Report - www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

Report Overview

Submitted URL
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php
IP
209.140.22.122
ASN
#11042 NTHL
Submitted
2023-02-22 06:07:17
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
www.sgitt-sarl.com	unknown	2022-08-04T02:56:15Z	2023-02-22T07:07:07Z	4.6 kB	18 kB	209.140.22.122
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	34.213.121.129
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	62 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-22 06:07:13	medium	209.140.22.122	Client IP	ETPRO HUNTING HTTP 200 Stat Code with 404 in Body
2023-02-22 06:07:13	medium	209.140.22.122	Client IP	ETPRO HUNTING HTTP 200 Stat Code with 404 in Body

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-21	medium	www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php	PayPal Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-22	medium	www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php	Phishing
2023-02-22	medium	www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginDialog.js	Phishing
2023-02-22	medium	www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/generatedDefaults.js	Phishing
2023-02-22	medium	www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/is	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php	340 B	2023-03-07	2023-03-26
Pretty URL www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php IP 209.140.22.122 ASN #11042 NTHL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:20 Last Seen2023-03-26 10:21:04 Times Seen3 Hash ae2e0485663c87a2575a4212ce6bd0ba d48f167f40010bdf3ce44457c6b1cc92859e6d21 e128924fd5c488d79d5f337a4da2ccfde72b0b40c87e99345345268c90bea690 Loading...

	www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php	5.5 kB	2023-03-07	2023-03-26
Pretty URL www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php IP 209.140.22.122 ASN #11042 NTHL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12:12 Last Seen2023-03-26 10:21:04 Times Seen3 Hash 71b08d37a7f05e4fcbb00e2c47aa2542 e529f504446d7765793fe8f5da298d0a7aea2cd6 03053c8443c96afb9670eb61c0dfdb227b883e153e3224f3ff244b1bbadec03c Loading...

HTTP Transactions (30)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
13d4983fb8a0ee2cb855663cc9d8f6a0
1f85fc46435f86d7f414e310670c9afe27ea9532
f4bc8150273c4fc6e90c9df8e074823a78dc8409bfcc00616265e24d7d663498

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4BC8150273C4FC6E90C9DF8E074823A78DC8409BFCC00616265E24D7D663498"
Last-Modified: Mon, 20 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9346
Expires: Wed, 22 Feb 2023 08:42:53 GMT
Date: Wed, 22 Feb 2023 06:07:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
97d7dde89cca188d19690d7bf759d034
7ec36525c8b5e8e278f0c5f26da3316687d89041
f8b500f9b1e8188807aab20f8e2540b5b2e888b13ff5f6f6211bbc28056f23e8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F8B500F9B1E8188807AAB20F8E2540B5B2E888B13FF5F6F6211BBC28056F23E8"
Last-Modified: Mon, 20 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9929
Expires: Wed, 22 Feb 2023 08:52:36 GMT
Date: Wed, 22 Feb 2023 06:07:07 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 22 Feb 2023 05:53:46 GMT
content-type: application/json
age: 801
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

209.140.22.122

200 OK

8.7 kB

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php
IP
209.140.22.122:0
ASN
#11042 NTHL

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (623), with CRLF line terminators
Size
8.7 kB (8669 bytes)
Hash
5cf12fcb21cd05811e48984a32c46094
fb1e9bec79cb16e25b3620cb5fd7ff342e55dc86
83610f7fb2c6911d77fb95e6d2b329643baedad547bee8fbb49ac3fdc70804c0

Detections

Analyzer	Verdict	Alert
openphish	PayPal Inc.
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login.php HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 22 Feb 2023 06:07:07 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3c926acb3daeb63b5374bdc352bbb679
167a2af5a3c8d1ec6d16c8f7ef1e063ce14ed481
e0bbf50d7d572d0b16ba4be51b190c4776777ecb572db9b25574b66d8e56ce36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E0BBF50D7D572D0B16BA4BE51B190C4776777ECB572DB9B25574B66D8E56CE36"
Last-Modified: Mon, 20 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5842
Expires: Wed, 22 Feb 2023 07:44:29 GMT
Date: Wed, 22 Feb 2023 06:07:07 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: VlR783etJvPksHKGzOv6300nalcOtChrqsuiDODhyY290zEHau+wyisEdELJuZkoa0oRJB1JvEg=
x-amz-request-id: FFAR2JXNJSM0H2MB
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
via: 1.1 google
date: Wed, 22 Feb 2023 05:53:14 GMT
age: 833
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
content-length: 5348
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginDialog.js

209.140.22.122

500 Internal Server Error

0 B

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginDialog.js
IP
209.140.22.122:0
ASN
#11042 NTHL

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginDialog.js HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

HTTP/1.1 500 Internal Server Error
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/generatedDefaults.js

209.140.22.122

500 Internal Server Error

0 B

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/generatedDefaults.js
IP
209.140.22.122:0
ASN
#11042 NTHL

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/generatedDefaults.js HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

HTTP/1.1 500 Internal Server Error
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginAdvanced.css

209.140.22.122

200 OK

1.8 kB

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginAdvanced.css
IP
209.140.22.122:0
ASN
#11042 NTHL

File type
ASCII text, with CRLF line terminators
Size
1.8 kB (1781 bytes)
Hash
6f65ff42179a6b726d73fd73148e52c1
16f9599aaae13fca4c1855de9030798c79e92517
468daa1d727a90a0e1dd9f1d2e0298f22d5d973866ccc802cb7f5c7c95684b56

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginAdvanced.css HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

HTTP/1.1 200 OK
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Last-Modified: Mon, 26 Nov 2018 23:41:00 GMT
Accept-Ranges: bytes
Content-Length: 1781
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginBasic.css

209.140.22.122

200 OK

157 B

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginBasic.css
IP
209.140.22.122:0
ASN
#11042 NTHL

File type
ASCII text, with CRLF line terminators
Size
157 B (157 bytes)
Hash
42ff1688ca10c5d6509e02817e49621b
717ef684b44bc8aef33e8df943e337da901bc7fe
36093ef889f1a3f3487a33752d585fcffc2a2a4fbbd32e3922ed285bfe154a27

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginBasic.css HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

HTTP/1.1 200 OK
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Last-Modified: Mon, 26 Nov 2018 23:40:46 GMT
Accept-Ranges: bytes
Content-Length: 157
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/is

209.140.22.122

500 Internal Server Error

0 B

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/is
IP
209.140.22.122:0
ASN
#11042 NTHL

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/is HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

HTTP/1.1 500 Internal Server Error
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/bottom.png

209.140.22.122

200 OK

1.8 kB

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/bottom.png
IP
209.140.22.122:0
ASN
#11042 NTHL

File type
PNG image data, 304 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1824 bytes)
Hash
a5f27369df1da9c58fab9d80e20a42fb
58a861a73e529d7532b509f7767ba34002c15313
7023708bfefd96e82a33ab788957f51abe998acc0193100e96db16cce9209583

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/bottom.png HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

HTTP/1.1 200 OK
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Last-Modified: Mon, 26 Nov 2018 23:39:14 GMT
Accept-Ranges: bytes
Content-Length: 1824
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/logo.png

209.140.22.122

200 OK

930 B

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/logo.png
IP
209.140.22.122:0
ASN
#11042 NTHL

File type
PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
930 B (930 bytes)
Hash
4070e765f512a9ce6be12d141237daca
ec0135f00de4ac2600360e052609fbfd3f6cabb0
74f16276d05ebc79ee7fbf56462451307491c08c6d4c1a2093b73afe40c95617

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/logo.png HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

HTTP/1.1 200 OK
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Last-Modified: Mon, 26 Nov 2018 23:38:48 GMT
Accept-Ranges: bytes
Content-Length: 930
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/top.png

209.140.22.122

200 OK

1.7 kB

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/top.png
IP
209.140.22.122:0
ASN
#11042 NTHL

File type
PNG image data, 304 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1705 bytes)
Hash
3a518d602a65354ccbc27083cbfe959b
a2e0a751fa2cb17e5e525f5dc96e252d6244a691
21dacae4f28e0ccd1e08fb874451ef70fa9181389a3a082e1a07245315feb73f

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/top.png HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login.php

HTTP/1.1 200 OK
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Last-Modified: Mon, 26 Nov 2018 23:39:08 GMT
Accept-Ranges: bytes
Content-Length: 1705
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, Alert, Content-Length, Backoff, ETag, Cache-Control, Retry-After, Last-Modified, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 22 Feb 2023 05:51:26 GMT
age: 941
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/img/background.png

209.140.22.122

200 OK

393 B

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/img/background.png
IP
209.140.22.122:0
ASN
#11042 NTHL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
393 B (393 bytes)
Hash
36de1d9a04c84897aaee74b45ecc05fa
ab42e5e3bef742f10d7cfa36c7b0c13003a695a3
2e2a9b63438f66c2c112562946db160ed30eab6587e924b3e8db77ff91672139

Detections

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING HTTP 200 Stat Code with 404 in Body

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/img/background.png HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginAdvanced.css

HTTP/1.1 200 OK
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Last-Modified: Mon, 26 Nov 2018 23:38:54 GMT
Accept-Ranges: bytes
Content-Length: 393
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/img/middle.png

209.140.22.122

200 OK

389 B

URL HTTP/1.1
www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/img/middle.png
IP
209.140.22.122:0
ASN
#11042 NTHL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
389 B (389 bytes)
Hash
a488348f72f211a0ea043a1498407234
1f878f73e1e038c733751819916450b6d905735b
7b24b0079c5c4f4998bf6201f7b23622921ade224beb44e7937aa0b6508bbecf

Detections

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING HTTP 200 Stat Code with 404 in Body

HTTP Headers

GET /wp-content/themes/twentytwentyone/21c/cgn-in/login_files/img/middle.png HTTP/1.1
Host: www.sgitt-sarl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sgitt-sarl.com/wp-content/themes/twentytwentyone/21c/cgn-in/login_files/loginAdvanced.css

HTTP/1.1 200 OK
Date: Wed, 22 Feb 2023 06:07:07 GMT
Server: Apache
Last-Modified: Mon, 26 Nov 2018 23:39:10 GMT
Accept-Ranges: bytes
Content-Length: 389
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
94d194d4728ee415fb180610c25cb8cb
9b6a935fd24c43f427d6377d2d278592dcbcb372
cada2d0987669f945549c8f526568c04c4e0a3b662fb2c3efd30efe3a40e2577

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CADA2D0987669F945549C8F526568C04C4E0A3B662FB2C3EFD30EFE3A40E2577"
Last-Modified: Mon, 20 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6560
Expires: Wed, 22 Feb 2023 07:56:28 GMT
Date: Wed, 22 Feb 2023 06:07:08 GMT
Connection: keep-alive

push.services.mozilla.com/

34.213.121.129

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.121.129:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FT64R9BjnBJ5o/MR7mamGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9yXQylEHPuxN+6+xPIYnS6l/Ufc=

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3cb7960c629af2d4a5325cec8696f40b
eb04e882f528f56fc09206f741d490a4b091a6dd
df3a27c510b477ae3411c0c178fb36d8291503db40f64d22a3fa18061c0ec2b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF3A27C510B477AE3411C0C178FB36D8291503DB40F64D22A3FA18061C0EC2B0"
Last-Modified: Mon, 20 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12570
Expires: Wed, 22 Feb 2023 09:36:39 GMT
Date: Wed, 22 Feb 2023 06:07:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3cb7960c629af2d4a5325cec8696f40b
eb04e882f528f56fc09206f741d490a4b091a6dd
df3a27c510b477ae3411c0c178fb36d8291503db40f64d22a3fa18061c0ec2b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF3A27C510B477AE3411C0C178FB36D8291503DB40F64D22A3FA18061C0EC2B0"
Last-Modified: Mon, 20 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12570
Expires: Wed, 22 Feb 2023 09:36:39 GMT
Date: Wed, 22 Feb 2023 06:07:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3cb7960c629af2d4a5325cec8696f40b
eb04e882f528f56fc09206f741d490a4b091a6dd
df3a27c510b477ae3411c0c178fb36d8291503db40f64d22a3fa18061c0ec2b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF3A27C510B477AE3411C0C178FB36D8291503DB40F64D22A3FA18061C0EC2B0"
Last-Modified: Mon, 20 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12570
Expires: Wed, 22 Feb 2023 09:36:39 GMT
Date: Wed, 22 Feb 2023 06:07:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3cb7960c629af2d4a5325cec8696f40b
eb04e882f528f56fc09206f741d490a4b091a6dd
df3a27c510b477ae3411c0c178fb36d8291503db40f64d22a3fa18061c0ec2b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF3A27C510B477AE3411C0C178FB36D8291503DB40F64D22A3FA18061C0EC2B0"
Last-Modified: Mon, 20 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12570
Expires: Wed, 22 Feb 2023 09:36:39 GMT
Date: Wed, 22 Feb 2023 06:07:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71674fc5-5c16-4206-b565-05be96860715.jpeg

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71674fc5-5c16-4206-b565-05be96860715.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8032 bytes)
Hash
2cd2e85474bc5b6daa19eb8722e81d60
e62a0bf2f9a9b7bdbf45f45278ac89a450075979
bcbe4d59fd3b27549647f51bec45599ba48b386436675f1a64c3d3b96fc13f77

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71674fc5-5c16-4206-b565-05be96860715.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8032
x-amzn-requestid: 4f2da189-b0ad-4f13-a0ca-643bb716e2b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AtW0FGV4IAMFSxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f53819-33884245247d3a1347382b4b;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 21:31:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -uuJJJHFFFjg2ODEALrPgxi10MnWEnyVsWGwKoVNzM6o8gLFLZv2gA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Feb 2023 21:59:14 GMT
age: 29275
etag: "e62a0bf2f9a9b7bdbf45f45278ac89a450075979"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F403cd5de-6016-40c5-bb7a-1ee6515b0fdb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6014 bytes)
Hash
8c6732b7444870a5b22ebce5df2c278b
bd8bd8ba57a3d59b71f910110b7b0ce23c7bf605
6232d37914485ffd42f7e5932c36a9ff49bdd42bb8a13837cc9c054d86ccdc78

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F403cd5de-6016-40c5-bb7a-1ee6515b0fdb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6014
x-amzn-requestid: e95f7ea9-3a3c-4649-9d52-857c07e985fa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AnhqGHq_oAMFwwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f2e30d-49271ec356ab804b185f63dd;Sampled=0
x-amzn-remapped-date: Mon, 20 Feb 2023 03:03:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aaEsyfsSzpX4sdSwbkMQdCfw-6WBYnsDpHElU1jz-4jTSrKi30jE8g==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Feb 2023 04:18:03 GMT
age: 6546
etag: "bd8bd8ba57a3d59b71f910110b7b0ce23c7bf605"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71e24f1d-de97-4bf8-b910-527022ff1c52.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5908 bytes)
Hash
d458049fca94707ad6e921e165fceeb7
fe74bce6179e7e4c969dc90b756da303fa6f7e11
dfa8dbba59b4a1f9ba56083598e02018ee10966c67c637efb0fdea5b50e927e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71e24f1d-de97-4bf8-b910-527022ff1c52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5908
x-amzn-requestid: a676c995-5961-407a-bca2-9b79e9866193
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AtXYfF_UoAMFy7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f53902-69008bca79b33828058d2140;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 21:34:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: b1Yh5IZiXMcyLmb1lOAZsonHV99AoGg7YTDVjEf7233j1uA7eWCzqg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Feb 2023 21:50:34 GMT
age: 29795
etag: "fe74bce6179e7e4c969dc90b756da303fa6f7e11"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

19 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F728bbd7e-231a-403a-b5ab-fe1fb2f394d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
19 kB (19260 bytes)
Hash
0c7874cbc7748925eed57e2c1b770c46
b5f10c1f69b0e4b68f0a8ae292c7077ff154c5d6
ea6629c67f3ab3dcec3725e1caee11fb2194fe68f6c7e476c4b8ec3a482f63a8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F728bbd7e-231a-403a-b5ab-fe1fb2f394d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 19260
x-amzn-requestid: d41702e1-189c-41de-ac79-3f37291603cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AtXaOGLiIAMFy4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f5390d-511d11f9102f2fd206b88904;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 21:35:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Rt8iDosXE_bTA058FU_6KdCCtGF-oG-kM6IRDadVuHdHZcPcbp4i8A==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Feb 2023 21:50:43 GMT
age: 29786
etag: "b5f10c1f69b0e4b68f0a8ae292c7077ff154c5d6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7734 bytes)
Hash
e7cd1e9feb9abc7f7d7f0d5fc7b181f0
cf3ce1808c48e1a86910e16731a044f6cb26275d
426c90298d5a0807b7820d803ce2907268df1195e15d5582eb0ff2f3deeb318c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f9477dd-9700-4cbd-8d0e-37bd76c53a93.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7734
x-amzn-requestid: fe4dc342-33b6-45f6-984c-2c71dfa0ec13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AtX-lGiJoAMFW3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f539f6-489049413f3cb63c537f20d0;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 21:39:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4p_3GsIf-LsYLyJFnNh6FQO9q9kHTViRECnpKSnV1xkkZ_PybwmZeg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Feb 2023 21:51:45 GMT
etag: "cf3ce1808c48e1a86910e16731a044f6cb26275d"
content-type: image/jpeg
age: 29724
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0efa662e-c334-4c53-be4c-81925d55c117.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8959 bytes)
Hash
b55335999a026a3bf5d8c8c920a31562
08259dd5654e530dc29c35ea537bae21aa88fb0a
69b1cb1bb453da683c879daaf2f266f4ac7399e5de90cae879ce2fa19ac182cb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0efa662e-c334-4c53-be4c-81925d55c117.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8959
x-amzn-requestid: 1c3579bb-647b-499b-afce-f420de41686c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AtXqyFDSoAMFhAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f53977-500bef655fb9e0f744216d05;Sampled=0
x-amzn-remapped-date: Tue, 21 Feb 2023 21:36:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qTYasQOed2Yym0WmLEv6OW5yB7EL8U1EmHAWiw7RWlADvNgrvraKOw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Feb 2023 22:17:46 GMT
age: 28163
etag: "08259dd5654e530dc29c35ea537bae21aa88fb0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (30)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN