urlquery - report: piwcnorthhouston.org/admin/ckeditor/kcfinder/upload/files/23545470799.pdf

Overview

URL	piwcnorthhouston.org/admin/ckeditor/kcfinder/upload/files/23545470799.pdf
IP	50.62.149.29
ASN	GO-DADDY-COM-LLC
Location	United States
Report completed	2022-06-26 06:11:17 UTC
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Blocklists

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2022-06-26	2	piwcnorthhouston.org/admin/ckeditor/kcfinder/upload/files/23545470799.pdf	Malware
2022-06-26	2	piwcnorthhouston.org/admin/ckeditor/kcfinder/upload/files/23545470799.pdf	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

Files

URL	piwcnorthhouston.org/admin/ckeditor/kcfinder/upload/files/23545470799.pdf
IP	50.62.149.29
Magic	PDF document, version 1.4, 4 pages\012- data
Size	318230
MD5	eaaffeb3895a2d6e112ba22927001c1a
SHA1	16e02965ff528b5100b796f5e5487209779199c3
SHA256	79d22e90b11b25debdaf6769400a00fd6009be435b85ef3aba760813be817f35

Analyzer	Analysed	Verdict	Comment
VirusTotal		0/0

Passive DNS (8)

Passive DNS Source	Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
[Mnemonic Passive DNS]	ocsp.digicert.com (1)	86	2012-11-29 12:49:49 UTC	2022-06-25 20:40:55 UTC	93.184.220.29
[Mnemonic Passive DNS]	push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2022-06-26 04:22:22 UTC	35.163.37.142
[Mnemonic Passive DNS]	img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-06-26 04:22:13 UTC	34.120.237.76
[Mnemonic Passive DNS]	firefox.settings.services.mozilla.com (3)	867	2016-03-17 08:25:01 UTC	2020-05-25 20:01:47 UTC	54.230.111.7
[Mnemonic Passive DNS]	r3.o.lencr.org (4)	344	2020-12-02 08:52:13 UTC	2022-06-25 05:00:24 UTC	23.36.77.32
[Mnemonic Passive DNS]	content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-06-26 04:30:16 UTC	54.230.111.14
[Mnemonic Passive DNS]	contile.services.mozilla.com (1)	1114	No data	No data	34.117.237.239
[Mnemonic Passive DNS]	piwcnorthhouston.org (3)	0	2021-03-19 15:29:48 UTC	2021-03-19 15:29:48 UTC	50.62.149.29	Unknown ranking

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 50.62.149.29

Date	UQ / IDS / BL	URL	IP
2022-08-12 18:44:29 +0000	0 - 0 - 1	fantasypartyentertainment.com/wp-content/plug (...)	50.62.149.29
2022-08-12 16:28:20 +0000	0 - 0 - 1	fantasypartyentertainment.com/wp-content/plug (...)	50.62.149.29
2022-08-03 02:45:08 +0000	0 - 0 - 3	piwcnorthhouston.org/admin/ckeditor/kcfinder/ (...)	50.62.149.29
2022-07-30 15:27:22 +0000	0 - 0 - 1	fantasypartyentertainment.com/wp-content/plug (...)	50.62.149.29
2022-07-28 13:15:29 +0000	0 - 0 - 2	piwcnorthhouston.org/admin/ckeditor/kcfinder/ (...)	50.62.149.29
2022-07-21 11:17:27 +0000	0 - 0 - 5	piwcnorthhouston.org/admin	50.62.149.29
2022-07-08 02:15:23 +0000	0 - 0 - 5	rentkayaksnearme.com/	50.62.149.29
2022-07-02 10:17:44 +0000	0 - 0 - 5	https://rentkayaksnearme.com/fswg/	50.62.149.29
2022-06-27 18:42:34 +0000	0 - 0 - 1	fantasypartyentertainment.com/wp-content/plug (...)	50.62.149.29
2022-06-23 18:14:01 +0000	0 - 0 - 1	fantasypartyentertainment.com/wp-content/plug (...)	50.62.149.29

Last 10 reports on ASN: GO-DADDY-COM-LLC

Date	UQ / IDS / BL	URL	IP
2022-08-19 10:32:37 +0000	0 - 0 - 4	armandotechnology.com.br/systemd/05/IQ/d3JovX (...)	173.201.176.176
2022-08-19 10:02:53 +0000	0 - 0 - 4	vaidikdentalcollege.edu.in/unim/edtauexpit	160.153.42.196
2022-08-19 10:02:19 +0000	0 - 0 - 6	aayushakti.com/ltin/mcaciffuio	173.201.191.15
2022-08-19 10:02:08 +0000	0 - 0 - 6	aayushakti.com/ltin/daelqiiiiupmtd	173.201.191.15
2022-08-19 09:28:34 +0000	8 - 0 - 0	elitechairlifts.com/secu45tb/auth.php?md=moOR (...)	132.148.244.203
2022-08-19 09:05:11 +0000	0 - 0 - 2	atelierkikala.com/Facebook/zWUe7fBXDJ/	216.70.89.121
2022-08-19 08:40:00 +0000	8 - 0 - 1	elitechairlifts.com/support.68/auth.php?YHVvu (...)	132.148.244.203
2022-08-19 08:33:57 +0000	8 - 0 - 0	elitechairlifts.com/secu45tb/auth.php?WOsiLTN (...)	132.148.244.203
2022-08-19 08:31:48 +0000	8 - 0 - 0	elitechairlifts.com/secu45tb/auth.php?IETBXLd (...)	132.148.244.203
2022-08-19 08:09:47 +0000	8 - 0 - 0	elitechairlifts.com/secure.com/auth.php?md=qH (...)	132.148.244.203

Last 7 reports on domain: piwcnorthhouston.org

Date	UQ / IDS / BL	URL	IP
2022-08-03 02:45:08 +0000	0 - 0 - 3	piwcnorthhouston.org/admin/ckeditor/kcfinder/ (...)	50.62.149.29
2022-07-28 13:15:29 +0000	0 - 0 - 2	piwcnorthhouston.org/admin/ckeditor/kcfinder/ (...)	50.62.149.29
2022-07-21 11:17:27 +0000	0 - 0 - 5	piwcnorthhouston.org/admin	50.62.149.29
2022-06-21 09:12:00 +0000	0 - 0 - 3	piwcnorthhouston.org/admin/ckeditor/kcfinder/ (...)	50.62.149.29
2022-06-20 21:11:09 +0000	0 - 0 - 3	piwcnorthhouston.org/admin/ckeditor/kcfinder/ (...)	50.62.149.29
2022-06-20 10:54:46 +0000	0 - 0 - 2	piwcnorthhouston.org/admin/ckeditor/kcfinder/ (...)	50.62.149.29
2022-06-20 01:49:47 +0000	0 - 0 - 4	piwcnorthhouston.org/admin/ckeditor/kcfinder/ (...)	50.62.149.29

JavaScript

Executed Scripts (2)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (20)

Request	Response
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 91dd975a7b17b2922dd23c0e49314e40$ 54.230.111.7 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Sun, 26 Jun 2022 05:45:57 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: xw4GE61iw8xkVGWcmMbRHr8fuZgS0G5nTv3RRTs9zLoI6aV93IE0wA== Age: 1504 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 91dd975a7b17b2922dd23c0e49314e40 Sha1: 57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2 Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "B2CEB864B9C1A231269357C6D1FFC192D76116996A5363EE4A1B4B149AAD447A" Last-Modified: Fri, 24 Jun 2022 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3207 Expires: Sun, 26 Jun 2022 07:04:28 GMT Date: Sun, 26 Jun 2022 06:11:01 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 4ee093bb327d344f08701694f6ff84ac Sha1: 15f704888f8f44953533a26728aca3f09e91aa95 Sha256: b2ceb864b9c1a231269357c6d1ffc192d76116996a5363ee4a1b4b149aad447a
GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	$Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 48ca0beea419a9039591cf1aee5179e0$ 54.230.111.14 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 last-modified: Wed, 11 May 2022 19:51:39 GMT content-disposition: attachment accept-ranges: bytes server: AmazonS3 date: Sun, 26 Jun 2022 02:10:54 GMT etag: "48ca0beea419a9039591cf1aee5179e0" x-cache: Hit from cloudfront via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: Gt999PIOa_Y-X_XvmIOPGRka3E9G1eljnVT7wv1k_laqiMD3oHxJTA== age: 14408 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 48ca0beea419a9039591cf1aee5179e0 Sha1: 9e92629f505fcc07aab51221e8fe62197a23e307 Sha256: 630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6$ 34.117.237.239 HTTP/2 200 OK server: nginx date: Sun, 26 Jun 2022 06:11:01 GMT content-type: application/json content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /favicon.ico HTTP/1.1 Host: piwcnorthhouston.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://piwcnorthhouston.org/	$Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f$ 50.62.149.29 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 26 Jun 2022 06:11:01 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=5 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /admin/ckeditor/kcfinder/upload/files/23545470799.pdf HTTP/1.1 Host: piwcnorthhouston.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	$Magic: PDF document, version 1.4, 4 pages\012- data Size: 318230 Md5: eaaffeb3895a2d6e112ba22927001c1a$ 50.62.149.29 HTTP/1.1 200 OK Content-Type: application/pdf Date: Sun, 26 Jun 2022 06:11:01 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 29 Apr 2022 02:59:01 GMT ETag: "2d810e1-4db16-5ddc239810a6b" Accept-Ranges: bytes Content-Length: 318230 Vary: Accept-Encoding Keep-Alive: timeout=5 --- Additional Info --- Magic: PDF document, version 1.4, 4 pages\012- data Size: 318230 Md5: eaaffeb3895a2d6e112ba22927001c1a Sha1: 16e02965ff528b5100b796f5e5487209779199c3 Sha256: 79d22e90b11b25debdaf6769400a00fd6009be435b85ef3aba760813be817f35 Alerts: Blocklists: - fortinet: Malware File Analyzers: - virustotal: 0/0
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243$ 54.230.111.7 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Date: Sun, 26 Jun 2022 05:31:51 GMT Cache-Control: max-age=3600 Expires: Sun, 26 Jun 2022 06:14:34 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: rH4H7Y_0EqAQvaS7nF-RkmmiFLvHW7Jgyl7iAS3Dk2_eX1Z60oiezQ== Age: 2351 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 2619 Cache-Control: 'max-age=158059' Date: Sun, 26 Jun 2022 06:11:02 GMT Last-Modified: Sun, 26 Jun 2022 05:27:23 GMT Server: ECS (ska/F70C) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 3aef152b0353f2b1c3e6aa96c195ef89 Sha1: 9f1ea9ad1eca82ea1263a49e272e017197b3bca0 Sha256: 030af5d0fa2cdf50202fcd3d7d3afab1843178619a219286794b35944e5a9e92
GET /admin/ckeditor/kcfinder/upload/files/23545470799.pdf HTTP/1.1 Host: piwcnorthhouston.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 Range: bytes=262144-318229	50.62.149.29 HTTP/1.1 206 Partial Content Content-Type: application/pdf Date: Sun, 26 Jun 2022 06:11:02 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 29 Apr 2022 02:59:01 GMT ETag: "2d810e1-4db16-5ddc239810a6b" Accept-Ranges: bytes Content-Length: 56086 Vary: Accept-Encoding Content-Range: bytes 262144-318229/318230 Keep-Alive: timeout=5 --- Additional Info --- Magic: data Size: 56086 Md5: f97972e0209cb4f5c28b73c036e179a9 Sha1: b745d9297f88b504e5d4768f357f734fcfe90ea3 Sha256: d581d4a9222fa7f33dfb7ac8163806331a3e4aa86208fcca1dfeeebda8bb34de Alerts: Blocklists: - fortinet: Malware
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: 4vN4lizClTkrAb8fP3GLYQ== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	35.163.37.142 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: cE4GsA+Qfpq+irw4TWG2oOkihew= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221656205032996%22 HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (21309), with no line terminators Size: 4503 Md5: 2d836458dd7b4ac49a8aad2d3e79a420$ 54.230.111.7 HTTP/1.1 200 OK Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Sun, 26 Jun 2022 00:57:12 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Content-Encoding: br Date: Sun, 26 Jun 2022 06:02:00 GMT Cache-Control: max-age=3600 Expires: Sun, 26 Jun 2022 06:02:22 GMT Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: upjLLSSq7urCoFQe1m-14zJF1WEEzb3UnS3-7zTuMmJ0nEIhkMFEiA== Age: 544 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (21309), with no line terminators Size: 4503 Md5: 2d836458dd7b4ac49a8aad2d3e79a420 Sha1: 7941e8cefdeeb5a94f06142f5aa4ae82976f35e2 Sha256: fdc1b2daae431c5a42fad873f162703715287e007566df134ec395eb084b865d
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "9A4C6D127F3E8F2083A588B1B6818BD65AF7810F7C768B54964E17690F0BB083" Last-Modified: Fri, 24 Jun 2022 07:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7912 Expires: Sun, 26 Jun 2022 08:22:56 GMT Date: Sun, 26 Jun 2022 06:11:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 82ecfda8070a1589bab6a0e9d2e093c1 Sha1: 622380ad48f373dfe85ea7f9b03b8405978928d5 Sha256: 9a4c6d127f3e8f2083a588b1b6818bd65af7810f7c768b54964e17690f0bb083
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "9A4C6D127F3E8F2083A588B1B6818BD65AF7810F7C768B54964E17690F0BB083" Last-Modified: Fri, 24 Jun 2022 07:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7912 Expires: Sun, 26 Jun 2022 08:22:56 GMT Date: Sun, 26 Jun 2022 06:11:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 82ecfda8070a1589bab6a0e9d2e093c1 Sha1: 622380ad48f373dfe85ea7f9b03b8405978928d5 Sha256: 9a4c6d127f3e8f2083a588b1b6818bd65af7810f7c768b54964e17690f0bb083
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "9A4C6D127F3E8F2083A588B1B6818BD65AF7810F7C768B54964E17690F0BB083" Last-Modified: Fri, 24 Jun 2022 07:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7912 Expires: Sun, 26 Jun 2022 08:22:56 GMT Date: Sun, 26 Jun 2022 06:11:04 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 82ecfda8070a1589bab6a0e9d2e093c1 Sha1: 622380ad48f373dfe85ea7f9b03b8405978928d5 Sha256: 9a4c6d127f3e8f2083a588b1b6818bd65af7810f7c768b54964e17690f0bb083
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3e1d84a-1728-47d8-bc04-7da5b27045d9.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9721 Md5: 01fd8b5742b0e38247b34253cb075e35$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 9721 x-amzn-requestid: fab55318-719e-4e9c-8f66-fba724da75cd x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: TychIE3yoAMFdKA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62aa746d-78b50b690376a97d6772c393;Sampled=0 x-amzn-remapped-date: Thu, 16 Jun 2022 00:08:13 GMT x-amz-cf-pop: SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: czQapidkTq5nbQwHkw6fRfHnnmdAc5yjWc1B6AiEGteeKITUhq0cUg== via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google date: Sun, 26 Jun 2022 00:16:56 GMT age: 21248 etag: "824c12da88732481458fc6c1a455c7382a649e3c" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9721 Md5: 01fd8b5742b0e38247b34253cb075e35 Sha1: 824c12da88732481458fc6c1a455c7382a649e3c Sha256: 00bd45c3a5866f9bb316788864b2ff8f083c5f1d00c2a3a5abdc65aaa1fea08b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5da973c-ee18-4113-9c92-044ec854e249.webp HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6697 Md5: e5ca63c18892200dbd56239af7d33890$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 6697 x-amzn-requestid: 2defccdb-d2da-413a-87a1-b9e0fd87a277 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UTDE6H_uIAMF1Cg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62b77eec-39d84daf68c4cf31091035ec;Sampled=0 x-amzn-remapped-date: Sat, 25 Jun 2022 21:32:28 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: zaFN8KhMGbn6ZPmRs9vc6pVL8rrCzpRSqTPVlL90P7RLhnrhCLaLGw== via: 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google date: Sat, 25 Jun 2022 21:42:44 GMT age: 30500 etag: "c7bc2d954e2413edf8efdd135e1df9008cc42fe0" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6697 Md5: e5ca63c18892200dbd56239af7d33890 Sha1: c7bc2d954e2413edf8efdd135e1df9008cc42fe0 Sha256: cb1684559264ba607f26b5df148589e3b86be5a450fc9cb70f8174c80b8e0873
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad0e66ab-2eff-4b07-97d4-8aef2204d2e6.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8532 Md5: 30b326f3c723aedd3fb906437551f1fd$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 8532 x-amzn-requestid: 9b0563f7-5fd3-43da-a797-27eb920fa991 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UTaUMH3dIAMFbQQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62b7a41a-619921a50891057a26b9152b;Sampled=0 x-amzn-remapped-date: Sun, 26 Jun 2022 00:11:06 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: ptVEdOZi80qs7Q6vdcl9vI6UMfVRcILdl7hRKnGEtTbtNrHoXTGVyQ== via: 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google date: Sun, 26 Jun 2022 00:24:19 GMT age: 20805 etag: "9a01c55bc335f4a0bccb30f1f6bce05e6166f0ea" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8532 Md5: 30b326f3c723aedd3fb906437551f1fd Sha1: 9a01c55bc335f4a0bccb30f1f6bce05e6166f0ea Sha256: a498f7da0e1349370b0ad28d0d2690977201f201f55715f52c7086e874470f5b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe924215b-63aa-4e9b-bee5-89aff1024828.webp HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 14114 Md5: 3b4d47fde47da1dc95bf5fc2f5befbfb$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 14114 x-amzn-requestid: 2ac627d3-802f-4f6e-a6d7-932c95e8277d x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UTDq3EUHoAMFiDA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62b77fde-552fb2ea20ba22386b0dbbb8;Sampled=0 x-amzn-remapped-date: Sat, 25 Jun 2022 21:36:31 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: eUcURg_u4bYye_QtpvCgxuGMK6Ew8nDzVnoeHbjVbAII7cuGuX0CPw== via: 1.1 f62c9ca47e35df5c65764381977823a6.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google date: Sat, 25 Jun 2022 21:42:21 GMT age: 30523 etag: "b96b95b17ad1d65d044ce00bca0986d32dc22bda" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 14114 Md5: 3b4d47fde47da1dc95bf5fc2f5befbfb Sha1: b96b95b17ad1d65d044ce00bca0986d32dc22bda Sha256: af5855dec19e57f15b3526d39567c4f54ea3513e5d3d40e039075ea1824b5081
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F078fb16a-ed33-4dc3-8f0d-fa2af1b1a290.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11483 Md5: 1e0d05753e633912c3b1d61427a2384e$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 11483 x-amzn-requestid: 31728949-c166-4867-b377-2d9ac07fb6e0 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UTDsuEZdoAMFWIA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62b77fea-0ba36d817950cc271cc3e3dc;Sampled=0 x-amzn-remapped-date: Sat, 25 Jun 2022 21:36:42 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: -TUpVxLspf9nL6sVtRnSSKCKJLkik7UM85tJ47P7QnTBhXSOCFDttQ== via: 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google date: Sat, 25 Jun 2022 21:42:44 GMT etag: "53b0cb739723cc34657019cde118b003970cbb86" content-type: image/jpeg age: 30500 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11483 Md5: 1e0d05753e633912c3b1d61427a2384e Sha1: 53b0cb739723cc34657019cde118b003970cbb86 Sha256: f84afe24d5c52db107a9767c445709223d112ff7adccf296e0e2d79899f73310
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3854eb68-0642-47af-95b9-fc37c2ca36da.webp HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7257 Md5: 1b89005ecdb94bc390f180c3ec087333$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 7257 x-amzn-requestid: 2af0615b-0a71-4e5a-b30d-db8fdc1fc29c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UTaQNH2PoAMFp6A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62b7a401-21cdb8e35563085837105e0a;Sampled=0 x-amzn-remapped-date: Sun, 26 Jun 2022 00:10:41 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: bslhrnGYlmi2hfI9hXqs7oAlvtJeUXYMepylZnCSxyX0w8g8luMkag== via: 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google date: Sun, 26 Jun 2022 00:46:08 GMT etag: "1d828313015296c4664a06ed670253230f36faeb" content-type: image/jpeg age: 19496 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7257 Md5: 1b89005ecdb94bc390f180c3ec087333 Sha1: 1d828313015296c4664a06ed670253230f36faeb Sha256: ebe6c115a5afa38ceead50cd91b09f8013347b69ccb8c544646428b838aead2e