Overview

URL getapp.mennythanks.com/up/dl/1576740781970921/CEUpdater.exe
IP159.223.171.32
ASNDIGITALOCEAN-ASN
Location United States
Report completed2022-06-14 20:21:54 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-06-14 2 getapp.mennythanks.com/up/dl/1576740781970921/CEUpdater.exe Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

URL getapp.mennythanks.com/up/dl/1576740781970921/CEUpdater.exe
IP  159.223.171.32
Magic PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows\012- data
Size 5440000
MD5 b36a396dd00dc57c472475165f742c63
SHA1 80d3e36e51a32501deb73e1ecb8a34877228a828
SHA256 67acddda7726183db30ad749cbc2a8ac1929d9c50bc3d1ef7f60852f57b879a9
Analyzer Analysed Verdict Comment
VirusTotal 2022-05-10 00:48:08 44/60


Passive DNS (8)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-06-14 04:59:08 UTC 35.160.82.219
[Mnemonic Passive DNS] getapp.mennythanks.com (1) 0 2018-05-09 06:16:24 UTC 2022-06-14 17:16:14 UTC 159.223.171.32 Unknown ranking
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-06-14 08:54:13 UTC 34.120.237.76
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.35
[Mnemonic Passive DNS] r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-06-14 04:59:12 UTC 23.36.77.32
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-06-14 05:05:57 UTC 54.230.111.7
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-06-14 16:36:00 UTC 93.184.220.29


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 159.223.171.32

Date UQ / IDS / BL URL IP
2022-07-06 15:12:51 +0000
0 - 0 - 1 getapp.normandoh.com/up/dl/1576740781970921/C (...) 159.223.171.32
2022-07-05 18:23:59 +0000
0 - 0 - 1 getapp.mennythanks.com/up/dl/1576740781970921 (...) 159.223.171.32
2022-07-05 18:05:20 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32
2022-07-05 05:09:11 +0000
0 - 0 - 1 getapp.normandoh.com/up/dl/1576740781970921/C (...) 159.223.171.32
2022-07-04 17:58:10 +0000
0 - 0 - 1 getapp.mennythanks.com/up/dl/1576740781970921 (...) 159.223.171.32
2022-07-04 17:42:17 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32
2022-07-03 17:08:51 +0000
0 - 0 - 1 getapp.mennythanks.com/up/dl/1576740781970921 (...) 159.223.171.32
2022-07-03 17:00:54 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32
2022-06-28 07:05:46 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32
2022-06-27 22:18:41 +0000
0 - 0 - 1 getapp.knightsearcher.com/up/dl/1576740781970 (...) 159.223.171.32

Last 10 reports on ASN: DIGITALOCEAN-ASN

Date UQ / IDS / BL URL IP
2022-07-07 04:55:31 +0000
0 - 0 - 1 vabcdsbnjnvjdsbvbdsfb14.tk/ 159.65.162.194
2022-07-07 04:54:14 +0000
0 - 0 - 1 durymar.live/ 147.182.255.121
2022-07-07 04:54:03 +0000
0 - 0 - 1 206.189.151.48/C0deJdfd008f00d8fd0CH888Error8 (...) 206.189.151.48
2022-07-07 04:53:10 +0000
6 - 0 - 5 noislandlikee.ga/abc2/ENJdfdfdDEfMnifd0CH888E (...) 137.184.190.45
2022-07-07 04:52:48 +0000
198 - 0 - 206 foqoqksnns828.ga/erxczzxEr0rgdxvngEr0hjhvhhxE (...) 165.227.33.60
2022-07-07 04:48:07 +0000
0 - 0 - 3 przvgke.biz/uxpycyklldex 167.99.35.88
2022-07-07 04:30:09 +0000
0 - 0 - 14 mkkuei4kdsz.com/250/6.html 64.225.91.73
2022-07-07 04:05:35 +0000
0 - 0 - 1 getyoursystemchecked35.cf/ 128.199.2.59
2022-07-07 03:59:27 +0000
0 - 0 - 1 thespiannet.com/actresses/R/romijn_rebecca/ro (...) 174.138.114.162
2022-07-07 03:44:59 +0000
0 - 0 - 32 fastpayyou.com/ 165.22.209.173

No other reports on domain: mennythanks.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (17)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Content-Type, Content-Length, Alert, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 14 Jun 2022 20:15:54 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jWRdduATFqgHngA4-rQp8-UYWH-nSBuC0ih7asUcGzAugX7939fPJA==
Age: 349


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A72C5AD08B5111E1443CF8CC7A6A5F39EF196F8AE55C43D4902661F93D87F0C0"
Last-Modified: Tue, 14 Jun 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4707
Expires: Tue, 14 Jun 2022 21:40:10 GMT
Date: Tue, 14 Jun 2022 20:21:43 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Wed, 11 May 2022 19:51:39 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 14 Jun 2022 02:10:49 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8_gFZoiPLB9G3h60mo1pVZ58MsUmHSiTo4A7amWh_MHWcg18xtmzfQ==
age: 65455
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    48ca0beea419a9039591cf1aee5179e0
Sha1:   9e92629f505fcc07aab51221e8fe62197a23e307
Sha256: 630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Tue, 14 Jun 2022 20:21:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Expires, Content-Length, Retry-After, Last-Modified, ETag, Backoff, Cache-Control, Alert, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 14 Jun 2022 19:52:02 GMT
Expires: Tue, 14 Jun 2022 20:02:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Kn9gYeZEfazOA81lC6BFf0euPKPT_XT-tmv-uJakIsJLNNNoj-oaMw==
Age: 1782


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4380
Cache-Control: 'max-age=158059'
Date: Tue, 14 Jun 2022 20:21:44 GMT
Last-Modified: Tue, 14 Jun 2022 19:08:45 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: L5hrW++S5okw6MaQm50ffw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.160.82.219
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QJRb8K30uQIFvpHEAQtlUx9P0sc=

                                        
                                            GET /up/dl/1576740781970921/CEUpdater.exe HTTP/1.1 
Host: getapp.mennythanks.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         159.223.171.32
HTTP/1.1 200
Content-Type: application/octet-stream
                                        
Date: Tue, 14 Jun 2022 20:21:43 GMT
Server: Apache
transfer-encoding: chunked


--- Additional Info ---
Magic:  PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows\012- data
Size:   5440000
Md5:    b36a396dd00dc57c472475165f742c63
Sha1:   80d3e36e51a32501deb73e1ecb8a34877228a828
Sha256: 67acddda7726183db30ad749cbc2a8ac1929d9c50bc3d1ef7f60852f57b879a9

Alerts:
  Blocklists:
    - fortinet: Malware
  File Analyzers:
    - virustotal: 44/60
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F95A4059C8A915B6D9B7BA0C5BDA51F09B49C2201186279058C0925C41933780"
Last-Modified: Tue, 14 Jun 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6874
Expires: Tue, 14 Jun 2022 22:16:19 GMT
Date: Tue, 14 Jun 2022 20:21:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F95A4059C8A915B6D9B7BA0C5BDA51F09B49C2201186279058C0925C41933780"
Last-Modified: Tue, 14 Jun 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6873
Expires: Tue, 14 Jun 2022 22:16:19 GMT
Date: Tue, 14 Jun 2022 20:21:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F95A4059C8A915B6D9B7BA0C5BDA51F09B49C2201186279058C0925C41933780"
Last-Modified: Tue, 14 Jun 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6873
Expires: Tue, 14 Jun 2022 22:16:19 GMT
Date: Tue, 14 Jun 2022 20:21:46 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b1a78a-dfe3-4da6-8cc4-670373641c4b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5805
x-amzn-requestid: 90327810-34ff-467f-997f-c31978af33fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr3M2FXBoAMFV1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d252-23051fc8667ccf5900e76534;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:12:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: N5hZ3DM1NVxPFyqFEWSu8Ci6glNJhL8mg7GvkY_Ci7Q4mInzSMmA6g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:22:21 GMT
age: 71965
etag: "3c11fd7397db3e37c58413fa1fdbae424eaf08ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5805
Md5:    e09ac4b955c74af734b7d4ddebe46612
Sha1:   3c11fd7397db3e37c58413fa1fdbae424eaf08ab
Sha256: 1e24690d21d9c3b0cdb2979d1e6a7098e5c49aefa4a32dbe653a0d528309c3bb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1657ccb-775b-4dda-b423-860277072067.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8955
x-amzn-requestid: 90307d6c-5302-4634-ad00-075793054b22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr2akGv9oAMFXkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d110-5e97e65562b04a906c3d8d16;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:06:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: WxeVi1-SHYdYRzRknCQdUl2kim1tx2naavZ6P6FXgjWcJlKQPs05aw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:22:29 GMT
age: 71957
etag: "b31d36919e38303695fc13b2148a492110b4a25e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8955
Md5:    a08dfbf7829079acd1ec817ee3e9b7d7
Sha1:   b31d36919e38303695fc13b2148a492110b4a25e
Sha256: 7aabd38b322923b06b03e7b9653afb37f0cd7d42a7d345a9d1537c16888e944a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19656ace-f5a0-4eeb-889a-0f6881478fd3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 3296
x-amzn-requestid: ddc2e6c2-4d64-492a-a179-76a10929b73c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: TbWcNFD0IAMFW3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a13781-0e304b491cd966ce53db724b;Sampled=0
x-amzn-remapped-date: Wed, 08 Jun 2022 23:57:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: argdgB4ePSV3FnVUoA4YAtupbTmASlIWiwburSbQRij9b5Siq5rskw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 02:48:07 GMT
age: 63219
etag: "fdb396d5fb93f659505e291c6f58e0d63866f81d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3296
Md5:    a0bc556e638d4fc52eb433c2bd556134
Sha1:   fdb396d5fb93f659505e291c6f58e0d63866f81d
Sha256: 5e21c72a1e47e98e6d9ba654dbbca9c6841463a61b7e9715abb8a694ab2f719c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb85dbf6f-ac3a-4776-bd46-3131d1a8d2ca.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 11401
x-amzn-requestid: 8de8e602-100d-4d78-b886-b1e10166321f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr1z9FqEoAMFUQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d019-38c31cf429a51215475fd1e8;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:02:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YwWE_jGeZHj1y4T-3U7DcNJY9wbhpHqG0rotU9Oaa3Zclss9gNSR0w==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a2c13de7f3df76280ef01a6604863734.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:21:20 GMT
age: 72026
etag: "9411cb315834ec38b5be258918bb5bf94f576326"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11401
Md5:    4637dc49b9ad2aab43f0e12db6788bad
Sha1:   9411cb315834ec38b5be258918bb5bf94f576326
Sha256: 5d1c3d0e1d8e7e6d3a7c3c8a36822844118cdd5b476178bf437d59213ea15eaa
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F959739b2-768d-44e0-b071-f304f0621bf5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7466
x-amzn-requestid: 05dd3df0-31d7-4896-9a4e-ebd77a762a53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr2amFYqIAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d110-170b7f046920719b6e475e6c;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:06:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EfV_CLgkPMU0nkmFmYZ3Dgz9KhgLP_HD602rUG__OrxfuiWgeRV4xg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 4c19973ee1875e6ec362c34e124d0998.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:17:51 GMT
age: 72235
etag: "2047abc0cca965f398367c69ab20b50c8eb53829"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7466
Md5:    6dab028abe94cb9ec22e48c3daf1d3cb
Sha1:   2047abc0cca965f398367c69ab20b50c8eb53829
Sha256: ad5dbe404360e7c470b4743f21def6ee9077f3066f95fefb2212766014fc3151
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F281d19b8-294a-4d50-9f85-c828423dcb2c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5322
x-amzn-requestid: 56675e4f-cf95-4d94-bc7f-2b92750c25e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr1z_FVYoAMF13A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d019-0c195e745e78ecfa534770fe;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:02:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ME8XrsaeRLXyfAtENnw3_7WJFUHt0f5GioBW3GNt39TXwtrgMYFybQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 14 Jun 2022 00:22:42 GMT
age: 71944
etag: "fc2ab285a8c9c8ca87da23cee7dc15ab23c87566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5322
Md5:    e2e15c95534f6ad85dc48582b36ca763
Sha1:   fc2ab285a8c9c8ca87da23cee7dc15ab23c87566
Sha256: 09b60320e886b7376c4c01ff9eb1b6ce9fd651742d732b528f98cd77423c20af