Overview

URLulgroup.ca/simc.rnis/5/login.php
IP 38.117.65.66 (United States)
ASN#12212 RAVAND
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-17 15:35:16 UTC
StatusLoading report..
IDS alerts0
Blocklist alert24
urlquery alerts No alerts detected
Tags None

Domain Summary (7)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-17 05:55:30 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-17 05:55:20 UTC 34.117.237.239
ulgroup.ca (29) 0 2019-03-28 13:11:26 UTC 2022-11-16 20:16:31 UTC 38.117.65.66 Unknown ranking
img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-17 2 ulgroup.ca/simc.rnis/5/login.php Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/jquery-2.2.3.js Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/login-easy.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/Error_Orange.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/Experience.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/GooglePlay.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/HuaweiStoreBadge.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/login-fast.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/login-secure.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/AppStoreBadge.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/cookie-icon.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/cross-close-white.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/NedbankIcon.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/icon-chat-thin.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/location-blank-green.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/contact-blank-green.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/demo-icon.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/outline-cheque.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/Arrow.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/Eye-Show.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/close-gray.svg Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro.otf Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Medium.otf Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Bold.otf Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 38.117.65.66
Date UQ / IDS / BL URL IP
2022-11-17 15:36:33 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66
2022-11-17 15:35:16 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 20:17:42 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:37:05 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:35:16 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66


Last 5 reports on ASN: RAVAND
Date UQ / IDS / BL URL IP
2023-01-27 14:47:54 +0000 0 - 3 - 3 danoblab.com/wordpress_4/zxPS1i6oWXBbeK/ 38.117.65.129
2023-01-27 14:47:35 +0000 0 - 0 - 3 danoblab.com/wordpress_4/kSNthhP5C9KswzAC9cBMmku/ 38.117.65.129
2023-01-27 14:07:45 +0000 0 - 2 - 3 danoblab.com/wordpress_4/Fw/ 38.117.65.129
2023-01-27 11:39:14 +0000 0 - 2 - 3 danoblab.com/wordpress_4/zxPS1i6oWXBbeK/ 38.117.65.129
2023-01-27 11:38:55 +0000 0 - 0 - 3 danoblab.com/wordpress_4/kSNthhP5C9KswzAC9cBMmku/ 38.117.65.129


Last 5 reports on domain: ulgroup.ca
Date UQ / IDS / BL URL IP
2022-11-17 15:36:33 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66
2022-11-17 15:35:16 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 20:17:42 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:37:05 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:35:16 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-07 17:26:15 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121
2023-01-07 17:26:15 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121
2023-01-07 17:07:00 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121
2023-01-07 17:07:00 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121
2023-01-07 09:35:34 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121

JavaScript

Executed Scripts (4)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (49)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11372
Expires: Thu, 17 Nov 2022 18:44:37 GMT
Date: Thu, 17 Nov 2022 15:35:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3101
Expires: Thu, 17 Nov 2022 16:26:46 GMT
Date: Thu, 17 Nov 2022 15:35:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6268
Cache-Control: max-age=160846
Date: Thu, 17 Nov 2022 15:35:05 GMT
Etag: "63760d7b-1d7"
Expires: Sat, 19 Nov 2022 12:15:51 GMT
Last-Modified: Thu, 17 Nov 2022 10:31:23 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: HhGwk8tpJjcRJ2s2R6M5RXUg52XtDJwUXhoNFz7WlqetHOWrKRFortv6kK/MMHt5TSp8XB4z010=
x-amz-request-id: 1JFDJEM79J6E8FTP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 17 Nov 2022 14:52:31 GMT
age: 2554
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 17 Nov 2022 14:44:55 GMT
cache-control: public,max-age=3600
age: 3010
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    567df7db606cf5d0871aa5bc9311b6da
Sha1:   4263faac7cbab2fcaf6661911dcad5091c06be17
Sha256: e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 17 Nov 2022 15:35:05 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /simc.rnis/5/login.php HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:05 GMT
Content-Length: 5978
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1021), with CRLF line terminators
Size:   5978
Md5:    65be91aae4ebaaf320fcd5c69f7ff070
Sha1:   d92e06ae196f760e2682f8faf4bbed3b13fdc266
Sha256: f6c764a40b594886e5c6006f25e025356f53f1da987356573356370a445f4600

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 17 Nov 2022 15:25:01 GMT
cache-control: public,max-age=3600
age: 604
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5831
Cache-Control: max-age=155341
Date: Thu, 17 Nov 2022 15:35:05 GMT
Etag: "6375f9af-1d7"
Expires: Sat, 19 Nov 2022 10:44:06 GMT
Last-Modified: Thu, 17 Nov 2022 09:06:55 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /simc.rnis/5/media/style.css HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:05 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-2369f"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   21381
Md5:    b5188b5b06ca8d23ef9a51f132fa882d
Sha1:   257bf6a4e64d69f4891fe5ad7e6b9293fc45ef3d
Sha256: 06eb1d608bf61bc856ea1f0d5b4bd2e2738cfeacf5f04de437d30f40b606a7dc
                                        
                                            GET /simc.rnis/5/media/styles.css HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:05 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-39f8a"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65352)
Size:   52635
Md5:    ad63180a938dc43960f04f3f8b47d7eb
Sha1:   ab94abbe9b498af48cf83d758b3eeeef9e9de367
Sha256: f5e63608a6b1d6cd34cfa59788218c87ac2f5c742d9d3758dbff517e56d79886
                                        
                                            GET /simc.rnis/5/media/jquery-2.2.3.js HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:05 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-3f258"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   93794
Md5:    0ff6ba94a96b3e2e8f02ec12d29a904c
Sha1:   6cf88c954625211e2c19dc1ada39f1f74c0dc7c0
Sha256: 75cb579bf39bbec390f3729e86c4923da201cc54308d052abc6a48bd597888ea

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/login-easy.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-1033"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2053)
Size:   1798
Md5:    f96d620f991988374cbe97a933ff0187
Sha1:   35dd3a848139ebc9b61243ff783660da2ecf4437
Sha256: e14235d4433c6e0251fa11daa14738abf5502de00fd85ec19482e81d81f0b520

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/Error_Orange.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 462
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "3a5-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (349)
Size:   462
Md5:    3de5632446dbf4d0e5b7e3176811f452
Sha1:   4ec212b3aebbc8da7bddc001286e3a9aa1bc522c
Sha256: 9791e9ed5b7d4ed5b6f6140692a59e7ebb55617ed37c0e7912b7089c40a4b91d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/Experience.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-3034"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (893)
Size:   4451
Md5:    d182506e6b418eef650c0ea77d68a7b5
Sha1:   7e4bc82dba6bbfbd36a1b2cc56a3bc1fb73c4320
Sha256: 2498b5e64bf150b72058d9072a7d3230e3f3f9511a61528506c0812d63b9437b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/GooglePlay.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-590b"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2954)
Size:   5831
Md5:    6f9306d999c120a7380a44e131ebc63a
Sha1:   3b1f6485dc9368ad3406bb9d6fe45c4db0b58e2b
Sha256: f11c50f836d019d30230f85f38c87be18e3eaf85d33d0a7ac756d0528d2644e7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/HuaweiStoreBadge.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-59ae"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1948)
Size:   8612
Md5:    cf2d46f56f90444cbeb3128aa8e233b5
Sha1:   96d87ebcaa7be9c399cc01ffdee50be61255d6c8
Sha256: 5086137be4cab31119da8f4e16b26c9b5c385446ec6cc461159fab154688cc62

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/entrust_site_seal_ssl.png HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 18758
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-4946"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size:   18758
Md5:    e47461fd49a0426768698ade98b259e2
Sha1:   501132059c531265f3898e5b6d8646ac3886cfbb
Sha256: 203680b7945ca5c9f3697881f9af9c8ed160354675055d22fc34545910cd4d54
                                        
                                            GET /simc.rnis/5/media/login-fast.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-14a6"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2974)
Size:   2475
Md5:    0d384279a848dfd5654fb54d6a869b84
Sha1:   2bb75d50842e3019fc40fd51846a5c57ac91284c
Sha256: 899133394d321325aaedeb7bbbede18c76b8ddb5b6e6f197a729da79501ba3d7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/login-secure.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-1593"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2575)
Size:   2016
Md5:    4ecdaba1868a077b158ceed2671340bf
Sha1:   b0052d8ea92c8b42e549f3d6377c96025b615c6e
Sha256: d2b2e90200d45004ac62c0fe0e5a2363244139f3f094a34c1394790f1718b5ce

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/AppStoreBadge.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-2fc0"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   5126
Md5:    b41c713588bc04c4675a0693e8eb0528
Sha1:   43cec9642140ae802a2d0c3934bd569f4abbf398
Sha256: a96ac82ef408bb0a1cd2487568867f600d2c5f66132f29bc44cd1bb372aaca8f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/favicon.ico HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 1430
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-596"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 18x18, 32 bits/pixel\012- data
Size:   1430
Md5:    68773d46f68cd092f7aac1b70d211e01
Sha1:   bbe705f043f03d491232a63d29e5b8b6befb031e
Sha256: 4fbd7df4e4d5012b82c14234382d58275c3fe42c98162c05bbb4bc98c79ef9f5
                                        
                                            GET /simc.rnis/5/media/icon-512x512.png HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 40873
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-9fa9"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, interlaced\012- data
Size:   40873
Md5:    45dc0d3ba9b11c9e0358ab3b418f7fcc
Sha1:   904740c7345e3770815dc35ab72b8f2e2b7b5ba1
Sha256: fcb0dba575e2a3be211208f2a81a519c5d61109ebe399731d140ce5d87ed0920
                                        
                                            GET /simc.rnis/5/media/cookie-icon.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-776"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (534), with CRLF line terminators
Size:   795
Md5:    341ba59e13695f65140ba2c0b6cf552e
Sha1:   47b71bac85c92805de1bd7abb2aca732f0f3766f
Sha256: a17f7d9874e6e8f53352bc8efaf4c9368cf4415cc3268d7b468df7e421bf12d2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/cross-close-white.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 186
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "ed-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size:   186
Md5:    389d99732e1cfb176793501951f2576a
Sha1:   77e077f72c00d36c547dd77f0c57101b9e9ff283
Sha256: 7bc32e2f613810c618a59b328db1042f44cc88c50d8850ab0afb52be90f0e87d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/NedbankIcon.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-538"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (483), with CRLF line terminators
Size:   658
Md5:    83f2125a10d605cf4871442bee61ddc3
Sha1:   5fafb15c8df0aa1a4dc8636bab7af97174ff1372
Sha256: 59f03baf03daae2a3e6fa12e371ece06655ff1c1fc70f1661a659c0d1b231457

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/icon-chat-thin.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 358
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "2e5-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (447), with CRLF line terminators
Size:   358
Md5:    cbff59d9b304ecda04af4aeec1c87077
Sha1:   5002a50582742d8eb351de8d06ada0143d807d53
Sha256: 57d0716b0c466e667e4032c0c9a33bb2208f5182803fdc92c66a20fc380d0149

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/location-blank-green.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-492"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (359), with CRLF line terminators
Size:   577
Md5:    de0c4eb8dbb24cb6098aaf9c154aa209
Sha1:   1ae25829c1d608b1c4adbf5b897300e7977cd768
Sha256: 6592446a665a0e3184c2d6f3ed7905608e3cb98680ad30216e943af4e3a7ac36

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/contact-blank-green.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-465"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   602
Md5:    036bb143d9dec72b24ddca9349849779
Sha1:   680aeed5606a0bf13f561291b9dcc4a497329b52
Sha256: 325c6412d286192945ab470594f44a06a8ba91a146c8d618aeefa654dc83f20e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/demo-icon.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-65c"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1093), with CRLF line terminators
Size:   774
Md5:    840c6c15da7dbd005113a9f0ccb7ff17
Sha1:   c332a2cab0a3ba0ef0b22ac18ba802b581e25ada
Sha256: eff14453d8dc1b5a889d891bac2cd4735ce8b1ec90b4aa9c6b19ba15ba95e0d2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/outline-cheque.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 207
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "103-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size:   207
Md5:    4627ff628b866efe7b47fe0e3b33c640
Sha1:   143a9d6efda181e89ac05923d80f1c18588d54c0
Sha256: a58596eab5308ec50fa0ea4938c6950c5423f3aad60e640322b1406e283fded1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/Arrow.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 427
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "2f9-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   427
Md5:    687eb5a5b6e2ff89ec18c7468bde6ec8
Sha1:   f5d61bbc807fb7b7b2432c2f94a7f393b392d345
Sha256: 6ae9a93210ff3942f52f535c0ac65f6db593dc79d7a13997acca1cabb0c86e15

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/Eye-Show.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 503
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "3c9-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size:   503
Md5:    d01c3aa1fe0b289a675358d5b88f14b2
Sha1:   03f88b409caa9e29495acfba2e0295bd508a2ad9
Sha256: 47199aa6dcbd0bdf7786f238869b25d25c19b29ad0efa08042aa406eb434f75c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/close-gray.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Vary: User-Agent


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6256
Expires: Thu, 17 Nov 2022 17:19:22 GMT
Date: Thu, 17 Nov 2022 15:35:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6256
Expires: Thu, 17 Nov 2022 17:19:22 GMT
Date: Thu, 17 Nov 2022 15:35:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6256
Expires: Thu, 17 Nov 2022 17:19:22 GMT
Date: Thu, 17 Nov 2022 15:35:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6256
Expires: Thu, 17 Nov 2022 17:19:22 GMT
Date: Thu, 17 Nov 2022 15:35:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6256
Expires: Thu, 17 Nov 2022 17:19:22 GMT
Date: Thu, 17 Nov 2022 15:35:06 GMT
Connection: keep-alive

                                        
                                            GET /simc.rnis/5/media/FontFont%20-%20MarkPro.otf HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-otf
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 165396
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-28614"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  OpenType font data\012- data
Size:   165396
Md5:    12d6724a254d3be629fc6b2871ae5a6a
Sha1:   d3a93c9ed090be9366b9513e5515e8e19ff48459
Sha256: eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667acc-25d7-4d63-8fab-1711f6b4988c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8235
x-amzn-requestid: e8a91ec0-fa93-45b6-8dc8-a405c00242fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqY4_HANoAMFSvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63740839-3ebbd38b0e3e774923ad019e;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:44:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QoxGYkibw1jcAuQl98jD4TlKooUlL6ojdOVzQ7khiF0pMwY4_0IO9Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:49:13 GMT
age: 63953
etag: "87e277a627c1085cad5c6e38bdd5100aa0a9ecee"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8235
Md5:    98802857df59f8eacd9211811cc59ae6
Sha1:   87e277a627c1085cad5c6e38bdd5100aa0a9ecee
Sha256: 102e73f690a972da6d3ab609ffab5f29884185d85c4230a19ec74d74c7320cf1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F341e5945-39b4-44e2-a1dc-be4e70577262.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4055
x-amzn-requestid: 1b786b76-b4bf-480f-ad87-f024bffa73b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOUE8wIAMFi_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-4524317071a87c374d0884c3;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: o1r-ZlYD51CedvMlPKbKDwX-qsFjVy9s-KatKheGFiGOz8dYbYmKyg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:34:18 GMT
age: 64848
etag: "0c7ae87051649d5fc46578e59484600c9184b59b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4055
Md5:    3afa84bffe8905e9191085d281a89637
Sha1:   0c7ae87051649d5fc46578e59484600c9184b59b
Sha256: 7a7e00b0359058de64cb45fbb7e54b279dab70ba81d23c267697fda0e157f2f7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8027
x-amzn-requestid: 9c8f833a-bc10-4899-aafb-b6068751f15d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn08wGsOoAMFaSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637301eb-75b862d5320dfa553466860c;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:05:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fbMtJC2Dfg8rDQl7nw16eZf1C1aMGv-3VtcXARXUaZV80TGvps3aAA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:51:12 GMT
age: 42234
etag: "e63af885fa20dbd2a49ee44397d8f8c595b1cbcf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8027
Md5:    785c079072174860502c277b03f7743d
Sha1:   e63af885fa20dbd2a49ee44397d8f8c595b1cbcf
Sha256: f4d748e2e7b16f41af16e3f2450a4823af56dacaacaa7f1a9537f41186c64148
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11667
x-amzn-requestid: ae092a0a-1709-4497-9f07-0348a28d2491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqZOIEN7oAMFlaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637408c0-5ac595df302a8f1d3703ad8d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:46:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c_SJMaV3uYSUysTSOFV--jQqDUxw-fBp8cXWWUZw9vUjt0d6PsOpxA==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 02:49:36 GMT
age: 45930
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11667
Md5:    032386e5c9dffff1ba1ee5e8a322d438
Sha1:   dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
Sha256: 0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: mhgNSp1_LsVmn00ULm116flMHpnfE6G6JABrJwXH5i4q-isv_W1-Ig==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:34:18 GMT
age: 64848
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6344
Md5:    a9d32fa3866dd741de610a61a93ad893
Sha1:   4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
Sha256: 4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12337
x-amzn-requestid: 783b124b-1f0e-445d-b19d-78ed9358c717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bX6VnGCBoAMFx8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ca423-6767360524d1bb9a7cf259fb;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 07:11:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xi0co5JQdy62MidhB6aUpqt8_18pj-ytLday1_6XauQ4v4B1K3qW0w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:57:12 GMT
age: 63474
etag: "fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12337
Md5:    2bd274d60bc239b0328fe30a442ef2d9
Sha1:   fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed
Sha256: f32dab0bb88b93fe3fe49c0b0974cb14e6bdca88d2eaab2d8b9fc42d36ee0dc0
                                        
                                            GET /simc.rnis/5/media/FontFont%20-%20MarkPro-Medium.otf HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-otf
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 162260
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-279d4"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  OpenType font data\012- data
Size:   162260
Md5:    8531ae94f5ad973be8b718f88e9660ed
Sha1:   a6d5635dcebab54c459a725da9a892017627a994
Sha256: ad51841bf5cf5eb27ead0ae50f936f678eeb2d4e1be6035e83fce13b0e3b83bb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/FontFont%20-%20MarkPro-Bold.otf HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-otf
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:39:06 GMT
Content-Length: 165936
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-28830"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  OpenType font data\012- data
Size:   165936
Md5:    476d44b0f6c8939bb8859c9ce7598310
Sha1:   cd8fb565970c2750a12b3b47b1869578f7a041fb
Sha256: 979af22174e46123e6fb3c96d96360ba0ea7a5dbd00ae97ab1ebefae9c284d37

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9656cbd-d5f9-46cc-bec6-bcc983e12c29.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6134
x-amzn-requestid: 00909d7b-f5dd-4f73-932b-81f2aa689732
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: baqH0H_4IAMF6hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636dbd65-155b471f41ef040d4dd3033b;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 03:11:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Yxi3VDlH4PjKot8LJv9kzBlzS-6M0km9zUmGfbcVKACeZRFRa88rVA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 07:47:43 GMT
age: 28050
etag: "d3fe8f965ee69f3ecd08dfa34e14dcd7d7eed505"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6134
Md5:    a1be294b5a3b2e68e8d9f9e0441ca04c
Sha1:   d3fe8f965ee69f3ecd08dfa34e14dcd7d7eed505
Sha256: e7db15087e8012e37ccf50c6c86db5c7d6d9826439268b7f17d970229a3acba5