urlquery - report: tofancorneliu.com/PClient.exe

Overview

URL	tofancorneliu.com/PClient.exe
IP	148.251.75.177
ASN	Hetzner Online GmbH
Location	Germany
Report completed	2022-07-01 16:31:31 UTC
Status	Loading report..
urlquery Alerts	Phishing - Microsoft Services

Settings

UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Blocklists

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2022-07-01	2	tofancorneliu.com/PClient.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

Files

No files detected

Passive DNS (8)

Passive DNS Source	Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
[Mnemonic Passive DNS]	ocsp.digicert.com (1)	86	2012-11-29 12:49:49 UTC	2022-07-01 15:56:06 UTC	93.184.220.29
[Mnemonic Passive DNS]	push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2022-07-01 14:37:30 UTC	52.34.226.44
[Mnemonic Passive DNS]	img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-07-01 14:37:32 UTC	34.120.237.76
[Mnemonic Passive DNS]	tofancorneliu.com (2)	0	2022-01-13 11:34:28 UTC	2022-04-15 04:38:34 UTC	148.251.75.177	Unknown ranking
[Mnemonic Passive DNS]	firefox.settings.services.mozilla.com (2)	867	2016-03-17 08:25:01 UTC	2020-05-25 20:01:47 UTC	54.230.111.7
[Mnemonic Passive DNS]	r3.o.lencr.org (4)	344	2020-12-02 08:52:13 UTC	2022-07-01 12:51:19 UTC	23.36.76.226
[Mnemonic Passive DNS]	content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-07-01 05:33:42 UTC	54.230.111.99
[Mnemonic Passive DNS]	contile.services.mozilla.com (1)	1114	No data	No data	34.117.237.239

Recent reports on same IP/ASN/Domain

Last 9 reports on IP: 148.251.75.177

Date	UQ / IDS / BL	URL	IP
2022-08-08 01:52:22 +0000	0 - 0 - 1	pancakefinswap.pancakeswapsfinances.com/	148.251.75.177
2022-07-10 14:07:51 +0000	0 - 0 - 5	theagencymg.com/	148.251.75.177
2022-07-09 02:14:40 +0000	0 - 0 - 5	theagencymg.com/	148.251.75.177
2022-07-02 16:31:54 +0000	0 - 0 - 1	therealpatric.com/Cryptonator.exe	148.251.75.177
2022-07-02 16:22:03 +0000	0 - 0 - 1	tofancorneliu.com/PClient.exe	148.251.75.177
2022-07-01 16:31:32 +0000	0 - 0 - 1	therealpatric.com/Cryptonator.exe	148.251.75.177
2022-07-01 06:27:40 +0000	0 - 0 - 1	tofancorneliu.com/PClient.exe	148.251.75.177
2022-06-30 16:44:26 +0000	0 - 0 - 1	tofancorneliu.com/PClient.exe	148.251.75.177
2022-06-30 16:42:16 +0000	0 - 0 - 1	therealpatric.com/Cryptonator.exe	148.251.75.177

Last 10 reports on ASN: Hetzner Online GmbH

Date	UQ / IDS / BL	URL	IP
2022-08-20 04:59:07 +0000	2 - 0 - 0	www.tids.biz/	78.46.48.204
2022-08-20 04:02:02 +0000	0 - 0 - 28	aszoran.hr/natus-aut/documents.zip	95.217.76.40
2022-08-20 02:03:35 +0000	0 - 0 - 1	biodigy.ro/aaa/mtt/login.php	188.40.93.203
2022-08-20 01:58:22 +0000	0 - 0 - 6	odeon.co.in/js/jXaaAx2dNgG0/	148.251.13.45
2022-08-20 01:57:03 +0000	0 - 0 - 8	odeon.co.in/js/jeI6pySSN3302iiZvN/	148.251.13.45
2022-08-20 00:23:48 +0000	2 - 0 - 0	shincheonji.eu/	88.99.160.140
2022-08-19 22:51:53 +0000	2 - 0 - 0	www.tids.biz/	78.46.48.204
2022-08-19 22:48:43 +0000	0 - 0 - 1	siasky.net/eaagbwrx950hfvfyvzrpuaxr91cctcflll (...)	65.21.195.162
2022-08-19 20:34:42 +0000	0 - 0 - 2	odeon.co.in/js/jXaaAx2dNgG0/	148.251.13.45
2022-08-19 20:33:14 +0000	0 - 0 - 2	odeon.co.in/js/jeI6pySSN3302iiZvN/	148.251.13.45

Last 3 reports on domain: tofancorneliu.com

Date	UQ / IDS / BL	URL	IP
2022-07-02 16:22:03 +0000	0 - 0 - 1	tofancorneliu.com/PClient.exe	148.251.75.177
2022-07-01 06:27:40 +0000	0 - 0 - 1	tofancorneliu.com/PClient.exe	148.251.75.177
2022-06-30 16:44:26 +0000	0 - 0 - 1	tofancorneliu.com/PClient.exe	148.251.75.177

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (18)

Request	Response
GET /PClient.exe HTTP/1.1 Host: tofancorneliu.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	$Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 209 Md5: e430b9a6206241cdd25ff09e94ce76f7$ 148.251.75.177 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx/1.20.2 Date: Fri, 01 Jul 2022 16:31:18 GMT Transfer-Encoding: chunked Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 209 Md5: e430b9a6206241cdd25ff09e94ce76f7 Sha1: e385a84aa6fd25d08d18b6a9f6c87addcf614565 Sha256: ad27ca0514febfaf34284937a382d1a367611adf7da0d1a5f324a71fb695ea76 Alerts: Blocklists: - fortinet: Malware
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 91dd975a7b17b2922dd23c0e49314e40$ 54.230.111.7 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Fri, 01 Jul 2022 15:48:59 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: KEaVFQ0W4gk7aqz22Rwmf9KVxpEdBKZWJwXTLU7YGlg7tO5Q8evOHA== Age: 2539 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 91dd975a7b17b2922dd23c0e49314e40 Sha1: 57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2 Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "3E2650132BC75A58C9B08C2A69EC353237F48E840D9D2481F9D5E63D92ABBC6F" Last-Modified: Wed, 29 Jun 2022 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4915 Expires: Fri, 01 Jul 2022 17:53:13 GMT Date: Fri, 01 Jul 2022 16:31:18 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: f877dcf1049551cb05fe926e4b94fb51 Sha1: 2f5c8da538c78853b68ca58a3df5dd64b032291b Sha256: 3e2650132bc75a58c9b08c2a69ec353237f48e840d9d2481f9d5e63d92abbc6f
GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	$Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 581454acdd98f34fd3fbabd0977ade29$ 54.230.111.99 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 last-modified: Tue, 21 Jun 2022 12:10:22 GMT content-disposition: attachment accept-ranges: bytes server: AmazonS3 date: Fri, 01 Jul 2022 03:26:42 GMT etag: "581454acdd98f34fd3fbabd0977ade29" x-cache: Hit from cloudfront via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: sXU3N8aihfZ9P1vpG4K93u-5vsshGz2hE4WSKQ-KeBK36ejXhSYObA== age: 47077 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 581454acdd98f34fd3fbabd0977ade29 Sha1: d8d86c0b513137aeb85de01cea7b272c35eb6ab4 Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
GET /favicon.ico HTTP/1.1 Host: tofancorneliu.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://tofancorneliu.com/PClient.exe	$Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 209 Md5: 18ffb59b61525f781cf9251045be575d$ 148.251.75.177 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx/1.20.2 Date: Fri, 01 Jul 2022 16:31:18 GMT Transfer-Encoding: chunked Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 209 Md5: 18ffb59b61525f781cf9251045be575d Sha1: bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d Sha256: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6$ 34.117.237.239 HTTP/2 200 OK server: nginx date: Fri, 01 Jul 2022 16:31:18 GMT content-type: application/json content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243$ 54.230.111.7 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Cache-Control: max-age=3600 Date: Fri, 01 Jul 2022 15:38:48 GMT Expires: Fri, 01 Jul 2022 16:11:33 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: DLl0zjMgTmqEDYBywaeqJGuozhadJxajBv0H_mbyGCJBq9Mn_x-zTg== Age: 3151 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 6197 Cache-Control: 'max-age=158059' Date: Fri, 01 Jul 2022 16:31:19 GMT Last-Modified: Fri, 01 Jul 2022 14:48:02 GMT Server: ECS (ska/F704) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: a5af35b6c6d203c1f7943571f558c790 Sha1: 832cfc0aff6943cf487e007f97216fd91ee45713 Sha256: 8f1ee2202e24b6dc484d8b6b284ee6d4153e802386344e5edc106b5c1d6a0777
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: CvQfWNUKkxGFGMn4lFAasg== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	52.34.226.44 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: yeKBVnh5rpYJScgzPGTTVas3ALs= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "6A0721423C3B7EF429DA855641043D8F038DA4FFF1A788C1273BA18B1C0C9F8B" Last-Modified: Wed, 29 Jun 2022 07:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6639 Expires: Fri, 01 Jul 2022 18:22:00 GMT Date: Fri, 01 Jul 2022 16:31:21 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d538dea07a9f0bd634392c5975b0fa70 Sha1: 0b80d11db004a10fe57cf73757a6d7b00b698f12 Sha256: 6a0721423c3b7ef429da855641043d8f038da4fff1a788c1273ba18b1c0c9f8b
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "6A0721423C3B7EF429DA855641043D8F038DA4FFF1A788C1273BA18B1C0C9F8B" Last-Modified: Wed, 29 Jun 2022 07:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6639 Expires: Fri, 01 Jul 2022 18:22:00 GMT Date: Fri, 01 Jul 2022 16:31:21 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d538dea07a9f0bd634392c5975b0fa70 Sha1: 0b80d11db004a10fe57cf73757a6d7b00b698f12 Sha256: 6a0721423c3b7ef429da855641043d8f038da4fff1a788c1273ba18b1c0c9f8b
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "6A0721423C3B7EF429DA855641043D8F038DA4FFF1A788C1273BA18B1C0C9F8B" Last-Modified: Wed, 29 Jun 2022 07:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6639 Expires: Fri, 01 Jul 2022 18:22:00 GMT Date: Fri, 01 Jul 2022 16:31:21 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d538dea07a9f0bd634392c5975b0fa70 Sha1: 0b80d11db004a10fe57cf73757a6d7b00b698f12 Sha256: 6a0721423c3b7ef429da855641043d8f038da4fff1a788c1273ba18b1c0c9f8b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd936a38-7fb2-43eb-b94b-bd2c81ade0b1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6777 Md5: da6177e6bf4587c118780e44a2277b81$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 6777 x-amzn-requestid: c005a5ae-e474-43cb-9973-43dd74949627 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Ujh1tGKcIAMF3Jw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62be168a-25378680023affeb0bffc59f;Sampled=0 x-amzn-remapped-date: Thu, 30 Jun 2022 21:32:58 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: RPW8qGTETJUd9kgX5ob-4cOqTzbg_u_e6b9QNyN4cjv2XJqPpfe5tw== via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google date: Thu, 30 Jun 2022 21:40:27 GMT age: 67854 etag: "3ef7bccae71f2082f56d185cb2e009f35eee08df" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6777 Md5: da6177e6bf4587c118780e44a2277b81 Sha1: 3ef7bccae71f2082f56d185cb2e009f35eee08df Sha256: e49dafb03a8e282c3137b9efa813a9b0da81da02d1f128e40b9609d31d62d9bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc64139e3-1714-4207-9f83-6963efdebdb1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11303 Md5: b38a21dc4af2a753ec1149a58eca2ee2$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 11303 x-amzn-requestid: 133e1b8e-7db3-4337-92a0-b693c3ba40aa x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UeQEkHN1IAMF6qQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62bbfa1d-65b9ee0025592952377ccb6d;Sampled=0 x-amzn-remapped-date: Wed, 29 Jun 2022 07:07:09 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: b6w4cQYK6SWIq1ovO9TD7-v9aiHUWt03LDuS6OeVOQ2GRV100sif2g== via: 1.1 cb2af39fbf29fa8b3d7f263c2b822092.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google date: Fri, 01 Jul 2022 07:08:00 GMT age: 33801 etag: "91d2dc48008a198adb2b740bec1843a146f826c1" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11303 Md5: b38a21dc4af2a753ec1149a58eca2ee2 Sha1: 91d2dc48008a198adb2b740bec1843a146f826c1 Sha256: 2e56992e4642c248dd330fc1343977dedd2ec4e944564214be432f3f390488e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6db634e-e239-4b93-881b-a8655a27d650.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8188 Md5: a00287c642d20230cf09897d4c7cf848$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 8188 x-amzn-requestid: 27339e76-dbd1-45f6-b0d3-d60795d3402c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Uji5yEvRIAMFoEg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62be183e-71771e9a59cd04481fa7155b;Sampled=0 x-amzn-remapped-date: Thu, 30 Jun 2022 21:40:14 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: y54qk4SpJnKkEfEgUen1gHReCShGpS4xp0xsZEA_JUiiNRQplScSyA== via: 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google date: Thu, 30 Jun 2022 21:45:22 GMT age: 67559 etag: "bce84b1e6ac56efc7ad37190eeefd129183d2a2b" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8188 Md5: a00287c642d20230cf09897d4c7cf848 Sha1: bce84b1e6ac56efc7ad37190eeefd129183d2a2b Sha256: 6e2b5ba420cba4324d3f1232a680ebff32babd2bc7fbc125d16f32b7bdc19b34
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5924f935-0276-4e17-ba18-fa6068a5ba5a.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5364 Md5: 381cdb6fbff5b63b25b18e2d77244459$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 5364 x-amzn-requestid: 47e44630-87ca-42c5-a760-b4bded4ff279 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UdmfaEgCIAMF1OA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62bbb795-1818d13527ac259b38e9b2e0;Sampled=0 x-amzn-remapped-date: Wed, 29 Jun 2022 02:23:17 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: zXSsHUwt9aXpoanVAWi1Sr5PtQLcs1lt5lnbJLWT6Jo7BrUw_eY6Uw== via: 1.1 7f5c6f79ed16052a7a2f78b6025bcf5e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google date: Thu, 30 Jun 2022 21:53:08 GMT age: 67093 etag: "be19836a433d7f3f6f4a887315a24c202781d62d" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5364 Md5: 381cdb6fbff5b63b25b18e2d77244459 Sha1: be19836a433d7f3f6f4a887315a24c202781d62d Sha256: 5bf3d36d33e492f39ab2ce799229fa03eec9658004db0bf2c435697bfe005cb2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1934ff6c-738b-4ee1-a3a7-f172a73da4bd.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10798 Md5: 23c2976b6fa0265e05566907f71bd9e3$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 10798 x-amzn-requestid: ec008800-0485-48fc-ad7d-1f28baff782f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UjickERbIAMF1NA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62be1783-328a674d1742f9c236542ec2;Sampled=0 x-amzn-remapped-date: Thu, 30 Jun 2022 21:37:07 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: DHgMQWYyTZNuMEB2s4asXKcQbk-GuDVYQydDSTf9vvvDDkoEgrXOEQ== via: 1.1 ca66331b52971370c4e54619e8a952cc.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google date: Thu, 30 Jun 2022 21:51:28 GMT age: 67193 etag: "7db6b42dda26780d3a6cf5c9e3761db08722c630" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10798 Md5: 23c2976b6fa0265e05566907f71bd9e3 Sha1: 7db6b42dda26780d3a6cf5c9e3761db08722c630 Sha256: a706e15acd54d9ffa304b4f931c811c57ba91e4d58c3970794a77eb873be3287
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1827d75f-c672-481c-b375-38f3a4dca1a1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10806 Md5: 185ef56a78c1076fd412a9253a6778ff$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 10806 x-amzn-requestid: c45c649d-fea4-4658-a9ea-bc9eca980bff x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UUXJ0FeWoAMF1OA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62b80571-730a5081162a24e47634a07b;Sampled=0 x-amzn-remapped-date: Sun, 26 Jun 2022 07:06:25 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: _zBbeU2gbvydtxyp8wMOZPCqJN_cEuvVDslPpDPB17DH7IbGsyJ4rQ== via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google date: Thu, 30 Jun 2022 21:49:25 GMT age: 67316 etag: "6c0e7eb6607d5237a9951aaf5943c2b40c783144" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10806 Md5: 185ef56a78c1076fd412a9253a6778ff Sha1: 6c0e7eb6607d5237a9951aaf5943c2b40c783144 Sha256: 589990fe4de2d7a61820b85ac1033b9ecf01e2f27f907d89312704cdd69bf94a