Overview

URLcleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
IP 196.12.12.102 (Zambia)
ASN#36959 afczas
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-03 18:35:57 UTC
StatusLoading report..
IDS alerts0
Blocklist alert24
urlquery alerts No alerts detected
Tags None

Domain Summary (17)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ipqualityscore.com (1) 28612 2012-10-02 21:36:22 UTC 2022-12-01 21:00:58 UTC 104.26.2.60
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-02 17:12:21 UTC 34.117.237.239
r3.o.lencr.org (6) 344 No data No data 95.101.11.115
unpkg.com (2) 11693 2016-01-07 23:26:01 UTC 2022-12-02 18:34:22 UTC 104.16.126.175
cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm (13) 0 2022-09-21 11:48:34 UTC 2022-12-03 15:34:53 UTC 196.12.12.102 Unknown ranking
cdnjs.cloudflare.com (1) 235 2015-04-17 20:46:33 UTC 2022-12-02 21:02:49 UTC 104.17.25.14
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 44.240.57.100
img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ns.cdn-services.com (4) 0 2022-06-10 23:00:19 UTC 2022-12-02 16:10:44 UTC 172.67.188.229 Unknown ranking
logincdn.msauth.net (1) 2330 No data No data 192.229.221.185
aadcdn.msftauth.net (1) 1455 No data No data 152.199.23.37
ocsp.digicert.com (9) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-02 17:27:45 UTC 34.102.187.140
cdn.jsdelivr.net (1) 439 2012-09-30 00:15:09 UTC 2020-08-10 12:12:39 UTC 151.101.65.229
ocsp.globalsign.com (1) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 104.18.21.226

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Outlook

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/ Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/config/init.js Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/js/app.7513cb9a.js Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/js/vendor.040a51f8.js Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/js/136.2acad713.js Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/js/45.a6f0764e.js Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/fonts/KFOmCnqEu92Fr1Mu4 (...) Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/m.jpeg Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/fonts/KFOlCnqEu92Fr1MmE (...) Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/fonts/KFOlCnqEu92Fr1MmW (...) Phishing
2022-12-03 2 cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/fonts/materialdesignico (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 196.12.12.102
Date UQ / IDS / BL URL IP
2023-01-18 22:40:57 +0000 0 - 0 - 7 venues.co.zm/ 196.12.12.102
2023-01-17 22:30:23 +0000 0 - 0 - 1 jctr.org.zm/wpadmin/auth.sso.biglobe.ne.jp3.zip 196.12.12.102
2022-12-03 18:35:57 +0000 0 - 0 - 24 cleanandtidyhomeshow-6163795038.phsafarilodge (...) 196.12.12.102
2022-09-23 10:07:01 +0000 0 - 0 - 31 islandhouse-470927714.phsafarilodge.co.zm/ 196.12.12.102
2022-09-22 13:36:00 +0000 0 - 0 - 25 cleanandtidyhomeshow-6163795038.phsafarilodge (...) 196.12.12.102


Last 5 reports on ASN: afczas
Date UQ / IDS / BL URL IP
2023-01-18 22:40:57 +0000 0 - 0 - 7 venues.co.zm/ 196.12.12.102
2023-01-17 22:30:23 +0000 0 - 0 - 1 jctr.org.zm/wpadmin/auth.sso.biglobe.ne.jp3.zip 196.12.12.102
2022-12-03 18:35:57 +0000 0 - 0 - 24 cleanandtidyhomeshow-6163795038.phsafarilodge (...) 196.12.12.102
2022-09-23 10:07:01 +0000 0 - 0 - 31 islandhouse-470927714.phsafarilodge.co.zm/ 196.12.12.102
2022-09-22 13:36:00 +0000 0 - 0 - 25 cleanandtidyhomeshow-6163795038.phsafarilodge (...) 196.12.12.102


Last 4 reports on domain: phsafarilodge.co.zm
Date UQ / IDS / BL URL IP
2022-12-03 18:35:57 +0000 0 - 0 - 24 cleanandtidyhomeshow-6163795038.phsafarilodge (...) 196.12.12.102
2022-09-23 10:07:01 +0000 0 - 0 - 31 islandhouse-470927714.phsafarilodge.co.zm/ 196.12.12.102
2022-09-22 13:36:00 +0000 0 - 0 - 25 cleanandtidyhomeshow-6163795038.phsafarilodge (...) 196.12.12.102
2022-09-21 15:05:39 +0000 0 - 0 - 25 cleanandtidyhomeshow-6163795038.phsafarilodge (...) 196.12.12.102


Last 2 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-08-30 23:24:08 +0000 0 - 0 - 2 ks-8482-ghyt.firebaseapp.com/ 199.36.158.100
2022-08-31 12:07:46 +0000 0 - 0 - 2 ks-8482-ghyt.web.app/ 199.36.158.100

JavaScript

Executed Scripts (8)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (52)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7125
Expires: Sat, 03 Dec 2022 20:34:31 GMT
Date: Sat, 03 Dec 2022 18:35:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 240
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 18:35:46 GMT
Etag: "638b2570-1d7"
Last-Modified: Sat, 03 Dec 2022 18:31:46 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7184
Expires: Sat, 03 Dec 2022 20:35:30 GMT
Date: Sat, 03 Dec 2022 18:35:46 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 18:18:16 GMT
cache-control: public,max-age=3600
age: 1050
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: pNNPDcdueTvTfPN39EO5aLJh+Cy2C5fcxaTRLa7iwaWM09oyO3BGhBN+0gYIPopMPCuI9aMtp6o=
x-amz-request-id: FJTKXBS4WKHZS2PY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 17:47:12 GMT
age: 2914
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET / HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 03 Dec 2022 18:35:46 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 1111
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1111), with no line terminators
Size:   1111
Md5:    92f49b5a6be77e4f1d36f315eebd865b
Sha1:   bfbe204a49779b8c0e325fdc8fde3a9609f0aa97
Sha256: 63fe46d73848768a6d8f8cc91bcdbeebdc8b394a49828bc5787da891d5783184

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 03 Dec 2022 18:35:46 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ajax/libs/adblock-detect/1.0.5/index.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 03 Dec 2022 18:35:46 GMT
content-length: 452
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf5-425"
last-modified: Mon, 04 May 2020 16:04:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 12940615
expires: Thu, 23 Nov 2023 18:35:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jE%2BFaijv2PBuBbHPJ3oIYLYHQQhMlwZdF%2FeuCVSC1PraYOonys727ze6zdogGeOxcbUX9NoZbnHb%2FqqQtQd0el20j8l9VH%2FVMVmMfbk10Kmmcy8d5ONFtptvAznZYK9cnSRuMYAM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 773e677068b7b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1061), with no line terminators
Size:   452
Md5:    c660dfc8d0f8ceda2de56842c100d23a
Sha1:   36e3ae4c06d0fa91ef0392c065cb97b83ffe5d64
Sha256: 8ccccd57855b34077443f3fe5ed6d212ef8f5e6029bbd1b18c827699b99eb336
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5805
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 18:35:46 GMT
Last-Modified: Sat, 03 Dec 2022 16:59:01 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /npm/@adonisjs/framework@5.0.13/index.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.65.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 5.0.13
x-jsd-version-type: version
etag: W/"1ae-myc90tb7oItlxVsc5EMaDyV2uOM"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Dec 2022 18:35:46 GMT
age: 2767872
x-served-by: cache-fra-eddf8230100-FRA, cache-bma1669-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 305
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   305
Md5:    36c8721a7ad91c2fa311684ada8dd767
Sha1:   d1d3d67d10fe2781c75faeb7fdf8ea1c0dd1543c
Sha256: 52b9e76467478ef29b0904f653393473ee55e64f48804014412541c877181196
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 03 Dec 2022 18:35:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "BBC4785BCD4F096A489748B4964885E203A36B9D"
Expires: Sun, 04 Dec 2022 05:00:00 GMT
Last-Modified: Sat, 03 Dec 2022 17:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2489
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773e67714c610b31-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    847d83dd3b76da6fe9733b9baf90b043
Sha1:   777cb230f4cfc3fffc4dcd47f97de37bfd579962
Sha256: 8e73389a5330160e621cbe03d8c38e9f0e84b9e37f1609f828eeee43dbbeb1b2
                                        
                                            GET /config/init.js HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 03 Dec 2022 18:35:46 GMT
Server: Apache
Last-Modified: Thu, 22 Sep 2022 14:16:54 GMT
Accept-Ranges: bytes
Content-Length: 473
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   473
Md5:    5e05d0b2b462465c887ff7168928c705
Sha1:   84ba89b6fbbde4cb93187da4f4568c7e5e2aa305
Sha256: da4e694b5f68c157ac04f7a523b31e7a7575f7531625c0e2bdf7a7a7edba8b9b

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 18:11:18 GMT
cache-control: public,max-age=3600
age: 1468
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /js/app.7513cb9a.js HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 03 Dec 2022 18:35:46 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 6471
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (6471), with no line terminators
Size:   6471
Md5:    f34813db87f3f49c65faaca2433a6fde
Sha1:   4cb44723786ed9e0948d4b8c80d93f82ceef07ba
Sha256: 23c0b4567bbddc1190ba848b5c49cac120bb7773d162edebb0c9060d9e602ee7

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /css/app.31d6cfe0.css HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 03 Dec 2022 18:35:46 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: Outlook
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 222
Cache-Control: max-age=138886
Date: Sat, 03 Dec 2022 18:35:47 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 09:10:33 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pJmmIuOwzvYFenYFY+S9WA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.240.57.100
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KowHly3ypW4Ib2BCsmIWwSWSkzk=

                                        
                                            GET /js/vendor.040a51f8.js HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 03 Dec 2022 18:35:46 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 342511
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (64401)
Size:   342511
Md5:    77513681d8cbb6fb2363728b11bc98ec
Sha1:   4a9fbcb07a10dead1f3def3a76aeb7034109762a
Sha256: c55247de2446fb02afa32fd888c073cacc8966ae9c614e3a84c990ef238d6f10

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /css/vendor.d65e7744.css HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 03 Dec 2022 18:35:46 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 482317
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (63666)
Size:   482317
Md5:    3e9d04e120c36d114d4cc2add1f5d9ed
Sha1:   eeb2307c41768cdcc623d3e0361e2970e19cee05
Sha256: 1e3bd67d3612600ce9d49e1f44d2c7e63b12d27e4c206c0cd2933b7a9b707620

Alerts:
  Blocklists:
    - openphish: Outlook
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4921
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 18:35:48 GMT
Etag: "6389f020-118"
Last-Modified: Sat, 03 Dec 2022 17:13:48 GMT
Server: ECS (amb/6BA2)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8167
Expires: Sat, 03 Dec 2022 20:51:55 GMT
Date: Sat, 03 Dec 2022 18:35:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8167
Expires: Sat, 03 Dec 2022 20:51:55 GMT
Date: Sat, 03 Dec 2022 18:35:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12138
Expires: Sat, 03 Dec 2022 21:58:06 GMT
Date: Sat, 03 Dec 2022 18:35:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8167
Expires: Sat, 03 Dec 2022 20:51:55 GMT
Date: Sat, 03 Dec 2022 18:35:48 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 06:00:50 GMT
age: 45298
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6174
Md5:    b986f9fcbeca91ed5c8d58fbfaf47d19
Sha1:   6e6c8bd2bce144cc4da1cd7be375b046b60dca79
Sha256: 07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 71804
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2942
Md5:    b47431190f34eccf0a6efb98e2a32b7d
Sha1:   9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
Sha256: 08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: c824c317-e6e3-4006-9f9d-ea54e8170a4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cf2_tGErIAMF8_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63896b97-7fc523296afea4dd4b5d1de8;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 03:05:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tp50A9LYeT1RvSPImBUoQNKtarPryKb8Zacm_nxqDh-gegwdQov7Nw==
via: 1.1 40b967aa4aa18637c4b91214147f3cb4.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 03:50:52 GMT
age: 53096
etag: "544428cdad754b1bb7be3cd46a79bf078fd5b450"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    fcb89ca25035b2bbb71ae5dd175fcd40
Sha1:   544428cdad754b1bb7be3cd46a79bf078fd5b450
Sha256: 36dcbbe6cd2710ee502776b4bcf32053e92b750a55e2bd4cdeadbc694c7c2699
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7732
x-amzn-requestid: 3781c2b7-082a-468a-a186-f7483494e749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoEq3IAMFnKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-679fe9f905e07abf4e6a812c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: V4Z3TZtTDMjnyxZx7VdJrKtZ-PbZkWnsQ0-1eFDem4TVyRGvk0dc7A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:53:36 GMT
age: 74532
etag: "d45dceb3dc58a07197aa5077582b5b1cd2ff791a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7732
Md5:    379a4a1b95d3aa3c5a4f8e7f9abb030f
Sha1:   d45dceb3dc58a07197aa5077582b5b1cd2ff791a
Sha256: 1b92dec5bf90beffbcd9060052b8788f08645dd4ba34219f7ddb2d40bbd2d151
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GBhAilKMKo9RvIzqzF9V4jTZbvpa2rPZeoy6Jy8fMc1-JO078OAYzQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:53:40 GMT
age: 45728
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5354
Md5:    1e74254b3fdce7d6b84a71a7aff43789
Sha1:   65c8b4abf957f9b54d99d0f78559e639adb29efb
Sha256: f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:54 GMT
age: 75474
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9715
Md5:    45182367fd4f8b6dd234eef1022acdb1
Sha1:   d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
Sha256: a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=150918
Date: Sat, 03 Dec 2022 18:35:48 GMT
Etag: "638b418a-117"
Expires: Mon, 05 Dec 2022 12:31:06 GMT
Last-Modified: Sat, 03 Dec 2022 12:31:06 GMT
Server: nginx
Content-Length: 279

                                        
                                            GET /socket.io/?EIO=3&transport=websocket HTTP/1.1 
Host: ns.cdn-services.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lAxNm3BQKMOTMpUoFdwVaQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         172.67.188.229
HTTP/1.1 101 Switching Protocols
                                        
Date: Sat, 03 Dec 2022 18:35:48 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ly7aijqqx2assXySK2N14aXVY7M=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VFUrp%2BvrLdEc9iTbY8lExvADRAH7Q1lKIT6WqDslDkFKFrfJJKTVh%2B6ikgilMQO14JgGoF54A7wOHEvz%2FdzNB5UqDANueqyra4jQbyFFK71WUONPzY%2FoVGj1FkrtqVaqE0Gg2IUk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 773e677b7d800af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=150918
Date: Sat, 03 Dec 2022 18:35:48 GMT
Etag: "638b418a-117"
Expires: Mon, 05 Dec 2022 12:31:06 GMT
Last-Modified: Sat, 03 Dec 2022 12:31:06 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /16.000.29011.3/images/favicon.ico HTTP/1.1 
Host: logincdn.msauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.229.221.185
HTTP/2 200 OK
content-type: image/x-icon
                                        
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 16455860
cache-control: public, max-age=31536000
content-md5: EuPayFgGHQiAI7K9SOL6lg==
date: Sat, 03 Dec 2022 18:35:48 GMT
etag: 0x8D8FF8C68DC9FBB
last-modified: Wed, 14 Apr 2021 21:29:39 GMT
server: ECAcc (ska/F685)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 46ef0c25-b01e-0074-329b-7108f2000000
x-ms-version: 2009-09-19
content-length: 17174
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size:   17174
Md5:    12e3dac858061d088023b2bd48e2fa96
Sha1:   e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
Sha256: 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
                                        
                                            GET /js/136.2acad713.js HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 03 Dec 2022 18:35:49 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 405
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (405), with no line terminators
Size:   405
Md5:    2d71028ee469aa6d217d6f0ce937fc59
Sha1:   5eb10bf07335ba8ad9e627525340086d36e2c16b
Sha256: 25a8f5f66eff1e31d5659aa6804b9931cb57262c508eeb4067c1b5dee21f9da4

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /js/45.a6f0764e.js HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 03 Dec 2022 18:35:49 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 6232
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (6226), with no line terminators
Size:   6232
Md5:    2a391b63f885aca6bddaaaae4c9d3cb9
Sha1:   a7a73010245a15c8cc94b2eed20c232456cf204a
Sha256: 1c50f4068bf69d40832b4574d360b405a8b96dfb86baedc2954e2c586c26c83b

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /fonts/KFOmCnqEu92Fr1Mu4mxM.9b78ea3b.woff HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/css/vendor.d65e7744.css

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Date: Sat, 03 Dec 2022 18:35:49 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 20332
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20332, version 1.1\012- data
Size:   20332
Md5:    dc3e086fc0c5addc09702e111d2adb42
Sha1:   b1138b84ff19eac5f43c4202297529d389bd09b7
Sha256: ea50ac7fddb61a5ce248a7f8b3a31a98fe16285e076b16e6da6b4e10910724bb

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /m.jpeg HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 03 Dec 2022 18:35:49 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 155299
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 976x1301, components 3\012- data
Size:   155299
Md5:    a02a651f6955ad2fb3acc2bd92172963
Sha1:   b03f780ecd20efbaa93d575f4c3c0b480ae54798
Sha256: dcfcdc5734b158aca2fe905de38a058d287d776cb684c3cd633e8d9502281b4f

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 
Host: aadcdn.msftauth.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         152.199.23.37
HTTP/2 200 OK
content-type: image/svg+xml
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 27900688
cache-control: public, max-age=31536000
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
date: Sat, 03 Dec 2022 18:35:50 GMT
etag: 0x8D79A1B9F5E121A
last-modified: Thu, 16 Jan 2020 00:32:52 GMT
server: ECAcc (ska/F7B5)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 88a9f18f-c01e-0086-2c84-09c001000000
x-ms-version: 2009-09-19
content-length: 1435
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size:   1435
Md5:    9f368bc4580fed907775f31c6b26d6cf
Sha1:   e393a40b3e337f43057eee3de189f197ab056451
Sha256: 7ecbba946c099539c3d9c03f4b6804958900e5b90d48336eea7e5a2ed050fa36
                                        
                                            GET /fonts/KFOlCnqEu92Fr1MmEU9fBBc-.ddd11dab.woff HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/css/vendor.d65e7744.css

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Date: Sat, 03 Dec 2022 18:35:50 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 20532
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20532, version 1.1\012- data
Size:   20532
Md5:    da2721c68b4bc80db8d4c404f76b118c
Sha1:   3a32e8b7efbc9dfb52f024d657b8c8c0a80e5804
Sha256: bd811625271acca47f7dac48b460f13e08ee947b2a8e17e278c4d5ccb5d9323c

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /fonts/KFOlCnqEu92Fr1MmWUlfBBc-.0344cc3c.woff HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/css/vendor.d65e7744.css

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Date: Sat, 03 Dec 2022 18:35:50 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 20396
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 20396, version 1.1\012- data
Size:   20396
Md5:    68d6dabfe54e245e7d5d5c16c3c4b1a9
Sha1:   7fdab895eaebecedb3fb5473eab94a1b292cef19
Sha256: a01a632e56731a854f35701aa8c3a6a19a113290d9032ff9048f8064c45383bd

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            GET /fonts/materialdesignicons-webfont.e9db4005.woff2 HTTP/1.1 
Host: cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/css/vendor.d65e7744.css

search
                                         196.12.12.102
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Date: Sat, 03 Dec 2022 18:35:50 GMT
Server: Apache
Last-Modified: Sat, 05 Mar 2022 13:59:39 GMT
Accept-Ranges: bytes
Content-Length: 325244
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 325244, version 1.0\012- data
Size:   325244
Md5:    7a44ea195f395e1d086010e44555a5c4
Sha1:   5bc948afffe6633639154e024bf047cf3ef81326
Sha256: da7fba3ca3e0b9cd42a9cd10c7c6ed16d2fdb938174116601cd3d51033c6f490

Alerts:
  Blocklists:
    - openphish: Outlook
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6110
Cache-Control: max-age=110213
Date: Sat, 03 Dec 2022 18:35:52 GMT
Etag: "638a8aaf-116"
Expires: Mon, 05 Dec 2022 01:12:45 GMT
Last-Modified: Fri, 02 Dec 2022 23:30:55 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3601
Cache-Control: max-age=107704
Date: Sat, 03 Dec 2022 18:35:52 GMT
Etag: "638a8aaf-116"
Expires: Mon, 05 Dec 2022 00:30:56 GMT
Last-Modified: Fri, 02 Dec 2022 23:30:55 GMT
Server: ECS (amb/6BAD)
X-Cache: HIT
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6110
Cache-Control: max-age=110213
Date: Sat, 03 Dec 2022 18:35:52 GMT
Etag: "638a8aaf-116"
Expires: Mon, 05 Dec 2022 01:12:45 GMT
Last-Modified: Fri, 02 Dec 2022 23:30:55 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278

                                        
                                            OPTIONS /quality?token=PTCh2jX5qVaswtVHw7cdCLpg6LVFJhCr&ip=91.90.42.154 HTTP/1.1 
Host: ns.cdn-services.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cache,cache-control,pragma
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Origin: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.67.188.229
HTTP/2 204 No Content
                                        
date: Sat, 03 Dec 2022 18:35:52 GMT
content-length: 0
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: cache,cache-control,pragma
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BwWwF%2FznnSkXwCkr8yeonvEi%2Fqs5KCz5ZHx2jv3Wjxiuh38Ej0F8G%2Fgn1aUWMe0SpdbxXVGbi0ZqjA9ogjTTQu%2FGD%2FXrA3av%2F%2B5WiNZsFjaAiN1Vgw4rrtkoJdMNnhjGV8wzHNmk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e6795ef1cb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ElvfdUly4Rb3YOQyMO2C_VelFUe6xcFbMh6x5fNrRzGjKCITdGSwLQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 75488
etag: "91f0d888c38db0899f106b652e3dcac062648099"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7657
Md5:    3abdcce275bb9723b4ac1d0c38cc8891
Sha1:   91f0d888c38db0899f106b652e3dcac062648099
Sha256: ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e
                                        
                                            GET /@babel/standalone/babel.min.js HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.126.175
HTTP/2 302 Found
content-type: text/plain; charset=utf-8
                                        
date: Sat, 03 Dec 2022 18:35:46 GMT
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /@babel/standalone@7.20.6/babel.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GKCM2PD5NCGKJYKKB8FT7GCJ-ams
cf-cache-status: HIT
age: 297
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 773e6770bbea0af6-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /@babel/standalone@7.20.6/babel.min.js HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.126.175
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 03 Dec 2022 18:35:46 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 22 Jun 1984 21:50:00 GMT
etag: W/"2a4e21-sc3bu8CL4D/0ganBOGnB5HRzT1A"
via: 1.1 fly.io
fly-request-id: 01GJYYGMR4ZWJNZCAVCDBHX85E-ams
cf-cache-status: HIT
age: 459097
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 773e6770dc060af6-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /ip HTTP/1.1 
Host: ns.cdn-services.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Origin: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.67.188.229
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Sat, 03 Dec 2022 18:35:49 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
set-cookie: cook-session=eyJ1c2VySUQiOiIzOTkxOCJ9; path=/; secure; httponly cook-session.sig=Qvk-doPdjc_C7005orfL5z3eB2M; path=/; secure; httponly
etag: W/"13d-+cK0ZY/3WenpUKC4WEVV6OYEvTU"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t552AIOt9YhIj0WhSlav9e5GXqguEEcdeNyaRPINpjuqzqsutlEkC1W1vpwpPbtr0DDE2%2B%2FuHAboPcjQzrtYZYtYmW%2FZKlwjTcGdE%2F4NYA%2Fxahjqyy25bd0Do0nagQ3ZxC7vFwlc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e677cc808b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            OPTIONS /api/json/ip/PTCh2jX5qVaswtVHw7cdCLpg6LVFJhCr/91.90.42.154 HTTP/1.1 
Host: ipqualityscore.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cache,cache-control,pragma
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
Origin: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.26.2.60
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Sat, 03 Dec 2022 18:35:52 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6qttjZBQxQ9f%2Bycny%2F5eNPpMoapUGeOiY8lVKfFOl8%2FxnQBycAjCpR1k0Qvw3%2BAFWvAO0OnzifjdlbhdoWQYUmj08a1vNdt1wVo09mEoie9IzpI8wKCZpacTYvL0FI7vnZ8Iqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e67955810b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /quality?token=PTCh2jX5qVaswtVHw7cdCLpg6LVFJhCr&ip=91.90.42.154 HTTP/1.1 
Host: ns.cdn-services.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm/
cache: no-store
cache-control: no-cache
pragma: no-cache
Origin: http://cleanandtidyhomeshow-6163795038.phsafarilodge.co.zm
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.67.188.229
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Sat, 03 Dec 2022 18:35:52 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
etag: W/"7c-Swf3X0cYXbsxPgXV6U2KnoiYWd4"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Ff0eD84lqNzeTT1G6c642T4V7swh4VM4UxdBIhXahXjABZutRTVipnIyDzsR7TckQV1VqMf3qgwkEU2VykW8Db68mRBQ4AKvvRgipxfnq8EyLAKdYG4OJDOsWqUUTkSUCCQLmHI0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e67969ffab51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---