r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15710
Expires: Sat, 10 Dec 2022 03:46:28 GMT
Date: Fri, 09 Dec 2022 23:24:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5544
Expires: Sat, 10 Dec 2022 00:57:02 GMT
Date: Fri, 09 Dec 2022 23:24:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 23:08:21 GMT
content-type: application/json
age: 977
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12373
Expires: Sat, 10 Dec 2022 02:50:51 GMT
Date: Fri, 09 Dec 2022 23:24:38 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WD+9n2IqUTafevMG9EOD8Qchevso8gPgUDDXz2RJqFj8aAjej52SH1f/8RvXU8qdeskza0G69Bg=
x-amz-request-id: X1AW2FYKYWZC3A9D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 22:48:33 GMT
age: 2165
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
143.198.150.255200 OK 15 kB URL HTTP/1.1 securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
IP 143.198.150.255:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (960), with CRLF line terminators
Hash 081bdda16bbdeca91f420f7898d60f08
cb837a7c87fbd60615fb9453ca1c939a34f4e840
179f859e76864bbb7c6e4ca09d6b5f51f760679f8f3798edb2375244fa63a0a5
GET /login.php?country=3D&iso=3D&online_id=3D2e9970031a= HTTP/1.1
Host: securemnt9l.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 23:24:38 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 23:24:38 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
securemnt9l.info/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
143.198.150.255404 Not Found 315 B URL HTTP/1.1 securemnt9l.info/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
IP 143.198.150.255:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1
Host: securemnt9l.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 23:24:39 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
securemnt9l.info/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9
143.198.150.255404 Not Found 315 B URL HTTP/1.1 securemnt9l.info/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9
IP 143.198.150.255:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9 HTTP/1.1
Host: securemnt9l.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 23:24:39 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
securemnt9l.info/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
143.198.150.255404 Not Found 315 B URL HTTP/1.1 securemnt9l.info/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
IP 143.198.150.255:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1
Host: securemnt9l.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 23:24:39 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
securemnt9l.info/Assets/scripts/Login/Index.js
143.198.150.255404 Not Found 315 B URL HTTP/1.1 securemnt9l.info/Assets/scripts/Login/Index.js
IP 143.198.150.255:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: securemnt9l.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 23:24:39 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
securemnt9l.info/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
143.198.150.255404 Not Found 315 B URL HTTP/1.1 securemnt9l.info/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
IP 143.198.150.255:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1
Host: securemnt9l.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 23:24:39 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 23:07:55 GMT
age: 1004
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 106f302b0befa2f5b511e54a02d7104c
17e163db5c9362852696b6626b58befeab08c739
be4864a35ba832be9ea10e2d1e99fa6aa7cacae78964c5771a002c6dca2ce2fc
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "BE4864A35BA832BE9EA10E2D1E99FA6AA7CACAE78964C5771A002C6DCA2CE2FC"
Last-Modified: Fri, 09 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2834
Expires: Sat, 10 Dec 2022 00:11:53 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 106f302b0befa2f5b511e54a02d7104c
17e163db5c9362852696b6626b58befeab08c739
be4864a35ba832be9ea10e2d1e99fa6aa7cacae78964c5771a002c6dca2ce2fc
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "BE4864A35BA832BE9EA10E2D1E99FA6AA7CACAE78964C5771A002C6DCA2CE2FC"
Last-Modified: Fri, 09 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2834
Expires: Sat, 10 Dec 2022 00:11:53 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 106f302b0befa2f5b511e54a02d7104c
17e163db5c9362852696b6626b58befeab08c739
be4864a35ba832be9ea10e2d1e99fa6aa7cacae78964c5771a002c6dca2ce2fc
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "BE4864A35BA832BE9EA10E2D1E99FA6AA7CACAE78964C5771A002C6DCA2CE2FC"
Last-Modified: Fri, 09 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2834
Expires: Sat, 10 Dec 2022 00:11:53 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 106f302b0befa2f5b511e54a02d7104c
17e163db5c9362852696b6626b58befeab08c739
be4864a35ba832be9ea10e2d1e99fa6aa7cacae78964c5771a002c6dca2ce2fc
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "BE4864A35BA832BE9EA10E2D1E99FA6AA7CACAE78964C5771A002C6DCA2CE2FC"
Last-Modified: Fri, 09 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2834
Expires: Sat, 10 Dec 2022 00:11:53 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 106f302b0befa2f5b511e54a02d7104c
17e163db5c9362852696b6626b58befeab08c739
be4864a35ba832be9ea10e2d1e99fa6aa7cacae78964c5771a002c6dca2ce2fc
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "BE4864A35BA832BE9EA10E2D1E99FA6AA7CACAE78964C5771A002C6DCA2CE2FC"
Last-Modified: Fri, 09 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2834
Expires: Sat, 10 Dec 2022 00:11:53 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 2e6521ac689d5681c244576561b65bad
36f9586bcc2d2bd9fee98cc870a0eb22f6a9aa50
cf0921cc1255d0d2f501e35eda0c21f03ae4765f747e06ae975a85d85f559bf0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CF0921CC1255D0D2F501E35EDA0C21F03AE4765F747E06AE975A85D85F559BF0"
Last-Modified: Fri, 09 Dec 2022 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3557
Expires: Sat, 10 Dec 2022 00:23:56 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 2e6521ac689d5681c244576561b65bad
36f9586bcc2d2bd9fee98cc870a0eb22f6a9aa50
cf0921cc1255d0d2f501e35eda0c21f03ae4765f747e06ae975a85d85f559bf0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CF0921CC1255D0D2F501E35EDA0C21F03AE4765F747E06AE975A85D85F559BF0"
Last-Modified: Fri, 09 Dec 2022 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3557
Expires: Sat, 10 Dec 2022 00:23:56 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 2e6521ac689d5681c244576561b65bad
36f9586bcc2d2bd9fee98cc870a0eb22f6a9aa50
cf0921cc1255d0d2f501e35eda0c21f03ae4765f747e06ae975a85d85f559bf0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CF0921CC1255D0D2F501E35EDA0C21F03AE4765F747E06AE975A85D85F559BF0"
Last-Modified: Fri, 09 Dec 2022 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3557
Expires: Sat, 10 Dec 2022 00:23:56 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 2e6521ac689d5681c244576561b65bad
36f9586bcc2d2bd9fee98cc870a0eb22f6a9aa50
cf0921cc1255d0d2f501e35eda0c21f03ae4765f747e06ae975a85d85f559bf0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CF0921CC1255D0D2F501E35EDA0C21F03AE4765F747E06AE975A85D85F559BF0"
Last-Modified: Fri, 09 Dec 2022 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3557
Expires: Sat, 10 Dec 2022 00:23:56 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 2e6521ac689d5681c244576561b65bad
36f9586bcc2d2bd9fee98cc870a0eb22f6a9aa50
cf0921cc1255d0d2f501e35eda0c21f03ae4765f747e06ae975a85d85f559bf0
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "CF0921CC1255D0D2F501E35EDA0C21F03AE4765F747E06AE975A85D85F559BF0"
Last-Modified: Fri, 09 Dec 2022 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3490
Expires: Sat, 10 Dec 2022 00:22:49 GMT
Date: Fri, 09 Dec 2022 23:24:39 GMT
Connection: keep-alive
securemnt9l.info/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
143.198.150.255404 Not Found 315 B URL HTTP/1.1 securemnt9l.info/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
IP 143.198.150.255:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1
Host: securemnt9l.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 23:24:39 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1334
Cache-Control: max-age=122670
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 23:24:39 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 09:29:09 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516
24.75.29.77200 OK 35 kB URL HTTP/1.1 resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516
IP 24.75.29.77:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash da035f53931c132155280b9c00893409
94ae91f42af9f8af8eed42934ea710bd409fdee8
2269c7300f76270849225e1b1f045bf65e36ea325d5fed63ffb55f3a5758195a
GET /r/simple-layout-responsive/css.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securemnt9l.info/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Sat, 09 Dec 2023 23:24:39 GMT
Last-Modified: Fri, 09 Dec 2022 23:24:38 GMT
ETag: "1670628279:dtagent10253221019152312ShlF"
Vary: User-Agent
X-Srv: B-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="621913006"
Date: Fri, 09 Dec 2022 23:24:39 GMT
ntCoent-Length: 258715
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_1_sn_83F24CD65A8C44AC85754F50F34B204B_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926f916b9e6ea58bf65057f80cbe9543cbef44d761fb669a2b5900feb3bdfc411d6c63f9393a4dac9ed16d83a7b02fd0c47; Path=/
TS0128739d=01fb46a9267cc0a43fd7320e6cc68e457e3ddcd372f44d761fb669a2b5900feb3bdfc411d669a9b13fde1b271f71771190b97edb1007ecc94aa4ae0a20df38d82025604ea2; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000608d6c0808c232faf0de477377fdc4ae1860fcdc66ca59ca1384922dabccfb260868700014113000125f59570d0534bb8db9c93153c09dfa7d98cf5db1c582ecffce139df3238c4e066186db748fb99a28e44f026558521d; Path=/
Transfer-Encoding: chunked
nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js
54.230.111.74200 OK 15 B URL HTTP/1.1 nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js
IP 54.230.111.74:0
Hash ffe905f50d9b47e6353b68513c4d48ac
d2c2ee4201cca3be67abf771ed1f1922fa94d083
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633
GET /mtbank/OE-Prod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securemnt9l.info/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 15
Connection: keep-alive
Date: Fri, 09 Dec 2022 23:24:40 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Fri, 22 Jul 2022 23:48:01 GMT
ETag: "ffe905f50d9b47e6353b68513c4d48ac"
x-amz-server-side-encryption: AES256
Cache-Control: no-cache, no-store
x-amz-version-id: aoJA4xuOoFemAhjg4lZAdeni.2iMq5FL
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Error from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mUz5xMRH1zC_h9Q5u0A_WyWyuQ1Vst7h6o8uzSBKEATp81XjK4TJhA==
resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
24.75.29.77200 OK 230 B URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP 24.75.29.77:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 916635d10512ae6a1840614a895dcd38
db175de4c42281bb4d239c57d1b95b8e75c529ec
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad
GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securemnt9l.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Nov 2022 08:29:20 GMT
Accept-Ranges: bytes
ETag: "0b0865bccf8d81:0"
X-Srv: B-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1794746789"
Date: Fri, 09 Dec 2022 23:24:39 GMT
Content-Length: 230
Set-Cookie: TSea15929a027=0856addebbab20002b56679ef5871369c745f0ddddc4886e060129580e2f1280f7a9de5f0739aec308557b0ddc1130005d4085b6792316828db9c93153c09dfa02da20dca501efc8399450c70b1221ab7645f324b8a15ab30531e76282e4c7f1; Path=/
resources.mtb.com/Assets/img/mtb-entrust.svg
24.75.29.77200 OK 1.3 kB URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-entrust.svg
IP 24.75.29.77:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators
Hash 9a569ad20708d7453d89fe6c72e7fcdc
60b6a41620583484642f7c826faf8e3c879a6374
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securemnt9l.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Nov 2022 08:29:20 GMT
Accept-Ranges: bytes
ETag: "0b0865bccf8d81:0"
X-Srv: B-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-101238042"
Date: Fri, 09 Dec 2022 23:24:39 GMT
Content-Length: 1349
Set-Cookie: TSea15929a027=0856addebbab200022cc26adbf5e3b1ee9972c3584c9e7c70ac04770816a4fbee911df74601bf72f08699160bb113000cfd1a4d768869e788db9c93153c09dfad69a72fd7e80e7d330a6c83ae4e8e7d3b66ca4461cb48f2cc2e00f19c4001209; Path=/
resources.mtb.com/Assets/img/mtb-logo.svg
24.75.29.77200 OK 2.0 kB URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-logo.svg
IP 24.75.29.77:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators
Hash f2b901cf895852a0866fe4a16c7f1730
c4240af1ec798477b4e65a185ddbb1b038817da4
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
GET /Assets/img/mtb-logo.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securemnt9l.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Tue, 15 Nov 2022 08:29:20 GMT
Accept-Ranges: bytes
ETag: "0b0865bccf8d81:0"
X-Srv: B-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="2093230804"
Date: Fri, 09 Dec 2022 23:24:39 GMT
Content-Length: 2039
Set-Cookie: TSea15929a027=0856addebbab20009c096de428cc1cc5b131eea8a573e659afd488954fd96220ddd14c93b569ef58081afafa73113000814828442e10eb088db9c93153c09dfac32c85645fc1848f9bb218799bca4327be7945d73acf92cbe26beeda468a8be8; Path=/
push.services.mozilla.com/
52.36.24.174101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.36.24.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SBfShNGShm4+0bGxBG/Msw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mS3apj4bZ0Ej1mnrxiNsTC9J6Zk=
resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516
24.75.29.77200 OK 104 kB URL HTTP/1.1 resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516
IP 24.75.29.77:0
File type ASCII text, with CRLF line terminators
Size 104 kB (103533 bytes)
Hash 08b250830e37bab4db49f49dcfa521aa
196ea486f29834f4f74c9415c3952b725055c866
9b41dafbfb1b1f1d091bcb7593dbdae2d91dddb1c00bbb00eea511b7c9c92443
GET /r/simple-layout-responsive/js.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securemnt9l.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Sat, 09 Dec 2023 23:24:39 GMT
Last-Modified: Fri, 09 Dec 2022 23:24:38 GMT
ETag: "1670628279:dtagent10253221019152312ShlF"
Vary: User-Agent
X-Srv: B-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1514106811"
Date: Fri, 09 Dec 2022 23:24:39 GMT
Cteonnt-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_6_sn_6C721536869F4510FA1E0ACDD502073B_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926b4852bad3ee8c22c85d728afd33a96533aa91ed3559c039d8f1b587cca2e5fe225f48f023c0c5cf8c12a08c798d46721; Path=/
TS0128739d=01fb46a9267acff75b3a7957231e7ac0d7fe7803033aa91ed3559c039d8f1b587cca2e5fe2ba20aad4f20f3d8fc1040a273293d9e145c51bf8c316132c72de92190a7fcdca; path=/; domain=.mtb.com
TSea15929a027=0856addebbab20006c7cf4b9927e389045e34c8a05827a5fde697da1292bf08ec7837e02dd6e96fd08ea79e7d3113000770e890cb295c9768db9c93153c09dfa9fdf9fba0f993a8a07d9d28144cf77aa3247b0c0c99a9becff0ad5cc9d291f35; Path=/
Transfer-Encoding: chunked
resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
24.75.29.77200 OK 4.8 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
IP 24.75.29.77:0
File type Web Open Font Format, TrueType, length 4776, version 1.0\012- data
Hash ac13691b89191d11d0e5577eb3cf3d53
0126fa82c0ab022e61b5de74f1fe3e204a905a7b
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df
GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://securemnt9l.info
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Tue, 15 Nov 2022 08:29:19 GMT
Accept-Ranges: bytes
ETag: "0b0865bccf8d81:0:dtagent10253221019152312ShlF"
X-Srv: B-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-932416325", dtTao;desc="1"
Date: Fri, 09 Dec 2022 23:24:39 GMT
Content-Length: 4776
Set-Cookie: dtCookie=v_4_srv_9_sn_78EBC11A9579F9C34EFAF5276F09443A_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926cb5fb57c7385f6d47e0ec8c44ef2784e354a1be84e2c5001ac41e9b4ef8ea5d753cb2c5ccbb6d554eb24f9a53486512c; Path=/
TS0128739d=01fb46a9263086d303ef991742ce3a61b1140287bb354a1be84e2c5001ac41e9b4ef8ea5d738347d72802f737467f772bc10a0710357010f49e6ac26492a0f74342c052fd0; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000be671bcd80ae32d2935466c2b8100a71df6dda32062ff55e7d823af98aeb232608b47e40e91130002c16cf4a0a34c2b7c95b390026bbd67989a77e88ba28b32ded91839a3d5d553773d10455dee242e104e9e9715d912d8c; Path=/
securemnt9l.info/Assets/scripts/Login/Index.js
143.198.150.255404 Not Found 315 B URL HTTP/1.1 securemnt9l.info/Assets/scripts/Login/Index.js
IP 143.198.150.255:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: securemnt9l.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://securemnt9l.info/login.php?country=3D&iso=3D&online_id=3D2e9970031a=
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 23:24:40 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
24.75.29.77200 OK 68 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
IP 24.75.29.77:0
File type Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Hash 6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://securemnt9l.info
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Tue, 15 Nov 2022 08:29:19 GMT
Accept-Ranges: bytes
ETag: "0b0865bccf8d81:0:dtagent10253221019152312ShlF"
X-Srv: B-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1016426508", dtTao;desc="1"
Date: Fri, 09 Dec 2022 23:24:39 GMT
Content-Length: 67671
Set-Cookie: dtCookie=v_4_srv_6_sn_57B9D3A1751ABD5937D2F091BA327F99_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926b7e5dc1e146a143a1db5e2fc21d432ef22f2714459baf5db6cd7322217bc5eb893bf5ade39e6d233bee32dd6146c9413; Path=/
TS0128739d=01fb46a9264a164ea25d26c154a9649d79df7eb27b22f2714459baf5db6cd7322217bc5eb8e30227904d7260e9234096b663de2be0aa1797847bb8e87e4ea6e6488aaedb0f; path=/; domain=.mtb.com
TSea15929a027=0856addebbab20004deadd1e034d5aedca02c4d43ec15589f77eb27b068fe413ee5844f1c051e7c508343f029411300064a66842ce072386c95b390026bbd679d24f91ebae05cc2ee9d12ddd89ac45b1a253d35aeb2ef09c5871ae923284fc0e; Path=/
resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
24.75.29.77200 OK 64 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
IP 24.75.29.77:0
File type Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Hash b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://securemnt9l.info
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Tue, 15 Nov 2022 08:29:19 GMT
Accept-Ranges: bytes
ETag: "0b0865bccf8d81:0:dtagent10253221019152312ShlF"
X-Srv: B-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1866851269", dtTao;desc="1"
Date: Fri, 09 Dec 2022 23:24:39 GMT
Content-Length: 64318
Set-Cookie: dtCookie=v_4_srv_6_sn_BE532995D0683E2BDF884FB2CE519B53_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a92670e0270faa0964650442150867e7dbf349b34d28e1e30cb1fe352307f53087a259457d07a55561bb5660e23f6b0203f3; Path=/
TS0128739d=01fb46a92630a75c53607bd50c73697404ad673ef449b34d28e1e30cb1fe352307f53087a2ca359c3a3eb2885fb5d3072be40bed6946ca1f99a5aaa38253af75b1325a9b75; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000b1df2ee57ffb3cc88dc6d63bfa884e7060fd056f4f7e8f29211890cfe95438bc08a35711551130009104f16fb746a46dc95b390026bbd67981a6786f53c2ddca745fbf63ea3688dac9554bbe5ca6fb974add7934fa316641; Path=/
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 7200a8da2ecbabca20619538f2810c8b
6b9af23ad1ace588d8808709e3c4ae2dada3f670
bc6870b0f3377f59f2771f97d17544a62b26848600bfb1a9d98eefac2572ded8
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "BC6870B0F3377F59F2771F97D17544A62B26848600BFB1A9D98EEFAC2572DED8"
Last-Modified: Fri, 09 Dec 2022 15:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3551
Expires: Sat, 10 Dec 2022 00:23:51 GMT
Date: Fri, 09 Dec 2022 23:24:40 GMT
Connection: keep-alive
asset.mtb.com/Documents/html/homepage/favicon.ico
54.230.111.59200 OK 15 kB URL HTTP/2 asset.mtb.com/Documents/html/homepage/favicon.ico
IP 54.230.111.59:0
File type PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Hash e82f458a5c1c5353a97401eccc925613
949d6c8d06ca14b52f496c20f63fae269b6708c2
cd320f6e4a5ccfb2d08a5aca1d42dc606530d63e3d779038c41865c85568cbf3
GET /Documents/html/homepage/favicon.ico HTTP/1.1
Host: asset.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://securemnt9l.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/x-icon
content-length: 14862
accept-ranges: bytes
content-disposition: inline
content-encoding: gzip
last-modified: Wed, 04 May 2022 18:18:59 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
date: Fri, 09 Dec 2022 23:09:26 GMT
cache-control: max-age=3600, no-cache="set-cookie"
etag: "3dce-5de33a8b9cac0-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: krVqGvlELcBTsebMNM-uAs93t2eoEX4AswWWsfPOnGEhGBIEtYhB8A==
age: 1617
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5125
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:24:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5125
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:24:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5125
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:24:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5125
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:24:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5125
Expires: Sat, 10 Dec 2022 00:50:06 GMT
Date: Fri, 09 Dec 2022 23:24:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0df452512aae4c4c1f4a2cd263b16dfd
68bac75574641febc463bd0819392dae2da15811
e0a9301c5be849e116f1d98b819c2eb91f73e74d836f3e099f2cd266e8f0bb36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12743
x-amzn-requestid: 6ed8a5f4-45cd-45bd-9820-df450f612c34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eK4E_-IAMFf3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa45-31d928fc430577b463a68bd0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nD0bWCjTU6LNSsNYCNqT4rt7okG1dmPPWiw4FXSi_uNWpcZnxhZgKw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:03:37 GMT
age: 4864
etag: "68bac75574641febc463bd0819392dae2da15811"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eba44f9-82c7-4919-bc2f-4f847f621994.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eba44f9-82c7-4919-bc2f-4f847f621994.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e8a5e9d0cddf26cf3a1478d2942f2478
e8a228a857a414f04108c84670ed7bc74534407c
3a15851f412000f1647057745348bc6f6e2f0cfe481ca7a72f6e94fab8d5e52e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eba44f9-82c7-4919-bc2f-4f847f621994.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12990
x-amzn-requestid: 2e4f71f3-b81d-4822-a13a-e8367a76aa20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMREp3IAMFRJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-447650995616ab6a09780380;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D3mXg-fDM59RiUxg-BxZNdAQG4_iGSTcxhleWiDkSmwlOdxS8SGhDA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:55:31 GMT
age: 5350
etag: "e8a228a857a414f04108c84670ed7bc74534407c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a89cfef-fc4a-490b-b984-fd656e721e79.webp
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a89cfef-fc4a-490b-b984-fd656e721e79.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash afcdc2c9891132c82cd09ef237930877
3e112ad867e159d1bfdf9bfd2e2a04fea8248494
8d543255c1272d77981913e4b0e0e5efede8f4ffaa91572a3eee9e44ac035946
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a89cfef-fc4a-490b-b984-fd656e721e79.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8473
x-amzn-requestid: 40260408-5f10-42ed-832e-a8bc5d02e95c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5e9hGqwIAMFl2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393ab89-078ecefb64853b047acc2de7;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:41:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oe1qgsBhixlxqlLZdNtuON-CMoWDhGTH1SQhmQQhLGYTmp_R9FKaEw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:55:41 GMT
age: 5340
etag: "3e112ad867e159d1bfdf9bfd2e2a04fea8248494"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 69454
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05755b78-9a44-483c-9449-ae2df8a44bd0.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05755b78-9a44-483c-9449-ae2df8a44bd0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 00ad01d32ff690b4a28f6d0555c7e146
c607a2782213afcc058882ffa11a08860a6de034
b5896253222e132fa68f11fba133195a20e4aad94f8cdbfef747ded7e9243b0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05755b78-9a44-483c-9449-ae2df8a44bd0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7444
x-amzn-requestid: eaf9e585-6b52-46c3-a62a-fa591bbf2204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5f7BEV6IAMFbIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393ad13-3cab7e35787037ec74ff6e31;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:48:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Q-JwtoYGsFkpCudY52QAzpwi-93TU1Eh_1szsnTQp1jHpILapcn5PQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:55:31 GMT
etag: "c607a2782213afcc058882ffa11a08860a6de034"
content-type: image/jpeg
age: 5350
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa9678b-479f-4894-b9e7-3d05e236f19c.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa9678b-479f-4894-b9e7-3d05e236f19c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9051770b3587c195bea670f8820e8cfe
abf58087f0e345202da088238daea85d177b431b
f687a10c0ae63699a551977e9a4ec5bc7ba606b1925178d7ed4ec6728889bb2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa9678b-479f-4894-b9e7-3d05e236f19c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8841
x-amzn-requestid: 09b64f8e-60c0-4cf6-a0dc-15e597bd9d85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWH7MIAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-3471ee5f5a78b55c424e2c6d;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: F_FNF6MAvQjqQ9kTGvu8lERPdurC-ZyLWtxQ5Ezs1OBUUmejNwiQ4w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:00:13 GMT
age: 5068
etag: "abf58087f0e345202da088238daea85d177b431b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2