Overview

URLtamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
IP 149.62.169.16 (Spain)
ASN#50926 Axarnet Comunicaciones, S.l.
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-25 05:24:42 UTC
StatusLoading report..
IDS alerts0
Blocklist alert14
urlquery alerts No alerts detected
Tags None

Domain Summary (11)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
tamarafreitas.com (19) 0 2021-09-09 16:21:43 UTC 2022-11-24 19:39:51 UTC 149.62.169.16 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-24 05:30:55 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.43.228.5
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68
cfspart.impots.gouv.fr (2) 643420 2017-02-05 07:17:33 UTC 2022-11-24 14:12:55 UTC 145.242.11.27
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (8) 344 No data No data 23.36.77.32
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-24 05:36:55 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ocsp.usertrust.com (1) 899 2012-05-21 15:43:18 UTC 2021-11-02 18:02:09 UTC 104.18.32.68

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-11-24 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) DGI (French Tax Authority)

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing
2022-11-25 2 tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node2 (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 149.62.169.16
Date UQ / IDS / BL URL IP
2022-12-06 12:49:12 +0000 27 - 0 - 14 tamarafreitas.com/LESS9382JS/ESATEESF433BVSED (...) 149.62.169.16
2022-12-06 10:03:05 +0000 27 - 0 - 15 tamarafreitas.com/LESS9382JS/ESATEESF433BVSED (...) 149.62.169.16
2022-12-04 11:22:37 +0000 0 - 0 - 17 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16
2022-12-03 18:34:26 +0000 0 - 0 - 13 tamarafreitas.com/reservas/font/Ace_Sans/saud (...) 149.62.169.16
2022-11-25 05:24:42 +0000 0 - 0 - 14 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16


Last 5 reports on ASN: Axarnet Comunicaciones, S.l.
Date UQ / IDS / BL URL IP
2023-02-02 02:05:23 +0000 0 - 0 - 5 www.barbacoasevilla.com/inc/chf/ar/confirm.php 188.164.194.124
2023-02-02 01:19:36 +0000 0 - 0 - 2 www.serranillosdelvalle.es/portal/valoracion- (...) 188.164.194.206
2023-02-01 22:42:32 +0000 0 - 0 - 33 fisioterapiaenvigo.es/ 185.176.9.170
2023-02-01 21:42:41 +0000 0 - 0 - 33 fisioterapiaenvigo.es/ 185.176.9.170
2023-02-01 08:11:49 +0000 0 - 0 - 3 tecni-soft.com/ACCESORIOS/Xqp/ 84.246.215.168


Last 5 reports on domain: tamarafreitas.com
Date UQ / IDS / BL URL IP
2022-12-06 12:49:12 +0000 27 - 0 - 14 tamarafreitas.com/LESS9382JS/ESATEESF433BVSED (...) 149.62.169.16
2022-12-06 10:03:05 +0000 27 - 0 - 15 tamarafreitas.com/LESS9382JS/ESATEESF433BVSED (...) 149.62.169.16
2022-12-04 11:22:37 +0000 0 - 0 - 17 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16
2022-12-03 18:34:26 +0000 0 - 0 - 13 tamarafreitas.com/reservas/font/Ace_Sans/saud (...) 149.62.169.16
2022-11-25 05:24:42 +0000 0 - 0 - 14 tamarafreitas.com/reservas_2/font/Ace_Sans/OT (...) 149.62.169.16


No other reports with similar screenshot

JavaScript

Executed Scripts (1)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (44)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8884
Expires: Fri, 25 Nov 2022 07:52:35 GMT
Date: Fri, 25 Nov 2022 05:24:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D4128F90CEE4C418DF48D8236AF8B6529BC8B9B87921D20B4915358161C2DFB1"
Last-Modified: Thu, 24 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17292
Expires: Fri, 25 Nov 2022 10:12:43 GMT
Date: Fri, 25 Nov 2022 05:24:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4324
Cache-Control: max-age=109124
Date: Fri, 25 Nov 2022 05:24:31 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 11:43:15 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10742
Expires: Fri, 25 Nov 2022 08:23:33 GMT
Date: Fri, 25 Nov 2022 05:24:31 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 05:17:24 GMT
cache-control: public,max-age=3600
age: 427
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: YmTpL7VdAS5SKdaxB2eJ/NbSZCxm3DghkEBV10S2tIh9XWl8KdWMAD/9Lwe6wtIR4WvTykCeqxk=
x-amz-request-id: 8936M1FAS60KGENJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 04:40:40 GMT
age: 2631
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 14:32:01 GMT
ETag: "30b0-5ee2426d0ba40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 3105
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (308)
Size:   3105
Md5:    50477e01c4729888031bbd28fd891389
Sha1:   c992061f22407e4769984e527815cae22b263de4
Sha256: eff213913cc51cf9b9743e2e6c2b65ba74a8507e78347756af96226982a0dcf7

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 25 Nov 2022 05:24:31 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/application2.9.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "c31-57b0829281200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 961
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   961
Md5:    6bd5729eab64b6b818d71ec94df199a0
Sha1:   e524f4227989cad420c8420ca30d0b55b7ec0b89
Sha256: 1d39a4f3cf58c3cd31caa2ee9212b5dde6de2e4d6caa2eaa2f3e164f2eb62c2f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery.min.js.a.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery-ui.js.b.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/datepicker-jquery-ui.js HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/bootstrap.js.d.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.js.e.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/satelit.js.f.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/boutonsgeneriques.js.12 HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/dialogue.js.11.delaye HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "65d5e-57b0829281200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (65368)
Size:   82166
Md5:    537620cf9cd248b48a89cf20754ac51f
Sha1:   c33fadbe3c75124384d99ba2f1deb817b32e919f
Sha256: cfb13152305d35d13df83c4032dc8f3de604c4657a558196631aaebaf9fedf5b
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 05:08:53 GMT
cache-control: public,max-age=3600
age: 938
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/exclamation.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "2bd-57b0829281200"
Accept-Ranges: bytes
Content-Length: 701
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   701
Md5:    e4dd51f46566ed3ceacdc900bf2fdf01
Sha1:   a460cc5ceaca30e0338ea784c6a0a83efdcfca31
Sha256: c89b56c55b934b1f05ef01d47aa7169b5ca0322c37d1fcf62b067d660eb29f12
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/suit.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "5b1-57b0829281200"
Accept-Ranges: bytes
Content-Length: 1457
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 88 x 68, 8-bit/color RGB, non-interlaced\012- data
Size:   1457
Md5:    b8f3245ef96c6b7e0d6724f9930f8cf5
Sha1:   41a1509019219d6efe2ae0ecd9dcf9de1c1417f9
Sha256: ad20b04fe8aa8e8c54449b387d21e854198e618a820bbca3f8a8bb01f62b0761
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/ta3.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 05:24:31 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "1b0-57b0829281200"
Accept-Ranges: bytes
Content-Length: 432
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 17 x 19, 8-bit/color RGB, non-interlaced\012- data
Size:   432
Md5:    9ae0b7a7040b979825e1d4c8fb9589a3
Sha1:   d838d04af56a4a081397c8b9c73219c5c4805e6b
Sha256: bda626f9a65798d374231e7a83027fbb2dbb53b9e7662a247f32a4de1b03b4f2
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/boutton.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "3e9-57b0829281200"
Accept-Ranges: bytes
Content-Length: 1001
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 107 x 37, 8-bit/color RGB, non-interlaced\012- data
Size:   1001
Md5:    bbeb4383154a9c108865ac7a04d28886
Sha1:   cc9d69202a0742e699490586c1e03f3be426c243
Sha256: 833cf2f16ce40bd7ddd7b31bce4ce464d92e9cbe032fc12675fd80ef55239a6f
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.20.del HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00"
Accept-Ranges: bytes
Content-Length: 11812
Vary: Accept-Encoding
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   11812
Md5:    e58a860d8e41196fe5a0d71131d5f341
Sha1:   eb3088e3a139889d331af84dcf3e06fba2613c63
Sha256: b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /reservas_2/cfspart.impots.gouv.fr/stl/styles/rwd/img/favicon-152.png HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_confirmationerr.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2022 17:25:01 GMT
ETag: "719-5e80579f03efb"
Accept-Ranges: bytes
Content-Length: 1817
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=297
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size:   1817
Md5:    9f3e4c2e5bca00e0d1a5667ec3876881
Sha1:   769ed6d0b884bf25025ed37ee437e6ee21601d64
Sha256: 082c5eba49fccc8b9d7bb3594c72ffb1e741eb051a806af3daf126a294e5da2f
                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.21.del HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00"
Accept-Ranges: bytes
Content-Length: 11812
Vary: Accept-Encoding
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=297
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   11812
Md5:    e58a860d8e41196fe5a0d71131d5f341
Sha1:   eb3088e3a139889d331af84dcf3e06fba2613c63
Sha256: b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3569
Cache-Control: max-age=103306
Date: Fri, 25 Nov 2022 05:24:32 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:06:18 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.22.del HTTP/1.1 
Host: tamarafreitas.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         149.62.169.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=296
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size:   4017
Md5:    2d5605a88880ddef7fb72a9280900f78
Sha1:   9729a6edf55c86a130364c3daaa9163caa132570
Sha256: 17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 10:12:16 GMT
Expires: Wed, 30 Nov 2022 10:12:15 GMT
Etag: "56bd11cefa7ffbba217fe6305ce065fce4b0ae80"
Cache-Control: max-age=602758,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 91
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f7f5657ccd0b4d-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    4acf128ebf36446272a690550af5cdfb
Sha1:   56bd11cefa7ffbba217fe6305ce065fce4b0ae80
Sha256: 7e361f2e2ef74f999fca6c51ccfb030e996dbee63256ccc2e16276c03d023e88
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 18:59:04 GMT
Expires: Mon, 28 Nov 2022 18:59:03 GMT
Etag: "9cae75546ae058f3e75bb3543d8a5d8ba4d4b47e"
Cache-Control: max-age=307470,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7f5658f11b52d-OSL

                                        
                                            GET /stl/styles/rwd/img/favicon.ico HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Set-Cookie: lemondgfipprodpart=_test_client; domain=cfspart.impots.gouv.fr; path=/
Pragma: no-cache
Connection: close
Location: https://cfspart.impots.gouv.fr/LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL3N0bC9zdHlsZXMvcndkL2ltZy9mYXZpY29uLmljbw==
Content-Length: 324


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   324
Md5:    17efb749d9472c5c4ee9511ac32349d6
Sha1:   d427f9a8dd211391276970116539e8d38b2455db
Sha256: 0197564551359801a069d06a2455b5a9dc6e0ee06a855e8f1419c409764ecc5e
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xnqLQH76C2v0flcod+giuQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.43.228.5
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dJfxbhYtBLjGi/NN2xiUI9hGmm0=

                                        
                                            GET /LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL3N0bC9zdHlsZXMvcndkL2ltZy9mYXZpY29uLmljbw== HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tamarafreitas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
                                        
Date: Fri, 25 Nov 2022 05:24:32 GMT
Server: Apache
Set-Cookie: ctxcfs=3b51e5f4f9631678e58fce83fd8d989c; domain=cfspart.impots.gouv.fr; path=/
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' https://app.franceconnect.gouv.fr https://cfsfc.impots.gouv.fr ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Via: dpapusx027
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12868
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (464)
Size:   12868
Md5:    55216e1718339791e12ea57c86065128
Sha1:   a4135d46121e1e2ba084bccd87551d63ed96bd83
Sha256: fc98215923c03b96bc4c95c555eb0dcc7b21da736c971f871534870ca1e52966
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14579
Expires: Fri, 25 Nov 2022 09:27:32 GMT
Date: Fri, 25 Nov 2022 05:24:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14579
Expires: Fri, 25 Nov 2022 09:27:32 GMT
Date: Fri, 25 Nov 2022 05:24:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14579
Expires: Fri, 25 Nov 2022 09:27:32 GMT
Date: Fri, 25 Nov 2022 05:24:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14579
Expires: Fri, 25 Nov 2022 09:27:32 GMT
Date: Fri, 25 Nov 2022 05:24:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14579
Expires: Fri, 25 Nov 2022 09:27:32 GMT
Date: Fri, 25 Nov 2022 05:24:33 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4270
x-amzn-requestid: 7327f8fb-804b-4d09-83dc-628e35ffa74b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8xFwXoAMFkqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-33f83cea2c585279140f4f59;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rKROwsZ-X8yDd4iVaYBaNFe6bgHaThxafIt76PBgLoOTrPMqAVQ9iQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:22:43 GMT
age: 25310
etag: "6217a262002244ef3f2e8034076a735cafd9888a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4270
Md5:    648677a7e7bab1896a190d2e5fb7243c
Sha1:   6217a262002244ef3f2e8034076a735cafd9888a
Sha256: 72f2913f7c0770ebab0f2683bdc1ec5a5db8872e8f2c62a8fd5c9178b95dbb06
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 1205
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    841a4b110022a99ddea6f7bf66df0fa1
Sha1:   126771b86638108050cf57c0d12faa27f80f0edb
Sha256: 240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 3693
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    4006a9037ab5f28dca62b0aa7a704c41
Sha1:   74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
Sha256: 556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e6e0ab1-c4cf-40e6-973b-bb3db1a860e8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11586
x-amzn-requestid: 30d340e5-328d-4f00-8cd4-3cb6e2b50265
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8JtyEIHoAMFdnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b2324-09bb4d434ff852b456537e15;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:05:08 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: TYDelnop2OJO_fQdmSzyZJLYx94FU1GxYpDjWCTp3moRS7qzibvTSA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:56:21 GMT
age: 77292
etag: "46ee95ebee3d60f64d2b7f568673b13ea27a42a3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11586
Md5:    c6b9b5ebc32235ed8f3e15df013963f0
Sha1:   46ee95ebee3d60f64d2b7f568673b13ea27a42a3
Sha256: 4fdf6f239f6931442d93a00acd8af1f5192f77143885945c27e137ef3683338e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3e55f70-58c6-4585-a420-ac74e1b8c6dd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10679
x-amzn-requestid: aec8d040-d4e6-4185-b71e-7c049617ebc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b4J3VEM5IAMFtcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637989c8-42b520ea3af2a2086ad416ad;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 01:58:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AqpyU32i39pVq4O_-tSo8Bup9eNgoPGBq_lKyeXYUsN1BapLq-xGGg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 06:12:03 GMT
age: 83550
etag: "2ec124224738807229328a3ade6ca493ccf4b287"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10679
Md5:    e2580ebded0a32ceecc3083ae1db2b37
Sha1:   2ec124224738807229328a3ade6ca493ccf4b287
Sha256: 010eeda33c923e2166851da1e131dcc21419d1f4f28995617ca93332ce4be08c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b4f6042-6f6f-4572-b535-71b1a4b587e8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6049
x-amzn-requestid: 96e5c00c-1565-4e9f-aa5b-6da99785a03b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brsokHSgoAMF_RQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748e36-547f241a67f3703958f2eade;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:16:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: ervQ6cnvMZQnKghtBl269cRlf2ypuwuI1VBAzsKov8sbpCQUfei4Gg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:09:15 GMT
age: 4518
etag: "29edd439b6e7894bc4771fc655a50d926f349a08"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6049
Md5:    73f65dfa986cf95e8fb459778b945c59
Sha1:   29edd439b6e7894bc4771fc655a50d926f349a08
Sha256: c6182797d5fce1a086580a338929e851a73ccb75e6432b12969aae6f0952fa27