urlquery - report: goldrush.ug/zxcv.EXE

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
ocsp.digicert.com (3)	86	2012-05-21 07:02:23 UTC	2020-05-02 20:58:10 UTC	93.184.220.29
content-signature-2.cdn.mozilla.net (1)	1152	No data	No data	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-11-04 05:51:42 UTC	34.117.237.239
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2020-05-03 10:09:39 UTC	34.213.140.56
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-21 23:36:00 UTC	2020-02-19 04:43:25 UTC	34.120.237.76
r3.o.lencr.org (6)	344	No data	No data	23.36.76.226
goldrush.ug (1)	0	2022-06-26 06:32:56 UTC	2022-11-05 00:51:34 UTC	193.106.191.169	Unknown ranking

Scan Date	Severity	Indicator	Comment
2022-11-05	2	goldrush.ug/zxcv.EXE	Malware

Scan Date	Severity	Indicator	Comment
2022-11-05	2	goldrush.ug	Sinkholed

Scan Date	Severity	Indicator	Comment
2022-11-05	2	goldrush.ug	Sinkholed

Date	UQ / IDS / BL	URL	IP
2022-12-16 06:23:08 +0000	0 - 0 - 3	marnersstyler.ug/asdf.EXE	193.106.191.169
2022-12-16 06:19:00 +0000	0 - 0 - 3	marnersstyler.ug/zxcvb.exe	193.106.191.169
2022-12-16 05:31:07 +0000	0 - 0 - 3	marnersstyler.ug/zxcv.EXE	193.106.191.169
2022-12-16 05:30:59 +0000	0 - 0 - 3	marnersstyler.ug/asdfg.exe	193.106.191.169
2022-12-16 05:24:37 +0000	0 - 0 - 3	wewilltoptheworld.top/rc.exe	193.106.191.169

Date	UQ / IDS / BL	URL	IP
2022-12-17 22:10:52 +0000	0 - 0 - 12	ing-gerateerneuerung.com/95ca6d9d18742ae5428c (...)	193.106.191.135
2022-12-17 22:10:41 +0000	0 - 0 - 12	ing-gerateerneuerung.com/b8d3a8f5b0912c8b1370 (...)	193.106.191.135
2022-12-17 20:12:03 +0000	0 - 0 - 10	failed-new-attempt.com/Login.php/absa/ib	193.106.191.135
2022-12-17 18:35:22 +0000	0 - 0 - 2	secure-device-login.com/Login.php	193.106.191.135
2022-12-17 16:36:14 +0000	0 - 0 - 2	security-new-device.com/login.php	193.106.191.135

Date	UQ / IDS / BL	URL	IP
2023-02-01 08:03:03 +0000	0 - 1 - 3	goldrush.ug/zxcv.EXE	91.215.85.158
2023-02-01 08:02:38 +0000	0 - 1 - 3	goldrush.ug/zxcvb.exe	91.215.85.158
2023-02-01 04:44:16 +0000	0 - 1 - 3	goldrush.ug/zxcvb.exe	91.215.85.158
2023-02-01 04:44:11 +0000	0 - 1 - 3	goldrush.ug/zxcv.EXE	91.215.85.158
2023-02-01 01:25:37 +0000	0 - 1 - 3	goldrush.ug/zxcv.EXE	91.215.85.158

Date	UQ / IDS / BL	URL	IP
2023-02-06 17:07:55 +0000	0 - 1 - 0	pkg-store.dl.mail.ru/packages/shop/0_2017064d (...)	188.93.63.73
2023-02-06 17:06:21 +0000	0 - 1 - 0	pkg-store.dl.mail.ru/packages/shop/0_2017064d (...)	188.93.63.73
2023-02-06 17:05:57 +0000	0 - 1 - 0	pkg-store.dl.mail.ru/packages/shop/0_2017050d (...)	188.93.63.73
2023-02-06 17:05:23 +0000	0 - 1 - 0	pkg-store.dl.mail.ru/packages/shop/0_2017050d (...)	188.93.63.73
2023-02-06 17:05:14 +0000	0 - 0 - 1	i31.lanzoug.com/1026100086325423bb/2022/10/22 (...)	218.92.227.228

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44" Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13314 Expires: Sat, 05 Nov 2022 11:10:23 GMT Date: Sat, 05 Nov 2022 07:28:29 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: b7be8442ec1e518ccc80739495f6d047 Sha1: 7a9d24b9d4046262c7753c49afaf9c19f4840626 Sha256: b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44
GET /zxcv.EXE HTTP/1.1 Host: goldrush.ug User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: goldrush.ug/zxcv.EXE FQDN: goldrush.ug IP: 193.106.191.169 HASH: 599fa7fc07b1b8265ea936ce641733fcec03eb0fe8cc4822e5a752b6629e216e 193.106.191.169 HTTP/1.1 200 OK Content-Type: application/octet-stream Server: nginx/1.20.2 Date: Sat, 05 Nov 2022 07:28:29 GMT Content-Length: 794624 Connection: keep-alive Last-Modified: Thu, 06 Oct 2022 00:19:40 GMT ETag: "c2000-5ea52a63a016a" Accept-Ranges: bytes --- Additional Info --- Magic: PE32 executable (GUI) Intel 80386, for MS Windows\012- data Size: 794624 Md5: 07d6b4373f270ffefd756cf6ae19a486 Sha1: bf202d7bf1b73cb6a022b67557a5b83168059b8d Sha256: 599fa7fc07b1b8265ea936ce641733fcec03eb0fe8cc4822e5a752b6629e216e Alerts: Blocklists: - fortinet: Malware - mnemonic_dns: Sinkholed - quad9: Sinkholed File Analyzers: - virustotal: 57/72
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 2268 Cache-Control: max-age=96024 Date: Sat, 05 Nov 2022 07:28:29 GMT Etag: "6364dbd9-1d7" Expires: Sun, 06 Nov 2022 10:08:53 GMT Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT Server: ECS (ska/F717) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: cd02b32dbc8416dcb10b468af2166c33 Sha1: 503a9c4cabdb19dfde769f5e2d3ef919c818c364 Sha256: 46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 2268 Cache-Control: max-age=96024 Date: Sat, 05 Nov 2022 07:28:29 GMT Etag: "6364dbd9-1d7" Expires: Sun, 06 Nov 2022 10:08:53 GMT Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT Server: ECS (ska/F717) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: cd02b32dbc8416dcb10b468af2166c33 Sha1: 503a9c4cabdb19dfde769f5e2d3ef919c818c364 Sha256: 46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: dd5dd09fec51669adf36b3014bbf65d7bff608f72018d037f9ed9b414675037c 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "DD5DD09FEC51669ADF36B3014BBF65D7BFF608F72018D037F9ED9B414675037C" Last-Modified: Fri, 04 Nov 2022 02:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=9834 Expires: Sat, 05 Nov 2022 10:12:23 GMT Date: Sat, 05 Nov 2022 07:28:29 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 078950c3ba9ad01927f3da494b1d1de4 Sha1: 443c8a8247e4e3e04c14d21e0227fc4e8f396142 Sha256: dd5dd09fec51669adf36b3014bbf65d7bff608f72018d037f9ed9b414675037c
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: 4p98cLCYNMPCzLvvvXVcWKUA9o1Q6dXA7rrhvbCP4lOcY2Ep+kn/QnNPCpHPS4rNrUKoIHu4KNw= x-amz-request-id: 4T907SZY8TZC3PRA content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Sat, 05 Nov 2022 06:47:06 GMT age: 2484 last-modified: Fri, 30 Sep 2022 18:50:55 GMT etag: "67d5a988edcda47bc3b3b3f65d32b4b6" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 67d5a988edcda47bc3b3b3f65d32b4b6 Sha1: d4f0e0da8b3690cc7da925026d3414b68c7d954f Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Sat, 05 Nov 2022 07:28:29 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 5746 Cache-Control: max-age=94443 Date: Sat, 05 Nov 2022 07:28:30 GMT Etag: "6364c817-1d7" Expires: Sun, 06 Nov 2022 09:42:33 GMT Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT Server: ECS (ska/F717) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 42a0adacced30df52cf7cad3e200036d Sha1: f7b4114defc61f806dbb74fd228bca155d52362a Sha256: e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: tPlhvCGXbSrWHNn5/nNinw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 34.213.140.56 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 34.213.140.56 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: xJfJX5X9yxdputtdz4I0nbJ3kfM= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946" Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3336 Expires: Sat, 05 Nov 2022 08:24:08 GMT Date: Sat, 05 Nov 2022 07:28:32 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8ee5640e4bbe5e2c0dd4aa0698a3ce62 Sha1: a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef Sha256: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946" Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3336 Expires: Sat, 05 Nov 2022 08:24:08 GMT Date: Sat, 05 Nov 2022 07:28:32 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8ee5640e4bbe5e2c0dd4aa0698a3ce62 Sha1: a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef Sha256: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946" Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3336 Expires: Sat, 05 Nov 2022 08:24:08 GMT Date: Sat, 05 Nov 2022 07:28:32 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8ee5640e4bbe5e2c0dd4aa0698a3ce62 Sha1: a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef Sha256: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946" Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3336 Expires: Sat, 05 Nov 2022 08:24:08 GMT Date: Sat, 05 Nov 2022 07:28:32 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 8ee5640e4bbe5e2c0dd4aa0698a3ce62 Sha1: a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef Sha256: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 709c217b3ac09712d2af4366316c8977b1a4e2a73f887b3e30f10df1ed50bacd 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9150 x-amzn-requestid: 7c179507-20a7-4fa3-993b-f79b3e7949ac x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: apwiGHD_IAMFQZw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-635a2e0d-337623ce79dc53c864632c72;Sampled=0 x-amzn-remapped-date: Thu, 27 Oct 2022 07:06:53 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: OM3hc6Jfl5pDWPikIlcQOexIScQavqJh9h-N-EvIGNpicWJwHMPKIA== via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google date: Fri, 04 Nov 2022 19:29:40 GMT age: 43132 etag: "596c3c084ae3d850a5dc28e549b4e22f2b8cc71f" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9150 Md5: c7c9c908e891e7277f21a914fea9aa25 Sha1: 596c3c084ae3d850a5dc28e549b4e22f2b8cc71f Sha256: 709c217b3ac09712d2af4366316c8977b1a4e2a73f887b3e30f10df1ed50bacd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ba524bd-ef85-4f86-8f19-39ca866c6ef3.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: aad9c8d5dbf34cbfc79bd5a69eb84e83880991f6765b955195b8ab515cab076b 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 3898 x-amzn-requestid: aa30ce03-5fea-431d-a8ba-f1f1f6a7313d x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: a5se8GMjIAMFgxA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63608df9-5f607dee71fc5ea4688e10ad;Sampled=0 x-amzn-remapped-date: Tue, 01 Nov 2022 03:09:45 GMT x-amz-cf-pop: SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: M117Djj2kKvQjSBxg_-Wjy9wr6gS-B8nZg-DW6-mduh-Py4fpw_0hg== via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google date: Fri, 04 Nov 2022 23:55:48 GMT age: 27164 etag: "39da4f78058b565bfcaad4ced6f1b59a2bf6a421" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 3898 Md5: e6627701fe981336792076df0c21937b Sha1: 39da4f78058b565bfcaad4ced6f1b59a2bf6a421 Sha256: aad9c8d5dbf34cbfc79bd5a69eb84e83880991f6765b955195b8ab515cab076b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52bfe915-baee-403a-9240-12d17207ec94.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: d2cc0f7735f04a07c681eb2eae7c52e9f4c75b6d475b3ad4de587899089850a7 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4662 x-amzn-requestid: 32199e11-d856-4403-ad55-65076eac83ff x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: amd5UFJQIAMFf-A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6358dd08-1761126e37ed504e46896b4d;Sampled=0 x-amzn-remapped-date: Wed, 26 Oct 2022 07:08:56 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: Nu2uC3we8aHv4ERvh7QcmiErm4Ax-NNmdWFovpdU9Or9DguzrIcn5g== via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google date: Fri, 04 Nov 2022 22:00:38 GMT age: 34074 etag: "ddb7b18fae0082ce22d8ffa537c7367e1da404a5" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4662 Md5: d12961439cd33c86c7b8041ed9d42321 Sha1: ddb7b18fae0082ce22d8ffa537c7367e1da404a5 Sha256: d2cc0f7735f04a07c681eb2eae7c52e9f4c75b6d475b3ad4de587899089850a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 5baa90853202e78cf9b59e9ab597e16ccfbf143d7e124583e64dc1ad1ee2c2df 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7783 x-amzn-requestid: c8f73eac-612d-48e3-a655-41525e97331c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: apxM8H7aoAMFT3w= x-content-type-options: nosniff x-amzn-trace-id: Root=1-635a2f1f-5470c77a30a11b9423f56837;Sampled=0 x-amzn-remapped-date: Thu, 27 Oct 2022 07:11:27 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: FLFsF-1gAeN0HiZnS03oNMNajnwk12P-5Aro-QOcQNFtkjknh9g5FA== via: 1.1 0c04e836dfe22246a870a0f54a2d4746.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google date: Fri, 04 Nov 2022 19:19:17 GMT age: 43755 etag: "75805b9f03aef14cfad025259936ae5f217d25ca" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7783 Md5: 7a3b1551512640bb8f5e7deb80c32272 Sha1: 75805b9f03aef14cfad025259936ae5f217d25ca Sha256: 5baa90853202e78cf9b59e9ab597e16ccfbf143d7e124583e64dc1ad1ee2c2df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60f419f1-9fac-4d40-ab08-9e4c8d715092.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: c4d4748d9997f417da33dc27c283280fa662f20af21b5f723864b08a98375cb4 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 13204 x-amzn-requestid: 17c52ec3-3ba2-455b-b191-bc4716a80c3f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: bGHlcEhLIAMFomg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63658622-4c003bdf6874045753a27045;Sampled=0 x-amzn-remapped-date: Fri, 04 Nov 2022 21:37:38 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: 2wMtj6owsrfYWrOfjUWMvtJnQmAAv7KCBWYfMGaR70ByMlYmHCUsqQ== via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google date: Fri, 04 Nov 2022 22:09:12 GMT age: 33560 etag: "fc8efa7e342e486fc03eba5f4b9a13897e3d6184" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 13204 Md5: 3ef4c410bf60b7be505437f6bd0741cc Sha1: fc8efa7e342e486fc03eba5f4b9a13897e3d6184 Sha256: c4d4748d9997f417da33dc27c283280fa662f20af21b5f723864b08a98375cb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10462 x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: aMF6oEz_oAMF8Hg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0 x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: z6Lnru_eeTvRGdsz-q37-HGFgFfIT6fLSFcJBvT3oPjAPilszTWkDw== via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google date: Fri, 04 Nov 2022 20:21:33 GMT age: 40019 etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10462 Md5: 4e2853cc6ec6223160471401e6871f4b Sha1: f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c Sha256: bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44" 

                                        
                                            
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=13314 

                                        
                                            
Expires: Sat, 05 Nov 2022 11:10:23 GMT 

                                        
                                            
Date: Sat, 05 Nov 2022 07:28:29 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    b7be8442ec1e518ccc80739495f6d047

                                                Sha1:   7a9d24b9d4046262c7753c49afaf9c19f4840626

                                                Sha256: b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: ocsp.digicert.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 83 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         93.184.220.29

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
Age: 2268 

                                        
                                            
Cache-Control: max-age=96024 

                                        
                                            
Date: Sat, 05 Nov 2022 07:28:29 GMT 

                                        
                                            
Etag: "6364dbd9-1d7" 

                                        
                                            
Expires: Sun, 06 Nov 2022 10:08:53 GMT 

                                        
                                            
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT 

                                        
                                            
Server: ECS (ska/F717) 

                                        
                                            
X-Cache: HIT 

                                        
                                            
Content-Length: 471 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   471

                                                Md5:    cd02b32dbc8416dcb10b468af2166c33

                                                Sha1:   503a9c4cabdb19dfde769f5e2d3ef919c818c364

                                                Sha256: 46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "DD5DD09FEC51669ADF36B3014BBF65D7BFF608F72018D037F9ED9B414675037C" 

                                        
                                            
Last-Modified: Fri, 04 Nov 2022 02:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=9834 

                                        
                                            
Expires: Sat, 05 Nov 2022 10:12:23 GMT 

                                        
                                            
Date: Sat, 05 Nov 2022 07:28:29 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    078950c3ba9ad01927f3da494b1d1de4

                                                Sha1:   443c8a8247e4e3e04c14d21e0227fc4e8f396142

                                                Sha256: dd5dd09fec51669adf36b3014bbf65d7bff608f72018d037f9ed9b414675037c

                                        
                                            GET /v1/tiles HTTP/1.1 

                                        
                                            
Host: contile.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: empty 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.117.237.239

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: application/json

                                        

                                        
                                            
server: nginx 

                                        
                                            
date: Sat, 05 Nov 2022 07:28:29 GMT 

                                        
                                            
content-length: 12 

                                        
                                            
strict-transport-security: max-age=31536000 

                                        
                                            
via: 1.1 google 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JSON data\012- , ASCII text, with no line terminators

                                                Size:   12

                                                Md5:    23e88fb7b99543fb33315b29b1fad9d6

                                                Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

                                                Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: push.services.mozilla.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Sec-WebSocket-Version: 13 

                                        
                                            
Origin: wss://push.services.mozilla.com/ 

                                        
                                            
Sec-WebSocket-Protocol: push-notification 

                                        
                                            
Sec-WebSocket-Extensions: permessage-deflate 

                                        
                                            
Sec-WebSocket-Key: tPlhvCGXbSrWHNn5/nNinw== 

                                        
                                            
Connection: keep-alive, Upgrade 

                                        
                                            
Sec-Fetch-Dest: websocket 

                                        
                                            
Sec-Fetch-Mode: websocket 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache 

                                        
                                            
Upgrade: websocket

                                         34.213.140.56

                                        
                                            HTTP/1.1 101 Switching Protocols

                                        

                                        
                                            
Connection: Upgrade 

                                        
                                            
Upgrade: websocket 

                                        
                                            
Sec-WebSocket-Accept: xJfJX5X9yxdputtdz4I0nbJ3kfM= 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946" 

                                        
                                            
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=3336 

                                        
                                            
Expires: Sat, 05 Nov 2022 08:24:08 GMT 

                                        
                                            
Date: Sat, 05 Nov 2022 07:28:32 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    8ee5640e4bbe5e2c0dd4aa0698a3ce62

                                                Sha1:   a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef

                                                Sha256: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946

                                        
                                            POST / HTTP/1.1 

                                        
                                            
Host: r3.o.lencr.org

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Content-Type: application/ocsp-request 

                                        
                                            
Content-Length: 85 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                         23.36.76.226

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/ocsp-response

                                        

                                        
                                            
Server: nginx 

                                        
                                            
Content-Length: 503 

                                        
                                            
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946" 

                                        
                                            
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC 

                                        
                                            
Cache-Control: public, no-transform, must-revalidate, max-age=3336 

                                        
                                            
Expires: Sat, 05 Nov 2022 08:24:08 GMT 

                                        
                                            
Date: Sat, 05 Nov 2022 07:28:32 GMT 

                                        
                                            
Connection: keep-alive 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  data

                                                Size:   503

                                                Md5:    8ee5640e4bbe5e2c0dd4aa0698a3ce62

                                                Sha1:   a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef

                                                Sha256: 938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ba524bd-ef85-4f86-8f19-39ca866c6ef3.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 3898 

                                        
                                            
x-amzn-requestid: aa30ce03-5fea-431d-a8ba-f1f1f6a7313d 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: a5se8GMjIAMFgxA= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-63608df9-5f607dee71fc5ea4688e10ad;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Tue, 01 Nov 2022 03:09:45 GMT 

                                        
                                            
x-amz-cf-pop: SEA73-P1 

                                        
                                            
x-cache: Miss from cloudfront 

                                        
                                            
x-amz-cf-id: M117Djj2kKvQjSBxg_-Wjy9wr6gS-B8nZg-DW6-mduh-Py4fpw_0hg== 

                                        
                                            
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Fri, 04 Nov 2022 23:55:48 GMT 

                                        
                                            
age: 27164 

                                        
                                            
etag: "39da4f78058b565bfcaad4ced6f1b59a2bf6a421" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   3898

                                                Md5:    e6627701fe981336792076df0c21937b

                                                Sha1:   39da4f78058b565bfcaad4ced6f1b59a2bf6a421

                                                Sha256: aad9c8d5dbf34cbfc79bd5a69eb84e83880991f6765b955195b8ab515cab076b

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 7783 

                                        
                                            
x-amzn-requestid: c8f73eac-612d-48e3-a655-41525e97331c 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: apxM8H7aoAMFT3w= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-635a2f1f-5470c77a30a11b9423f56837;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Thu, 27 Oct 2022 07:11:27 GMT 

                                        
                                            
x-amz-cf-pop: SEA73-P1 

                                        
                                            
x-cache: Hit from cloudfront 

                                        
                                            
x-amz-cf-id: FLFsF-1gAeN0HiZnS03oNMNajnwk12P-5Aro-QOcQNFtkjknh9g5FA== 

                                        
                                            
via: 1.1 0c04e836dfe22246a870a0f54a2d4746.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Fri, 04 Nov 2022 19:19:17 GMT 

                                        
                                            
age: 43755 

                                        
                                            
etag: "75805b9f03aef14cfad025259936ae5f217d25ca" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   7783

                                                Md5:    7a3b1551512640bb8f5e7deb80c32272

                                                Sha1:   75805b9f03aef14cfad025259936ae5f217d25ca

                                                Sha256: 5baa90853202e78cf9b59e9ab597e16ccfbf143d7e124583e64dc1ad1ee2c2df

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1 

                                        
                                            
Host: img-getpocket.cdn.mozilla.net

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 

                                        
                                            
Accept: image/avif,image/webp,*/* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Origin: null 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: image 

                                        
                                            
Sec-Fetch-Mode: cors 

                                        
                                            
Sec-Fetch-Site: cross-site

                                         34.120.237.76

                                        
                                            HTTP/2 200 OK 

                                        
                                            
content-type: image/jpeg

                                        

                                        
                                            
server: nginx 

                                        
                                            
content-length: 10462 

                                        
                                            
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c 

                                        
                                            
x-xss-protection: 1; mode=block 

                                        
                                            
access-control-allow-origin: * 

                                        
                                            
strict-transport-security: max-age=63072000; includeSubdomains; preload 

                                        
                                            
x-frame-options: DENY 

                                        
                                            
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 

                                        
                                            
x-amz-apigw-id: aMF6oEz_oAMF8Hg= 

                                        
                                            
x-content-type-options: nosniff 

                                        
                                            
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0 

                                        
                                            
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT 

                                        
                                            
x-amz-cf-pop: SEA73-P1 

                                        
                                            
x-cache: Hit from cloudfront 

                                        
                                            
x-amz-cf-id: z6Lnru_eeTvRGdsz-q37-HGFgFfIT6fLSFcJBvT3oPjAPilszTWkDw== 

                                        
                                            
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google 

                                        
                                            
date: Fri, 04 Nov 2022 20:21:33 GMT 

                                        
                                            
age: 40019 

                                        
                                            
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c" 

                                        
                                            
cache-control: max-age=3600,public,public 

                                        
                                            
alt-svc: clear 

                                        
                                            
X-Firefox-Spdy: h2 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

                                                Size:   10462

                                                Md5:    4e2853cc6ec6223160471401e6871f4b

                                                Sha1:   f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c

                                                Sha256: bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

URL	goldrush.ug/zxcv.EXE
IP	193.106.191.169 (Russia)
ASN	#59940 Kanzas LLC
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-11-05 07:28:40 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	3
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (7)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 193.106.191.169

Last 5 reports on ASN: Kanzas LLC

Last 5 reports on domain: goldrush.ug

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (19)

Overview

Domain Summary (7)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 193.106.191.169

Last 5 reports on ASN: Kanzas LLC

Last 5 reports on domain: goldrush.ug

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (19)

Network Intrusion Detection Systems