Report - atom.lk/wp-content/DL/

Report Overview

Submitted URL
atom.lk/wp-content/DL/
IP
104.21.83.168
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-05 13:44:30
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.7 kB	4.4 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.4 kB	3.0 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	54.149.219.22
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	55 kB	34.120.237.76
atom.lk	unknown	2012-11-26T19:18:08Z	2023-02-23T17:28:41Z	5.2 kB	74 kB	172.67.179.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-05	medium	atom.lk/wp-content/DL/	Malware
2022-11-05	medium	atom.lk/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=7656060368941c0a	Malware
2022-11-05	medium	atom.lk/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9390030389950041:1667653532:E1Ox_IcrmKti3LLPgyr71gFBCilc3SJkdVaqO74kpuE/7656060368941c0a/b2918d39c8ab347	Malware
2022-11-05	medium	atom.lk/wp-content/DL/	Malware
2022-11-05	medium	atom.lk/cdn-cgi/challenge-platform/h/g/pat/7656060368941c0a/1667655860173/c717d05e5927e55856f6873d9bc0d9fd45db7110a5c105b2a568193cf219e23a/KU_RmViUTFLLLr_	Malware
2022-11-05	medium	atom.lk/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9390030389950041:1667653532:E1Ox_IcrmKti3LLPgyr71gFBCilc3SJkdVaqO74kpuE/7656060368941c0a/b2918d39c8ab347	Malware
2022-11-05	medium	atom.lk/wp-content/DL/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	atom.lk/wp-content/DL/	3.0 kB	2023-03-10	2023-03-10
Pretty URL atom.lk/wp-content/DL/ IP 172.67.179.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 21:24:49 Last Seen2023-03-10 21:24:49 Times Seen1 Hash c88feb8e947916b1e5cfa84fbbce6b96 fb03af819d8744afb44e8dc97ea77af2e53fae51 5579b8a01847eb4ac84162f2d653345edd4ac1b57309f827625c4b7f745d8402 Loading...

	atom.lk/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=7656060368941c0a	61 kB	2023-03-10	2023-03-10
Pretty URL atom.lk/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=7656060368941c0a IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 21:24:49 Last Seen2023-03-10 21:24:49 Times Seen1 Hash a1842cc45b9a7d226142ed8abdde21dd 2ba77e516eeeac0d3626174a747c3b4ddf4948dc 99c90c73daba7b7221374062a31f9356145af93895ccf10ff8a98b902c5ed008 Loading...

	atom.lk/wp-content/DL/	17 B	2023-03-07	2023-04-05
Pretty URL atom.lk/wp-content/DL/ IP 172.67.179.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2023-04-05 02:12:11 Times Seen1946 Hash 8ff8851cc2351b1ece0667fc38808aca 1948720040e391039821b5f1e0ffb994f42af529 39dc54b6b6d6d57f0d76b09b6e775fa9bf57418049cbb68c31fa4176a8b81175 Loading...

	atom.lk/wp-content/DL/	210 B	2023-03-07	2024-02-12
Pretty URL atom.lk/wp-content/DL/ IP 172.67.179.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-02-12 00:41:30 Times Seen1104 Hash ab1ac4cf0f484cc9f859c0a7983353e0 2da142b1135bd10cdbed4a7353e4483acc30ebe9 50e878a18b2b5be7071dc7c10297381bcfcb55f17c27760ee857af9e31133324 Loading...

	atom.lk/wp-content/DL/	375 B	2023-03-07	2024-02-12
Pretty URL atom.lk/wp-content/DL/ IP 172.67.179.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-02-12 00:41:30 Times Seen1694 Hash 56df91490fa1984fa82b297dcb23c22d 2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9 275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24 Loading...

	atom.lk/wp-content/DL/	38 B	2023-03-07	2024-02-12
Pretty URL atom.lk/wp-content/DL/ IP 172.67.179.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-02-12 00:41:30 Times Seen1306 Hash eb2ee6e4b3d4e81bacdb2474d9b3c2f5 6588855b25c975b224e0fd1b50ca1b3f36cd46ed 3dd83a652b2e60d8dfc699cd2006f70007b826a92b49e61e9194bf422481ac05 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 70efa725f660990cc6701727e98c360b	769 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:07:04 Last Seen2023-07-11 03:19:46 Times Seen6035 Hash 70efa725f660990cc6701727e98c360b 04f4df4180629c6a1a8648630310794bfdb39eb8 cb2789441eb37a5d5520d68b778e5e1a0743c6d105076aa2e3be07147e0dc752 Loading...

		Size	First Seen	Last Seen
	#1 Write - 467d82ac802ebf5b672ecdb8e02505e6	3.6 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:02:24 Last Seen2023-07-11 15:29:01 Times Seen16478 Hash 467d82ac802ebf5b672ecdb8e02505e6 b3df725dd3285fd4618d65c08e83b8f08c8e4798 36d48aeb87174dbf8b0ea333d2042d9e198797bd33c3f849597981eacd619515 Loading...

HTTP Transactions (28)

URL IP Response Size

atom.lk/wp-content/DL/

172.67.179.57

301 Moved Permanently

0 B

URL HTTP/1.1
atom.lk/wp-content/DL/
IP
172.67.179.57:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/DL/ HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 05 Nov 2022 13:44:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 05 Nov 2022 14:44:19 GMT
Location: https://atom.lk/wp-content/DL/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZEDJPzL02wnkSMR8eBlCoGN2GREXqmonCBALBe2HVuh%2BMbgOvi4afMyp3GJUYawsBqrxFMvrjNDkn7TQuDanL%2BNzznh9xbSXY8V5qMMoSShv3VNvJfpyrv3c"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 765606005dcdb512-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2590
Expires: Sat, 05 Nov 2022 14:27:29 GMT
Date: Sat, 05 Nov 2022 13:44:19 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4302
Cache-Control: max-age=161907
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 13:44:19 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 10:42:46 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4302
Cache-Control: max-age=161907
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 13:44:19 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 10:42:46 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6729
Expires: Sat, 05 Nov 2022 15:36:28 GMT
Date: Sat, 05 Nov 2022 13:44:19 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: I3Qv3eR2FCoNH2WBB6kyByX7LqazkJ1Kr4x1OEFdEcEQEIfusnzbfeLrl3FrhUlfnOQkrn8ZhLg=
x-amz-request-id: G3XSZ5DWBXYZ3GB4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 05 Nov 2022 12:47:12 GMT
age: 3427
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 13:44:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
adf6a3b4cf7b27fc59ef299a8e18eab1
a93ec81a80de8f1ca19ac2804b5629b93751158e
27ec7be1514cc2f11635fcabaec619631858871bd3e480d2df92afdc3128308f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=141777
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 13:44:19 GMT
Etag: "6365ef84-117"
Expires: Mon, 07 Nov 2022 05:07:16 GMT
Last-Modified: Sat, 05 Nov 2022 05:07:16 GMT
Server: nginx
Content-Length: 279

atom.lk/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=7656060368941c0a

104.21.83.168

200 OK

42 B

URL HTTP/2
atom.lk/cdn-cgi/images/trace/jsch/js/transparent.gif?ray=7656060368941c0a
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cdn-cgi/images/trace/jsch/js/transparent.gif?ray=7656060368941c0a HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://atom.lk/wp-content/DL/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 05 Nov 2022 13:44:19 GMT
content-type: image/gif
content-length: 42
last-modified: Fri, 04 Nov 2022 12:47:43 GMT
etag: "636509ef-2a"
server: cloudflare
cf-ray: 76560604e9e51c0a-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Sat, 05 Nov 2022 15:44:19 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

atom.lk/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9390030389950041:1667653532:E1Ox_IcrmKti3LLPgyr71gFBCilc3SJkdVaqO74kpuE/7656060368941c0a/b2918d39c8ab347

104.21.83.168

200 OK

60 kB

URL HTTP/2
atom.lk/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9390030389950041:1667653532:E1Ox_IcrmKti3LLPgyr71gFBCilc3SJkdVaqO74kpuE/7656060368941c0a/b2918d39c8ab347
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
60 kB (60248 bytes)
Hash
936f7fbfc9eb1b0175d2b4e18ce9a1a1
80a5c37d119272db4632e7d5d3c794e0659dbb5d
89690674b48e36f891672ef16e1e7aea5047aa288c94f1c0d6c0e38b6566d423

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/0.9390030389950041:1667653532:E1Ox_IcrmKti3LLPgyr71gFBCilc3SJkdVaqO74kpuE/7656060368941c0a/b2918d39c8ab347 HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://atom.lk/wp-content/DL/
Content-type: application/x-www-form-urlencoded
CF-Challenge: b2918d39c8ab347
Content-Length: 1699
Origin: https://atom.lk
Connection: keep-alive
Cookie: cf_chl_2=b2918d39c8ab347; cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 05 Nov 2022 13:44:20 GMT
content-type: text/plain; charset=UTF-8
cf_chl_gen: jPzTXoefMiaFXEQcQH3yg6FtXv66NZ2i1M7Cub+aFZLwQFpkSh1WxcKy6mAbq6wCuit+hZ3xMjM0SbytKU0KVzDst/hJKa5joMPQcZmRG7NWaA3QpIjh41oZRgejV1Tp+QfO7ymo5TwY48tTRHTTrU4gy1r/Uc7weV8BFwOe7MQqQaX2Vj6+l8h1I/J+hQrPPFUG8j2sX7cAfT/hKalorl6wXnRWsN+eodQNDqBkNv23kdEt3Ko1Qhsr4oAcUTngQBJyVweygQAZ8Tr6Mg7YTEvENiNACqiA0AFk76BzTvM=$4MfOpYObBg3H3W8Fo5IRLQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HI0uCnaHtwA07U%2F8rKPk2%2Bu8MiUR5XFiA%2FXptVaS9HCI5rACAL7nBMiU%2FT3V02Qv4DCcenEPwBiZZ5StKvmsq%2F6oK7yDB0v%2BZOZdARx8kn66SW2F0aOx5xXq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 765606060b3c1c0a-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
db63d54b77502dd6c7bdc792d4fd093e
026ad8186833988279468829c004c6e2a2f2626f
eff89ef67baa622e8a196ffcadc44d29aafff009bb531da3e979a1f47c3b1c36

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6266
Cache-Control: max-age=158813
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 13:44:20 GMT
Etag: "63661997-1d7"
Expires: Mon, 07 Nov 2022 09:51:13 GMT
Last-Modified: Sat, 05 Nov 2022 08:06:47 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.219.22

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.219.22:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GkUajH0azOCjIK5Vvvj0kA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: MmUdLI0T2i2Uxd7RtSds9mNlhX4=

atom.lk/cdn-cgi/styles/cf.errors.css

104.21.83.168

200 OK

5.0 kB

URL HTTP/2
atom.lk/cdn-cgi/styles/cf.errors.css
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
5.0 kB (4981 bytes)
Hash
9b41725f5db500165951f5d3e2c0f49e
b21aa483a42ebd4bd60722b75503cf5c47502181
f3152c78dac35b67e798503cb52c2b5014f0b20c674efbf8ea9246966486cbdd

HTTP Headers

GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://atom.lk/wp-content/DL/
Cookie: cf_chl_2=b2918d39c8ab347; cf_chl_prog=x12; cf_clearance=351defb3ec6900d14ebdad2de5826239e518c44f-1667655861-0-150
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 05 Nov 2022 13:44:21 GMT
content-type: text/css
last-modified: Fri, 04 Nov 2022 12:47:43 GMT
etag: W/"636509ef-5e44"
server: cloudflare
cf-ray: 7656060c18111c0a-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Sat, 05 Nov 2022 15:44:21 GMT
cache-control: max-age=7200, public
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5928
Expires: Sat, 05 Nov 2022 15:23:09 GMT
Date: Sat, 05 Nov 2022 13:44:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5928
Expires: Sat, 05 Nov 2022 15:23:09 GMT
Date: Sat, 05 Nov 2022 13:44:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5928
Expires: Sat, 05 Nov 2022 15:23:09 GMT
Date: Sat, 05 Nov 2022 13:44:21 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7619 bytes)
Hash
308da46611df43543d31ca502986bea2
0bf4de356c3a64785fe116161cb931b3b2476f5d
63996962e2763dcf2e0ae5e43aa12dfd8f8677082bb1cdf63528dfd00404f3e3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7619
x-amzn-requestid: 67308248-e660-4294-aafe-5f178970f822
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGHlcHHfIAMFyGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63658622-5b1ee875554a05eb1e8a6f16;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 21:37:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _-RekVvWiPI4MHy0Up2j6D6a_NcPywYvDeydP3QlbCceU7NfWk00jQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:52:21 GMT
age: 57120
etag: "0bf4de356c3a64785fe116161cb931b3b2476f5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94b0737-3952-4bbe-b940-e1f79fb95cbe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6909 bytes)
Hash
eaf06d0fb99703abfd57b962eb21ce96
ce73b0ad22139bec863ed990e3d3af4bdc3df288
a226250245611193be882c92f2d9920cb6ceeb12823b48c0b9c8fa2aba1c8c0d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94b0737-3952-4bbe-b940-e1f79fb95cbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6909
x-amzn-requestid: 7c500c29-f514-491c-b2fe-a732a546925f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: awWpEEYHoAMFWdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635cd16d-6d9c4c5c41f4fcd16cabda59;Sampled=0
x-amzn-remapped-date: Sat, 29 Oct 2022 07:08:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lOCFTDiIxZDBzypATpujFz2hjWPabqjokrpq1-5An86y5lZLG5xHxQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 07:40:21 GMT
age: 21840
etag: "ce73b0ad22139bec863ed990e3d3af4bdc3df288"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7783 bytes)
Hash
7a3b1551512640bb8f5e7deb80c32272
75805b9f03aef14cfad025259936ae5f217d25ca
5baa90853202e78cf9b59e9ab597e16ccfbf143d7e124583e64dc1ad1ee2c2df

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7783
x-amzn-requestid: ab7cc6ee-976d-41a4-b5da-0aefd5cb6246
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEJnzH15oAMFlwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364bc98-68f910b60bd5ecaf2947c59a;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:17:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: JnvKcym5f71Ra_ZHzkTXnU7Fa3D5zBFK9JFKXA_A3G98jN9r3Jikyw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 08:24:07 GMT
age: 19214
etag: "75805b9f03aef14cfad025259936ae5f217d25ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6557 bytes)
Hash
ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:52:32 GMT
age: 57109
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10462 bytes)
Hash
4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 06:27:59 GMT
age: 26182
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9150 bytes)
Hash
c7c9c908e891e7277f21a914fea9aa25
596c3c084ae3d850a5dc28e549b4e22f2b8cc71f
709c217b3ac09712d2af4366316c8977b1a4e2a73f887b3e30f10df1ed50bacd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9150
x-amzn-requestid: 7c179507-20a7-4fa3-993b-f79b3e7949ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apwiGHD_IAMFQZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2e0d-337623ce79dc53c864632c72;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:06:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OM3hc6Jfl5pDWPikIlcQOexIScQavqJh9h-N-EvIGNpicWJwHMPKIA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 14:36:51 GMT
age: 83250
etag: "596c3c084ae3d850a5dc28e549b4e22f2b8cc71f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

atom.lk/wp-content/DL/

104.21.83.168

503 Service Unavailable

0 B

URL HTTP/2
atom.lk/wp-content/DL/
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/DL/ HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 503 Service Unavailable
date: Sat, 05 Nov 2022 13:44:19 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZU3XhF5Bx79Qo19pOlSWw%2F7Lls4mL19CHWgaOYnsSYkpdeKkoiV96K7Yy1GDlp8e%2FccAqgwqGAqFLDMFGqS8TPYRZ04Qp7WJEc06X4f5q1lW68E%2BkZmpJGAU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7656060368941c0a-OSL
X-Firefox-Spdy: h2

atom.lk/cdn-cgi/styles/challenges.css

104.21.83.168

200 OK

0 B

URL HTTP/2
atom.lk/cdn-cgi/styles/challenges.css
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://atom.lk/wp-content/DL/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 05 Nov 2022 13:44:19 GMT
content-type: text/css
last-modified: Fri, 04 Nov 2022 12:47:43 GMT
etag: W/"636509ef-1896"
server: cloudflare
cf-ray: 76560604b9a71c0a-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Sat, 05 Nov 2022 15:44:19 GMT
cache-control: max-age=7200, public
content-encoding: gzip
X-Firefox-Spdy: h2

atom.lk/favicon.ico

104.21.83.168

503 Service Unavailable

0 B

URL HTTP/2
atom.lk/favicon.ico
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://atom.lk/wp-content/DL/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 503 Service Unavailable
date: Sat, 05 Nov 2022 13:44:19 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQkBWoyrAnTuhXd4QrF3X3t4zgwzjmm8XZ9CNG9A2y43cJCHWirPGtS084U2spnDkePAaudYdahykU%2BTxiAexZg9YUUvTxQwnuYQIHlbhW5ZsB5%2BiL1hc2mC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76560604b9a91c0a-OSL
X-Firefox-Spdy: h2

atom.lk/cdn-cgi/challenge-platform/h/g/pat/7656060368941c0a/1667655860173/c717d05e5927e55856f6873d9bc0d9fd45db7110a5c105b2a568193cf219e23a/KU_RmViUTFLLLr_

104.21.83.168

401 Unauthorized

0 B

URL HTTP/2
atom.lk/cdn-cgi/challenge-platform/h/g/pat/7656060368941c0a/1667655860173/c717d05e5927e55856f6873d9bc0d9fd45db7110a5c105b2a568193cf219e23a/KU_RmViUTFLLLr_
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/7656060368941c0a/1667655860173/c717d05e5927e55856f6873d9bc0d9fd45db7110a5c105b2a568193cf219e23a/KU_RmViUTFLLLr_ HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://atom.lk/wp-content/DL/
Connection: keep-alive
Cookie: cf_chl_2=b2918d39c8ab347; cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 401 Unauthorized
date: Sat, 05 Nov 2022 13:44:20 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gxxfQXlkn5VhW9oc9m8DZ_UXbcRClwQWypWgZPPIZ4joAB2F0b20ubGs=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA6IBJrV72Jez65WmLraZfhk2MHBiVZa71Aj-jzrZ6nETzJSDQ01W-j9yYMLX15nX3Ps7oeTVUHNemizgqdlty2CmVfI4yNdAJuXgwdyaFePc7jEml6b5Iyy9SXoOTDSL5sr2WRLaR17hpvxQ6pOuuJ6EssK1vQ48CGVGce7YMlo_3CExqjxmsXqlHCWn3k-C9gAwMksjn4OU0GaDYXb75TlOWQitxV45hV3ULxfrMGytNkBrfKcENbwlx8XTPYpyWwGrafQltMX6vkF-UsxpHFBbBUyhso5m2_tJVNzGMGdxwmuIYb3AzZ0p-UBh0TJxfpDAk9-gyERUrZ7trPapTQQIDAQAB, max-age=15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2Mbm7SCfir%2B21GOkVHb19%2FGcpRNA8dOlIm6hF4wf%2Fm50ZAkyQD3nikrgFgpRFulQ2XO9CP5hWmT2HnwRF3lhqVJv%2BEp9dsPeR4hxsVZYGCDzlsbZqVHJR8d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 765606076c901c0a-OSL
X-Firefox-Spdy: h2

atom.lk/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9390030389950041:1667653532:E1Ox_IcrmKti3LLPgyr71gFBCilc3SJkdVaqO74kpuE/7656060368941c0a/b2918d39c8ab347

104.21.83.168

200 OK

0 B

URL HTTP/2
atom.lk/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9390030389950041:1667653532:E1Ox_IcrmKti3LLPgyr71gFBCilc3SJkdVaqO74kpuE/7656060368941c0a/b2918d39c8ab347
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/0.9390030389950041:1667653532:E1Ox_IcrmKti3LLPgyr71gFBCilc3SJkdVaqO74kpuE/7656060368941c0a/b2918d39c8ab347 HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://atom.lk/wp-content/DL/
Content-type: application/x-www-form-urlencoded
CF-Challenge: b2918d39c8ab347
Content-Length: 16251
Origin: https://atom.lk
Connection: keep-alive
Cookie: cf_chl_2=b2918d39c8ab347; cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 05 Nov 2022 13:44:20 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_chl_rc_ni=;Expires=Fri, 04 Nov 2022 13:44:20 GMT;SameSite=Strict
cf_chl_out: RAdaOP9TSyKsEZENiLqRKZM9xHDjWieZW5tWc//JEmnXnbzspt5BPXPKnHEL00yFAGOIxnOCgZ826AcHytlMow==$4Y8GgZ/nscYnHiMktW+F4Q==
cf_chl_out_s: xtOqlYkOCsX51Az877w+pFhpZbhzg2z6+iZtwIvgoq0xEiQDIYjAsy0ZyVfREZU+vMFfJRRFFbW82E8axixJEKUDdp3ugb6R8z/vfb73ZTwtXLX5jFZomW0XRqCDe20n9GU7nztdtulNLpd3+H31Hw==$1HvYHcjz5kzcwbuKZle67g==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQBXDuJDc2vuDdIOzGe%2FOtymPfywStasULG0l8y9YoDkIhr%2FzTu7%2FpWwe8YvcOANlAq2t8u8F0uUMIyr9xV%2FNM5X0VGLzuVo6pxw%2B%2FgRffVGzjrGyQwn%2BbZ9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7656060a9f0b1c0a-OSL
content-encoding: br
X-Firefox-Spdy: h2

atom.lk/wp-content/DL/

104.21.83.168

200 OK

0 B

URL HTTP/2
atom.lk/wp-content/DL/
IP
104.21.83.168:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /wp-content/DL/ HTTP/1.1
Host: atom.lk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://atom.lk/wp-content/DL/?__cf_chl_tk=6W4lmh1RdGDR4D1R1OXOVOZibKAajAm8zxgBzqWSq80-1667655859-0-gaNycGzNCBE
Content-Type: application/x-www-form-urlencoded
Content-Length: 2966
Origin: https://atom.lk
Connection: keep-alive
Cookie: cf_chl_2=b2918d39c8ab347; cf_chl_prog=x12
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 05 Nov 2022 13:44:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_chl_2=; path=/; expires=Thu, Jan 01 1970 00:00:00 UTC; domain=.atom.lk; Secure
cf_chl_prog=; path=/; expires=Thu, Jan 01 1970 00:00:00 UTC; domain=.atom.lk; Secure
cf_clearance=351defb3ec6900d14ebdad2de5826239e518c44f-1667655861-0-150; path=/; expires=Sun, 05-Nov-23 14:44:21 GMT; domain=.atom.lk; HttpOnly; Secure; SameSite=None
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QddMOey6fMZkNV8j6gug15x591OqwcPvC4So7SsjvuvfOiAEdNkc5scQLuoNkrKNJd8zA0unScokA5%2Bt%2B7WGLJPfbCH7zJr3l1ANW0axhz8a8gWrukYps6Y6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7656060b9fb81c0a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (28)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers