r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7200
Expires: Fri, 31 Mar 2023 11:59:27 GMT
Date: Fri, 31 Mar 2023 09:59:27 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b93010cbf31ba3ec785b4088e5d0f529
c0f1ab8a2aae3c445a8f24959a4eea433a345caf
2cc1a5865dee7636b82a68deddd3aff8b697e846e37789a694cc3c7c47340590
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC1A5865DEE7636B82A68DEDDD3AFF8B697E846E37789A694CC3C7C47340590"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10201
Expires: Fri, 31 Mar 2023 12:49:28 GMT
Date: Fri, 31 Mar 2023 09:59:27 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 76218c893040d958ae1c4231cdd2133c
6a7b336dee91d4aec26ace0a5883ecdfac52e68f
d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17230
Expires: Fri, 31 Mar 2023 14:46:37 GMT
Date: Fri, 31 Mar 2023 09:59:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Retry-After, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 09:28:23 GMT
content-type: application/json
age: 1864
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wj1UVVJkDYjSzxYMPfUXMfLtqO4gl2L/eLV0nZax6h0WB8+u36GXu782LcPQ/0WtD0XgoDf3sCZCaXw+rq8iJA==
x-amz-request-id: F081M8EMMTVXPEV8
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 09:12:07 GMT
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
age: 2840
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 09:59:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ab61862f016dea85f8aa55e59369d905
a5e81f13052b9e9184caf05a9740c345a40d1f22
e0d580c313088d524a5338e63e4acf9f3f3cb45a54f2528c5d1c4915d71b255b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E0D580C313088D524A5338E63E4ACF9F3F3CB45A54F2528C5D1C4915D71B255B"
Last-Modified: Thu, 30 Mar 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5615
Expires: Fri, 31 Mar 2023 11:33:03 GMT
Date: Fri, 31 Mar 2023 09:59:28 GMT
Connection: keep-alive
www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=1e62df99bd0e2fae22240aa02f4cfa681e62df99bd0e2fae22240aa02f4cfa68&session=1e62df99bd0e2fae22240aa02f4cfa681e62df99bd0e2fae22240aa02f4cfa68
162.241.218.142200 OK 1.5 kB URL HTTP/1.1 www.huntington-banking.bhipvitality.com/login.php?cmd=login_submit&id=1e62df99bd0e2fae22240aa02f4cfa681e62df99bd0e2fae22240aa02f4cfa68&session=1e62df99bd0e2fae22240aa02f4cfa681e62df99bd0e2fae22240aa02f4cfa68
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (311), with CRLF line terminators
Hash 206ddc7ef3537c9cfc21afaf320cb09b
6de9fb7a61332514f4bf28423594319dc4e14123
eecf7270a07507502e63d09759c02d28bde510d886cee5d36e19d1baccd636e3
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
NIDS Severity Alert suricata high ET PHISHING Generic Phishkit Activity (GET)
suricata medium ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017
GET /login.php?cmd=login_submit&id=1e62df99bd0e2fae22240aa02f4cfa681e62df99bd0e2fae22240aa02f4cfa68&session=1e62df99bd0e2fae22240aa02f4cfa681e62df99bd0e2fae22240aa02f4cfa68 HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 09:59:28 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=7200
Expires: Fri, 31 Mar 2023 11:59:28 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1519
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Expires, Retry-After, Cache-Control, Alert, Backoff, Pragma, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 09:14:39 GMT
age: 2689
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:59:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vN5yuqZS+rm/rhdAJlrGtw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Pb5NJsIEskFxnV97ZC4GTbZahLI=
Date: Fri, 31 Mar 2023 09:59:28 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
142.250.74.10200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (32065)
Hash 6d973c8b7e2439d958e09c0a1ab9fe50
05ae0830200c20b9a2dfd5a825adc400481a60fb
f3c122dc227e829ed96b2a754296809201bd78abbad7ba50ef5079654e1cc894
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.huntington-banking.bhipvitality.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Mar 2023 09:53:30 GMT
expires: Fri, 29 Mar 2024 09:53:30 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 86758
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 09:59:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c27692476ee7e74a751ecf7e00417f68
92d13019cb7dfce5d9162073269a49159f6ba780
343557c4d1143fe6642e41353ac9da957c1f1353dc424106ee55a9003d2948a8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "343557C4D1143FE6642E41353AC9DA957C1F1353DC424106EE55A9003D2948A8"
Last-Modified: Thu, 30 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5413
Expires: Fri, 31 Mar 2023 11:29:41 GMT
Date: Fri, 31 Mar 2023 09:59:28 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1d108eee072815a675f64492942dc062
8efaea1971f660565b0ffa7d0793f985bed88b1e
a6b6a5e7c48551f91dc9f0086535609e58a6186066f768377dc43f9162e783c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6B6A5E7C48551F91DC9F0086535609E58A6186066F768377DC43F9162E783C6"
Last-Modified: Wed, 29 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7812
Expires: Fri, 31 Mar 2023 12:09:40 GMT
Date: Fri, 31 Mar 2023 09:59:28 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1d108eee072815a675f64492942dc062
8efaea1971f660565b0ffa7d0793f985bed88b1e
a6b6a5e7c48551f91dc9f0086535609e58a6186066f768377dc43f9162e783c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6B6A5E7C48551F91DC9F0086535609E58A6186066F768377DC43F9162E783C6"
Last-Modified: Wed, 29 Mar 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7812
Expires: Fri, 31 Mar 2023 12:09:40 GMT
Date: Fri, 31 Mar 2023 09:59:28 GMT
Connection: keep-alive
smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
194.1.147.58404 Not Found 17 kB URL HTTP/2 smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
IP 194.1.147.58:0
ASN #210250 K Media Tech Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9698), with CRLF, LF line terminators
Hash 6f66b96efe9b7d511eb58b83d78ef3aa
c9d2967321c283d33db393026731bc4e0c8fc40c
c7082d84a81b0c01635c34cf9e1093ef87e9b24a0aa9ca211964b2c2fa370773
GET /wp-content/uploads/2014/08/Preloader_11.gif HTTP/1.1
Host: smallenvelop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.huntington-banking.bhipvitality.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 31 Mar 2023 09:59:28 GMT
content-type: text/html; charset=UTF-8
content-length: 16901
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=o5bg31b28vi7l5easdv92l7vmr; path=/; secure; HttpOnly
pragma: no-cache
cache-control: public,max-age=3600
x-ua-compatible: IE=edge
link: <https://smallenvelop.com/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/STHLM01
server: WPX CLOUD/STHLM01
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/h8.png
162.241.218.142200 OK 2.9 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/h8.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 295 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash 9ca8f64ca7b7e4b7a9e6fc9d88d2572c
2056f1590fd95a2dc023d717fd5160b57d82469f
12976ecafc16fe238d544a1e16762ba92798d6d44a07f7b6252dbdeb8b3efd02
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/h8.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:56:28 GMT
accept-ranges: bytes
content-length: 2879
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:28 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/h7.png
162.241.218.142200 OK 2.2 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/h7.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 235 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 89d1dce74976f4574fe237cbe7355d3b
e90ddc2059f5479defc732e925fcc9cef4931db2
84298908d1434625c1b0ad441dd7c3306ee3163c498a51473f9f35b02b529cf0
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/h7.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:55:38 GMT
accept-ranges: bytes
content-length: 2173
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:28 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/h1.png
162.241.218.142200 OK 19 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/h1.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1349 x 156, 8-bit/color RGBA, non-interlaced\012- data
Hash d5cc42886b927d1ded4729b8043d4d0f
5be045749c9ac75e134c38f3d6905f39846d2d31
f284cbd4eff46e8c6062d237b3a0a209ad2776528f1233d08eadedaa80f0fdbf
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/h1.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:27:22 GMT
accept-ranges: bytes
content-length: 19268
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:28 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/hgn.png
162.241.218.142200 OK 1.3 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/hgn.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 104 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 3f5d727c4d2e21598d45cc23f5735c1c
8dce595793457d42ed60977c5898e8da07ea7698
b5425e9eb7353db1fd728960db79c51f65004b03c58214d09b028c15cc379418
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/hgn.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:56:00 GMT
accept-ranges: bytes
content-length: 1310
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:28 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/h3.png
162.241.218.142200 OK 326 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/h3.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1349 x 493, 8-bit/color RGBA, non-interlaced\012- data
Size 326 kB (326149 bytes)
Hash 442512ab91e9eb4afc39370c3525870f
5d7200fb742b9309d86758c7101c743c9c791558
b61428d8488d902b009224c5f6f968d6b9be3b7fbe4c6910d3ff22e48f2d8a68
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/h3.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:36:30 GMT
accept-ranges: bytes
content-length: 326149
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:28 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/h5.png
162.241.218.142200 OK 43 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/h5.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1349 x 282, 8-bit/color RGBA, non-interlaced\012- data
Hash 0853e60c7ab442056ecde3120a982608
ff1dac5339cfc8daf8eed0d11ed1eed1268b8783
97f0f71e3aaf8472f45c69beab027158718474cb6e1456be91302526dafc1575
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/h5.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 13 Feb 2020 17:16:50 GMT
accept-ranges: bytes
content-length: 43097
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:29 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:29 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9658
Expires: Fri, 31 Mar 2023 12:40:28 GMT
Date: Fri, 31 Mar 2023 09:59:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9658
Expires: Fri, 31 Mar 2023 12:40:28 GMT
Date: Fri, 31 Mar 2023 09:59:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9658
Expires: Fri, 31 Mar 2023 12:40:28 GMT
Date: Fri, 31 Mar 2023 09:59:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9658
Expires: Fri, 31 Mar 2023 12:40:28 GMT
Date: Fri, 31 Mar 2023 09:59:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d531a5-067e-452b-8349-d9f2a461ba4a.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d531a5-067e-452b-8349-d9f2a461ba4a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1688ae550e5e9181de2448a9cade8a26
a46eb0cd75f46778dc802b648f7c391ce801c700
e717e6e64c928571506bc6d19e3d9ce19bea3292f01618a6d9ddbbaffe65ffd1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d531a5-067e-452b-8349-d9f2a461ba4a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9055
x-amzn-requestid: 1fad6d1e-3380-4574-9796-ca6bde35b507
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUneEK8IAMF1EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260162-690f6e9933616e9b74b70435;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 5qljjE3ByqQaRJhcpkBZFcYVH4lCoP2idQM0iPBAT7znLfoZmO0lUg==
via: 1.1 ee6ea1e4552345de209d26f9ffb35d4a.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:29 GMT
age: 43981
etag: "a46eb0cd75f46778dc802b648f7c391ce801c700"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa12abd-bde1-4533-85ef-2cc555105c71.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa12abd-bde1-4533-85ef-2cc555105c71.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a3b5eaa5d578299f8a506df71865d4d5
99fc13dea248dd6316e4abe545c80ad9df9bc1cd
30baa165074984ba7de6fc42cd1959d63c3f17c8f5b7cfabd68511136ff9e4ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa12abd-bde1-4533-85ef-2cc555105c71.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10323
x-amzn-requestid: 5851fc9d-f75e-4237-87de-45b881d1d553
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnJEb4IAMFh8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260160-2003d3df2d802faa74ca5096;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:40 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 28pB4vd4QIm-Q7aEpaoOVhSU5Tw7HiZfViMfqJ_Jk4Z2KtoDOcaOrg==
via: 1.1 0a166b53605851fe961f5a2952e5a748.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:03:50 GMT
age: 42940
etag: "99fc13dea248dd6316e4abe545c80ad9df9bc1cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b45e61-5c2e-4b1b-929e-70c72bde0787.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b45e61-5c2e-4b1b-929e-70c72bde0787.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 211d737362f7cbcd8c77cee7d29fa2f5
668d1d80c88082928c6ca01fbf1ccbfcd079f64f
05672d4ab964a706c41d73b51592ca2425983e77544f08198dd2d3a7dcc5b3a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b45e61-5c2e-4b1b-929e-70c72bde0787.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11114
x-amzn-requestid: e9e6a6b5-e6e8-4ca4-9302-a1fc023a38af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkypoH5goAMF6Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424fe3d-63c6c8465407f5dc26e9aced;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 03:13:01 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: HsI--rdD7nPKwY0W7f_eIm1y-oz6BbWkLea2jX-JmxY6_I8ncpD-cg==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 14:31:29 GMT
age: 70081
etag: "668d1d80c88082928c6ca01fbf1ccbfcd079f64f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nZfXy-IsoHliuLodEocEZlH-IvmIV9G-noSmSEU1wmuMPfBx3rLJ9w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 11:37:45 GMT
age: 80505
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LAAUFZcFBIpdMUkaDQXGW1sdwLK9c_uhQQHLiJHGF7dEvfJ0KX7MaA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 06:44:37 GMT
age: 11693
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: L6tgzFrj9t69Rnfd9bziAPiROAX0tvcj9Kcg8sXkto8qRFeKqiwkpg==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:17:06 GMT
age: 42144
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/h2.png
162.241.218.142200 OK 592 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/h2.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1349 x 591, 8-bit/color RGBA, non-interlaced\012- data
Size 592 kB (591908 bytes)
Hash db2c4cd8ab90eb8727ad6fb1e9d3b120
32181727948f815dc025004dac904675d603141d
a9b1c6a588900962422deaa653d53a7391a556c87d9bff525658dbfe132f6ead
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/h2.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 16:21:52 GMT
accept-ranges: bytes
content-length: 591908
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:28 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/h4.png
162.241.218.142200 OK 313 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/h4.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1349 x 371, 8-bit/color RGBA, non-interlaced\012- data
Size 313 kB (313194 bytes)
Hash d68811cff396c6555427b73145b37a57
715ea5ea8d93a2addabe27e709a3411f8d513922
986a311ba8cccf0203588c6dda00595dc4f45f59bcc1daa5b7c57579fc2eacc2
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/h4.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:36:44 GMT
accept-ranges: bytes
content-length: 313194
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:29 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:29 GMT
server: Apache
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/h6.png
162.241.218.142200 OK 844 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/h6.png
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1127 x 528, 8-bit/color RGBA, non-interlaced\012- data
Size 844 kB (844128 bytes)
Hash 3e6f7ea039f47fb2034c7db471890e9c
7ef0dafb02d5522fa85aad2e0f559153cee0d2c5
6bbfdbd90ac2717480bdd38effdfc68d2f54097e5755612e798a544dbab5da92
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/h6.png HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 15 Jul 2019 15:36:58 GMT
accept-ranges: bytes
content-length: 844128
cache-control: max-age=86400
expires: Sat, 01 Apr 2023 09:59:29 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Fri, 31 Mar 2023 09:59:29 GMT
server: Apache
X-Firefox-Spdy: h2
www.huntington-banking.bhipvitality.com/images/favicon.ico
162.241.218.142200 OK 1.3 kB URL HTTP/2 www.huntington-banking.bhipvitality.com/images/favicon.ico
IP 162.241.218.142:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 96f1746cd5f33f542e18900d31019f6a
4beb3ef71e57b2aa048f43e59f0805c3f1257412
980822c2935a8c30bc02aee1c1bd033a4c5bc3cb63b9eb83a63d159f62158db8
Analyzer Verdict Alert urlquery phishing Phishing - Huntington
urlquery phishing Phishing - Huntington
openphish Huntington Bank
GET /images/favicon.ico HTTP/1.1
Host: www.huntington-banking.bhipvitality.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.huntington-banking.bhipvitality.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 20 Sep 2018 01:32:40 GMT
accept-ranges: bytes
content-length: 1282
cache-control: max-age=31536000
expires: Sat, 30 Mar 2024 09:59:29 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/x-icon
date: Fri, 31 Mar 2023 09:59:29 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 876e5464aba1639f3b07b07d1d694514
93885a6205be71d16187782b1803f53d5c8538cb
6e2b6b15f462922a9e8260f55cfcd94d488d1a48435458db43270ea3b825d8c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13775
x-amzn-requestid: 43d1a1f3-b189-4fcd-a298-429123d1921b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUloF9woAMFU4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-13778451622503253ea252eb;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXA995GxGti4_AzSi9F19ZNvUwm5_ZSBw0BB0lRIfNHcmX7Ajt6bSg==
via: 1.1 8731d2a1a7d15f67b588bf58f652f9f0.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:52:34 GMT
age: 43622
etag: "93885a6205be71d16187782b1803f53d5c8538cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2