Overview

URLulgroup.ca/simc.rnis/5/login.php
IP 38.117.65.66 (United States)
ASN#12212 RAVAND
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-16 20:17:42 UTC
StatusLoading report..
IDS alerts0
Blocklist alert24
urlquery alerts No alerts detected
Tags None

Domain Summary (8)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-16 05:36:23 UTC 34.117.237.239
ulgroup.ca (29) 0 2019-03-28 13:11:26 UTC 2022-11-16 15:36:54 UTC 38.117.65.66 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 35.165.176.211
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-16 05:36:43 UTC 34.102.187.140

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-16 2 ulgroup.ca/simc.rnis/5/login.php Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/jquery-2.2.3.js Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/login-fast.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/login-easy.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/Error_Orange.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/GooglePlay.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/Experience.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/HuaweiStoreBadge.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/AppStoreBadge.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/login-secure.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/cookie-icon.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/icon-chat-thin.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/contact-blank-green.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/location-blank-green.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/cross-close-white.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/NedbankIcon.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/demo-icon.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/Arrow.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/outline-cheque.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/Eye-Show.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/close-gray.svg Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro.otf Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Bold.otf Phishing
2022-11-16 2 ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Medium.otf Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 38.117.65.66
Date UQ / IDS / BL URL IP
2022-11-17 15:36:33 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66
2022-11-17 15:35:16 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 20:17:42 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:37:05 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:35:16 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66


Last 5 reports on ASN: RAVAND
Date UQ / IDS / BL URL IP
2023-01-29 14:24:10 +0000 0 - 2 - 3 danoblab.com/wordpress_4/zxPS1i6oWXBbeK/ 38.117.65.129
2023-01-29 14:23:49 +0000 0 - 0 - 3 danoblab.com/wordpress_4/kSNthhP5C9KswzAC9cBMmku/ 38.117.65.129
2023-01-29 13:43:19 +0000 0 - 2 - 3 danoblab.com/wordpress_4/Fw/ 38.117.65.129
2023-01-29 11:15:16 +0000 0 - 0 - 3 danoblab.com/wordpress_4/kSNthhP5C9KswzAC9cBMmku/ 38.117.65.129
2023-01-29 11:15:07 +0000 0 - 2 - 3 danoblab.com/wordpress_4/zxPS1i6oWXBbeK/ 38.117.65.129


Last 5 reports on domain: ulgroup.ca
Date UQ / IDS / BL URL IP
2022-11-17 15:36:33 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66
2022-11-17 15:35:16 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 20:17:42 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:37:05 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:35:16 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-07 17:26:15 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121
2023-01-07 17:26:15 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121
2023-01-07 17:07:00 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121
2023-01-07 17:07:00 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121
2023-01-07 09:35:34 +0000 0 - 1 - 24 parkingcentral.net/nhrb.cnc/5/login.php?sessi (...) 209.140.22.121

JavaScript

Executed Scripts (4)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (49)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1AAC1C0926E545793D2040B114D2E064B175592A131BA27FF820FCD4AFF4B4E3"
Last-Modified: Wed, 16 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2918
Expires: Wed, 16 Nov 2022 21:06:09 GMT
Date: Wed, 16 Nov 2022 20:17:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2143
Cache-Control: max-age=139769
Date: Wed, 16 Nov 2022 20:17:31 GMT
Etag: "6374bbf5-1d7"
Expires: Fri, 18 Nov 2022 11:07:00 GMT
Last-Modified: Wed, 16 Nov 2022 10:31:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 16 Nov 2022 19:44:48 GMT
cache-control: public,max-age=3600
age: 1963
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "78D38FD21510D859549A7DF0C58C7F1F798E1BD83170DCA30FA87F91C1F80846"
Last-Modified: Wed, 16 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5104
Expires: Wed, 16 Nov 2022 21:42:35 GMT
Date: Wed, 16 Nov 2022 20:17:31 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: rMcTefi4JCE7qMlLmkRZFe4utAPafy/NbEtAaGoY3ZFvPUk62kwqfEvn446BLQbpIVxGwVuRzS4=
x-amz-request-id: NGBT3NMCXCVV2G8E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 16 Nov 2022 19:52:09 GMT
age: 1522
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 16 Nov 2022 20:17:31 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /simc.rnis/5/login.php HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Length: 5978
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1021), with CRLF line terminators
Size:   5978
Md5:    65be91aae4ebaaf320fcd5c69f7ff070
Sha1:   d92e06ae196f760e2682f8faf4bbed3b13fdc266
Sha256: f6c764a40b594886e5c6006f25e025356f53f1da987356573356370a445f4600

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 16 Nov 2022 19:25:01 GMT
cache-control: public,max-age=3600
age: 3150
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /simc.rnis/5/media/style.css HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-2369f"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   21381
Md5:    b5188b5b06ca8d23ef9a51f132fa882d
Sha1:   257bf6a4e64d69f4891fe5ad7e6b9293fc45ef3d
Sha256: 06eb1d608bf61bc856ea1f0d5b4bd2e2738cfeacf5f04de437d30f40b606a7dc
                                        
                                            GET /simc.rnis/5/media/styles.css HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-39f8a"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65352)
Size:   52635
Md5:    ad63180a938dc43960f04f3f8b47d7eb
Sha1:   ab94abbe9b498af48cf83d758b3eeeef9e9de367
Sha256: f5e63608a6b1d6cd34cfa59788218c87ac2f5c742d9d3758dbff517e56d79886
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5618
Cache-Control: max-age=138193
Date: Wed, 16 Nov 2022 20:17:32 GMT
Etag: "6374a83b-1d7"
Expires: Fri, 18 Nov 2022 10:40:45 GMT
Last-Modified: Wed, 16 Nov 2022 09:07:07 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /simc.rnis/5/media/jquery-2.2.3.js HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-3f258"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   93794
Md5:    0ff6ba94a96b3e2e8f02ec12d29a904c
Sha1:   6cf88c954625211e2c19dc1ada39f1f74c0dc7c0
Sha256: 75cb579bf39bbec390f3729e86c4923da201cc54308d052abc6a48bd597888ea

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/login-fast.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-14a6"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2974)
Size:   2475
Md5:    0d384279a848dfd5654fb54d6a869b84
Sha1:   2bb75d50842e3019fc40fd51846a5c57ac91284c
Sha256: 899133394d321325aaedeb7bbbede18c76b8ddb5b6e6f197a729da79501ba3d7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/login-easy.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-1033"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2053)
Size:   1798
Md5:    f96d620f991988374cbe97a933ff0187
Sha1:   35dd3a848139ebc9b61243ff783660da2ecf4437
Sha256: e14235d4433c6e0251fa11daa14738abf5502de00fd85ec19482e81d81f0b520

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/Error_Orange.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Length: 462
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "3a5-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (349)
Size:   462
Md5:    3de5632446dbf4d0e5b7e3176811f452
Sha1:   4ec212b3aebbc8da7bddc001286e3a9aa1bc522c
Sha256: 9791e9ed5b7d4ed5b6f6140692a59e7ebb55617ed37c0e7912b7089c40a4b91d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/GooglePlay.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-590b"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2954)
Size:   5831
Md5:    6f9306d999c120a7380a44e131ebc63a
Sha1:   3b1f6485dc9368ad3406bb9d6fe45c4db0b58e2b
Sha256: f11c50f836d019d30230f85f38c87be18e3eaf85d33d0a7ac756d0528d2644e7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/Experience.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-3034"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (893)
Size:   4451
Md5:    d182506e6b418eef650c0ea77d68a7b5
Sha1:   7e4bc82dba6bbfbd36a1b2cc56a3bc1fb73c4320
Sha256: 2498b5e64bf150b72058d9072a7d3230e3f3f9511a61528506c0812d63b9437b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: l0xOmbn8cHVYEnNmYwiqeA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.165.176.211
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fVZnLi/iQGlH7T+na1Nsy8nM0WY=

                                        
                                            GET /simc.rnis/5/media/HuaweiStoreBadge.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-59ae"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1948)
Size:   8612
Md5:    cf2d46f56f90444cbeb3128aa8e233b5
Sha1:   96d87ebcaa7be9c399cc01ffdee50be61255d6c8
Sha256: 5086137be4cab31119da8f4e16b26c9b5c385446ec6cc461159fab154688cc62

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/AppStoreBadge.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-2fc0"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   5126
Md5:    b41c713588bc04c4675a0693e8eb0528
Sha1:   43cec9642140ae802a2d0c3934bd569f4abbf398
Sha256: a96ac82ef408bb0a1cd2487568867f600d2c5f66132f29bc44cd1bb372aaca8f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/login-secure.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-1593"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2575)
Size:   2016
Md5:    4ecdaba1868a077b158ceed2671340bf
Sha1:   b0052d8ea92c8b42e549f3d6377c96025b615c6e
Sha256: d2b2e90200d45004ac62c0fe0e5a2363244139f3f094a34c1394790f1718b5ce

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/entrust_site_seal_ssl.png HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Length: 18758
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-4946"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size:   18758
Md5:    e47461fd49a0426768698ade98b259e2
Sha1:   501132059c531265f3898e5b6d8646ac3886cfbb
Sha256: 203680b7945ca5c9f3697881f9af9c8ed160354675055d22fc34545910cd4d54
                                        
                                            GET /simc.rnis/5/media/icon-512x512.png HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Length: 40873
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-9fa9"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, interlaced\012- data
Size:   40873
Md5:    45dc0d3ba9b11c9e0358ab3b418f7fcc
Sha1:   904740c7345e3770815dc35ab72b8f2e2b7b5ba1
Sha256: fcb0dba575e2a3be211208f2a81a519c5d61109ebe399731d140ce5d87ed0920
                                        
                                            GET /simc.rnis/5/media/favicon.ico HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Length: 1430
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-596"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 18x18, 32 bits/pixel\012- data
Size:   1430
Md5:    68773d46f68cd092f7aac1b70d211e01
Sha1:   bbe705f043f03d491232a63d29e5b8b6befb031e
Sha256: 4fbd7df4e4d5012b82c14234382d58275c3fe42c98162c05bbb4bc98c79ef9f5
                                        
                                            GET /simc.rnis/5/media/cookie-icon.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-776"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (534), with CRLF line terminators
Size:   795
Md5:    341ba59e13695f65140ba2c0b6cf552e
Sha1:   47b71bac85c92805de1bd7abb2aca732f0f3766f
Sha256: a17f7d9874e6e8f53352bc8efaf4c9368cf4415cc3268d7b468df7e421bf12d2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/icon-chat-thin.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 358
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "2e5-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (447), with CRLF line terminators
Size:   358
Md5:    cbff59d9b304ecda04af4aeec1c87077
Sha1:   5002a50582742d8eb351de8d06ada0143d807d53
Sha256: 57d0716b0c466e667e4032c0c9a33bb2208f5182803fdc92c66a20fc380d0149

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/contact-blank-green.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-465"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   602
Md5:    036bb143d9dec72b24ddca9349849779
Sha1:   680aeed5606a0bf13f561291b9dcc4a497329b52
Sha256: 325c6412d286192945ab470594f44a06a8ba91a146c8d618aeefa654dc83f20e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/location-blank-green.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-492"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (359), with CRLF line terminators
Size:   577
Md5:    de0c4eb8dbb24cb6098aaf9c154aa209
Sha1:   1ae25829c1d608b1c4adbf5b897300e7977cd768
Sha256: 6592446a665a0e3184c2d6f3ed7905608e3cb98680ad30216e943af4e3a7ac36

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/cross-close-white.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 186
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "ed-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size:   186
Md5:    389d99732e1cfb176793501951f2576a
Sha1:   77e077f72c00d36c547dd77f0c57101b9e9ff283
Sha256: 7bc32e2f613810c618a59b328db1042f44cc88c50d8850ab0afb52be90f0e87d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/NedbankIcon.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-538"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (483), with CRLF line terminators
Size:   658
Md5:    83f2125a10d605cf4871442bee61ddc3
Sha1:   5fafb15c8df0aa1a4dc8636bab7af97174ff1372
Sha256: 59f03baf03daae2a3e6fa12e371ece06655ff1c1fc70f1661a659c0d1b231457

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/demo-icon.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-65c"
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1093), with CRLF line terminators
Size:   774
Md5:    840c6c15da7dbd005113a9f0ccb7ff17
Sha1:   c332a2cab0a3ba0ef0b22ac18ba802b581e25ada
Sha256: eff14453d8dc1b5a889d891bac2cd4735ce8b1ec90b4aa9c6b19ba15ba95e0d2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/Arrow.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 427
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "2f9-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   427
Md5:    687eb5a5b6e2ff89ec18c7468bde6ec8
Sha1:   f5d61bbc807fb7b7b2432c2f94a7f393b392d345
Sha256: 6ae9a93210ff3942f52f535c0ac65f6db593dc79d7a13997acca1cabb0c86e15

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/outline-cheque.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 207
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "103-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size:   207
Md5:    4627ff628b866efe7b47fe0e3b33c640
Sha1:   143a9d6efda181e89ac05923d80f1c18588d54c0
Sha256: a58596eab5308ec50fa0ea4938c6950c5423f3aad60e640322b1406e283fded1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/Eye-Show.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 503
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "3c9-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size:   503
Md5:    d01c3aa1fe0b289a675358d5b88f14b2
Sha1:   03f88b409caa9e29495acfba2e0295bd508a2ad9
Sha256: 47199aa6dcbd0bdf7786f238869b25d25c19b29ad0efa08042aa406eb434f75c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/close-gray.svg HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

search
                                         38.117.65.66
HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Vary: User-Agent


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/FontFont%20-%20MarkPro.otf HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-otf
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 165396
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-28614"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  OpenType font data\012- data
Size:   165396
Md5:    12d6724a254d3be629fc6b2871ae5a6a
Sha1:   d3a93c9ed090be9366b9513e5515e8e19ff48459
Sha256: eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/FontFont%20-%20MarkPro-Bold.otf HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-otf
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 165936
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-28830"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  OpenType font data\012- data
Size:   165936
Md5:    476d44b0f6c8939bb8859c9ce7598310
Sha1:   cd8fb565970c2750a12b3b47b1869578f7a041fb
Sha256: 979af22174e46123e6fb3c96d96360ba0ea7a5dbd00ae97ab1ebefae9c284d37

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/5/media/FontFont%20-%20MarkPro-Medium.otf HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-otf
                                        
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Length: 162260
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-279d4"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  OpenType font data\012- data
Size:   162260
Md5:    8531ae94f5ad973be8b718f88e9660ed
Sha1:   a6d5635dcebab54c459a725da9a892017627a994
Sha256: ad51841bf5cf5eb27ead0ae50f936f678eeb2d4e1be6035e83fce13b0e3b83bb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9625
x-amzn-requestid: 9bd72b4a-2ac0-423f-b0e2-73fd51e02e97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYEBHTjIAMFvOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406e6-57f5412d5eca6d640a0f590d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UavYBt2WjF4WCRJGtM2zS-dZinNLgs_0HuyORwaVCSlj-32Qd6sNTQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 22:09:56 GMT
age: 79657
etag: "187e6b340b43eb1aa0c724b749db7c20a486706a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9625
Md5:    ae0ab55e0e77a4265808a6689f25cbc3
Sha1:   187e6b340b43eb1aa0c724b749db7c20a486706a
Sha256: 3881e5ad44b9b2fae82510794af43d14e304ce624f26f66523f85d58fea063dc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5749
x-amzn-requestid: c67c9352-e777-417e-afe1-003d7a072e86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bkItcGfcoAMFzkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637187ef-670b63160b7d0cdf4a5b609e;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 00:12:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vFDS3_SNf5hbW8NAtNERJbS1jj29nWO0_GSIypgwlv7kymKieO8qNA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 08:43:09 GMT
age: 41664
etag: "0e18a8c51596c8a4d84a142a57ffe376294833cc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5749
Md5:    96b4478c098865b0d19738098db61d64
Sha1:   0e18a8c51596c8a4d84a142a57ffe376294833cc
Sha256: 9c9e433cf8f2167e4cfc3cff247eee85ebb9977e338e6e144acaea830db17c2c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F520b9f3d-222d-4840-bd88-673cedf9b5fc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4919
x-amzn-requestid: aae0d2da-e891-40a6-bd83-8942fc3ef0c0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYFFEnxoAMFdCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406ed-6ff1cc593aa1c934659030db;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PhUSR2Y2GRZkB5UTrMma8vnIddc44pLJ2Sppk63xQyMC2imKLn-R4A==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:47:46 GMT
age: 80987
etag: "a3977e8cde4b6ad7ef2e75a477e71b7bbbec21f0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4919
Md5:    a698bf97cc6c0c464ed1a2b2adb1c1d3
Sha1:   a3977e8cde4b6ad7ef2e75a477e71b7bbbec21f0
Sha256: 64d52d8983b2bf30b9b1f260b8d6534664024b8dfda0da273307ee510ed33aad
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: X3SUo1LP97TxraRav0ftskBhzWkTJInHaS44PW26yloF-dgD-bHBuA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:45:58 GMT
age: 81095
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11715
Md5:    cd5bdc050716bb76afe8090fc81617e7
Sha1:   5109c156b180727767fc03c411190ccc0d3fb5fc
Sha256: 9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30efee28-35ab-4b55-b685-02cbd4c5c8c8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8971
x-amzn-requestid: b5dd68c5-7146-4d31-a7fd-4ac4c474119a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bnb6bGeyoAMFV9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6372d9dc-2ca4003e65d69039389bc676;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 00:14:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8TqIvhJUq_yG_iMFds_btqtYsrNzoaZeIQgOP0-Kc60yuQFOPYEXRA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 09:48:03 GMT
age: 37770
etag: "d829c5d23a494bc901d925dd02b84c470a0de479"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8971
Md5:    b31091803f98744f4da3b311467300a7
Sha1:   d829c5d23a494bc901d925dd02b84c470a0de479
Sha256: c1cb88b82d8b5a82019da970f812cd31e13086c2da8498a21a57e7238aa34fe8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8990
x-amzn-requestid: cb142f4b-787e-4b3c-9d75-72579105db60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYFOHi8IAMFpDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406ee-504a14105d2be58b1ce71c18;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GLJACvZUJjLdl3O2HUkWjgr7MqT_SRigTSdweSaTxUc-gTDULbYliA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 22:14:18 GMT
age: 79395
etag: "757f8e6306effbab70d99757c5672564cfc9f623"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8990
Md5:    53d2d9380ba28ed0656b54c22bc56766
Sha1:   757f8e6306effbab70d99757c5672564cfc9f623
Sha256: 6d6c41527ae28cdce016470ec1eb87e0ed384f3ef721838724f29845f3bd8dac