Report - kunuzedu.com/impex.htm

Report Overview

Submitted URL
kunuzedu.com/impex.htm
IP
66.29.141.208
ASN
#22612 NAMECHEAP-NET
Submitted
2022-12-29 07:46:34
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
94

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	2.0 kB	151.101.2.133
r.mradx.net	17878	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	1.1 kB	95.163.52.80
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	737 B	93.184.220.29
kunuzedu.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.1 kB	344 kB	66.29.141.208
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.187.39.66
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	50 kB	34.120.237.76
img.imgsmail.ru	30315	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	705 B	1.6 kB	217.69.139.102
status.geotrust.com	3662	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	797 B	93.184.220.29
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	172.64.155.188

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-29	medium	kunuzedu.com/impex.htm	Malware
2022-12-29	medium	kunuzedu.com/impex_files/external.js	Malware
2022-12-29	medium	kunuzedu.com/impex_files/mapi.htm	Malware
2022-12-29	medium	kunuzedu.com/impex_files/jquery.js	Malware
2022-12-29	medium	kunuzedu.com/impex_files/portal-menu__logo.svg	Malware
2022-12-29	medium	kunuzedu.com/impex_files/%2520%2520%2520-.htm	Malware
2022-12-29	medium	kunuzedu.com/impex_files/external.js	Malware
2022-12-29	medium	kunuzedu.com/impex_files/%2520%2520%2520-.htm	Malware
2022-12-29	medium	kunuzedu.com/impex_files/portal-menu__logo.svg	Malware
2022-12-29	medium	kunuzedu.com/impex_files/jquery.js	Malware
2022-12-29	medium	kunuzedu.com/impex_files/mapi.htm	Malware
2022-12-29	medium	kunuzedu.com/impex_files/saved_resource.htm	Malware
2022-12-29	medium	kunuzedu.com/impex_files/saved_resource.htm	Malware

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed
2022-12-29	medium	kunuzedu.com	Sinkholed

JavaScript (8)

	URL	Size	First Seen	Last Seen
	kunuzedu.com/impex.htm	2.3 kB	2023-03-12	2023-03-29
Pretty URL kunuzedu.com/impex.htm IP 66.29.141.208 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:10:18 Last Seen2023-03-29 21:27:26 Times Seen15 Hash 9c5e92a199d1f14eb34d0f4ed8497aa0 2ff27af651b08c2906abc84cbb9a3651d9bc8e79 12d57421c56b446e873ba3db458717d11b917421ce2c97d7692e169e5d1f7cb0 Loading...

	kunuzedu.com/impex.htm	232 B	2023-03-12	2024-02-20
Pretty URL kunuzedu.com/impex.htm IP 66.29.141.208 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen220 Hash de0beb4a550bfba26e15b9dbfce2b0ec 7f7be405e98821fd80d3ec78e454cbd60c43ce43 55ea7c6f81303af3566f78f18cbf5ee39dbf43d188d04775bfb7910fc4b60a40 Loading...

	kunuzedu.com/impex.htm	344 B	2023-03-12	2024-02-20
Pretty URL kunuzedu.com/impex.htm IP 66.29.141.208 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen221 Hash 6ad8f0f3fa39b44e7f09394c09ab1eb0 a94caad76ebfa81eaf1a218d2880b2b1b8429138 2d9ed133178db82f5f0be28c2848450c40cd068b3f0dba3fea366612d970c3a1 Loading...

	kunuzedu.com/impex_files/external.js	221 kB	2023-03-12	2024-02-20
Pretty URL kunuzedu.com/impex_files/external.js IP 66.29.141.208 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen380 Hash b08ca88f191a5693db927c04d6b4e6c6 408e2215ed823fc5d8c5a045118d380523c08b74 622941c58a58f88b5a82675fc1f4be15c0b232030cbef896a060af6f89c0078c Loading...

	kunuzedu.com/impex_files/jquery.js	86 kB	2023-03-07	2024-04-18
Pretty URL kunuzedu.com/impex_files/jquery.js IP 66.29.141.208 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-18 14:39:06 Times Seen5762 Hash 6fc159d00dc3cea4153c038739683f93 5d7e5bbfa540f0e53bd599e4305e1a4e815b5dd1 8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce Loading...

	kunuzedu.com/impex_files/mapi.htm	225 B	2023-03-12	2024-02-20
Pretty URL kunuzedu.com/impex_files/mapi.htm IP 66.29.141.208 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen193 Hash 7e8fdd0bf283649dfe2a6fe4af8360b4 af5e55d3ac230b520224d3ba0246543fd23ceaa7 11374163be1580c6940c7344ab1a2845ef385474d9644fb90998f46a2bfb30e2 Loading...

	kunuzedu.com/impex.htm	107 B	2023-03-12	2024-02-20
Pretty URL kunuzedu.com/impex.htm IP 66.29.141.208 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:10:18 Last Seen2024-02-20 16:03:31 Times Seen221 Hash 3ab08a5765f880673577e8a7246f3d4a 22c39735843c4426c115d96bbfce63839e553019 edec656b6da8120a3981c27f32b0c065be58d80ab0c681786d12b787d15b476a Loading...

	kunuzedu.com/impex.htm	1.3 kB	2023-03-12	2023-03-29
Pretty URL kunuzedu.com/impex.htm IP 66.29.141.208 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:10:18 Last Seen2023-03-29 21:27:26 Times Seen15 Hash bcfd17cc4469f2b03d00d1f195ff6653 d4522fa398fd0f6b631b32a178429f1551bd35c4 667a9ff13406a6eea925ee083fe3ae50d8c61f8835f7c9e48271a2eaa42e64ef Loading...

HTTP Transactions (44)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e717435470c9f4f06b174d7100c6a98f
292150251495b243c384e0c676a258597ba7f4d8
91ce8257662cb8cea9cc3c74cda1d95dba421daa466b0ac231fa433e0c58e6c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91CE8257662CB8CEA9CC3C74CDA1D95DBA421DAA466B0AC231FA433E0C58E6C6"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3252
Expires: Thu, 29 Dec 2022 08:40:35 GMT
Date: Thu, 29 Dec 2022 07:46:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
78f1f94544ef06b96bb43283f59d100f
fa2f1a3730a98c6fa5ebf976143fb6093a7298be
889af22ee304adea2e23491acbc89ebdcaf322e8c45af2bebf7520e3e9b0a6a9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "889AF22EE304ADEA2E23491ACBC89EBDCAF322E8C45AF2BEBF7520E3E9B0A6A9"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10434
Expires: Thu, 29 Dec 2022 10:40:17 GMT
Date: Thu, 29 Dec 2022 07:46:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
428881081ad357fb55af33ebf9d12c16
29b7be72f76da07db4a03fb1bc57ffe16d520a22
9adff7f91b147b0d93166bc4ece0dd31fd19fd8b2c269a6a596a1e902f49a1fe

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9ADFF7F91B147B0D93166BC4ECE0DD31FD19FD8B2C269A6A596A1E902F49A1FE"
Last-Modified: Wed, 28 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5032
Expires: Thu, 29 Dec 2022 09:10:15 GMT
Date: Thu, 29 Dec 2022 07:46:23 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 29 Dec 2022 06:46:50 GMT
content-type: application/json
age: 3573
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: vZh+aQGoL9Ojaawi+VwbQysH0Qi1aoDhqHtvUgWL+TrD54gf9/2Ds3xdeZ93dWW0EPcxwNzMBSc=
x-amz-request-id: H0WFCNYFT3KNX372
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 29 Dec 2022 06:58:40 GMT
age: 2863
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 07:46:23 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 29 Dec 2022 07:33:30 GMT
age: 774
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
125553386d49a0b56facb82deab9bd9f
1a7480b79f4aada477fb5919794f6efd6d44921e
6f3f4223d3c994dd4754df67a11298d736e16f888f301ad2838d0b4db1ac01d7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3177
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 07:46:24 GMT
Last-Modified: Thu, 29 Dec 2022 06:53:27 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

kunuzedu.com/impex.htm

66.29.141.208

200 OK

250 kB

URL HTTP/1.1
kunuzedu.com/impex.htm
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (63175), with CRLF line terminators
Size
250 kB (249988 bytes)
Hash
63f1ec778b57dbfcf1474e4a0d8d8146
1e6734cb0f74f0584dbed08c8d09da5f064f09af
f1d26a1206e161546a15e8f027fd64ac5efa8b354aa69a89e7d5c90ba0c51209

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex.htm HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
keep-alive: timeout=5, max=100
content-type: text/html
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 249988
date: Thu, 29 Dec 2022 07:46:14 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

kunuzedu.com/impex_files/external.js

66.29.141.208

301 Moved Permanently

707 B

URL HTTP/1.1
kunuzedu.com/impex_files/external.js
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/external.js HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/impex.htm

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 29 Dec 2022 07:46:24 GMT
server: LiteSpeed
location: https://kunuzedu.com/impex_files/external.js
x-turbo-charged-by: LiteSpeed

kunuzedu.com/impex_files/mapi.htm

66.29.141.208

301 Moved Permanently

707 B

URL HTTP/1.1
kunuzedu.com/impex_files/mapi.htm
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/mapi.htm HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/impex.htm

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 29 Dec 2022 07:46:24 GMT
server: LiteSpeed
location: https://kunuzedu.com/impex_files/mapi.htm
x-turbo-charged-by: LiteSpeed

push.services.mozilla.com/

54.187.39.66

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.187.39.66:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ON+rc1DeU16Mp4aVqokkOg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: c8qWKv0P3HUx22dKDYwxhECw/sQ=

kunuzedu.com/impex_files/jquery.js

66.29.141.208

301 Moved Permanently

707 B

URL HTTP/1.1
kunuzedu.com/impex_files/jquery.js
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/jquery.js HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/impex.htm

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 29 Dec 2022 07:46:24 GMT
server: LiteSpeed
location: https://kunuzedu.com/impex_files/jquery.js
x-turbo-charged-by: LiteSpeed

kunuzedu.com/impex_files/main.css

66.29.141.208

301 Moved Permanently

707 B

URL HTTP/1.1
kunuzedu.com/impex_files/main.css
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/main.css HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/impex.htm

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 29 Dec 2022 07:46:24 GMT
server: LiteSpeed
location: https://kunuzedu.com/impex_files/main.css
x-turbo-charged-by: LiteSpeed

kunuzedu.com/impex_files/portal-menu__logo.svg

66.29.141.208

301 Moved Permanently

707 B

URL HTTP/1.1
kunuzedu.com/impex_files/portal-menu__logo.svg
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/portal-menu__logo.svg HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/impex.htm

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 29 Dec 2022 07:46:24 GMT
server: LiteSpeed
location: https://kunuzedu.com/impex_files/portal-menu__logo.svg
x-turbo-charged-by: LiteSpeed

kunuzedu.com/impex_files/%2520%2520%2520-.htm

66.29.141.208

301 Moved Permanently

707 B

URL HTTP/1.1
kunuzedu.com/impex_files/%2520%2520%2520-.htm
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/%2520%2520%2520-.htm HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/impex.htm

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 29 Dec 2022 07:46:24 GMT
server: LiteSpeed
location: https://kunuzedu.com/impex_files/%2520%2520%2520-.htm
x-turbo-charged-by: LiteSpeed

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e630ea6eaaf911b0ef66aa73406b5963
238899840d0afaca1142d1ab5638dabfc189ef8e
3b71496a7d4f06c1e36b183a89b42cf9b0d4e536d97e9e9fbe18f2143536113c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 07:46:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2022 06:24:16 GMT
Expires: Tue, 03 Jan 2023 06:24:15 GMT
Etag: "238899840d0afaca1142d1ab5638dabfc189ef8e"
Cache-Control: max-age=426469,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7810ebfaa8e4b4e8-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e630ea6eaaf911b0ef66aa73406b5963
238899840d0afaca1142d1ab5638dabfc189ef8e
3b71496a7d4f06c1e36b183a89b42cf9b0d4e536d97e9e9fbe18f2143536113c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 07:46:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 27 Dec 2022 06:24:16 GMT
Expires: Tue, 03 Jan 2023 06:24:15 GMT
Etag: "238899840d0afaca1142d1ab5638dabfc189ef8e"
Cache-Control: max-age=426469,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7810ebfaa8ebb4e8-OSL

kunuzedu.com/impex_files/external.js

66.29.141.208

200 OK

35 kB

URL HTTP/2
kunuzedu.com/impex_files/external.js
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (1452), with CRLF line terminators
Size
35 kB (35405 bytes)
Hash
e16a5ac8c4e9ba29dba90308ee9dfa4e
62885b460ab3b6d14d9b48badb3df2f848ccc0b1
aaca2ebb4dd1c74e089e298de4e7d08bc54c511734b3ce8fb8718a1bef187977

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/external.js HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kunuzedu.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 05 Jan 2023 07:46:25 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 35405
date: Thu, 29 Dec 2022 07:46:25 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

kunuzedu.com/impex_files/%2520%2520%2520-.htm

66.29.141.208

200 OK

263 B

URL HTTP/2
kunuzedu.com/impex_files/%2520%2520%2520-.htm
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
263 B (263 bytes)
Hash
781e8c23e89e15858e72e17d398525b8
de3e67380804fcfb1b31f8d7340c671372214941
ad246f32838a094c4b4067b069e91c017a3a9bbff84ad4e89b641a3d35af0d9a

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/%2520%2520%2520-.htm HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kunuzedu.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-length: 263
date: Thu, 29 Dec 2022 07:46:25 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

kunuzedu.com/impex_files/portal-menu__logo.svg

66.29.141.208

200 OK

1.6 kB

URL HTTP/2
kunuzedu.com/impex_files/portal-menu__logo.svg
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (4013), with no line terminators
Size
1.6 kB (1589 bytes)
Hash
841528c4e28fc7adfdbe191a0e6bb880
9462c4fb0df06e0139fa7b9f40b1021670bf06a5
53f9af5bdc5ee1e7d294053ee668b2c9eafc545a05f5edb494c615fa9e88dd59

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/portal-menu__logo.svg HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kunuzedu.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 05 Jan 2023 07:46:25 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1589
date: Thu, 29 Dec 2022 07:46:25 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

kunuzedu.com/impex_files/jquery.js

66.29.141.208

200 OK

29 kB

URL HTTP/2
kunuzedu.com/impex_files/jquery.js
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (32069)
Size
29 kB (29232 bytes)
Hash
643657701d530751cfb76ca6c0b63764
cdb1997f12b724a14c1fc52505b91146d8ab6f16
2db2d990de1bbb164d2a71bc72b3774e2f98ccda16d62ca524144dc6bb88fd5a

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/jquery.js HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kunuzedu.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 05 Jan 2023 07:46:25 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 29232
date: Thu, 29 Dec 2022 07:46:25 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

kunuzedu.com/impex_files/mapi.htm

66.29.141.208

200 OK

225 B

URL HTTP/2
kunuzedu.com/impex_files/mapi.htm
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
225 B (225 bytes)
Hash
7e8fdd0bf283649dfe2a6fe4af8360b4
af5e55d3ac230b520224d3ba0246543fd23ceaa7
11374163be1580c6940c7344ab1a2845ef385474d9644fb90998f46a2bfb30e2

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/mapi.htm HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kunuzedu.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-length: 225
date: Thu, 29 Dec 2022 07:46:25 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6196
Expires: Thu, 29 Dec 2022 09:29:41 GMT
Date: Thu, 29 Dec 2022 07:46:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6196
Expires: Thu, 29 Dec 2022 09:29:41 GMT
Date: Thu, 29 Dec 2022 07:46:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6196
Expires: Thu, 29 Dec 2022 09:29:41 GMT
Date: Thu, 29 Dec 2022 07:46:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6196
Expires: Thu, 29 Dec 2022 09:29:41 GMT
Date: Thu, 29 Dec 2022 07:46:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6196
Expires: Thu, 29 Dec 2022 09:29:41 GMT
Date: Thu, 29 Dec 2022 07:46:25 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9569 bytes)
Hash
d9f3c92ff3db8e0ec87e86aa28346ea5
c4cc987d54675d9285b43954ab8f010e5a258d9e
94be9c845c6373424c519720e61e2a1397f7390028d43dcdbf536686a7740b6b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9569
x-amzn-requestid: 5e67dc3c-470b-4b8e-a2fd-0a7ae7ade4dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d21gLHgLIAMFygQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ac3600-6317a97c21aae4fc13cdd27b;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 12:26:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xScDAd-p3iFuIWh0vmyGngwsfeLiYAB9iae-rbakrgil9cLtKWejRw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 21:51:31 GMT
age: 35694
etag: "c4cc987d54675d9285b43954ab8f010e5a258d9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff495beea-cff9-4016-a188-b0f4b2547a59.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7462 bytes)
Hash
d9592ede9af5f26a2748ba2e1e649ee1
7c99d49f3f6f9d1808bf7f7f17c1c3507838951e
e9b2526f714d4d123b80fca340737b450a3c09058d8f7c7b3b180e3509eb8d27

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff495beea-cff9-4016-a188-b0f4b2547a59.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: f433f7ae-20f5-4446-a7ce-4b88ec6d19ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4GQxFceoAMF5GQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acb737-509b4ce327ed792719fd2c58;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 21:37:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vUpx0k9Eg5cG4EGjzp91A274liLuvkmgX7siRALfLiRNIvRmFCI7-g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 21:42:24 GMT
age: 36241
etag: "7c99d49f3f6f9d1808bf7f7f17c1c3507838951e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e77cad2-6b0d-46d1-a2e4-ce29f7cc173e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8505 bytes)
Hash
a4adb7268aa0a520dcee9f1d936d16dd
9364105419c6662123999ed11912de21ad32f6ba
6d593122db8b8514db4d3d0d0e6d037f57d39e5aab9a9f493fed359eb4b73b2e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e77cad2-6b0d-46d1-a2e4-ce29f7cc173e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8505
x-amzn-requestid: de8ce29e-7947-4c4f-95f5-14efae45cfda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4p9MGW9IAMFqdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acf054-5cf23dcf7bdbd784373222a9;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 01:41:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: D6x3bwfydhVtrU5ZXbBbxfTYvW4S0EPViQTdwuverqNNdx7qHzJiqg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 01:49:22 GMT
age: 21423
etag: "9364105419c6662123999ed11912de21ad32f6ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa04c7a62-2098-4ad1-ad79-eeb854075102.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6930 bytes)
Hash
9c45a2734abffd117a633d39d4fbff29
8c3c2b8d34ba6291307ddd43b625032118fa71e2
76aa0dc08d7f5755d7666f0e82e8d5ced9c84443e24048c5c6100825ed4fb963

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa04c7a62-2098-4ad1-ad79-eeb854075102.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6930
x-amzn-requestid: 261b7f75-c250-4443-b542-d46c8d75e164
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dyRonE1uIAMFwvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa6303-407e0c403bec2b4831067f40;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 03:14:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XZBmn_T0jP9yvtlHPtOsPNR2cfBLnYoUJVYhp7vI37B6xzFpkSEwEQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 19:01:09 GMT
age: 45916
etag: "8c3c2b8d34ba6291307ddd43b625032118fa71e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f065733-5f7b-4113-9f70-8e9738de50f7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6955 bytes)
Hash
db302f2c47edbbb185af9e4a96741d52
c616108fda3390ebd7f67926ba3e35a73b47135c
cc9e4fdb361624bb32511b195d4a1677e241502ba013b8f8a114ebb4956019ba

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f065733-5f7b-4113-9f70-8e9738de50f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6955
x-amzn-requestid: 59f34964-3642-4190-9edb-c2a1de006606
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dhyXGHe0oAMFfSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a3ca93-4acf45f93b24aebd33be5de1;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L4fg8oLUw2_pKOZNCh2YZi3_asUguQHaCtpPeCrUIYyVoAiwQlNqGg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 22:18:06 GMT
age: 34099
etag: "c616108fda3390ebd7f67926ba3e35a73b47135c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456f5bce-faff-4228-812f-34f3dba57003.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4479 bytes)
Hash
58db86c1b07c8d9b8a0757bac6f388ee
e00f93653f15242afa913b8da63edf3de57c505c
04c97fe001f76973d740a8df0b46e4b0e3fb0383efa6b3c31cd24a3963ea3cd6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456f5bce-faff-4228-812f-34f3dba57003.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4479
x-amzn-requestid: 896f1286-234b-4cfb-8d9a-7ba1161ea913
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dy1EWHA4IAMF4Rw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa9bb5-7c5035e15a3ed8ad7f9364c2;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 07:16:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GbW9VEQAVwF7xeX3RkwBgXi0nJ0sCfRAMVyE75nMC714jqkv4eXsjg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 07:16:17 GMT
age: 1808
etag: "e00f93653f15242afa913b8da63edf3de57c505c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

kunuzedu.com/impex_files/saved_resource.htm

66.29.141.208

301 Moved Permanently

707 B

URL HTTP/1.1
kunuzedu.com/impex_files/saved_resource.htm
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/saved_resource.htm HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/impex.htm
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 29 Dec 2022 07:46:25 GMT
server: LiteSpeed
location: https://kunuzedu.com/impex_files/saved_resource.htm
x-turbo-charged-by: LiteSpeed

ocsp.globalsign.com/gsrsaovsslca2018

151.101.2.133

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
151.101.2.133:0
ASN
#54113 FASTLY

File type
data
Size
1.4 kB (1432 bytes)
Hash
1624952e3008523984e1c4a45de26937
c5c7284dec4e2f639197492bb0cbf016dd28992c
9d5ead48ee685717378c7b846bbcb224ce156fff72cd118d9a0c73aec5ed174c

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Mon, 02 Jan 2023 07:40:38 GMT
ETag: "c5c7284dec4e2f639197492bb0cbf016dd28992c"
Last-Modified: Thu, 29 Dec 2022 07:40:39 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 29 Dec 2022 07:46:26 GMT
Age: 345
X-Served-By: cache-qpg1239-QPG, cache-bma1650-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 7, 2
X-Timer: S1672299986.153962,VS0,VE0

r.mradx.net/img/70/65C1D5.svg

95.163.52.80

200 OK

711 B

URL HTTP/1.1
r.mradx.net/img/70/65C1D5.svg
IP
95.163.52.80:0
ASN
#47764 Mail.Ru LLC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1652)
Size
711 B (711 bytes)
Hash
d025f62e40e8a7d5d5e79d47fc5058de
ec864ef1afca593d755f289061d1f19b3b991d03
3a833b848c9bf5cbbd0e4649d7d2e4039437697e38c5e1db186db1b088649ba9

HTTP Headers

GET /img/70/65C1D5.svg HTTP/1.1
Host: r.mradx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kunuzedu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 Dec 2022 07:46:26 GMT
Content-Type: image/svg+xml
Last-Modified: Tue, 07 Aug 2018 15:44:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5b69be60-6b9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Encoding: gzip

kunuzedu.com/impex_files/saved_resource.htm

66.29.141.208

200 OK

274 B

URL HTTP/2
kunuzedu.com/impex_files/saved_resource.htm
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (505), with CRLF line terminators
Size
274 B (274 bytes)
Hash
0cbfdfafa40d0c0476000154aa974736
2581e78664272ace47eba1bb1c4d775108ec4d0e
c82159a2ab4d2e766120d87b83a522685ddbc04c3a908d59d8cb37dd5e5ba36b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/saved_resource.htm HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kunuzedu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 274
date: Thu, 29 Dec 2022 07:46:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

kunuzedu.com/favicon.ico

66.29.141.208

301 Moved Permanently

707 B

URL HTTP/1.1
kunuzedu.com/favicon.ico
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/impex.htm

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 29 Dec 2022 07:46:26 GMT
server: LiteSpeed
location: https://kunuzedu.com/favicon.ico
x-turbo-charged-by: LiteSpeed

img.imgsmail.ru/p/popup/close.v2.png

217.69.139.102

200 OK

196 B

URL HTTP/1.1
img.imgsmail.ru/p/popup/close.v2.png
IP
217.69.139.102:0
ASN
#47764 Mail.Ru LLC

File type
PNG image data, 8 x 17, 8-bit colormap, non-interlaced\012- data
Size
196 B (196 bytes)
Hash
8c85668aa704d71507bb47f54db3710c
193b714c55e12f4ac578a5df5cca639ab3c58a60
1d18375dcac07f3b45e1895c8c332781951a06f835c14dc916e03d55d565268a

HTTP Headers

GET /p/popup/close.v2.png HTTP/1.1
Host: img.imgsmail.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kunuzedu.com/

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 Dec 2022 07:46:26 GMT
Content-Type: image/png
Content-Length: 196
Last-Modified: Sat, 18 Feb 2017 20:41:24 GMT
Connection: keep-alive
ETag: "58a8b174-c4"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Expires: Thu, 05 Jan 2023 07:46:26 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e208e96dab5e3e1a061d95a10968b10f
35418fbedad9564f372539a188659fc8b4359852
62d3441cc7d3694de3e6edce8c4b2fac4c6862197010c4025ecc6bc53ea09f1f

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1863
Cache-Control: max-age=162917
Content-Type: application/ocsp-response
Date: Thu, 29 Dec 2022 07:46:26 GMT
Etag: "63ad17f0-1d7"
Expires: Sat, 31 Dec 2022 05:01:43 GMT
Last-Modified: Thu, 29 Dec 2022 04:30:40 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

img.imgsmail.ru/ph/0.58.21/authForm/icons.png

217.69.139.102

200 OK

696 B

URL HTTP/2
img.imgsmail.ru/ph/0.58.21/authForm/icons.png
IP
217.69.139.102:0
ASN
#47764 Mail.Ru LLC

File type
PNG image data, 20 x 88, 8-bit/color RGBA, non-interlaced\012- data
Size
696 B (696 bytes)
Hash
60afb2bbc42a2c65d4ee3cba25cb4351
297aa6087a0a7117407bfde6b95d42799dcfc247
24982aae0d85f39fc1ae4456e837394cf6f11a8f6de9f78729eddc922b8aa0ad

HTTP Headers

GET /ph/0.58.21/authForm/icons.png HTTP/1.1
Host: img.imgsmail.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kunuzedu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Dec 2022 07:46:26 GMT
content-type: image/png
content-length: 696
last-modified: Sat, 18 Feb 2017 20:41:19 GMT
etag: "58a8b16f-2b8"
timing-allow-origin: *
x-content-type-options: nosniff
vary: Origin
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

kunuzedu.com/favicon.ico

66.29.141.208

200 OK

17 kB

URL HTTP/2
kunuzedu.com/favicon.ico
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Size
17 kB (16958 bytes)
Hash
f8b110d87f0c7ea8c1d151846dbe8849
8b567892539bc84cfc881982be1068f945c67c5a
fdb649f13bacfa21b47ec7481b775379e58137a52a5532f00678f8efbd70fbbb

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kunuzedu.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 05 Jan 2023 07:46:27 GMT
content-type: image/x-icon
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-length: 16958
date: Thu, 29 Dec 2022 07:46:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

kunuzedu.com/impex_files/main.css

66.29.141.208

200 OK

0 B

URL HTTP/2
kunuzedu.com/impex_files/main.css
IP
66.29.141.208:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /impex_files/main.css HTTP/1.1
Host: kunuzedu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kunuzedu.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 05 Jan 2023 07:46:25 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 14:42:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Dec 2022 07:46:25 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations