Overview

URLwww.batus.click/
IP 164.90.196.46 (Netherlands)
ASN#14061 DIGITALOCEAN-ASN
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access lock_open
Report completed2023-01-14 19:49:16 UTC
StatusLoading report..
IDS alerts0
Blocklist alert0
urlquery alerts
3
Fraud - Fake AntiVirus / Security software
Tags fake_software fraud

Domain Summary (12)

Fully Qualifying Domain Name Rank First Seen Last Seen Sent bytes Received bytes IP Comment
ocsp.sectigo.com (2) 487 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 680 1926 172.64.155.188
www.batus.click (5) 0 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 1985 321193 164.90.196.46
r3.o.lencr.org (9) 344 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 3042 7977 23.36.76.226
firefox.settings.services.mozilla.com (2) 867 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 782 2373 35.241.9.150
contile.services.mozilla.com (1) 1114 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 333 391 34.117.237.239
cdnjs.cloudflare.com (1) 235 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 392 28475 104.17.24.14
push.services.mozilla.com (1) 2140 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 606 127 52.25.78.204
content-signature-2.cdn.mozilla.net (1) 1152 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 413 5843 34.160.144.191
ocsp.digicert.com (1) 86 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 341 797 93.184.220.29
push-sdk.net (2) 0 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 834 12624 157.90.33.72
uidsync.net (2) 0 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 980 1729 157.90.33.68
img-getpocket.cdn.mozilla.net (6) 1631 0001-01-01T00:00:00Z 0001-01-01T00:00:00Z 3246 53751 34.120.237.76

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected

ThreatFox
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 164.90.196.46
Date UQ / IDS / BL URL IP
2023-05-27 03:15:08 UTC 0 - 0 - 1 www.sekuru.click/01spmcn3a4wpel0igjdn4vl4bn/ 164.90.196.46
2023-05-25 18:48:57 UTC 0 - 0 - 1 www.sekuru.click/06frmbSPYOyizlULDGZPTRzuRstL/ 164.90.196.46
2023-05-25 18:25:39 UTC 0 - 0 - 1 www.sekuru.click/06itmbSPRxeE5HyVY0PD4EHfBiq6/ 164.90.196.46
2023-05-25 17:19:42 UTC 0 - 0 - 1 www.sekuru.click/01spaiPjDVni2fSJdhgE6ewUXB/ 164.90.196.46
2023-05-23 23:50:24 UTC 0 - 0 - 1 www.sekuru.click/05ukmbSPH6Yk8ShM2nfi8lsMOnBF/ 164.90.196.46


Last 5 reports on ASN: DIGITALOCEAN-ASN
Date UQ / IDS / BL URL IP
2023-05-29 15:52:24 UTC 0 - 0 - 13 academiadelmezcalydelmaguey.mx/ 45.55.61.220
2023-05-29 15:52:21 UTC 0 - 0 - 1 iquestmath.com/ 68.183.182.144
2023-05-29 15:50:35 UTC 0 - 1 - 0 trafficole.com/81f4b92e89cfe0d838799392054100 (...) 143.198.124.24
2023-05-29 15:43:05 UTC 0 - 0 - 1 iphone6backgrounds.com/ 157.245.78.34
2023-05-29 15:42:18 UTC 0 - 0 - 3 dynod.live/ 159.223.153.123


Last 1 reports on domain: batus.click
Date UQ / IDS / BL URL IP
2023-01-14 19:49:16 UTC 3 - 0 - 0 www.batus.click/ 164.90.196.46


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-09-16 19:01:45 UTC 0 - 0 - 2 rsc.increasedprotectionpc.com/c/7300c8e57603ab01 52.19.101.114
2022-09-04 19:03:07 UTC 0 - 0 - 2 rsc.increasedprotectionpc.com/c/7300c8e57603ab01 52.19.101.114
2023-02-24 23:38:58 UTC 3 - 0 - 5 grandeu.click/ 164.90.196.46
2022-11-28 19:41:14 UTC 1 - 0 - 3 bone.strongpcprotection.site/c/c1b2c442c98cad51 52.19.101.114
2022-11-28 19:23:37 UTC 1 - 0 - 2 qcbf.globalprotectionspc.online/c/84af517616aa0cad 52.19.101.114

JavaScript

Executed Scripts (5)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (33)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: www.batus.click
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        
                                             164.90.196.46
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                            
Server: nginx
Date: Sat, 14 Jan 2023 19:49:05 GMT
Content-Length: 407
Connection: keep-alive
Location: https://www.batus.click/


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   407
Md5:    317dd064bff4e8c26f66dcc333ca365a
Sha1:   a2cb09552fcd2362a232ebf961846da7d74d2fa3
Sha256: 781c34e825038aab2006a1faab730d8849bcdacdec2c64a7a0661d1dbdb02679
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "F7CEFF5B4FDA083C7449B7298C232224CF48A632DCB87233B646790DE207D49C"
Last-Modified: Thu, 12 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10946
Expires: Sat, 14 Jan 2023 22:51:32 GMT
Date: Sat, 14 Jan 2023 19:49:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "F137438E30E0D69CBA77CA2EB736687873E4A9C06CF88D23C6D55EA930FDE09F"
Last-Modified: Sat, 14 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11174
Expires: Sat, 14 Jan 2023 22:55:20 GMT
Date: Sat, 14 Jan 2023 19:49:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "71BDD130B8D143F228542F678E91C98AB4E5844FB9F47B036E15372660BE25FD"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5672
Expires: Sat, 14 Jan 2023 21:23:38 GMT
Date: Sat, 14 Jan 2023 19:49:06 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                            
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 14 Jan 2023 19:42:03 GMT
age: 423
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    ff250d3ef3fa45322bf05039a0122a9f
Sha1:   b3e7a2c383bce1bab807dbe1a03c375258b51f1d
Sha256: d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                            
x-amz-id-2: jMgyhiOEZG3s9N1xzD7/NmxpIbHwEBbb8QXXWLFgwIdjyw8B8jSsRqeTA4I7rgZEDOJrgOKpkIs=
x-amz-request-id: 9K7WB275A4NKCVX5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 14 Jan 2023 19:43:51 GMT
age: 315
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    7b922915ebf1fa3639b333f994c74f24
Sha1:   144a3f80b98fd0652d4614f24cf6cbbee40f8938
Sha256: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:06 GMT
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.batus.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                            
date: Sat, 14 Jan 2023 19:49:06 GMT
content-length: 27433
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-1538f"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 689797
expires: Thu, 04 Jan 2024 19:49:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a5lN9JksUIdkbziyiGWWmuMhIBw0dSvgl9iVgG6fFp5me8jzf5rMUDwtDFBURotHIgCQQ5x1bZ4D0o%2FOzuEql0RRABULW%2FZohgtvs1PQwxrg3Td%2Fwt%2F67zxuQw3GHzW3OrqyOdyq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7898e49b1cd90b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   27433
Md5:    77bd61b98f7b67af56639229724f8dd4
Sha1:   f04f07dd8ff53e58c32b738f81b71a014bca441d
Sha256: 8ce54c3b77bf31899b27b29188ff4936b580f2bd2b3222d43dda2851ba272e24
                                        
                                            GET /s/box.png HTTP/1.1 
Host: www.batus.click
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.batus.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        
                                             164.90.196.46
HTTP/2 200 OK
content-type: image/png
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:06 GMT
content-length: 313991
last-modified: Fri, 30 Dec 2022 11:25:19 GMT
etag: "4ca87-5f109db4350f2"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 934 x 885, 8-bit/color RGBA, non-interlaced\012- data
Size:   313991
Md5:    eb5576f156132c190715b2f03f9173c3
Sha1:   cec31b87a0b1c7a49286be0c4caa8ba462d340a4
Sha256: 49970818ac9e72e7c2c3e0d029bcb7a20ccf64ddbc9b1dc62f5518c0ba7afd6e
                                        
                                            GET /s/favicon.ico HTTP/1.1 
Host: www.batus.click
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.batus.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        
                                             164.90.196.46
HTTP/2 200 OK
content-type: image/x-icon
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:06 GMT
content-length: 5711
last-modified: Fri, 30 Dec 2022 11:25:19 GMT
etag: "164f-5f109db4285d2"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 290 x 290, 8-bit/color RGBA, non-interlaced\012- data
Size:   5711
Md5:    cf3c2d3c27ed349c88fd2c11e788fd13
Sha1:   120b4ba4713e1216fdf4d09af55fdca5fbf66d60
Sha256: 1970923e091169afd7db4c392ad09ef1291a8b0600cf90e97afb4caf2b8a4e7b
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                            
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 14 Jan 2023 19:17:25 GMT
age: 1901
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "5D7987DE7BCB716AEECE07B97F05C8ED2EA42126CE48931B60CB4E47A873575C"
Last-Modified: Sat, 14 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13898
Expires: Sat, 14 Jan 2023 23:40:45 GMT
Date: Sat, 14 Jan 2023 19:49:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Accept-Ranges: bytes
Age: 3261
Cache-Control: max-age=137521
Date: Sat, 14 Jan 2023 19:49:07 GMT
Etag: "63c270a7-1d7"
Expires: Mon, 16 Jan 2023 10:01:08 GMT
Last-Modified: Sat, 14 Jan 2023 09:06:47 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /f/sdk.js?z=793625 HTTP/1.1 
Host: push-sdk.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.batus.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             157.90.33.72
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:07 GMT
content-length: 11607
content-encoding: gzip
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (45504), with no line terminators
Size:   11607
Md5:    a1a0e7175be15dda497806b0df1727c8
Sha1:   fd01d0fad1ef8e91a3607c41c48b1b3dbef6e1dc
Sha256: 058895bfde491a1c6f02136d4c2d3a97273f6e79da80aec2e46406257f13ff28
                                        
                                            POST /event?z=793625 HTTP/1.1 
Host: push-sdk.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 82
Origin: https://www.batus.click
Connection: keep-alive
Referer: https://www.batus.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             157.90.33.72
HTTP/2 200 OK
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:07 GMT
content-length: 0
access-control-allow-origin: https://www.batus.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
pragma: no-cache
expires: Tue, 11 Jan 1994 00:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

urlquery:
  - Fraud - Fake AntiVirus / Security software
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lZFSDp8rOeuYZqhDcK5Z4g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        
                                             52.25.78.204
HTTP/1.1 101 Switching Protocols
                                            
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TbTYV1ovw5fL+/xn0EjBOjjq9wg=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Date: Sat, 14 Jan 2023 19:49:07 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 13 Jan 2023 07:28:21 GMT
Expires: Fri, 20 Jan 2023 07:28:20 GMT
Etag: "629a4954d936a78d772a85fba04e88c68c522d40"
Cache-Control: max-age=473352,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7898e4a24e7e0b45-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Date: Sat, 14 Jan 2023 19:49:07 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 13 Jan 2023 07:28:21 GMT
Expires: Fri, 20 Jan 2023 07:28:20 GMT
Etag: "629a4954d936a78d772a85fba04e88c68c522d40"
Cache-Control: max-age=473352,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7898e4a248f0fac4-OSL

                                        
                                            OPTIONS /sync?user_id=Qh5ohO3o7389E9m0p77E3f HTTP/1.1 
Host: uidsync.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.batus.click/
Origin: https://www.batus.click
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Cache-Control: max-age=0

                                        
                                             157.90.33.68
HTTP/2 204 No Content
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:07 GMT
access-control-allow-origin: https://www.batus.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
pragma: no-cache
expires: Tue, 11 Jan 1994 00:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

urlquery:
  - Fraud - Fake AntiVirus / Security software
                                        
                                            GET /sync?user_id=Qh5ohO3o7389E9m0p77E3f HTTP/1.1 
Host: uidsync.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.batus.click/
Content-Type: application/json
Origin: https://www.batus.click
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             157.90.33.68
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:07 GMT
content-length: 62
access-control-allow-origin: https://www.batus.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
pragma: no-cache
expires: Tue, 11 Jan 1994 00:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
set-cookie: rauid=Qh5ohO3o7389E9m0p77E3f; expires=Sun, 14 Jan 2024 19:49:07 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   62
Md5:    0f25c6d89aa5d70357dbef4d94d30330
Sha1:   7eaedf380ea80fac9255d2779f62b7e77aafb7b4
Sha256: 913d21a985cc3e771c0d7c4954c9d39e0a3267307e67504670571543b4d29da5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Sat, 14 Jan 2023 22:23:38 GMT
Date: Sat, 14 Jan 2023 19:49:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Sat, 14 Jan 2023 22:23:38 GMT
Date: Sat, 14 Jan 2023 19:49:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Sat, 14 Jan 2023 22:23:38 GMT
Date: Sat, 14 Jan 2023 19:49:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Sat, 14 Jan 2023 22:23:38 GMT
Date: Sat, 14 Jan 2023 19:49:08 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9270
Expires: Sat, 14 Jan 2023 22:23:38 GMT
Date: Sat, 14 Jan 2023 19:49:08 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 8181
x-amzn-requestid: 7ada8fbd-58e6-4433-a532-b4a4ef93ac9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0paH-OIAMFg5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce3c-582529522dbb67ee728484f8;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AHjOmYxva5avyA3gt9DvYLas_B2ACimer5QRQOi919HDtSjnKq22lw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 10:27:20 GMT
age: 33708
etag: "dade37148c9b9a941f93a8535d8ddc5de3952623"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8181
Md5:    d24ea1f095f492934a1f1c63f5d8590c
Sha1:   dade37148c9b9a941f93a8535d8ddc5de3952623
Sha256: 2d8e3f90eb347eb3479a6c5d20a1c2ca6a0560f335a6c6800948db2640e4c878
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 7447
x-amzn-requestid: dd3543b7-4e6b-4605-acea-a21d39af02ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0qSFjAIAMF7HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce41-56e2ccc63669032d70cba0ba;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AYaeawnEmwHkyx3h-yliVx-ARcRB3W5kbtFH5tARnL3YMD6e4WYAQw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:49:01 GMT
age: 79207
etag: "ded76de1dd453e40dbf6eaa8607cf19fac7f71a4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7447
Md5:    2363dbe7bb6a459853d8d19cab50e70b
Sha1:   ded76de1dd453e40dbf6eaa8607cf19fac7f71a4
Sha256: f96da6354cec52143768014c36ba2b298224a58b0bf38bd2aa5f3bfce69d8670
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 9135
x-amzn-requestid: 2c5e9de0-9244-43ac-b7c4-712cbcf7038c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAnoG6roAMFzgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7afd-7fb640b30bab63bc1979a173;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:14:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SUGIIWi8jWe9RoRu-3dQXvLAddjwjH05V1ubKzEOEQrFonzVjQdbtw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 03:33:07 GMT
age: 58561
etag: "c65c58476b66cbb6269ba1d8412d270a0a003ae3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9135
Md5:    64ba27a2f0a3bc61bd325f1fb317b755
Sha1:   c65c58476b66cbb6269ba1d8412d270a0a003ae3
Sha256: 5f7f03752f8a7c8c08d92512ae93b193ea37f59354503c3129d33fd2910f87e0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 9539
x-amzn-requestid: eb427fd6-c342-4a22-af45-ecc528cf4a8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: epfDqEAZIAMFudQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0787d-4f61ecd2422081224869da76;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 21:15:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RRMRT2BC5p1x0Vh20ut0Kjbz2mnaNToUIbzIg9oczduvzYCckvFORA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 12:46:14 GMT
age: 25374
etag: "82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9539
Md5:    a23d61d610c7b55d943fcb2636a01b65
Sha1:   82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065
Sha256: 28bf3039cc8c1213e64893c71bc150eda573223feb2cc15ad0814a44960d434a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69cd0f59-3b24-4742-958c-e856dc02789f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 3955
x-amzn-requestid: 28db68a0-ab23-4bef-b415-54120d187f80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ0gWEF6IAMFT7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3468-23b24e4a2c863aed25e0c81e;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:11:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lkGbybdV4gBs1HNNzdVIBzyA5Akcx2T4YZX9Q1kR847Q33pG8sJ67w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:49:18 GMT
age: 79190
etag: "29566fe8eb5c9d12b0584642dac170c93ba80b90"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    7055d5db8f2f9c89dfab16c4fe3f11a5
Sha1:   29566fe8eb5c9d12b0584642dac170c93ba80b90
Sha256: 6510cf0eda1d062df3b81b2b797e9bfca73040cac874e80ae9b8ff70b0407302
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 9154
x-amzn-requestid: fbb1140d-7ec2-4f86-8761-5d04601af70e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAkCEN2IAMFuMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7ae6-4baebf1104f9cf2a0ee8a538;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:13:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jlRcVyQppaQaPPMKaqadtaEHfdOYXXXbnfrr44l_2E2qaOoh_O0Mog==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 04:10:18 GMT
age: 56330
etag: "f52d98d9a0d1d343a539689ea14acf99e148cf8c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9154
Md5:    b1378f107c1996ade14a8fe7fd728072
Sha1:   f52d98d9a0d1d343a539689ea14acf99e148cf8c
Sha256: 4be994757ec7ec42929590169de199e927889261334e258903a0929a1055047d
                                        
                                            GET / HTTP/1.1 
Host: www.batus.click
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        
                                             164.90.196.46
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:06 GMT
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: 
                                        
                                            GET /s/logo.svg HTTP/1.1 
Host: www.batus.click
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.batus.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        
                                             164.90.196.46
HTTP/2 200 OK
content-type: image/svg+xml
                                            
server: nginx
date: Sat, 14 Jan 2023 19:49:06 GMT
vary: Accept-Encoding
last-modified: Fri, 30 Dec 2022 11:25:18 GMT
etag: W/"510-5f109db403410"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: