Overview

URL getapp.knightsearcher.com/up/dl/1576740781970921/CEUpdater.exe
IP159.223.171.32
ASNDIGITALOCEAN-ASN
Location United States
Report completed2022-06-14 18:05:56 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-06-14 2 getapp.knightsearcher.com/up/dl/1576740781970921/CEUpdater.exe Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

URL getapp.knightsearcher.com/up/dl/1576740781970921/CEUpdater.exe
IP  159.223.171.32
Magic PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows\012- data
Size 5440000
MD5 b36a396dd00dc57c472475165f742c63
SHA1 80d3e36e51a32501deb73e1ecb8a34877228a828
SHA256 67acddda7726183db30ad749cbc2a8ac1929d9c50bc3d1ef7f60852f57b879a9
Analyzer Analysed Verdict Comment
VirusTotal 2022-05-10 00:48:08 44/60


Passive DNS (8)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] getapp.knightsearcher.com (1) 0 2021-11-10 21:26:29 UTC 2022-06-13 16:17:35 UTC 159.223.171.32 Unknown ranking
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-06-14 08:54:13 UTC 34.120.237.76
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.35
[Mnemonic Passive DNS] r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-06-14 04:59:12 UTC 23.36.77.32
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-06-14 05:05:57 UTC 54.230.111.7
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-06-14 16:36:00 UTC 93.184.220.29
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-06-14 04:59:08 UTC 35.86.38.2


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 159.223.171.32

Date UQ / IDS / BL URL IP
2022-07-06 15:12:51 +0000
0 - 0 - 1 getapp.normandoh.com/up/dl/1576740781970921/C (...) 159.223.171.32
2022-07-05 18:23:59 +0000
0 - 0 - 1 getapp.mennythanks.com/up/dl/1576740781970921 (...) 159.223.171.32
2022-07-05 18:05:20 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32
2022-07-05 05:09:11 +0000
0 - 0 - 1 getapp.normandoh.com/up/dl/1576740781970921/C (...) 159.223.171.32
2022-07-04 17:58:10 +0000
0 - 0 - 1 getapp.mennythanks.com/up/dl/1576740781970921 (...) 159.223.171.32
2022-07-04 17:42:17 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32
2022-07-03 17:08:51 +0000
0 - 0 - 1 getapp.mennythanks.com/up/dl/1576740781970921 (...) 159.223.171.32
2022-07-03 17:00:54 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32
2022-06-28 07:05:46 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32
2022-06-27 22:18:41 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32

Last 10 reports on ASN: DIGITALOCEAN-ASN

Date UQ / IDS / BL URL IP
2022-07-07 04:05:35 +0000
0 - 0 - 1 getyoursystemchecked35.cf/ 128.199.2.59
2022-07-07 03:59:27 +0000
0 - 0 - 1 thespiannet.com/actresses/R/romijn_rebecca/ro (...) 174.138.114.162
2022-07-07 03:44:59 +0000
0 - 0 - 32 fastpayyou.com/ 165.22.209.173
2022-07-07 03:38:06 +0000
0 - 0 - 16 mkkuei4kdsz.com/343/820.html 64.225.91.73
2022-07-07 03:37:41 +0000
0 - 0 - 1 thespiannet.com/actresses/Z/zetajones_catheri (...) 174.138.114.162
2022-07-07 03:26:07 +0000
0 - 0 - 1 chetkiy.live/ 147.182.255.121
2022-07-07 03:23:59 +0000
0 - 0 - 1 thespiannet.com/actresses/O/ormond_julia/inde (...) 174.138.114.162
2022-07-07 03:17:56 +0000
0 - 0 - 1 ftp.edufire.com/ 157.230.67.179
2022-07-07 03:14:28 +0000
0 - 0 - 2 165.227.81.93/blog/wp-content/uploads 165.227.81.93
2022-07-07 03:06:16 +0000
0 - 0 - 1 rosslandgroup.com/wp-includes/class-wp-http-c (...) 68.183.32.68

No other reports on domain: knightsearcher.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (17)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Content-Type, Content-Length, Alert, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 14 Jun 2022 17:15:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q16E0lFLNzdWHoVTQZfY70M7H27cwshGNzR3KUa_FAArgvXkWNkK9A==
Age: 2995


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A72C5AD08B5111E1443CF8CC7A6A5F39EF196F8AE55C43D4902661F93D87F0C0"
Last-Modified: Tue, 14 Jun 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8186
Expires: Tue, 14 Jun 2022 20:22:11 GMT
Date: Tue, 14 Jun 2022 18:05:45 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Wed, 11 May 2022 19:51:39 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 14 Jun 2022 02:10:49 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qPlr-gz8w8aqUJ8S7E6yoV8i1tmPuvGgdC140NrdFE1vrPmyl2YAbA==
age: 57297
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    48ca0beea419a9039591cf1aee5179e0
Sha1:   9e92629f505fcc07aab51221e8fe62197a23e307
Sha256: 630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Tue, 14 Jun 2022 18:05:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Expires, Content-Length, Retry-After, Last-Modified, ETag, Backoff, Cache-Control, Alert, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 14 Jun 2022 17:52:03 GMT
Cache-Control: max-age=3600
Expires: Tue, 14 Jun 2022 18:04:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CVaj8VmS7Poljb1d64WRvR_ye_fMyNu6Q5_GV7q-TJGCgHGY-bozJw==
Age: 825


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2048
Cache-Control: 'max-age=158059'
Date: Tue, 14 Jun 2022 18:05:47 GMT
Last-Modified: Tue, 14 Jun 2022 17:31:39 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: d71Ao+GO4P9WE9BoKk9lwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.86.38.2
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jZJ3uN/VBu817l2kBibLky0hwhE=

                                        
                                            GET /up/dl/1576740781970921/CEUpdater.exe HTTP/1.1 
Host: getapp.knightsearcher.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         159.223.171.32
HTTP/1.1 200
Content-Type: application/octet-stream
                                        
Date: Tue, 14 Jun 2022 18:05:45 GMT
Server: Apache
transfer-encoding: chunked


--- Additional Info ---
Magic:  PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows\012- data
Size:   5440000
Md5:    b36a396dd00dc57c472475165f742c63
Sha1:   80d3e36e51a32501deb73e1ecb8a34877228a828
Sha256: 67acddda7726183db30ad749cbc2a8ac1929d9c50bc3d1ef7f60852f57b879a9

Alerts:
  Blocklists:
    - fortinet: Malware
  File Analyzers:
    - virustotal: 44/60
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F95A4059C8A915B6D9B7BA0C5BDA51F09B49C2201186279058C0925C41933780"
Last-Modified: Tue, 14 Jun 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3334
Expires: Tue, 14 Jun 2022 19:01:22 GMT
Date: Tue, 14 Jun 2022 18:05:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F95A4059C8A915B6D9B7BA0C5BDA51F09B49C2201186279058C0925C41933780"
Last-Modified: Tue, 14 Jun 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3334
Expires: Tue, 14 Jun 2022 19:01:22 GMT
Date: Tue, 14 Jun 2022 18:05:48 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19656ace-f5a0-4eeb-889a-0f6881478fd3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 3296
x-amzn-requestid: ddc2e6c2-4d64-492a-a179-76a10929b73c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: TbWcNFD0IAMFW3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a13781-0e304b491cd966ce53db724b;Sampled=0
x-amzn-remapped-date: Wed, 08 Jun 2022 23:57:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5euKovvNidf_tbOZWjLcFGWUgyPC6D37QFuwxORGpDh-xjezA4pL7w==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a2c13de7f3df76280ef01a6604863734.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 01:15:00 GMT
age: 60648
etag: "fdb396d5fb93f659505e291c6f58e0d63866f81d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3296
Md5:    a0bc556e638d4fc52eb433c2bd556134
Sha1:   fdb396d5fb93f659505e291c6f58e0d63866f81d
Sha256: 5e21c72a1e47e98e6d9ba654dbbca9c6841463a61b7e9715abb8a694ab2f719c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F95A4059C8A915B6D9B7BA0C5BDA51F09B49C2201186279058C0925C41933780"
Last-Modified: Tue, 14 Jun 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3334
Expires: Tue, 14 Jun 2022 19:01:22 GMT
Date: Tue, 14 Jun 2022 18:05:48 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb85dbf6f-ac3a-4776-bd46-3131d1a8d2ca.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 11401
x-amzn-requestid: 8de8e602-100d-4d78-b886-b1e10166321f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr1z9FqEoAMFUQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d019-38c31cf429a51215475fd1e8;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:02:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YwWE_jGeZHj1y4T-3U7DcNJY9wbhpHqG0rotU9Oaa3Zclss9gNSR0w==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a2c13de7f3df76280ef01a6604863734.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:21:20 GMT
age: 63868
etag: "9411cb315834ec38b5be258918bb5bf94f576326"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11401
Md5:    4637dc49b9ad2aab43f0e12db6788bad
Sha1:   9411cb315834ec38b5be258918bb5bf94f576326
Sha256: 5d1c3d0e1d8e7e6d3a7c3c8a36822844118cdd5b476178bf437d59213ea15eaa
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F959739b2-768d-44e0-b071-f304f0621bf5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7466
x-amzn-requestid: 05dd3df0-31d7-4896-9a4e-ebd77a762a53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr2amFYqIAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d110-170b7f046920719b6e475e6c;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:06:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vPpvOtlQwd-YwB4qtjZbF4f1PNrU-uEOA_8Oz8Bsnop4iUSVYIg62A==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:47:01 GMT
age: 62327
etag: "2047abc0cca965f398367c69ab20b50c8eb53829"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7466
Md5:    6dab028abe94cb9ec22e48c3daf1d3cb
Sha1:   2047abc0cca965f398367c69ab20b50c8eb53829
Sha256: ad5dbe404360e7c470b4743f21def6ee9077f3066f95fefb2212766014fc3151
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b1a78a-dfe3-4da6-8cc4-670373641c4b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5805
x-amzn-requestid: 90327810-34ff-467f-997f-c31978af33fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr3M2FXBoAMFV1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d252-23051fc8667ccf5900e76534;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:12:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fUOqF4vVxMkXRFSJ3oZA04TUK7JJ4pTde4Pbf89wvD6OYvWwns8JzA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 01:31:58 GMT
age: 59630
etag: "3c11fd7397db3e37c58413fa1fdbae424eaf08ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5805
Md5:    e09ac4b955c74af734b7d4ddebe46612
Sha1:   3c11fd7397db3e37c58413fa1fdbae424eaf08ab
Sha256: 1e24690d21d9c3b0cdb2979d1e6a7098e5c49aefa4a32dbe653a0d528309c3bb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1657ccb-775b-4dda-b423-860277072067.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8955
x-amzn-requestid: 90307d6c-5302-4634-ad00-075793054b22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr2akGv9oAMFXkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d110-5e97e65562b04a906c3d8d16;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:06:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Wx249cec9Dc2PhCuHT1njXSy0ppfcDHU5ozNQnbss6JkJD8jn-NVuw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:31:08 GMT
age: 63280
etag: "b31d36919e38303695fc13b2148a492110b4a25e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8955
Md5:    a08dfbf7829079acd1ec817ee3e9b7d7
Sha1:   b31d36919e38303695fc13b2148a492110b4a25e
Sha256: 7aabd38b322923b06b03e7b9653afb37f0cd7d42a7d345a9d1537c16888e944a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4eae668-4235-407e-839b-a87a88514ebd.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7922
x-amzn-requestid: d5e72a51-4ee0-47ac-b6a1-3f64c67b017b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr2amEJuIAMF7CQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d110-017524fd6c54a4b222a07f19;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:06:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fgHt7mIFc8otGHZlB3q18cD4iewXCW4YoF2_B4ji_4Q8ZzxOhtS9jQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:20:15 GMT
age: 63933
etag: "f20326f4665bf9f460d8db41672ff04875a096c4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7922
Md5:    049c739bd5f5714c5a022f9a4418e60c
Sha1:   f20326f4665bf9f460d8db41672ff04875a096c4
Sha256: 1cd40073b87e14a71d56380792f558364366f2d12615e03835de3ff9cf0e4b99