Overview

URLcomilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2-e79efa9a7266
IP 18.193.146.82 (Germany)
ASN#16509 AMAZON-02
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-27 15:11:22 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (14)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
comilar-efferiff.icu (1) 202270 2020-05-04 10:08:02 UTC 2022-11-27 14:17:21 UTC 18.193.146.82
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (4) 344 No data No data 23.36.76.226
securely-send.com (1) 289562 2019-12-16 23:44:57 UTC 2022-11-26 08:51:44 UTC 161.35.78.172
cdn.onesignal.com (1) 3015 2015-04-22 13:41:50 UTC 2022-11-27 07:04:14 UTC 104.18.226.52
e1.o.lencr.org (2) 6159 No data No data 23.36.77.32
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.41.201.177
ic.aff-handler.com (2) 186950 2020-03-06 10:30:38 UTC 2022-11-27 08:45:05 UTC 217.147.127.42
spinningwheel.online (1) 0 2019-07-09 12:45:22 UTC 2022-11-27 12:18:45 UTC 104.21.1.17 Unknown ranking
ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-27 05:29:56 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-27 05:29:57 UTC 34.117.237.239
status.thawte.com (1) 5123 2019-03-13 17:00:46 UTC 2020-04-10 08:00:21 UTC 93.184.220.29

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-27 2 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2-e79efa9a7266 Malware
2022-11-27 2 securely-send.com/storage/CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.js Phishing
2022-11-27 2 spinningwheel.online/landing/ca-en/ Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 18.193.146.82
Date UQ / IDS / BL URL IP
2023-02-01 22:42:37 +0000 0 - 1 - 0 securecampaigntrackinglink.com/931c3f22-a8a4- (...) 18.193.146.82
2023-02-01 21:55:10 +0000 0 - 0 - 1 walter-larence.com/a35f72c3-1336-4f70-a02e-a7 (...) 18.193.146.82
2023-02-01 08:55:13 +0000 0 - 0 - 1 walter-larence.com/ffcefbf5-6845-4a5c-8806-9b (...) 18.193.146.82
2023-02-01 05:55:28 +0000 0 - 1 - 0 go.only4you.gifts/2a48de38-37f9-44e6-bd0d-f14 (...) 18.193.146.82
2023-01-31 15:55:02 +0000 0 - 1 - 0 go.only4you.gifts/2a48de38-37f9-44e6-bd0d-f14 (...) 18.193.146.82


Last 5 reports on ASN: AMAZON-02
Date UQ / IDS / BL URL IP
2023-02-02 01:43:41 +0000 0 - 4 - 0 d9f1-217-136-233-150.eu.ngrok.io/alertmsg.zip 3.124.142.205
2023-02-02 01:36:28 +0000 0 - 4 - 0 onn.to/ 54.213.23.105
2023-02-02 01:27:52 +0000 0 - 0 - 1 dt-secureconv.com/ 18.202.141.68
2023-02-02 01:26:11 +0000 0 - 0 - 2 www1.personalutylab.org/ 99.83.136.84
2023-02-02 01:25:20 +0000 0 - 6 - 0 click.convertkit-mail2.com/o8u95enw26cqhk8ko4 (...) 18.220.225.51


Last 5 reports on domain: comilar-efferiff.icu
Date UQ / IDS / BL URL IP
2023-01-15 22:58:05 +0000 0 - 1 - 0 comilar-efferiff.icu/9511b8a6-7659-4f45-b2a4- (...) 18.193.146.82
2023-01-14 06:43:06 +0000 0 - 1 - 0 comilar-efferiff.icu/9511b8a6-7659-4f45-b2a4- (...) 18.193.146.82
2023-01-12 12:07:39 +0000 0 - 1 - 0 comilar-efferiff.icu/9511b8a6-7659-4f45-b2a4- (...) 18.193.146.82
2023-01-11 07:02:53 +0000 0 - 1 - 0 comilar-efferiff.icu/64fe21cb-bd7e-4579-b405- (...) 18.193.146.82
2023-01-09 15:10:37 +0000 0 - 1 - 0 comilar-efferiff.icu/3bd6c62c-33a3-4275-be94- (...) 18.193.146.82


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-03 19:14:22 +0000 0 - 0 - 3 spinningwheel.online/landing/ca-en/ 104.21.1.17
2022-12-03 19:13:42 +0000 0 - 0 - 3 comilar-efferiff.icu/e4caf37b-5cda-4660-8134- (...) 18.193.146.82
2022-12-02 07:08:24 +0000 0 - 0 - 3 spinningwheel.online/landing/ca-en/ 172.67.151.218
2022-11-28 09:17:54 +0000 0 - 0 - 2 convertmb.com/0a1ca9d4-80a6-4a54-bc5b-e33a5c70f460 23.22.112.25
2022-11-25 11:00:44 +0000 0 - 0 - 3 comilar-efferiff.icu/5a74d436-d033-4dea-9b5f- (...) 18.193.146.82

JavaScript

Executed Scripts (13)

Executed Evals (1)
#1 JavaScript::Eval (size: 8243) - SHA256: 3b2dd7e8622a86f9df2323bcea7ef53ff8b40abbb5b8b269847ff5571eaa12af
const iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = class {
    constructor({
        attr, content, append, config
    }) {
        this.attr = attr || {};
        this.content = content || [];
        this.body = document.querySelector(append) || document.querySelector('body');
        this.id = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
        this.events = [];
        this.iframe = null;
        this.debug = config.debug || false;
        this.action = (typeof config.action === 'function') ? config.action : function(msg) {};
    };
    init() {
        this._createIframe((iframe) => {
            if (iframe) {
                this._addElements(this.content);
            }
        });
    };
    _createIframe(callback) {
        if (!this.iframe) {
            let iframe = document.createElement('iframe');
            iframe.setAttribute('iframe-id', this.id);
            iframe.setAttribute('style', 'display:none');
            const attr = Object.keys(this.attr);
            if (attr.length > 0) {
                attr.map((i) => {
                    iframe.setAttribute(i, this.attr[i]);
                });
            }
            this.body.appendChild(iframe);
            this.iframe = document.querySelector(`[iframe-id="${this.id}"]`);
            this._addEventListener();
            (typeof callback === 'function') && callback(iframe);
        } else {
            console.error('An iframe already exists, please instance a new iFrameX.');
            (typeof callback === 'function') && callback(null);
        }
    };
    _addElements(elements) {
        function _createAndBind(i) {
            const el = document.createElement(i.type);
            if (i.content && i.content !== '') {
                if (i.type === 'script' || i.type === 'style') {
                    el.appendChild(document.createTextNode(i.content));
                } else {
                    el.innerHTML = i.content;
                }
            };
            (i.attr) && Object.keys(i.attr).map((a) => {
                el.setAttribute(a, i.attr[a]);
            });
            return el;
        }
        if (Array.isArray(elements) && elements.length > 0) {
            elements.map((obj) => {
                let el = (!obj.append) ? 'body' : obj.append;
                setTimeout(() => this.iframe.contentWindow.document.querySelector(el).appendChild(_createAndBind(obj)), 1);
            });
        } else if (typeof elements === 'object') {
            let el = (!elements.append) ? 'body' : elements.append;
            setTimeout(() => this.iframe.contentWindow.document.querySelector(el).appendChild(_createAndBind(elements)), 1);
        }
    };
    _addEventListener() {
        this._addElements({
            type: 'script',
            content: this._bindEvent('window', `'message'`, this.action)
        });
    };
    _bindEvent(element, eventName, eventHandler) {
        let event = null;
        element = (element === 'window') ? element : `document.querySelector(${element})`;
        if (window.addEventListener) {
            event = `${element}.addEventListener(${eventName}, ${eventHandler}, false);`
        } else if (window.attachEvent) {
            event = `${element}.attachEvent(on${eventName}, ${eventHandler});`
        }
        return event;
    };
};
document.getElementById('CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel').innerHTML = '';
let link_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://www.bet365.com/olp/open-account?affiliate=365_01240406';
let w_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://www.bet365.com/olp/open-account?affiliate=365_01240406') {
    if (w_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://www.bet365.com/olp/open-account?affiliate=365_01240406';
    }
}
let iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
let link_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://media.sia.com/C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c=';
let w_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://media.sia.com/C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c=') {
    if (w_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://media.sia.com/C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c=';
    }
}
let iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
let link_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://betway.com/bwp/betwaycanada1000/en-ca?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160';
let w_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://betway.com/bwp/betwaycanada1000/en-ca?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160') {
    if (w_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://betway.com/bwp/betwaycanada1000/en-ca?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160';
    }
}
let iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
let link_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://www.jackpotcitycasino.com/canada/?s=bfp23089&a=bfpadid161441';
let w_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://www.jackpotcitycasino.com/canada/?s=bfp23089&a=bfpadid161441') {
    if (w_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://www.jackpotcitycasino.com/canada/?s=bfp23089&a=bfpadid161441';
    }
}
let iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
let link_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://ic.aff-handler.com/c/47915?sr=1845335';
let w_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://ic.aff-handler.com/c/47915?sr=1845335') {
    if (w_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://ic.aff-handler.com/c/47915?sr=1845335';
    }
}
let iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);

Executed Writes (0)


HTTP Transactions (28)


Request Response
                                        
                                            GET /b6bad7e6-3b49-4e0d-aee2-e79efa9a7266 HTTP/1.1 
Host: comilar-efferiff.icu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         18.193.146.82
HTTP/1.1 302
                                        
Server: nginx
Date: Sun, 27 Nov 2022 15:11:10 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://spinningwheel.online/landing/ca-en/
Pragma: no-cache
Set-Cookie: b6bad7e6-3b49-4e0d-aee2-e79efa9a7266-v4=JafeFzi_bcmHjOtyobirnatE8YnwC5uKdb5DHXWaxIw; Max-Age=86400; Expires=Mon, 28-Nov-2022 15:11:10 GMT; Domain=comilar-efferiff.icu; Path=/; HttpOnly cc-v4=B5qyZ04EhbomuF3J1uIZGrvXNdHPoSpJCCwjO1322NMOa4Imm7EbpSqjfce9AIihjMSZPqHViMSJJmnq4XI98ghLgjSzEzQY6QvmcSj2cCGeBF8do85QxeS6IyZsB%2BTvwU2cpPjwSUAT73RHr3bMqg%3D%3D; Max-Age=31536000; Expires=Mon, 27-Nov-2023 15:11:10 GMT; Domain=comilar-efferiff.icu; Path=/; HttpOnly


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3473
Expires: Sun, 27 Nov 2022 16:09:03 GMT
Date: Sun, 27 Nov 2022 15:11:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5248
Expires: Sun, 27 Nov 2022 16:38:38 GMT
Date: Sun, 27 Nov 2022 15:11:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4065
Cache-Control: max-age=160068
Date: Sun, 27 Nov 2022 15:11:10 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 11:38:58 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 2NBzSIrGx++dsWiybQ4tD7eSgWcU8u4I2AMZNPX7pyH2pbA1YbYTX6Pk/LPJjStm25YZx7ULA30k2FGoOB744w==
x-amz-request-id: 3NTD38BW8Z6CMPAD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 14:44:40 GMT
age: 1590
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 14:17:40 GMT
cache-control: public,max-age=3600
age: 3210
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 27 Nov 2022 15:11:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "40061CD3EBDF0393AC0211844301FDFC7E64AF5222000446C455AC19DC957BF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6406
Expires: Sun, 27 Nov 2022 16:57:57 GMT
Date: Sun, 27 Nov 2022 15:11:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "40061CD3EBDF0393AC0211844301FDFC7E64AF5222000446C455AC19DC957BF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6406
Expires: Sun, 27 Nov 2022 16:57:57 GMT
Date: Sun, 27 Nov 2022 15:11:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2052
Cache-Control: max-age=148707
Date: Sun, 27 Nov 2022 15:11:11 GMT
Etag: "638317ee-117"
Expires: Tue, 29 Nov 2022 08:29:38 GMT
Last-Modified: Sun, 27 Nov 2022 07:55:26 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279


--- Additional Info ---
Magic:  data
Size:   2459
Md5:    b6b7eb68a2085db944c47b065752f266
Sha1:   9535d089d2d28177939f7da51eaed9af33573d1c
Sha256: 11c6025c4b496648bc0f4abd7e9689eb03d4d519df1dbc26f0e8d60f814bc6a8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2052
Cache-Control: max-age=148707
Date: Sun, 27 Nov 2022 15:11:11 GMT
Etag: "638317ee-117"
Expires: Tue, 29 Nov 2022 08:29:38 GMT
Last-Modified: Sun, 27 Nov 2022 07:55:26 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4310
Cache-Control: max-age=155251
Date: Sun, 27 Nov 2022 15:11:11 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:18:42 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   13062
Md5:    175075474b327988fecb3de5529a299e
Sha1:   7f99bac9c96451580595ac42c76a8a5c619fbdd9
Sha256: 1166f77e31850e45a5e497c7f4c0dae443ffee751560c0af2a71ece3079639c2
                                        
                                            GET /storage/CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.js HTTP/1.1 
Host: securely-send.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         161.35.78.172
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 27 Nov 2022 15:11:11 GMT
content-length: 41979
last-modified: Sat, 05 Nov 2022 12:43:58 GMT
etag: "63665a8e-a3fb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (41979), with no line terminators
Size:   41979
Md5:    6307813f5db26070f86d0ac7beb2d526
Sha1:   c807710b1c10439262f73df35e7df7cce490a3d8
Sha256: 5ff6f42a9e67c90de765fc81b9253a0dc5c8cb572092afb9a0294206516a9183

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 15:08:54 GMT
cache-control: public,max-age=3600
age: 137
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4614
Md5:    2e49961ea2effb4eed7a19a8a805d362
Sha1:   484b6068f4bcd14d0b2f3f72fd1489f27a23397f
Sha256: da271992f2af69d38695826b4f001099a20b9ca16f358798a9afb5ff6ce38682
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zowuvuHbUVQZaR/pvPW4vQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.41.201.177
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LEvO/kgh7u2qv7b6gOXve3QXs3Y=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2339
Expires: Sun, 27 Nov 2022 15:50:12 GMT
Date: Sun, 27 Nov 2022 15:11:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2339
Expires: Sun, 27 Nov 2022 15:50:12 GMT
Date: Sun, 27 Nov 2022 15:11:13 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8197b890-dd48-403d-9c61-3406a67e2578.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3669
x-amzn-requestid: fb21f001-d5dd-42fa-82ee-0e268f309abf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIpZEE_iIAMF2rw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638022a0-31cae26d5588655f49fa75a6;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 02:04:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D9yABEpSQcrZMrQYeT5qOQcm4g4-1KhtVzfMqS54xJ-8LtxEx6Adtg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 14:49:40 GMT
age: 1293
etag: "767a6fef172a54d7659417d9cb809d955d130562"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3669
Md5:    48713d6090df316bed8ab2b1e6698d70
Sha1:   767a6fef172a54d7659417d9cb809d955d130562
Sha256: 702a09de59300336419371adafae4185f7ad8bca43dc4e633f748f68feb967c3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6954
x-amzn-requestid: 94a02687-72f2-4796-a7ea-d3f28b412566
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1jHpGBVIAMFsSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63787efd-22666b18283ae59b1348bf47;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 07:00:13 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: feZayJeKq9jWHQ-rjutNr6buIjLVeIdY0A_ZeGo6NKgoQ6BBT3XQaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 08:55:33 GMT
age: 22540
etag: "4b4a8c8e8aeccfff25d2748720dcef8fed287126"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6954
Md5:    2212cf75f99dc67fd45db47f7101d754
Sha1:   4b4a8c8e8aeccfff25d2748720dcef8fed287126
Sha256: 7b2d2e302faba8f273b51031fa48b444cb7839733b90e8c9d077ca63637320d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6883
x-amzn-requestid: 9e3878c9-1817-427e-b121-969a8cbc7ad8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cL1ySF0tIAMFY4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638169a8-5143ffea77b70cf67ef60ad7;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 01:19:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GT3Futv4Ztnl2Og2TQFk5311m92Mv_jfvkIZYJXpjJMdkxSB6MI06g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 06:42:16 GMT
age: 30537
etag: "590c34be54c9889eec4ff7993e070fda836f711f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6883
Md5:    f7f16c0f8a8e710210ce77c0e4c1c2a2
Sha1:   590c34be54c9889eec4ff7993e070fda836f711f
Sha256: 4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 62376
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4803
Md5:    cc0a257323f882caff067adb86d906e4
Sha1:   cedf2f21be7cd366bd46055b62b5513db3011dfc
Sha256: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13049
x-amzn-requestid: 2755f206-af23-4597-b4b9-7dae5001d6be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBsvpHDJoAMFhFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d5b30-600008f573bd7e0024585eb1;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 23:28:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MA_O50Lu6RRAFJpzXmVXhkxvYazdX5Lhk2Qa5k9fYUhBta-IWpVT1g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 01:46:48 GMT
age: 48265
etag: "3b0ec6a7188dadf986f72fda8110296d9abd6f35"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13049
Md5:    1db6041a0bdb2319ae85afcc30caaeec
Sha1:   3b0ec6a7188dadf986f72fda8110296d9abd6f35
Sha256: 05f1f9b7834e7268dc34e3233434217f58cb68ee43a403cd08d0bb0ab4f37815
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 62372
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10199
Md5:    2cd887044e91d7ed0f1a8d7119ff7dd0
Sha1:   ae8aa4ce6ddaccba771fe65446926b60fc5628da
Sha256: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
                                        
                                            POST / HTTP/1.1 
Host: status.thawte.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5530
Cache-Control: max-age=161171
Date: Sun, 27 Nov 2022 15:11:13 GMT
Etag: "63833b0a-1d7"
Expires: Tue, 29 Nov 2022 11:57:24 GMT
Last-Modified: Sun, 27 Nov 2022 10:25:14 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /c/47915?sr=1845335 HTTP/1.1 
Host: ic.aff-handler.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         217.147.127.42
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Location: /UrlNotFound
Server:
X-AspNetMvc-Version: 4.0
Set-Cookie: uffiliate_click_47915_1845335_=uffiliate_click_47915_1845335_; expires=Tue, 27-Dec-2022 15:11:13 GMT; path=/; SameSite=None; Secure
srv: 1231321
Date: Sun, 27 Nov 2022 15:11:12 GMT
Content-Length: 129


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   129
Md5:    4c51c5ccce9f71352ad66a35479a97e6
Sha1:   417831ec4ab60d901e573bbbb8d1c940815d316c
Sha256: 8eb03dd62b3193636fac900a00c79a5413dcedcf66be0ce6ed27e058a8074e20
                                        
                                            GET /UrlNotFound HTTP/1.1 
Host: ic.aff-handler.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: uffiliate_click_47915_1845335_=uffiliate_click_47915_1845335_
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         217.147.127.42
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Content-Encoding: gzip
Vary: Accept-Encoding
Server:
X-AspNetMvc-Version: 4.0
srv: 1231321
Date: Sun, 27 Nov 2022 15:11:13 GMT
Content-Length: 272


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   272
Md5:    34f8199dff341f0209257c27624feb5f
Sha1:   03313cd4c9446bfdec3e6b5fa82fd1fb644ae3b2
Sha256: 304fe67453252c7908465efdfbbf52995968d60636bcd3a382d0d0dbd9c7063d
                                        
                                            GET /landing/ca-en/ HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         104.21.1.17
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 27 Nov 2022 15:11:11 GMT
link: <https://spinningwheel.online/wp-json/>; rel="https://api.w.org/", <https://spinningwheel.online/wp-json/wp/v2/pages/7>; rel="alternate"; type="application/json", <https://spinningwheel.online/?p=7>; rel=shortlink
vary: Accept-Encoding
x-litespeed-cache: hit
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTa2dClTKXDPpRc8a1UDY6CGSqFKSsATpSXNohEdRLdVST8ReAPU78M3wsRo4ozrXWfrWGdCGU%2BTc9bhTqtxuiQhvUMMPWcrFa1xNkUtBg13%2Fwf2Xg%2BGOXF1qjKPkrTh%2Bh7o%2F0DQyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770bcb7dd8230b51-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /sdks/OneSignalSDK.js HTTP/1.1 
Host: cdn.onesignal.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.18.226.52
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 27 Nov 2022 15:11:11 GMT
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 3530
expires: Wed, 30 Nov 2022 15:11:11 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 770bcb8009d3b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---