8bae3a7a80ff40df1d701dfc925ddeff
Sha1:   91df60162a8322469cada0dd8eb93619f28aec1a
Sha256: fab10c7ad4658bc191621d9f2042236a7b6e34448ce5215dde5b8d6a64b52952
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29be3958-30ed-4b26-8320-662d71b90880.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7700
x-amzn-requestid: 3cadae91-6101-4072-b654-9da834fe22e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YmPyvHj8oAMFjiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63259344-4f7c9a7a1aca7f89017897fa;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 09:28:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jFAPc59XciJX2cBI16W9NVIHtdS6pO3DYQLdZFNl_MPjoYBIsxoQGw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 13:32:50 GMT
age: 35235
etag: "f073fc7f24465b76b3681c462c60cd047ed67a6a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7700
Md5:    34c353f713d6d470480fdeeb5175a123
Sha1:   f073fc7f24465b76b3681c462c60cd047ed67a6a
Sha256: 0449daa32ab4ec32fa999551cc9ab634c46e15891299162cbb4bbaad6ffa4753
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c472fe6-fe9b-4742-98f4-b71f53839315.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4789
x-amzn-requestid: fd67c05a-0e9f-4b9d-9c26-512548f75b99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvYxG8TIAMFfbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c37-687c7aef7c45adce6f7ac52d;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:07:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tLkR_htJKic-P8EhJeRkLB5uZmGsjj9OV-qKakop9O8ySOMognSgjw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:08:20 GMT
age: 4305
etag: "0850ed5db509f8a75439eca5866c2bb6ca3195d3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4789
Md5:    4df06b3e4176e8f080c997bfae578142
Sha1:   0850ed5db509f8a75439eca5866c2bb6ca3195d3
Sha256: 43e8bfd931d778ac5ebf2d4a8c9915cb05394b6499f9a8575cfc8ce93edd7d92
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecaa9082-610c-41c1-ae9a-e453d87828ab.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10038
x-amzn-requestid: 4cf38a70-a706-4e6a-b854-9404727c599d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1mHDCIAMF5-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-5aba5b0640221b302a19781b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: hDCOWNm2vFa9h7BffUJwcwZ6i27jM2qBuSTasH9q_wsQ9oNWhVpQCg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:47:24 GMT
etag: "54ed14436a75ba2aeb8459bad2ce70229aff4203"
age: 5561
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10038
Md5:    dab1f2cd68979d2004ba4449d759a341
Sha1:   54ed14436a75ba2aeb8459bad2ce70229aff4203
Sha256: e782fb5ede547e1b167719068c6821c62414dcb0991bf9ac38285cb3ce8894e3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9201
x-amzn-requestid: 6dbfae76-f9ab-4f31-9b62-bcf5d9ce4515
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YxzxlEYcoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a333d-7d147481402cc46a751b72ed;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:40:13 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hI3FlJJRAUfr0EAcSvvuJajmyQDwBpTxuQIhYfA0Mtp9JyQgKnoDvA==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:43:18 GMT
age: 5807
etag: "1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9201
Md5:    a692964324dbb9c460a1b855808d02e6
Sha1:   1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54
Sha256: 3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426
                                        
                                            GET /css?family=Open+Sans:regular,500,600,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Sep 2022 23:20:04 GMT
date: Tue, 20 Sep 2022 23:20:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---