Overview

URL guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=13ce8e04ca25ae53f6f4d9be772fc6a0&placement=16814853&campaign=614474
IP172.67.221.233
ASNCLOUDFLARENET
Location United States
Report completed2022-09-07 22:50:55 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-07 2 guroshied.com/custjs_new.js Phishing
2022-09-07 2 guroshied.com/images/41/main.min.js Phishing
2022-09-07 2 guroshied.com/extjs.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-07 2 fatededers.com Sinkholed
2022-09-07 2 fatededers.com Sinkholed
2022-09-07 2 fatededers.com Sinkholed
2022-09-07 2 fatededers.com Sinkholed
2022-09-07 2 fatededers.com Sinkholed


Files

No files detected



Passive DNS (15)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-07 12:55:42 UTC 143.204.55.36
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-07 04:49:42 UTC 142.250.74.3
mnemonic passive DNS tartator.com (5) 0 2022-05-09 13:49:00 UTC 2022-09-07 09:21:59 UTC 178.162.196.156 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-07 12:21:16 UTC 34.120.237.76
mnemonic passive DNS guroshied.com (5) 0 2022-07-04 16:41:09 UTC 2022-09-07 18:13:55 UTC 104.21.54.2 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-09-07 04:50:01 UTC 23.36.77.32
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-07 14:29:23 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-07 05:08:41 UTC 52.38.227.80
mnemonic passive DNS translate.google.com (1) 1156 2012-05-30 01:30:32 UTC 2022-09-07 05:01:06 UTC 142.250.74.46
mnemonic passive DNS fatededers.com (5) 0 2022-07-05 09:19:50 UTC 2022-09-03 17:10:51 UTC 54.164.227.218 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-07 05:03:48 UTC 143.204.55.35
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-07 04:49:50 UTC 34.117.237.239
mnemonic passive DNS cdnjs.cloudflare.com (3) 235 2020-10-20 10:17:36 UTC 2022-09-07 05:43:42 UTC 104.17.24.14
mnemonic passive DNS zerossl.ocsp.sectigo.com (2) 4049 2020-05-09 19:05:29 UTC 2022-09-07 05:20:11 UTC 104.18.32.68
mnemonic passive DNS fonts.googleapis.com (2) 8877 2014-07-21 13:19:55 UTC 2022-09-07 19:40:29 UTC 142.250.74.10


Recent reports on same IP/ASN/Domain/Screenshot

Last 2 reports on IP: 172.67.221.233

Date UQ / IDS / BL URL IP
2022-09-20 23:20:14 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233
2022-09-07 22:50:55 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-29 00:32:09 +0000
0 - 0 - 1 justthrivehealth.com/pages/loyalty-program?ut (...) 23.227.38.32
2022-11-29 00:35:47 +0000
0 - 0 - 1 pisofare.co/ 104.21.52.108
2022-11-29 00:35:33 +0000
9 - 0 - 6 agileprofessional.com.br/wp-content/auth/db15 (...) 104.21.17.61
2022-11-29 00:32:04 +0000
0 - 0 - 1 yogibo.com/pages/yogibo-2022-holiday-gift-gui (...) 23.227.38.32
2022-11-29 00:31:52 +0000
0 - 0 - 2 aercashnowsurvey.top/ 104.21.48.140

Last 2 reports on domain: guroshied.com

Date UQ / IDS / BL URL IP
2022-09-20 23:20:14 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233
2022-09-07 22:50:55 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-26 21:12:00 +0000
0 - 0 - 1 izjec2.jammennaps.com/land?c=DHU7EXg3rvaMPk2k (...) 104.21.46.108
2022-09-21 04:40:00 +0000
0 - 0 - 6 myrosticary.com/land?c=LApDwnDcbJHPwouPhdyzv9 (...) 104.21.55.177
2022-09-20 23:20:14 +0000
0 - 0 - 8 guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7Gwe (...) 172.67.221.233
2022-09-18 15:12:40 +0000
0 - 0 - 6 jammennaps.com/land?c=SF6sR9SSZ7-RjR0U8KagBAx (...) 104.21.46.108
2022-09-02 07:56:08 +0000
0 - 0 - 8 updates-center.com/land?c=-rhG3YR1wiS5Sq8XyyK (...) 104.21.34.136


JavaScript

Executed Scripts (6)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (49)


Request Response
                                        
                                            GET /land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=13ce8e04ca25ae53f6f4d9be772fc6a0&placement=16814853&campaign=614474 HTTP/1.1 
Host: guroshied.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.54.2
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 07 Sep 2022 22:50:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WFTwheCy6aWaof4HNHvJ9428pb5RbopzjgW5tDnC5lKWE9yztMIiBDwd198Ph2AO0RMkNRHoSZ88hmTKzD2gZAG7MqNejMIEUorqOcG1FhL%2B%2BK7U3X%2BH65Tw2eYZUZ1y"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7473014bb9131bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (20260), with CRLF line terminators
Size:   15967
Md5:    41f5eec558fb44e8f778cd0eac27904a
Sha1:   c37d5a5bb557c6b790abad83f0e7e06bf93f6f31
Sha256: 409b7ab2f8051853982817255a26bd89905e16475a16c0ed3afabbb80204bcff
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 07 Sep 2022 22:04:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WeWuXwzx9OhQmq-dza4EYyvPl-lXKmfIKBDjRq5oUTF7VL5S7h0XFQ==
Age: 2745


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jLVK9EV3DDVUSQGAK7YYd5PMO6OfmrVFVVWb_DzSpKzRHqkeJ8RiWw==
age: 68650
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12747
Expires: Thu, 08 Sep 2022 02:23:11 GMT
Date: Wed, 07 Sep 2022 22:50:44 GMT
Connection: keep-alive

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 07 Sep 2022 22:50:44 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 07 Sep 2022 22:50:44 GMT
content-length: 1399
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-1359"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 534847
expires: Mon, 28 Aug 2023 22:50:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VpVy1%2F1wDZWzdM4NT%2Bp1ZxBIE8RkJtBjgPmVdKHGHAmkOVOJR9Add%2Fzy%2Fwz%2FBpbC6T0htZ93I9Dx04tRXUwbtdYjxgy7iS0qh%2FGBuwpaeg8k%2FxI33MDsqsqX5UBpQzfm64fa5LDs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7473014ecbe2b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (4862)
Size:   1399
Md5:    a08c3702f999b6cbd18c635f8e88421f
Sha1:   2938a9a742af0e1e7de5b58ad293c61d2838014b
Sha256: 3b512cbaa646370f0897e5e1e7cbab220a2382de70f24e994e88ef4f5121a39c
                                        
                                            GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 07 Sep 2022 22:50:44 GMT
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 408025
expires: Mon, 28 Aug 2023 22:50:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0f1FA%2FvQ%2BdIkq66NwK%2FIt6bZOQ6yh6td%2Bxw6pFf26%2F1X5J0mvspAk2bxGmoSGeWo5FxPcjWjco%2BiO%2F24bQxkApoyVNkU3lNv9ksuxa0iDLaoMKS0AeEuRaMteWxrDiHWoSF5LdUw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7473014ecbe0b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1266)
Size:   591
Md5:    414869f16aa77a65b4928a018f7f1abb
Sha1:   cea521f7a2958a50239526ed6b068f0937527653
Sha256: afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
                                        
                                            GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Wed, 07 Sep 2022 22:50:44 GMT
content-length: 1541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-c81"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8032414
expires: Mon, 28 Aug 2023 22:50:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3o4e%2F3fM719WGbhKqZAxBxmdXDLsgxHseJNNVtsVMsFPEaPE8traD5dCbAn2JR3Cqzk9pfMvcbTZnBBOmeGpoXpptEtNRkQvDs%2FN1UzBda4HpkcSgoHYakB7UP2r83NbRXmZc17"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7473014ecbe3b529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3201), with no line terminators
Size:   1541
Md5:    8e09ceb5490863a66cd2e83ca3d7e524
Sha1:   35e3d074516ec70c508d748f7ae01827bc0c28ba
Sha256: cccbb374fd4cb6dcbac9df64456b49cb11530e7bafdac6c6c7e67ff2ed350db9
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /custjs_new.js HTTP/1.1 
Host: guroshied.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=13ce8e04ca25ae53f6f4d9be772fc6a0&placement=16814853&campaign=614474

                                         
                                         104.21.54.2
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 07 Sep 2022 22:50:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Apr 2022 10:45:19 GMT
ETag: W/"6262873f-157a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l1m3fWxw3grvwRVwjsX%2B3IeTVd8tPZHboPGTvL%2FYiCicpiZrcMF%2Fc06se7zjCZTSV4JSXv3%2Brr31WaS3zCKkb9V0Qleiz7YJd%2BVJe81RTOh%2Brlt3%2B1sALeOYDkAiOS3Q"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7473014e8ae30b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (695)
Size:   1590
Md5:    d8e176179eb941e357e851bfd5cf5bcb
Sha1:   e298d110d19ac03b47dd2fc0cdea0b54aa6de1c8
Sha256: ebf9cfbffad5f7f5a2b261313b4f1d13f22fb4aa91da303c8bcb86133522e1f3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /images/41/style.min.css HTTP/1.1 
Host: guroshied.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=13ce8e04ca25ae53f6f4d9be772fc6a0&placement=16814853&campaign=614474

                                         
                                         104.21.54.2
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 07 Sep 2022 22:50:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 12 Aug 2022 12:17:10 GMT
ETag: W/"62f644c6-5cb"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IJmCshXkDNxWGa0zOUn60R02KcN6iCsCeQpK%2F94t4vTOwzUVTxHsdU4PoQ2%2Fl49mG%2Bj%2Br9ziXgkrAKzUNBpsAbUJYRy54wFicbbcynN%2B6oyXHgZMbplKH7FMill5XWl%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7473014e7b761bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1482)
Size:   654
Md5:    24be203544b872801f526b5245ba85c2
Sha1:   5acb9586576101c8522dbf7d0ceadf9acac3607f
Sha256: 63f10bf6899b20de65be1626550c81091870fcd0672205f3d53aa8b23fbad8b5
                                        
                                            GET /images/41/main.min.js HTTP/1.1 
Host: guroshied.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=13ce8e04ca25ae53f6f4d9be772fc6a0&placement=16814853&campaign=614474

                                         
                                         104.21.54.2
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 07 Sep 2022 22:50:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 12 Aug 2022 12:17:10 GMT
ETag: W/"62f644c6-590"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riiL6s3lRcouC86HiidcyrS%2BmoDdKCPcgKuDwZcJTJGAzhfwXyNvdWXBnudDHCgG7q8jS2GMBnU2%2FwTDUpmu8nARd55MwxMAcTxViEha8sDyKwGocW8Dui0ar07Sz%2Bmy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7473014eba79b503-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   525
Md5:    114512749f87d3f2e5fc84101a695848
Sha1:   d030c4f11023cc517f74221d336a844b9665beb4
Sha256: cb4acd0ae352c75972e5aba531ad8644691cc96d2a911905d0b954b3fbf409db

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:45 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 21:30:25 GMT
Expires: Mon, 12 Sep 2022 21:30:24 GMT
Etag: "fe0b3689554b147f305994b2d298cce033563e51"
Cache-Control: max-age=426579,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7473014f1a5f0b45-OSL

                                        
                                            GET /extjs.js HTTP/1.1 
Host: guroshied.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guroshied.com/land?c=1hx012d_1v9TdH_aaEe_7GwekJU=&cnv_id=13ce8e04ca25ae53f6f4d9be772fc6a0&placement=16814853&campaign=614474

                                         
                                         104.21.54.2
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 07 Sep 2022 22:50:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 02 Sep 2020 15:57:50 GMT
ETag: W/"5f4fc0fe-16464"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fw2yFmQM9%2BZ0MvtoAue7K4id%2B64X%2F3s6by5fF%2F6SQo4MyXiCR5mCqlmfZRFErKkFPIbFMO1Tb3JtQhNsF1whw0GR7W0GEiPK4%2FAxw6Q%2FD0AQZOZG937hQQPOdfo39pXU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7473014e8cc80af6-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   31773
Md5:    11a98db15f8eabc5eea2782e7514019d
Sha1:   53ca23e5ffee821b765d9db3f9bc9f036547a532
Sha256: 69b47b6ee0175fe05398905d566382f5fee9a642bb6f6ef2ded95594db7e136a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sdk.js?sid=a2acd55d-8e4f-445a-b49c-d7526e66f43c&lid=41 HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.14.1
Date: Wed, 07 Sep 2022 22:50:45 GMT
Content-Length: 45345
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Cache-Status: MISS


--- Additional Info ---
Magic:  ASCII text, with very long lines (45345), with no line terminators
Size:   45345
Md5:    291a234d4f381d23592b00b0b0880156
Sha1:   bfd2d78601087045804acb147459c1dcb08293e3
Sha256: ee2c421bc2d751dc634f3e3700ba12ee1ae8e493c5c393956c46232c9a0fd34f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /hit HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------420618072641646155912815351412
Content-Length: 696
Origin: http://guroshied.com
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.14.1
Date: Wed, 07 Sep 2022 22:50:45 GMT
Content-Length: 2
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Set-Cookie: av_sw_hit=1; expires=Thu, 08 Sep 2022 22:50:45 GMT; secure; SameSite=None


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    e0aa021e21dddbd6d8cecec71e9cf564
Sha1:   9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
Sha256: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
                                        
                                            POST /api/report HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------3296639525658428391637635804
Content-Length: 495
Origin: http://guroshied.com
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.14.1
Date: Wed, 07 Sep 2022 22:50:45 GMT
Content-Length: 2
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    e0aa021e21dddbd6d8cecec71e9cf564
Sha1:   9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
Sha256: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
                                        
                                            POST /api/report HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------200716748012219636612498119615
Content-Length: 446
Origin: http://guroshied.com
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.14.1
Date: Wed, 07 Sep 2022 22:50:45 GMT
Content-Length: 2
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    e0aa021e21dddbd6d8cecec71e9cf564
Sha1:   9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
Sha256: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 07 Sep 2022 22:38:18 GMT
Expires: Wed, 07 Sep 2022 22:59:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CvNx3J9B5RrLsPmTWHYw4Xh0vZOh9twYcaib5SysV2uD7qi1klQdlQ==
Age: 747


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: zerossl.ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:45 GMT
Content-Length: 727
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 21:30:25 GMT
Expires: Mon, 12 Sep 2022 21:30:24 GMT
Etag: "fe0b3689554b147f305994b2d298cce033563e51"
Cache-Control: max-age=426578,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74730150db4a0b45-OSL

                                        
                                            GET /redirect/e?t=4&sid=a2acd55d-8e4f-445a-b49c-d7526e66f43c&click_id=13ce8e04ca25ae53f6f4d9be772fc6a0&placement=16814853&d=1&sub1=&sub2=&sub3=&sub4=&sub5= HTTP/1.1 
Host: tartator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         178.162.196.156
HTTP/1.1 301 Moved Permanently
                                        
Server: nginx/1.14.1
Date: Wed, 07 Sep 2022 22:50:45 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform-Version
Location: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=13ce8e04ca25ae53f6f4d9be772fc6a0&type=TBD&pt=16814853&cid_ext=
X-Cache-Status: MISS

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6265
Cache-Control: 'max-age=158059'
Date: Wed, 07 Sep 2022 22:50:45 GMT
Last-Modified: Wed, 07 Sep 2022 21:06:20 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2D9A35E8783F763F1102988EEC07F0444DEFE1187DB969018555E655B46387BC"
Last-Modified: Mon, 05 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Thu, 08 Sep 2022 04:50:23 GMT
Date: Wed, 07 Sep 2022 22:50:45 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 38+LhAWRg170ueifW7pScA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.38.227.80
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QNEVDR7ynpjM619b75dtuKeabBc=

                                        
                                            GET /translate_a/element.js?cb=TranslateInit HTTP/1.1 
Host: translate.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.46
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Sep 2022 22:50:45 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+515; expires=Fri, 06-Sep-2024 22:50:44 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (560)
Size:   27224
Md5:    c168eea3e250eccdec5c0271f7ea0f6e
Sha1:   aaff2a40c07f7697f0dd67996c96ba77d6a068f9
Sha256: 06a9bcccf60ede082a6d5d7af0e4e6f345aee0980df6d8023553884385f102bb
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /landers/artygazzzz_bk_ru_len_2_[sergk]_us/css/style.min.css HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=13ce8e04ca25ae53f6f4d9be772fc6a0&type=TBD&pt=16814853&cid_ext=
Cookie: uclick=ib8rocsc; uclickhash=ib8rocsc-ib8rocsc-xsvr-gxa9-h98p-y9uq-y9my-5ce367
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 22:50:46 GMT
Content-Length: 2285
Last-Modified: Thu, 10 Feb 2022 17:16:58 GMT
Connection: keep-alive
ETag: "6205488a-8ed"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (2284)
Size:   2285
Md5:    cd828a3775fdacaf456ebed7d0778730
Sha1:   442dc08eed3e4d67f6d9259049f5834cf02f6f6c
Sha256: fdfa92545f7fecc27d31ed21f3b1a30ef9718a503466ffc39ea6517467d2f133

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Open+Sans:regular,500,600,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Sep 2022 22:50:46 GMT
date: Wed, 07 Sep 2022 22:50:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   45582
Md5:    a72cd1c853b2a55d672c3279c835cf19
Sha1:   b0bf36c8eeb77326c9eeebd2b2f64ebc513fbdff
Sha256: 3d2004bd6ed8e25a31571d53c8bccea68373fb8eccdd2e0c61beebeb44587e91
                                        
                                            GET /landers/artygazzzz_bk_ru_len_2_[sergk]_us/js/main.min.js HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=13ce8e04ca25ae53f6f4d9be772fc6a0&type=TBD&pt=16814853&cid_ext=
Cookie: uclick=ib8rocsc; uclickhash=ib8rocsc-ib8rocsc-xsvr-gxa9-h98p-y9uq-y9my-5ce367
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 22:50:46 GMT
Content-Length: 0
Last-Modified: Thu, 10 Feb 2022 17:16:58 GMT
Connection: keep-alive
ETag: "6205488a-0"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 07 Sep 2022 22:50:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=13ce8e04ca25ae53f6f4d9be772fc6a0&type=TBD&pt=16814853&cid_ext=
Cookie: uclick=ib8rocsc; uclickhash=ib8rocsc-ib8rocsc-xsvr-gxa9-h98p-y9uq-y9my-5ce367
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 22:50:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   114
Md5:    c872da7f0a50e2f749f7f67f548a214e
Sha1:   da9c7f5900a38def04bc0c5b6723ca82f48efa57
Sha256: ba92b5ba25874214592410d33ab6c9225814a010ed538aa33982812d589e86a9

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landers/artygazzzz_bk_ru_len_2_[sergk]_us/images/image.png HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/click.php?key=gck6f7m1a4lq403d4q3f&click_id=13ce8e04ca25ae53f6f4d9be772fc6a0&type=TBD&pt=16814853&cid_ext=
Cookie: uclick=ib8rocsc; uclickhash=ib8rocsc-ib8rocsc-xsvr-gxa9-h98p-y9uq-y9my-5ce367
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 22:50:46 GMT
Content-Length: 64015
Last-Modified: Thu, 10 Feb 2022 17:16:58 GMT
Connection: keep-alive
ETag: "6205488a-fa0f"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   64015
Md5:    9f0c9a2e604545c2caebcd9d75f2fbe4
Sha1:   46a479455f9a8db336777cc0dcd99a825deaf952
Sha256: 908b94b9569636a318067e5f34187eafaa30d4b31df7f7e6838e86d993007cc2

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /landers/artygazzzz_bk_ru_len_2_[sergk]_us/images/bg.png HTTP/1.1 
Host: fatededers.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fatededers.com/landers/artygazzzz_bk_ru_len_2_[sergk]_us/css/style.min.css
Cookie: uclick=ib8rocsc; uclickhash=ib8rocsc-ib8rocsc-xsvr-gxa9-h98p-y9uq-y9my-5ce367
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         54.164.227.218
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.20.2
Date: Wed, 07 Sep 2022 22:50:46 GMT
Content-Length: 259534
Last-Modified: Thu, 10 Feb 2022 17:16:58 GMT
Connection: keep-alive
ETag: "6205488a-3f5ce"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 934 x 537, 8-bit/color RGB, non-interlaced\012- data
Size:   259534
Md5:    c75ec192b763d45b9a72fde5ea838e37
Sha1:   7042ef5e29a6033998e1ddd2d428932c0ddd814c
Sha256: fbbdd52dc2b86be54d0e8104c3c21dc962c22cd0caa599d1cbfec8e88e230fff

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Thu, 08 Sep 2022 00:57:28 GMT
Date: Wed, 07 Sep 2022 22:50:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Thu, 08 Sep 2022 00:57:28 GMT
Date: Wed, 07 Sep 2022 22:50:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Thu, 08 Sep 2022 00:57:28 GMT
Date: Wed, 07 Sep 2022 22:50:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Thu, 08 Sep 2022 00:57:28 GMT
Date: Wed, 07 Sep 2022 22:50:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7601
Expires: Thu, 08 Sep 2022 00:57:28 GMT
Date: Wed, 07 Sep 2022 22:50:47 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4570
x-amzn-requestid: c8acc548-6455-4951-9ca0-245a1c3bdf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VYGwEoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f55-58f59c61714ed9761d39c8b4;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UiG7UKRQy_MGckOpAsfoV4PUZZ2o8ko7Q6hqeYlzo5XS0874Cf2gxQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:02:08 GMT
age: 2919
etag: "b469f24dbfe01ee68650ef1b0abd6badb83e3325"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4570
Md5:    c870cb13eb9cbc6e3cb66814dc06a157
Sha1:   b469f24dbfe01ee68650ef1b0abd6badb83e3325
Sha256: d4dc98f6d2d86a94c85056797a4efd9ab938651fb06bf421c661b78a5c9d9319
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7492
x-amzn-requestid: 2c5e9ff3-c7a4-4a8f-96bf-74f0ca5d9137
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9dOHguIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f87-70dbe6532b1a241e6dbe729e;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lbCmv9fV9iBGOQvxRzleYwC5dBYeu1kRgSSkC2hycDmavyXj-KlFSw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:24:59 GMT
age: 1548
etag: "98c145b9326d1e6036fa9089d87a25232dd45b0b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7492
Md5:    a07d553b6441514870ed7e9e989a29a7
Sha1:   98c145b9326d1e6036fa9089d87a25232dd45b0b
Sha256: 373a586b596016baeb8de98022207c25af24c099c06077edbdfd837cffc31a0e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3ef55d7-b6c2-4550-aff3-c9052f7d4816.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6214
x-amzn-requestid: 46a44af0-e547-49e8-bc39-f6c49d94e375
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj_0HFKbIAMFRbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b134d-0297c83c305422fa51b86dcf;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 07:03:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ZKcuRO8Z6wBMdm79iDZj5uRYk4YYpYJqOoG8hZqY81O0R7hfbe5bQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 05:10:03 GMT
age: 63644
etag: "50f1459de01174e594e03e7df4dfaa8eb1798672"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6214
Md5:    f922505178de0cea92eedcfda85a9f67
Sha1:   50f1459de01174e594e03e7df4dfaa8eb1798672
Sha256: 981cd58768d6ad841673add855ddcc7106fbc85de05db9a1bd2d6bc8928b4c2c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7923
x-amzn-requestid: 657663ba-b3e9-4a84-9186-3f13ad230765
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VsGsQoAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f57-6fc934984bba83fe1b91056f;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LJHVcK1c7pNCYdAONIQDous9DHHeTn7W2Ker2Jl699G9mNn07U7qUw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:02:24 GMT
etag: "63e6e7d760e736c45ca4778111ea8e61eb13edd6"
age: 2903
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7923
Md5:    786824349d0ac6933b5beb4a10ce9cc7
Sha1:   63e6e7d760e736c45ca4778111ea8e61eb13edd6
Sha256: 4aea707f67116f423b68bd19e946b167b48c920693663f2b7b270c86947bffdb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b1ceaeb-6cf1-42e7-b7e3-28eb631f4b98.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12131
x-amzn-requestid: c190466e-eab9-4705-be7e-9724d240a1a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VNF8BoAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f54-0f718d821b0107bb1b1474a9;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:28 GMT
x-amz-cf-pop: SFO20-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: f88GXTqODlTXl1sX4BakGIcPj0sGV6IUQ3R8zpBQwg-QEGe3YstK0Q==
via: 1.1 36cc13280ef76bb2fee6ae5eed6fec2e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:47:44 GMT
age: 3783
etag: "339fc154a29a7459101dd6125bebf38219bfd11a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12131
Md5:    77aa1349e0d44b4756bbede0cbd05413
Sha1:   339fc154a29a7459101dd6125bebf38219bfd11a
Sha256: 74e6439067201bba5e0edc7fd477c62c0566c5fac30b035150d06fea2d30cce0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14aa345c-bb84-4f98-baec-fbf23ee3d778.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5755
x-amzn-requestid: 897520a8-3b51-4e6e-843b-2698aada72fa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9bqH7PIAMF0bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f7d-1310b45e2af9cde575c8b71d;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: bIdDIzR0_WkQR_Eq1kPO9i3ZbADpOB_mVcdTp80nLRqNQHp6r2BSAA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57bd3a2d9e0e4cbf89d9eb3d7dfb916e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:25:15 GMT
etag: "95b9ececb227d1976c99db67695c057aebea990d"
age: 1532
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5755
Md5:    1b0c375abb664a29d73855e858a708b3
Sha1:   95b9ececb227d1976c99db67695c057aebea990d
Sha256: 242318dcfb94f2e3e497801491fed84b42fe94396e6feb2476b2257c964ca989
                                        
                                            GET /css?family=Roboto:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,900,900italic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guroshied.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Sep 2022 22:50:44 GMT
date: Wed, 07 Sep 2022 22:50:44 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---