Overview

URLmpconfirmspfgroupauthclient.justns.ru/imp/sms.php
IP 91.229.90.152 (Ukraine)
ASN#51659 LLC Baxet
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-10-26 18:44:51 UTC
StatusLoading report..
IDS alerts0
Blocklist alert41
urlquery alerts No alerts detected
Tags None

Domain Summary (10)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.usertrust.com (1) 899 2018-07-01 06:43:13 UTC 2021-11-02 18:02:09 UTC 104.18.32.68
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
push.services.mozilla.com (1) 2140 2019-05-26 10:52:39 UTC 2020-05-03 10:09:39 UTC 34.212.166.60
img-getpocket.cdn.mozilla.net (7) 1631 2019-03-04 20:37:34 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-26 04:55:04 UTC 34.117.237.239
cfspart.impots.gouv.fr (1) 643420 2017-02-05 07:17:33 UTC 2022-10-26 12:17:42 UTC 145.242.11.27
mpconfirmspfgroupauthclient.justns.ru (25) 0 2022-10-10 13:13:54 UTC 2022-10-26 06:02:41 UTC 91.229.90.152 Unknown ranking
r3.o.lencr.org (6) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-06-27 22:09:06 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/imp/sms.php DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/imp/sms.php Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/cdnjs.cloudflare.com/ajax/libs/jquery (...) Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/jquery-1.11.3.min.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/bootstrap.min.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/auth.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/urls.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/imp/templates/jquery-3.1.0.min.js Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/imp/templates/images/fermer.svg Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/images/Miniballs.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/cdnjs.cloudflare.com/ajax/libs/jquery (...) Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/images/Miniballs.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/jquery-1.11.3.min.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/imp/templates/css/Logo-Marianne_impot (...) Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/bootstrap.min.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/auth.html Phishing
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/urls.html Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 91.229.90.152
Date UQ / IDS / BL URL IP
2023-01-09 01:48:59 +0000 0 - 0 - 1 mpconfirmspfgroupauthclient.justns.ru/ 91.229.90.152
2022-12-17 13:47:14 +0000 89 - 0 - 88 www.updatepostecanada.com/ 91.229.90.152
2022-12-17 00:21:15 +0000 91 - 0 - 86 updatepostecanada.ca/ 91.229.90.152
2022-12-16 01:26:12 +0000 79 - 0 - 83 www.postcanadatrack.com/ 91.229.90.152
2022-10-27 00:18:00 +0000 0 - 0 - 51 mpconfirmspfgroupauthclient.justns.ru/ 91.229.90.152


Last 5 reports on ASN: LLC Baxet
Date UQ / IDS / BL URL IP
2023-01-29 07:12:57 +0000 7 - 1 - 3 express-colis-frances-chronopost.justns.ru/fr (...) 91.229.90.150
2023-01-29 02:58:19 +0000 0 - 1 - 1 46.29.166.149/bins/daku.m68k 46.29.166.149
2023-01-28 17:42:33 +0000 0 - 0 - 1 support-technique.t.justns.ru/ 91.229.90.157
2023-01-28 08:20:40 +0000 25 - 0 - 8 client.postale.justns.ru/se/e/k/p/files/login (...) 91.229.90.150
2023-01-28 05:41:46 +0000 0 - 2 - 1 settingvsa-hub.help/ 46.17.42.101


Last 5 reports on domain: justns.ru
Date UQ / IDS / BL URL IP
2023-01-29 07:12:57 +0000 7 - 1 - 3 express-colis-frances-chronopost.justns.ru/fr (...) 91.229.90.150
2023-01-28 17:42:33 +0000 0 - 0 - 1 support-technique.t.justns.ru/ 91.229.90.157
2023-01-28 08:20:40 +0000 25 - 0 - 8 client.postale.justns.ru/se/e/k/p/files/login (...) 91.229.90.150
2023-01-25 18:35:57 +0000 25 - 0 - 8 client.postale.justns.ru/se/e/k/p/files/login (...) 91.229.90.150
2023-01-25 07:42:16 +0000 25 - 0 - 8 client.postale.justns.ru/se/e/k/p/files/login (...) 91.229.90.150


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-10-27 00:17:42 +0000 0 - 0 - 39 mpconfirmspfgroupauthclient.justns.ru/imp/sms2.php 91.229.90.152
2022-10-26 18:45:17 +0000 0 - 0 - 41 mpconfirmspfgroupauthclient.justns.ru/imp/sms2.php 91.229.90.152
2022-10-24 21:06:10 +0000 0 - 0 - 17 mpconfirmspfgroupauthclient.justns.ru/imp/sms2.php 91.229.90.152
2022-10-03 20:50:22 +0000 0 - 0 - 2 enregistrementclientsoft-remboursementrecap.j (...) 91.229.90.153
2022-10-27 00:17:20 +0000 0 - 0 - 41 mpconfirmspfgroupauthclient.justns.ru/imp/sms.php 91.229.90.152

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (46)


Request Response
                                        
                                            GET /imp/sms.php HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 4178
content-encoding: gzip
vary: Accept-Encoding,User-Agent
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (566)
Size:   4178
Md5:    dc04ee796896da583188cec3b8691afd
Sha1:   258bbdca9c121c87bf87d4e27c0a60f17552068d
Sha256: 1bb807971bf12b3eab85f0d30338598d1c033e01c73359b3a0693ff4288dc604

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DF036D315A613AC6396B77AFB0A4EA5F793091786BE0CBF3F3A0D043BC1D1D3C"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18931
Expires: Thu, 27 Oct 2022 00:00:11 GMT
Date: Wed, 26 Oct 2022 18:44:40 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4012
Cache-Control: max-age=143594
Date: Wed, 26 Oct 2022 18:44:40 GMT
Etag: "6358fe56-1d7"
Expires: Fri, 28 Oct 2022 10:37:54 GMT
Last-Modified: Wed, 26 Oct 2022 09:31:02 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D9D95319013D64BC2EF6D9870F4ADBA902EE970B6F9E96279C9ED86F556E0001"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5120
Expires: Wed, 26 Oct 2022 20:10:00 GMT
Date: Wed, 26 Oct 2022 18:44:40 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: sVE27Kh/+CHm33IXJALhmc3eVOo6ywrVyGqU4UyyPODjK/7GsDYF13l6gt8oFXDPKNVaHAjsqpQ=
x-amz-request-id: 3NTBQ8Q5W1KK44MT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 18:09:28 GMT
age: 2112
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 26 Oct 2022 18:44:40 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /imp/templates/css/bootstrap-3.3.6.min.css HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "2454c-6315e0f0-430e58814baf8eca;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 27876
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (391)
Size:   27876
Md5:    a4226e1cec767c85877fffe9186d3d0d
Sha1:   bf788d9fed48211fca58568b6f0a630459f736ff
Sha256: d728c97bc4e4b592b8983e6850d49786270a1bef61478db8abcb0721132f58a6

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/css/autentification.css HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "4323-6315e0f0-d026a197643cf49b;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 4415
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   4415
Md5:    2b5d387be0e86add18490ddd01439a76
Sha1:   1a355df3bc474ec14da8f497f25722ec972e2445
Sha256: dc4ef84bf39a07a6b8f2033654cef80959c26a2df4bfdec875feeaae8cb4f3ee

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/css/imp.css HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "919a-6315e0f0-ee2a82446819d696;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 6599
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   6599
Md5:    98e52e0f6b55b212bd408dacae370a45
Sha1:   022d39c07fa8b90a1068eb98cebfcf39d8f2da72
Sha256: 5c23fd3c14f006ef462973af4cabc8dbcc98adc84ee006dbe53729767456e97d

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/jquery-1.11.3.min.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/bootstrap.min.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/auth.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/urls.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/jquery-3.1.0.min.js HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: application/javascript
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "1514f-6315e0f0-2455488bef513184;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 33870
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (32014)
Size:   33870
Md5:    9d5ea5f1bef7683e1aaf61fc8abc1166
Sha1:   160c90a79b32dc5165a2c7a83cda8100cd941539
Sha256: e4ef543b9e443322e960aef998f70f9386274e6e51218150df6fd5b52ef4b0b5

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/2.gif HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/gif
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "b32-6315e0ee-f47a1dc8c7c4fa9d;;;"
accept-ranges: bytes
content-length: 2866
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 138 x 25\012- data
Size:   2866
Md5:    ae43f701c156c678e3124853049bcd1d
Sha1:   0875ffacc52951f87e0b6d50578cbd4e5c1da976
Sha256: f4f598b5fc93817de8bdd76013d28b4c092b8f139be116e625d046e3b3b9be30

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/images/fermer.svg HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/svg+xml
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "6dd-6315e0f0-e1999aab8f6f6af7;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 820
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (340)
Size:   820
Md5:    183cf299befd3e25f7e251f9e4ad33f5
Sha1:   c6c60ff45894e816a46159deb0c458213cbe96d5
Sha256: 263e0e47c4c79d9c8d8c2ad3553215207d29f7c7a64c4a2b183a924b0cb79500

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/4.gif HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/gif
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "d1d-6315e0ee-e63ad7468569588e;;;"
accept-ranges: bytes
content-length: 3357
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 143 x 45\012- data
Size:   3357
Md5:    559e49c09cad7db6d103fbaf08be4d51
Sha1:   19236601f16bb32cfa38a65c991f9de4a528c826
Sha256: 9d0567e661cf2d5205acaaec1a0c7dfee24f48af2d56a56212c1b4db1ab88b60

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/3.jpg HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/jpeg
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "1bc6-6315e0ee-40625c2c16894cf1;;;"
accept-ranges: bytes
content-length: 7110
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Size:   7110
Md5:    0e2048acf0519d2c005209f8146edfca
Sha1:   e80d85ad5b49404bbc97e09652c79f3eb988fc90
Sha256: 2e3c000bb11b035e1a6bfe511338a7877fdc67f5c51a5ff29394e4d3735b36df

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/5.gif HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/gif
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "733-6315e0ee-cfba1842e98c9a3f;;;"
accept-ranges: bytes
content-length: 1843
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 118 x 40\012- data
Size:   1843
Md5:    d6621df34ea2eadd541830ee370ea10f
Sha1:   d651d11e6622cb873489cca89fdce44b421a9a0d
Sha256: 58b70b4cdcb982be2ab0d89312bb4b1f8596c2294392983aba048cc046acc7c5

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /templates/images/Miniballs.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/1.gif HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/gif
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "afc-6315e0ee-644581b4c5011cbe;;;"
accept-ranges: bytes
content-length: 2812
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 124 x 28\012- data
Size:   2812
Md5:    0d050fd3d35da175a6129a21030e78aa
Sha1:   09ee6a15ede6919de054fde434e9398684d48e2b
Sha256: 3b5b95ee14d3c3e64158175050be929c9fb2612a1c003df388d62af47a4c3e37

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/images/Miniballs.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/jquery-1.11.3.min.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/css/Logo-Marianne_impots-gouv-fr.svg HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/templates/css/autentification.css

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/svg+xml
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:40 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "13d96-6315e0f0-143ab9239d4fb50f;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 26156
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1263)
Size:   26156
Md5:    7fa4d73d461d2465cebd5a55e4a2d148
Sha1:   fa8ae427e96b93cd4a40fe1772fe7200215561bb
Sha256: 11dcd8cbea17afd540f4813f5bcc25d25ef0cd7d0089ae2ec3d4a36679d128c2

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/bootstrap.min.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/auth.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/urls.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Wed, 26 Oct 2022 18:44:40 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 26 Oct 2022 18:44:41 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 26 Oct 2022 10:12:16 GMT
Expires: Wed, 02 Nov 2022 10:12:15 GMT
Etag: "c03d4686ffb6ffd82bca1fd2bccac416ad41f570"
Cache-Control: max-age=603150,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1278
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7605583c6e6ab4e8-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    4f44ca26704cdfd1854d87874c226b8f
Sha1:   c03d4686ffb6ffd82bca1fd2bccac416ad41f570
Sha256: 0902749b2472c71ca8e0e62811e86cadb03dacb17663ef10ae165c6f24ff20e9
                                        
                                            GET /imp/templates/11.png HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 18:44:41 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "60e-6315e0ee-94d62762ea0c5ae4;;;"
accept-ranges: bytes
content-length: 1550
date: Wed, 26 Oct 2022 18:44:41 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  PNG image data, 70 x 38, 8-bit/color RGBA, non-interlaced\012- data
Size:   1550
Md5:    9b7a4cbc2e295e49b60d8a5b72399444
Sha1:   293fe21c8450a75a4f338bbfcc4f0cad0cae6383
Sha256: 9228464e8acd568a52b80e5cc15db869c35ea782cee383a4c895e3d209779c32

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 26 Oct 2022 18:44:41 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 24 Oct 2022 18:59:03 GMT
Expires: Mon, 31 Oct 2022 18:59:02 GMT
Etag: "de393e2db2d0ed909278a1010bb763296a7e4541"
Cache-Control: max-age=432260,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7605583c8fedb4f3-OSL

                                        
                                            GET /templates/images/Cadenas.svg HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Wed, 26 Oct 2022 18:44:41 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Tue, 19 Mar 2019 06:51:48 GMT
ETag: "22c2f-b72-5846cf06ad11d"
Accept-Ranges: bytes
Content-Length: 2930
Via: dpapusx042
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (323)
Size:   2930
Md5:    31c8c7c86c2a6814948044e8714acddb
Sha1:   49cf9783f5f57a2a843a141c27bed79f54a5c2aa
Sha256: 8254c9ce56497ac4e9e296b9b8d35cccde8872e5961de17b7b7bb65d8c2cf1db
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 781
Cache-Control: max-age=135307
Date: Wed, 26 Oct 2022 18:44:41 GMT
Etag: "6358ea97-1d7"
Expires: Fri, 28 Oct 2022 08:19:48 GMT
Last-Modified: Wed, 26 Oct 2022 08:06:47 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RTjmwyoOAirky4vhpp9ljQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.212.166.60
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: r3KCzimrxcE1et5TnqBzlm6Dbt0=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3398
Expires: Wed, 26 Oct 2022 19:41:19 GMT
Date: Wed, 26 Oct 2022 18:44:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3398
Expires: Wed, 26 Oct 2022 19:41:19 GMT
Date: Wed, 26 Oct 2022 18:44:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3398
Expires: Wed, 26 Oct 2022 19:41:19 GMT
Date: Wed, 26 Oct 2022 18:44:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3398
Expires: Wed, 26 Oct 2022 19:41:19 GMT
Date: Wed, 26 Oct 2022 18:44:41 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OV7g4Y4fcQGijljebzHQtnpKdcPKw6LTxqORxxBJL2lFPYQLLoyNuQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 00:34:40 GMT
age: 65401
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4524
Md5:    91ee720c15dc69de45080d0c951353af
Sha1:   5292b31a99d90bcb7071f327b93d52034bdf9dcb
Sha256: 7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fe27cf2-33a8-42cc-a8cd-f5e804e60e26.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7929
x-amzn-requestid: 6324abd6-8e27-4903-8bfc-a0fc6a8625be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alK9LEeoIAMF5mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585854-2900343b1ae208a903fe58fd;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:42:44 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5MR4UzoW6rVsSpEyPAWrcFb2LCRICaG-toy3JflaXRrzZwcgMs48VQ==
via: 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:35 GMT
age: 75306
etag: "3bb87ca5274ce9f6d81da60ab940d23ccd12843b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7929
Md5:    c3ae78510434fd68063fc144bf614382
Sha1:   3bb87ca5274ce9f6d81da60ab940d23ccd12843b
Sha256: f42d89328435cb37cba1111903a6bd5e900857d0942e1506ea2115b4e6301541
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feac38eda-2bed-4703-8560-7d07ad90dabc.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3337
x-amzn-requestid: 5a06b710-2b88-435e-8863-3e0e58742e6d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ21FjooAMFp8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585691-2adc1ac2375e087b20ad0e32;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:13 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: iVIdtyyk_ph8AiTsWdQgDfWFHVIMh2pw4yrkufwogd3rsZFXwslwkg==
via: 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:46:52 GMT
age: 75469
etag: "3d28f2daeef33f37c91bd26cb527793288635103"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3337
Md5:    494a826ce7609ee5cc8157ea5de5f4f7
Sha1:   3d28f2daeef33f37c91bd26cb527793288635103
Sha256: 09f702f40e29e6b0c27abc5c7bb4605e504453b543c92805ba4045bd3d65c4d0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F057530b7-f6b8-4f9b-b6fc-8fdc4a101f36.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6831
x-amzn-requestid: cc6f38ff-ab33-4b18-8cae-aa6bc061962f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alKjPH7ToAMFSiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635857ae-3db2790d0e6c5fab6c4bc81f;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:39:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tiWbOUwlRzaT2EnCWIgoFaT_ho55s3tgRxalb7yBbI21Pv0BhfLJOg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:52:53 GMT
age: 75108
etag: "324e13ad5c99f628d713e55a2994ad4042ece70e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6831
Md5:    1cc61ad4b1d66ab4bce27288ee690e12
Sha1:   324e13ad5c99f628d713e55a2994ad4042ece70e
Sha256: 62cd88bc19bc1f0be2a37c3e990897158acd3d55aa3ddd299144d4f9596ba34e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8439
x-amzn-requestid: e0eed725-0725-4f5a-9c91-fec13ad0ebe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ajKYQGWhIAMFdhw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63578a9b-2a0115120e75f5271cea992f;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 07:04:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: WVz4PqWqT9Pk1juQ95Xzi-7HcEDBqKb5VAncjXxOYFfKTnjRbmodoA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 04:44:59 GMT
age: 50382
etag: "e8b8236baab9106a426a415eb01494cc4cc91ad1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8439
Md5:    db946866312c734e0c5f91ca76255b2f
Sha1:   e8b8236baab9106a426a415eb01494cc4cc91ad1
Sha256: a695e7bc87da2c6d9f5669c09e662fe22982e69cb139466efa5093429fe19866
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8090
x-amzn-requestid: a84a2888-e0eb-40d3-8377-9c1ea2af733c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aVb2oH2uoAMFueA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63520cf7-204870ee3f63ced427033eb5;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 03:07:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fUBXr7SKYdvhryoB8p9to-Eo8twjspRYnHO2xf9TtvLJIIyOwe3W1w==
via: 1.1 1de1880e08f1cae7d1aca174a29a5c1e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 05:07:50 GMT
age: 49011
etag: "2fb4599ad3d513a160c1f29fefda27b45852c381"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8090
Md5:    531f350512ac7712d932234803aa4602
Sha1:   2fb4599ad3d513a160c1f29fefda27b45852c381
Sha256: 7a4da3420f736c098806676359b8ff80578a2e1e98fc0e20e45e2d6192e1d566
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb46a778e-e75b-47e4-aeb6-86c999571ae0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6090
x-amzn-requestid: ab19f9fb-ebca-468d-9fb4-b70b4812a5b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alKjiEiNoAMFQ8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635857b0-63fc3f874e6015777194599c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XP-AENoYybJ1Cfq20JeJepvlYgTQJB0uQ2CjLGZqwTQTcQvbscEL4w==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:23 GMT
etag: "e4d440e51b826e2cd69a00f4abf195971b2843df"
age: 75325
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6090
Md5:    83eeb2a673d2d0b119ba37fec52d30d1
Sha1:   e4d440e51b826e2cd69a00f4abf195971b2843df
Sha256: 4a15ba8118e9ecfe75177a4ae36fe97f14f4d9b4c6938d5863e7ae805bccb431