Report - tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/

Report Overview

Submitted URL
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
IP
149.62.169.16
ASN
#50926 Axarnet Comunicaciones, S.l.
Submitted
2022-11-25 05:24:02
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.160.51.228
cfspart.impots.gouv.fr	643420	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	897 B	15 kB	145.242.11.27
ocsp.usertrust.com	899	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	342 B	2.8 kB	104.18.32.68
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	964 B	104.18.32.68
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	47 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
tamarafreitas.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	160 kB	149.62.169.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-24	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/	DGI (French Tax Authority)

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery.min.js.9.delaye	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/application2.8.delaye	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery-ui.js.a.delaye	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/datepicker-jquery-ui.js	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/bootstrap.js.c.delaye	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.js.html	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/satelit.js.e.delaye	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/dialogue.js.10.delaye	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/boutonsgeneriques.js.11	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.20.del	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.21.del	Phishing
2022-11-25	medium	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.22.del	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery.min.js.9.delaye	12 kB	2023-03-08	2024-02-11
Pretty URL tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery.min.js.9.delaye IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:55:44 Last Seen2024-02-11 09:29:47 Times Seen1 Hash e58a860d8e41196fe5a0d71131d5f341 eb3088e3a139889d331af84dcf3e06fba2613c63 b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd Loading...

HTTP Transactions (42)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11875
Expires: Fri, 25 Nov 2022 08:41:46 GMT
Date: Fri, 25 Nov 2022 05:23:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5241
Expires: Fri, 25 Nov 2022 06:51:13 GMT
Date: Fri, 25 Nov 2022 05:23:52 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5409
Cache-Control: max-age=110248
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 05:23:52 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:01:20 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: IYc9Z0kMJZ8xJ8A9l5u0p22RJ/tOyUgYnYgkkYUsbtrWAwqM4dG2+NezjkVkNpSoclySMJ9M5h0=
x-amz-request-id: DCMARP1P4NXQVWWH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 04:43:42 GMT
age: 2410
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 05:19:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 289
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
191b1cd61cebdd9d90d35b797ed39f14
2c189e981b3cd4781944c7aea1e7e84e9b7a44ea
d4128f90cee4c418df48d8236af8b6529bc8b9b87921d20b4915358161c2dfb1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D4128F90CEE4C418DF48D8236AF8B6529BC8B9B87921D20B4915358161C2DFB1"
Last-Modified: Thu, 24 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17295
Expires: Fri, 25 Nov 2022 10:12:07 GMT
Date: Fri, 25 Nov 2022 05:23:52 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 05:23:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/

149.62.169.16

200 OK

3.7 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (534)
Size
3.7 kB (3704 bytes)
Hash
f84ade58143f80ac466accebcbc8856d
e8bcde151b3252aeacd6ddf5f1d0793bf6a138ce
3cb1faf74bfdc70c7400ee1fbc87594ec9fdec54883c1224d739a7b12b6457e3

Detections

Analyzer	Verdict	Alert
openphish	DGI (French Tax Authority)
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/ HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 14:48:48 GMT
ETag: "453b-5ee2462d65400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 3704
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: text/html

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery.min.js.9.delaye

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery.min.js.9.delaye
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery.min.js.9.delaye HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/application2.8.delaye

149.62.169.16

200 OK

3.1 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/application2.8.delaye
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
3.1 kB (3121 bytes)
Hash
b312973782413e3d84d41053f637f554
20baed21a03e1362da1daad70813c8e41faf4c2c
bc296e95f044160f4c39ef573ecedb5b0e921456bdade1fa2e83141e27a9a0c1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/application2.8.delaye HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "c31-57b0829281200"
Accept-Ranges: bytes
Content-Length: 3121
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: application/x-troff-man

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery-ui.js.a.delaye

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery-ui.js.a.delaye
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/jquery-ui.js.a.delaye HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/datepicker-jquery-ui.js

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/datepicker-jquery-ui.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/datepicker-jquery-ui.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/bootstrap.js.c.delaye

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/bootstrap.js.c.delaye
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/bootstrap.js.c.delaye HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: text/plain

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.js.html

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.js.html
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.js.html HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: text/html

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/satelit.js.e.delaye

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/satelit.js.e.delaye
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/satelit.js.e.delaye HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/dialogue.js.10.delaye

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/dialogue.js.10.delaye
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/dialogue.js.10.delaye HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/boutonsgeneriques.js.11

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/boutonsgeneriques.js.11
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/boutonsgeneriques.js.11 HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 19:00:10 GMT
ETag: "2e24-57b0920470280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: application/javascript

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 05:08:53 GMT
cache-control: public,max-age=3600
age: 899
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css

149.62.169.16

200 OK

82 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65368)
Size
82 kB (82166 bytes)
Hash
537620cf9cd248b48a89cf20754ac51f
c33fadbe3c75124384d99ba2f1deb817b32e919f
cfb13152305d35d13df83c4032dc8f3de604c4657a558196631aaebaf9fedf5b

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "65d5e-57b0829281200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3474
Cache-Control: max-age=103251
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 05:23:52 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:04:43 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/ta3.png

149.62.169.16

200 OK

432 B

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/ta3.png
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
PNG image data, 17 x 19, 8-bit/color RGB, non-interlaced\012- data
Size
432 B (432 bytes)
Hash
9ae0b7a7040b979825e1d4c8fb9589a3
d838d04af56a4a081397c8b9c73219c5c4805e6b
bda626f9a65798d374231e7a83027fbb2dbb53b9e7662a247f32a4de1b03b4f2

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/ta3.png HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "1b0-57b0829281200"
Accept-Ranges: bytes
Content-Length: 432
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive
Content-Type: image/png

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/suit.png

149.62.169.16

200 OK

1.5 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/suit.png
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
PNG image data, 88 x 68, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1457 bytes)
Hash
b8f3245ef96c6b7e0d6724f9930f8cf5
41a1509019219d6efe2ae0ecd9dcf9de1c1417f9
ad20b04fe8aa8e8c54449b387d21e854198e618a820bbca3f8a8bb01f62b0761

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/suit.png HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "5b1-57b0829281200"
Accept-Ranges: bytes
Content-Length: 1457
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: image/png

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/boutton.png

149.62.169.16

200 OK

1.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/boutton.png
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
PNG image data, 107 x 37, 8-bit/color RGB, non-interlaced\012- data
Size
1.0 kB (1001 bytes)
Hash
bbeb4383154a9c108865ac7a04d28886
cc9d69202a0742e699490586c1e03f3be426c243
833cf2f16ce40bd7ddd7b31bce4ce464d92e9cbe032fc12675fd80ef55239a6f

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/boutton.png HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Mon, 19 Nov 2018 17:51:04 GMT
ETag: "3e9-57b0829281200"
Accept-Ranges: bytes
Content-Length: 1001
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive
Content-Type: image/png

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.20.del

149.62.169.16

200 OK

12 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.20.del
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
12 kB (11812 bytes)
Hash
e58a860d8e41196fe5a0d71131d5f341
eb3088e3a139889d331af84dcf3e06fba2613c63
b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.20.del HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00"
Accept-Ranges: bytes
Content-Length: 11812
Vary: Accept-Encoding
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive
Content-Type: text/html

tamarafreitas.com/reservas_2/cfspart.impots.gouv.fr/stl/styles/rwd/img/favicon-152.png

149.62.169.16

404 Not Found

1.8 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/cfspart.impots.gouv.fr/stl/styles/rwd/img/favicon-152.png
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
1.8 kB (1817 bytes)
Hash
9f3e4c2e5bca00e0d1a5667ec3876881
769ed6d0b884bf25025ed37ee437e6ee21601d64
082c5eba49fccc8b9d7bb3594c72ffb1e741eb051a806af3daf126a294e5da2f

HTTP Headers

GET /reservas_2/cfspart.impots.gouv.fr/stl/styles/rwd/img/favicon-152.png HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2022 17:25:01 GMT
ETag: "719-5e80579f03efb"
Accept-Ranges: bytes
Content-Length: 1817
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=297
Connection: Keep-Alive
Content-Type: text/html

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.21.del

149.62.169.16

200 OK

12 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.21.del
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
12 kB (11812 bytes)
Hash
e58a860d8e41196fe5a0d71131d5f341
eb3088e3a139889d331af84dcf3e06fba2613c63
b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.21.del HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00"
Accept-Ranges: bytes
Content-Length: 11812
Vary: Accept-Encoding
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=297
Connection: Keep-Alive
Content-Type: text/html

tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.22.del

149.62.169.16

200 OK

4.0 kB

URL HTTP/1.1
tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.22.del
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (358)
Size
4.0 kB (4017 bytes)
Hash
2d5605a88880ddef7fb72a9280900f78
9729a6edf55c86a130364c3daaa9163caa132570
17270a908d31534a62cdaf28cbb5232f628299ebfbbd0f89e0e1547ab90fd399

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/fonts/opensan/opensans-regular.22.del HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/reservas_2/font/Ace_Sans/OTF/AceSans/gouv_frportail_node22/FMf5BFHFS54dfFRANCE22IMPOTsd/7e85f/Paiement_/inea.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Server: Apache
Last-Modified: Tue, 20 Nov 2018 00:49:52 GMT
ETag: "2e24-57b0e02e6ec00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 4017
Keep-Alive: timeout=3, max=296
Connection: Keep-Alive
Content-Type: text/html

ocsp.usertrust.com/

104.18.32.68

200 OK

2.2 kB

URL HTTP/1.1
ocsp.usertrust.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
2.2 kB (2236 bytes)
Hash
4acf128ebf36446272a690550af5cdfb
56bd11cefa7ffbba217fe6305ce065fce4b0ae80
7e361f2e2ef74f999fca6c51ccfb030e996dbee63256ccc2e16276c03d023e88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:52 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 10:12:16 GMT
Expires: Wed, 30 Nov 2022 10:12:15 GMT
Etag: "56bd11cefa7ffbba217fe6305ce065fce4b0ae80"
Cache-Control: max-age=602758,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 51
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f7f4702b74b51d-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
331d3c2cc73bd370b3e747f9a6cca248
9cae75546ae058f3e75bb3543d8a5d8ba4d4b47e
4c8004bc9e00eee99a9f298b42e2d48d3cdffe375306552349e7f47e49f7b53a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 21 Nov 2022 18:59:04 GMT
Expires: Mon, 28 Nov 2022 18:59:03 GMT
Etag: "9cae75546ae058f3e75bb3543d8a5d8ba4d4b47e"
Cache-Control: max-age=307509,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76f7f4703984fab8-OSL

push.services.mozilla.com/

35.160.51.228

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.51.228:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WEi1woHFnJg1QdBd0X38Wg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pLH5ih9lfJl9FlYPfOmpBT930Hc=

cfspart.impots.gouv.fr/stl/styles/rwd/img/favicon.ico

145.242.11.27

302 Found

324 B

URL HTTP/1.1
cfspart.impots.gouv.fr/stl/styles/rwd/img/favicon.ico
IP
145.242.11.27:0
ASN
#3215 Orange

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
324 B (324 bytes)
Hash
17efb749d9472c5c4ee9511ac32349d6
d427f9a8dd211391276970116539e8d38b2455db
0197564551359801a069d06a2455b5a9dc6e0ee06a855e8f1419c409764ecc5e

HTTP Headers

GET /stl/styles/rwd/img/favicon.ico HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Date: Fri, 25 Nov 2022 05:23:53 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Set-Cookie: lemondgfipprodpart=_test_client; domain=cfspart.impots.gouv.fr; path=/
Pragma: no-cache
Connection: close
Location: https://cfspart.impots.gouv.fr/LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL3N0bC9zdHlsZXMvcndkL2ltZy9mYXZpY29uLmljbw==
Content-Length: 324
Content-Type: text/html; charset=iso-8859-1

cfspart.impots.gouv.fr/LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL3N0bC9zdHlsZXMvcndkL2ltZy9mYXZpY29uLmljbw==

145.242.11.27

200 OK

13 kB

URL HTTP/1.1
cfspart.impots.gouv.fr/LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL3N0bC9zdHlsZXMvcndkL2ltZy9mYXZpY29uLmljbw==
IP
145.242.11.27:0
ASN
#3215 Orange

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (464)
Size
13 kB (12869 bytes)
Hash
99ac723d8f126d5c3993a11d37c91a04
c12945e04a28c2d3b49084fbd579860b9d683a92
384d950f87b251b8f886640e30c3e3b244b5e1efefe12489bcc8c02a32de2dec

HTTP Headers

GET /LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL3N0bC9zdHlsZXMvcndkL2ltZy9mYXZpY29uLmljbw== HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tamarafreitas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 05:23:53 GMT
Server: Apache
Set-Cookie: ctxcfs=1efa18224a575a457737a34136d18cf0; domain=cfspart.impots.gouv.fr; path=/
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' https://app.franceconnect.gouv.fr https://cfsfc.impots.gouv.fr ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Via: dpapusx027
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12869
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 05:23:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 05:23:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 05:23:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 05:23:54 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e6e0ab1-c4cf-40e6-973b-bb3db1a860e8.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e6e0ab1-c4cf-40e6-973b-bb3db1a860e8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11586 bytes)
Hash
c6b9b5ebc32235ed8f3e15df013963f0
46ee95ebee3d60f64d2b7f568673b13ea27a42a3
4fdf6f239f6931442d93a00acd8af1f5192f77143885945c27e137ef3683338e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e6e0ab1-c4cf-40e6-973b-bb3db1a860e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11586
x-amzn-requestid: 30d340e5-328d-4f00-8cd4-3cb6e2b50265
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8JtyEIHoAMFdnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b2324-09bb4d434ff852b456537e15;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:05:08 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: TYDelnop2OJO_fQdmSzyZJLYx94FU1GxYpDjWCTp3moRS7qzibvTSA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:56:21 GMT
age: 77253
etag: "46ee95ebee3d60f64d2b7f568673b13ea27a42a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4270 bytes)
Hash
648677a7e7bab1896a190d2e5fb7243c
6217a262002244ef3f2e8034076a735cafd9888a
72f2913f7c0770ebab0f2683bdc1ec5a5db8872e8f2c62a8fd5c9178b95dbb06

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F216636c8-4200-4f0d-83d2-8579be32f1ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4270
x-amzn-requestid: 7327f8fb-804b-4d09-83dc-628e35ffa74b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8xFwXoAMFkqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-33f83cea2c585279140f4f59;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rKROwsZ-X8yDd4iVaYBaNFe6bgHaThxafIt76PBgLoOTrPMqAVQ9iQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:22:43 GMT
age: 25271
etag: "6217a262002244ef3f2e8034076a735cafd9888a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8006 bytes)
Hash
8b6ee13d43732f7c764a49500d092865
5d15fd672e968d59b541e4d5d0d01cd5e69f4075
fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NntLZ3wUdcX9kEo-afFLU0TPKgqAlSK3bToNh2mmoqoyLBJINNk7ow==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:39 GMT
age: 26955
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (3955 bytes)
Hash
4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 3654
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 1166
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8277 bytes)
Hash
f59a591b222397ff0f01c22a0786e660
6a8504212141af411a18ce58960c8bb52e8116ac
624847cfdfcd770d2dee8a2b85f3c7c480cda58ba2aef1135184f3dffc30d1f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8277
x-amzn-requestid: e84a5668-cd91-42af-b6de-5eb694ea56e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-KFtmIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38d-64513fb257d83b9847c82929;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: O4PtH20kVWgH-Jf_TivPqMqjnwrZB_8XvZAkDDzLLFPXVjqzkz1YJw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:59:22 GMT
age: 26672
etag: "6a8504212141af411a18ce58960c8bb52e8116ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size