Overview

URLtamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
IP 149.62.169.16 (Spain)
ASN#50926 Axarnet Comunicaciones, S.l.
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-04 11:22:37 UTC
StatusLoading report..
IDS alerts0
Blocklist alert17
urlquery alerts No alerts detected
Tags None

Domain Summary (0)

No passive DNS data

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-11-24 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) DGI (French Tax Authority)
2022-11-24 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) DGI (French Tax Authority)

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-12-04 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 149.62.169.16
Date UQ / IDS / BL URL IP
2022-12-06 12:49:12 +0000 27 - 0 - 14 tamarafreitas.com/LESS9382JS/ESATEESF433BVSED (...) 149.62.169.16
2022-12-06 10:03:05 +0000 27 - 0 - 15 tamarafreitas.com/LESS9382JS/ESATEESF433BVSED (...) 149.62.169.16
2022-12-04 11:22:37 +0000 0 - 0 - 17 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16
2022-12-03 18:34:26 +0000 0 - 0 - 13 tamarafreitas.com/reservas/font/Ace_Sans/saud (...) 149.62.169.16
2022-11-25 05:24:42 +0000 0 - 0 - 14 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16


Last 5 reports on ASN: Axarnet Comunicaciones, S.l.
Date UQ / IDS / BL URL IP
2023-02-03 09:39:52 +0000 0 - 1 - 0 mcsportwear.com/ 185.176.9.170
2023-02-03 07:25:59 +0000 0 - 0 - 18 asmatu.es/ 188.164.198.167
2023-02-02 23:02:11 +0000 0 - 4 - 0 presto.xestionambiental.com/ 185.176.9.120
2023-02-02 18:42:46 +0000 0 - 0 - 33 fisioterapiaenvigo.es/ 185.176.9.170
2023-02-02 15:13:19 +0000 0 - 0 - 18 www.asmatu.es/ 188.164.198.167


Last 5 reports on domain: tamarafreitas.com
Date UQ / IDS / BL URL IP
2022-12-06 12:49:12 +0000 27 - 0 - 14 tamarafreitas.com/LESS9382JS/ESATEESF433BVSED (...) 149.62.169.16
2022-12-06 10:03:05 +0000 27 - 0 - 15 tamarafreitas.com/LESS9382JS/ESATEESF433BVSED (...) 149.62.169.16
2022-12-04 11:22:37 +0000 0 - 0 - 17 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16
2022-12-03 18:34:26 +0000 0 - 0 - 13 tamarafreitas.com/reservas/font/Ace_Sans/saud (...) 149.62.169.16
2022-11-25 05:24:42 +0000 0 - 0 - 14 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16


Last 1 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-25 05:24:23 +0000 0 - 0 - 15 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16

JavaScript

Executed Scripts (1)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (45)


Request Response
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         149.62.169.16
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Sun, 04 Dec 2022 11:22:26 GMT
Server: Apache
Location: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Content-Length: 354
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   354
Md5:    6f88da5749f141c8db9654662f9676ac
Sha1:   e17eab308ba1d34519116a3f87adf4187f94a916
Sha256: 509f7fb6630e4aa69b08742d060dc11e20c0c5bdd3cbe209c44c862c4f7e3737

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10066
Expires: Sun, 04 Dec 2022 14:10:12 GMT
Date: Sun, 04 Dec 2022 11:22:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1229
Cache-Control: max-age=170960
Date: Sun, 04 Dec 2022 11:22:26 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 10:51:46 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 11:18:24 GMT
cache-control: public,max-age=3600
age: 242
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5155
Expires: Sun, 04 Dec 2022 12:48:21 GMT
Date: Sun, 04 Dec 2022 11:22:26 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 5L5g7E/wGNviQ59m2No5uQ5VG2NXem5XIV5p8Yte8xwCcIjiyqg5jeLiKrcnEtnsi9Q4/nsGbr0=
x-amz-request-id: SGC2RNYXF0Z5FRXT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 10:47:31 GMT
age: 2095
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 04 Dec 2022 11:22:26 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "27831823B0BA34C1DF5EDBFC34433CB90711C40BEF4EC88BEB72E70F4DA0B66C"
Last-Modified: Sat, 03 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21545
Expires: Sun, 04 Dec 2022 17:21:31 GMT
Date: Sun, 04 Dec 2022 11:22:26 GMT
Connection: keep-alive

                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sun, 04 Dec 2022 11:22:26 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 14:31:15 GMT
ETag: "302b-5ee242412d2c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 3048
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size:   3048
Md5:    fbd5c58b56a192d8fcf3b3afcacfd934
Sha1:   ab22e46ac1f115ad0b9bcd937a0ece3c43e2a99f
Sha256: e42bcc860882969a9dc936911d7189ad87414cce987bad1a20b2cec022424497

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/application2.9.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "c31-57b0829281200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 961
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   961
Md5:    6bd5729eab64b6b818d71ec94df199a0
Sha1:   e524f4227989cad420c8420ca30d0b55b7ec0b89
Sha256: 1d39a4f3cf58c3cd31caa2ee9212b5dde6de2e4d6caa2eaa2f3e164f2eb62c2f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery.min.js.a.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery-ui.js.b.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/datepicker-jquery-ui.js HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/bootstrap.js.d.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.js.e.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "65d5e-57b0829281200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (65368)
Size:   82166
Md5:    537620cf9cd248b48a89cf20754ac51f
Sha1:   c33fadbe3c75124384d99ba2f1deb817b32e919f
Sha256: cfb13152305d35d13df83c4032dc8f3de604c4657a558196631aaebaf9fedf5b
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/satelit.js.f.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/dialogue.js.11.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/boutonsgeneriques.js.12 HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 11:08:58 GMT
cache-control: public,max-age=3600
age: 809
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.8.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/x-troff-man
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "65d1f-57b0829281200"
Accept-Ranges: bytes
Content-Length: 417055
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (65368)
Size:   417055
Md5:    a17499b977aa5f68f889dc91ee6dcf96
Sha1:   8ce8afa4564ccdd7fc337a694a2b8021cd020ec4
Sha256: 3f13e198d0d42544194bea9062e8463a9ef77047211658af992eec1938b84e0c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1219
Cache-Control: max-age=165883
Date: Sun, 04 Dec 2022 11:22:27 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:27:10 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/ta3.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "1b0-57b0829281200"
Accept-Ranges: bytes
Content-Length: 432
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 17 x 19, 8-bit/color RGB, non-interlaced\012- data
Size:   432
Md5:    9ae0b7a7040b979825e1d4c8fb9589a3
Sha1:   d838d04af56a4a081397c8b9c73219c5c4805e6b
Sha256: bda626f9a65798d374231e7a83027fbb2dbb53b9e7662a247f32a4de1b03b4f2
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/suit.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "5b1-57b0829281200"
Accept-Ranges: bytes
Content-Length: 1457
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 88 x 68, 8-bit/color RGB, non-interlaced\012- data
Size:   1457
Md5:    b8f3245ef96c6b7e0d6724f9930f8cf5
Sha1:   41a1509019219d6efe2ae0ecd9dcf9de1c1417f9
Sha256: ad20b04fe8aa8e8c54449b387d21e854198e618a820bbca3f8a8bb01f62b0761
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/boutton.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "3e9-57b0829281200"
Accept-Ranges: bytes
Content-Length: 1001
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 107 x 37, 8-bit/color RGB, non-interlaced\012- data
Size:   1001
Md5:    bbeb4383154a9c108865ac7a04d28886
Sha1:   cc9d69202a0742e699490586c1e03f3be426c243
Sha256: 833cf2f16ce40bd7ddd7b31bce4ce464d92e9cbe032fc12675fd80ef55239a6f
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.20.del HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00"
Accept-Ranges: bytes
Content-Length: 11812
Vary: Accept-Encoding
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   11812
Md5:    e58a860d8e41196fe5a0d71131d5f341
Sha1:   eb3088e3a139889d331af84dcf3e06fba2613c63
Sha256: b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/cfspart.impots.gouv.fr/stl/styles/rwd/img/favicon-152.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmation.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2022 17:25:01 GMT
ETag: "719-5e80579f03efb"
Accept-Ranges: bytes
Content-Length: 1817
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size:   1817
Md5:    9f3e4c2e5bca00e0d1a5667ec3876881
Sha1:   769ed6d0b884bf25025ed37ee437e6ee21601d64
Sha256: 082c5eba49fccc8b9d7bb3594c72ffb1e741eb051a806af3daf126a294e5da2f
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.21.del HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00"
Accept-Ranges: bytes
Content-Length: 11812
Vary: Accept-Encoding
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=297
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   11812
Md5:    e58a860d8e41196fe5a0d71131d5f341
Sha1:   eb3088e3a139889d331af84dcf3e06fba2613c63
Sha256: b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.22.del HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=297
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 22:12:16 GMT
Expires: Sat, 10 Dec 2022 22:12:15 GMT
Etag: "3a1c97848fe7400af50f4072a41862023c804cbb"
Cache-Control: max-age=602698,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 299
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77442a132fadb4f4-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    b396cbd5acf7ac2b121be1438e74ad09
Sha1:   3a1c97848fe7400af50f4072a41862023c804cbb
Sha256: 50475b195ac0d6c6a4d63e68ac5add05af0cc1ce6a8b38036a95f3f8cc6bcc1f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 06:59:04 GMT
Expires: Fri, 09 Dec 2022 06:59:03 GMT
Etag: "a39e67b0719853397187706038e75912df115b4f"
Cache-Control: max-age=415595,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77442a1378b6b505-OSL

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: foYeIzEQlsEn6Q4cO7boow==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.186.209.73
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SbAApRQutzTEduRBFqQx9+zznzg=

                                        
                                            GET /stl/styles/rwd/img/favicon.ico HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Set-Cookie: lemondgfipprodpart=_test_client; domain=cfspart.impots.gouv.fr; path=/
Pragma: no-cache
Connection: close
Location: https://cfspart.impots.gouv.fr/LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL3N0bC9zdHlsZXMvcndkL2ltZy9mYXZpY29uLmljbw==
Content-Length: 324


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   324
Md5:    17efb749d9472c5c4ee9511ac32349d6
Sha1:   d427f9a8dd211391276970116539e8d38b2455db
Sha256: 0197564551359801a069d06a2455b5a9dc6e0ee06a855e8f1419c409764ecc5e
                                        
                                            GET /LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL3N0bC9zdHlsZXMvcndkL2ltZy9mYXZpY29uLmljbw== HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tamarafreitas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
                                        
Date: Sun, 04 Dec 2022 11:22:27 GMT
Server: Apache
Set-Cookie: ctxcfs=618ebad58242f867178e39a5e184eb1c; domain=cfspart.impots.gouv.fr; path=/
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' https://app.franceconnect.gouv.fr https://cfsfc.impots.gouv.fr ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Via: dpapusx037
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12866
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (464)
Size:   12866
Md5:    d9be444dfc7f8edda9052ffaa7334fa6
Sha1:   6f556c95b0e11b49af1e218f557cfcae1ff2259b
Sha256: 1c5e987d7c1889a80f6da2d8583c6c5794b794448f9047a220ce9e83d2832f56
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6155
Expires: Sun, 04 Dec 2022 13:05:03 GMT
Date: Sun, 04 Dec 2022 11:22:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6155
Expires: Sun, 04 Dec 2022 13:05:03 GMT
Date: Sun, 04 Dec 2022 11:22:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6154
Expires: Sun, 04 Dec 2022 13:05:03 GMT
Date: Sun, 04 Dec 2022 11:22:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6155
Expires: Sun, 04 Dec 2022 13:05:03 GMT
Date: Sun, 04 Dec 2022 11:22:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6154
Expires: Sun, 04 Dec 2022 13:05:03 GMT
Date: Sun, 04 Dec 2022 11:22:29 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 48748
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8989
Md5:    a6e7b32ac999cf3c899a234c621fa91a
Sha1:   fc5d4f3163ebb9faf85968cbb1d194e8e68418be
Sha256: f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 48767
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 49108
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4666
Md5:    c01fe1cccdb3b672bbade6d98217ffe9
Sha1:   a9a529dc9894827f6243a1bf57f81caa4fe88fc2
Sha256: c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 49190
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8315
Md5:    db1701b7b9d161a0c935bb6e10b17893
Sha1:   22a8c4bd58c729c1abcf794466e8f3231dfb034b
Sha256: b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 19629
etag: "1d702df3a64258628f4124eafd580695f2d350af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16143
Md5:    14dcca2a9c4792d835ee709bcd947402
Sha1:   1d702df3a64258628f4124eafd580695f2d350af
Sha256: da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 48923
etag: "8637105f41058bc0d2b259d462b560881928adb6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10431
Md5:    2636f91bb8fa4d9bb7bef114c248a9ae
Sha1:   8637105f41058bc0d2b259d462b560881928adb6
Sha256: 3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7