Report - ybfdvjmtj-01924995.freshminlog.workers.dev/

Report Overview

Submitted URL
ybfdvjmtj-01924995.freshminlog.workers.dev/
IP
104.21.15.105
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-28 08:44:42
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.in2tech.com.au	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	424 B	42 kB	103.146.112.110
external-content.duckduckgo.com	5247	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	980 B	4.2 kB	52.142.125.222
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.3
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	943 B	143.204.42.158
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.213.92.18
i.ibb.co	13485	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	402 B	191 kB	51.210.32.132
status.geotrust.com	3662	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	331 B	736 B	93.184.220.29
www.kindpng.com	36118	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	29 kB	173.208.200.110
upload.wikimedia.org	2215	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	440 B	8.8 kB	91.198.174.208
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	12 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
toppng.com	38749	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	936 B	29 kB	104.21.234.160
asset.brandfetch.io	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416 B	8.7 kB	54.230.111.124
ybfdvjmtj-01924995.freshminlog.workers.dev	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	460 B	627 B	104.21.15.105
seeklogo.com	56607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	15 kB	104.21.89.176
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	49 kB	34.120.237.76
controlpanel.serverdata.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	437 B	1.9 kB	20.73.141.254
www.freeiconspng.com	134150	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	419 B	46 kB	144.76.109.178
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	406 B	32 kB	142.250.74.138
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	104.18.32.68
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	796 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-27	medium	ybfdvjmtj-01924995.freshminlog.workers.dev/	DocuSign

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-28	medium	ybfdvjmtj-01924995.freshminlog.workers.dev/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	ybfdvjmtj-01924995.freshminlog.workers.dev/	46 kB	2023-03-07	2024-03-02
Pretty URL ybfdvjmtj-01924995.freshminlog.workers.dev/ IP 104.21.15.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15:38 Last Seen2024-03-02 19:50:31 Times Seen2 Hash dd98c378dccaa4a2d28f4bb0f4aa98cb b745ffd3b2bc52dfe20b59208e334cb6f12b20bf 8ee56acca9d98730760670434ebe126b131b395fd05a3c55542b4b890bc28ddd Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-26 06:57:59 Times Seen261565 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	ybfdvjmtj-01924995.freshminlog.workers.dev/	1.7 kB	2023-03-07	2023-03-08
Pretty URL ybfdvjmtj-01924995.freshminlog.workers.dev/ IP 104.21.15.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15:38 Last Seen2023-03-08 03:01:55 Times Seen1 Hash 482707e8fe2abc6bc7fac64ff9da2b03 cf832cc465c86021f11f0e79ac4bd66e826f92b3 aab4fd33e78c0f194b8cda100e50b64b1bc095f60a49f9fac17f82482e4434a0 Loading...

		Size	First Seen	Last Seen
	#1 Write - cbcb6ee6ce0eb1d70309139d6990a148	15 kB	2023-03-07	2024-03-02
Pretty Observations First Seen2023-03-07 13:15:38 Last Seen2024-03-02 19:50:31 Times Seen2 Hash cbcb6ee6ce0eb1d70309139d6990a148 083aa34eab5fd003ad4d76145194de8b50b798a3 4ae583e5d451a44b7c9eda759d56f3e23ed3fa66ba5e1d1de3a5e47ec5eb8eca Loading...

HTTP Transactions (39)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2624
Expires: Wed, 28 Sep 2022 09:28:15 GMT
Date: Wed, 28 Sep 2022 08:44:31 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 08:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jH7_Tmg0RQoTG4jAIZvh23nLxsf_euCBthwq2FU9iI-Z3bNXTqreDA==
Age: 1732

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QAepOKTdhqwE_GNyfsOjhmNj9du3DiurF5cDETy7ngJQey8kVcBS5w==
age: 84018
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/WskRVSjYols

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/WskRVSjYols
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3a1b6c57a6f1dff9d386a3ce00d7b282
f44007c93e31b1dfe33d3e4d7352cdb16360998e
4a8c15e81f842f1ef3a96978f29f40dfbf3329b9679e6f54f8f135329dc6690b

HTTP Headers

POST /s/gts1p5/WskRVSjYols HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:44:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:44:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/WskRVSjYols

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/WskRVSjYols
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3a1b6c57a6f1dff9d386a3ce00d7b282
f44007c93e31b1dfe33d3e4d7352cdb16360998e
4a8c15e81f842f1ef3a96978f29f40dfbf3329b9679e6f54f8f135329dc6690b

HTTP Headers

POST /s/gts1p5/WskRVSjYols HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:44:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:44:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.138

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 09:42:03 GMT
expires: Tue, 26 Sep 2023 09:42:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 169348
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

toppng.com/public/uploads/thumbnail/office-365-icon-microsoft-office-logo-11563405007przwxfunpr.png

104.21.234.160

200 OK

17 kB

URL HTTP/2
toppng.com/public/uploads/thumbnail/office-365-icon-microsoft-office-logo-11563405007przwxfunpr.png
IP
104.21.234.160:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 190 x 224, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (17132 bytes)
Hash
3c533644a59f6af5553cbe6e45f0e91f
838faac735a9f42661a21abcaa13ac6025f8069d
25f90a4f798d4bec59d1bd5a52ca0faab1890b4f226db6bf7902f22f6ab4eb56

HTTP Headers

GET /public/uploads/thumbnail/office-365-icon-microsoft-office-logo-11563405007przwxfunpr.png HTTP/1.1
Host: toppng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:44:31 GMT
content-type: image/png
content-length: 17132
last-modified: Wed, 17 Jul 2019 23:10:13 GMT
etag: "5d2faad5-42ec"
expires: Fri, 28 Oct 2022 08:44:31 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N3N75eLXYPldTBN68p%2BjUC1bWkhhv%2BpVBRBwW7OV%2F0jhAz2cQ7un5SycHNca%2FZqhqE2%2FfkiXdKFBsbiMpbvB%2BB0fAhei6s5E%2FmcROP407bCTVkIYoP4ZyZ3bRBGl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b32990e3476b9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

seeklogo.com/images/R/rackspace-logo-0D6979FEF6-seeklogo.com.png

104.21.89.176

200 OK

14 kB

URL HTTP/2
seeklogo.com/images/R/rackspace-logo-0D6979FEF6-seeklogo.com.png
IP
104.21.89.176:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 292 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13930 bytes)
Hash
030a385a4ba8008a78ad4cc70211a74c
773e9787a8a67828afb8eb233a0f426e9c378782
2ebda3593da38a74cb0ba0b8e4ea766167432cc761f2f42135ebf77860899058

HTTP Headers

GET /images/R/rackspace-logo-0D6979FEF6-seeklogo.com.png HTTP/1.1
Host: seeklogo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:44:31 GMT
content-type: image/png
content-length: 13930
cache-control: public, max-age=86400
last-modified: Wed, 16 Mar 2022 06:47:14 GMT
etag: "1d83901ab5a736a"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-download-options: noopen
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zgvu2wxfhpKCf484RJaa8%2FYsarZRuS5qpu%2BrFZYhzKjZ8aXoGRge23Di2VZTEfF83qNOFmOee020iOMzgTHuXcs2c8%2BcsVYwCG1Q5F2b6ejFuCzrJ%2F%2FUcUnkGe3Fx70%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b3298db22b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:44:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
29bdf391b213ea3bc710337d60e96d46
96f1d2d4a96538cab9dd5f7e301b281af622622c
1f5260b41f6ede4b52ac881f4898d819796ede26b77fcef47164104d591d750e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 08:44:31 GMT
Last-Modified: Wed, 28 Sep 2022 08:33:39 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wNXERaa7nsQKcyfVKRMc9D268LmDPMXwQPtkcCXT6qZRlL4kCbdhPw==
Age: 652

toppng.com/public/uploads/thumbnail/yahoo-y-vector-logo-download-free-11574118306iiwnvlzexj.png

104.21.234.160

200 OK

10 kB

URL HTTP/2
toppng.com/public/uploads/thumbnail/yahoo-y-vector-logo-download-free-11574118306iiwnvlzexj.png
IP
104.21.234.160:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 190 x 190, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10118 bytes)
Hash
f640596d29ee55da5cafd7e660f9a6f8
ef5af530be3d5ae4a368a2fc2733271d6ba76c25
f3d49fb3952dd8ed34b05555cffd0921e2797c21314571fc1e4bc0b5aa4bbd32

HTTP Headers

GET /public/uploads/thumbnail/yahoo-y-vector-logo-download-free-11574118306iiwnvlzexj.png HTTP/1.1
Host: toppng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:44:31 GMT
content-type: image/png
content-length: 10118
last-modified: Mon, 18 Nov 2019 23:05:06 GMT
etag: "5dd323a2-2786"
expires: Fri, 28 Oct 2022 08:44:31 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4MNGAxpHxuCMzxHb7%2Bwwf53pGQSJPBd6r%2BQz9Vln2KHPh1esk53k7rPjEZJwdc63rS2P6QQ%2B3iO4Y9G2LC3LBZzGckO8PZ2kHRYufunTjE1C6oZOGgU9n2w18X0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b32990e2776b9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 28 Sep 2022 08:29:33 GMT
Expires: Wed, 28 Sep 2022 09:22:54 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zLTyVGcrpC392Dzng-cBAOOQF60L_TU324J7zlbK4GZmplE6gFTr3w==
Age: 898

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3ef403e381626d3bf4eacba3068b1a7c
a45bc1c73ca6a8c5d97883d695e70651b3fbd09e
c21ba8b8ad24f1aeb77281362e36f183e26efa20f249a5484bbd513a5a000556

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C21BA8B8AD24F1AEB77281362E36F183E26EFA20F249A5484BBD513A5A000556"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4793
Expires: Wed, 28 Sep 2022 10:04:24 GMT
Date: Wed, 28 Sep 2022 08:44:31 GMT
Connection: keep-alive

asset.brandfetch.io/idu0JRNI4Q/idDUrfzUIn.png

54.230.111.124

200 OK

7.9 kB

URL HTTP/2
asset.brandfetch.io/idu0JRNI4Q/idDUrfzUIn.png
IP
54.230.111.124:0
ASN
#16509 AMAZON-02

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
7.9 kB (7942 bytes)
Hash
14257c836402e215d7f1c6e3dda5f5c3
ba318612a923382a3a76735384cac46b5855c64f
cdc3e335ebaf12f19a5475dfdcdb96fb3ec880906b3335a420c9f04849f3f5cc

HTTP Headers

GET /idu0JRNI4Q/idDUrfzUIn.png HTTP/1.1
Host: asset.brandfetch.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/png
content-length: 7942
date: Tue, 27 Sep 2022 20:17:17 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, HEAD
access-control-max-age: 3600
last-modified: Tue, 09 Nov 2021 03:06:47 GMT
etag: "14257c836402e215d7f1c6e3dda5f5c3"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DvwXvKJeutphRHXDRFUucx-FVRtP8hxWMh1VmWDpQKLn2TIqjStCWw==
age: 44835
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

i.ibb.co/cg5XSyS/blurred-bg.jpg

51.210.32.132

200 OK

191 kB

URL HTTP/2
i.ibb.co/cg5XSyS/blurred-bg.jpg
IP
51.210.32.132:0
ASN
#16276 OVH SAS

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, manufacturer=BeFunky, orientation=upper-left, xresolution=94, yresolution=102, resolutionunit=2, software=BeFunky Photo Editor], baseline, precision 8, 1774x903, components 3\012- data
Size
191 kB (190875 bytes)
Hash
b67aba4b80e7d1e2de4d86679d800fa8
f90d546398059368a07da6ad2a9faddcdf27e37a
ccfcc08bcc47330678dfa3ae89b38381deea22a86af8b765d41616ad8cec3c3b

HTTP Headers

GET /cg5XSyS/blurred-bg.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:44:31 GMT
content-type: image/jpeg
content-length: 190875
last-modified: Wed, 13 Jul 2022 02:13:33 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a1074aa02cf8673dd45b0636c66aa93f
03cc4bfb2f256275f3b8389118e597ad59e1e74b
7ede9c7a4deaea9b9c896d0833f796be243fed62161cd4fcfef19be21681322a

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 682
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:44:31 GMT
Last-Modified: Wed, 28 Sep 2022 08:33:09 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
ac8037c565dce98d9f1d9f5eed477433
3370e46aeea6f6e5a56243077600d0e98d3bcdfb
b2233f25cfa49689043d4cef28635f70c9e783c3b7d9f21e037656462f28397f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:44:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 20:47:33 GMT
Expires: Tue, 04 Oct 2022 20:47:32 GMT
Etag: "3370e46aeea6f6e5a56243077600d0e98d3bcdfb"
Cache-Control: max-age=561180,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 751b32997a9f1c06-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5280
Cache-Control: max-age=89415
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:44:31 GMT
Etag: "6332af16-1d7"
Expires: Thu, 29 Sep 2022 09:34:46 GMT
Last-Modified: Tue, 27 Sep 2022 08:06:46 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

controlpanel.serverdata.net/content/images/icons/custom/aduser.svg

20.73.141.254

200 OK

1.3 kB

URL HTTP/2
controlpanel.serverdata.net/content/images/icons/custom/aduser.svg
IP
20.73.141.254:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1256), with no line terminators
Size
1.3 kB (1256 bytes)
Hash
a588d6da68b70306f3ab2cfa21f4f9b3
3dcc2cf3854e85b6b8049814d7289bbebc48dbd3
36f53d513f4ade6962ea9b5342113dfb07037c5c22252338ebecc6d20d4dd11e

HTTP Headers

GET /content/images/icons/custom/aduser.svg HTTP/1.1
Host: controlpanel.serverdata.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=172800
content-length: 1256
content-type: image/svg+xml
last-modified: Tue, 23 Aug 2022 05:59:44 GMT
accept-ranges: bytes
etag: "0c8b68ab5b6d81:0"
server: Microsoft-IIS/10.0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
set-cookie: ARRAffinity=79c579e361d8753828f6596d1583f4326fff92aa473c58d20e510a5a593b1d70;Path=/;Domain=controlpanel.serverdata.net
x-powered-by: ASP.NET, ARR/3.0
date: Wed, 28 Sep 2022 08:44:31 GMT
X-Firefox-Spdy: h2

www.freeiconspng.com/uploads/webmail-icon-15.png

144.76.109.178

200 OK

46 kB

URL HTTP/2
www.freeiconspng.com/uploads/webmail-icon-15.png
IP
144.76.109.178:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 1000 x 1000, 8-bit/color RGBA, non-interlaced\012- data
Size
46 kB (45970 bytes)
Hash
0e0ef73176b4f970a86f0e70d560dec1
ff4b869d440abd0385235d83353e8a67674b0803
f7af6ac19feb9a23cdfd1a06dd6d48aec7aab1b91370c4a84ba9b59ab60e214c

HTTP Headers

GET /uploads/webmail-icon-15.png HTTP/1.1
Host: www.freeiconspng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:44:31 GMT
content-type: image/png
content-length: 45970
last-modified: Tue, 14 Mar 2017 23:16:09 GMT
etag: "b392-54ab903572040"
accept-ranges: bytes
expires: Wed, 28 Sep 2022 09:44:31 GMT
cache-control: max-age=3600, no-cache, must-revalidate
X-Firefox-Spdy: h2

www.kindpng.com/picc/b/716-7162953_aol-logo-png.png

173.208.200.110

200 OK

28 kB

URL HTTP/1.1
www.kindpng.com/picc/b/716-7162953_aol-logo-png.png
IP
173.208.200.110:0
ASN
#32097 WII

File type
PNG image data, 600 x 632, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28514 bytes)
Hash
83d382155b4ae34048d0dbf6f1cf3d88
0e1ec627cf3a3ff0ed40a4e06950a949fa296908
fcea2fc53b5145a1217583c2d8b75c5533ff5ad2134f5a2ceee370a5b6f63655

HTTP Headers

GET /picc/b/716-7162953_aol-logo-png.png HTTP/1.1
Host: www.kindpng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Wed, 28 Sep 2022 08:44:31 GMT
Content-Type: image/png
Last-Modified: Thu, 16 Apr 2020 20:41:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5e98c301-7217"
Content-Encoding: gzip

push.services.mozilla.com/

34.213.92.18

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.92.18:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WfclEVkYaJwvUcKgLIXv/g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zhlvnvZBEjFOqQdF1Vf8SW29ygs=

r3.o.lencr.org/

23.36.77.32

200 OK

6.1 kB

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
6.1 kB (6101 bytes)
Hash
fde041f95f409598fef1530fb3dbcaeb
72768fe9ecc1d11c79c4339ff9e8972eecbf3922
4d0f11473316da2b8c5c40220fc4877ebb07894635fdb12063462cd2af7b3dab

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62ADD5E74D87FA2211AC76ADCE051A92242D00ADDAE52E4FD79D79726F85A416"
Last-Modified: Tue, 27 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21530
Expires: Wed, 28 Sep 2022 14:43:22 GMT
Date: Wed, 28 Sep 2022 08:44:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10777
Expires: Wed, 28 Sep 2022 11:44:10 GMT
Date: Wed, 28 Sep 2022 08:44:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10777
Expires: Wed, 28 Sep 2022 11:44:10 GMT
Date: Wed, 28 Sep 2022 08:44:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10777
Expires: Wed, 28 Sep 2022 11:44:10 GMT
Date: Wed, 28 Sep 2022 08:44:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11314 bytes)
Hash
ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 0ceafc65-764c-4367-b031-257061eb65d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF00oAMFUpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-0d46481b7394081b14a81131;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ve8l6PxpMuBLt5BxwywNpqM2ISt0zy2r_gweYnVw4X65PBEhpMbckg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:00 GMT
age: 39513
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f1c3f99-416b-41d1-a46a-b033a0c3c4e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11543 bytes)
Hash
028eb76f8e04e6b5d209c0e42b00bd20
251777479f84b43885fe63cc2627269590cafb15
8bb6374e64f6d2303f8d1af261e1d74af01b61ef49964295bd35c3350c72d09f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f1c3f99-416b-41d1-a46a-b033a0c3c4e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11543
x-amzn-requestid: 1d16ab89-2c8d-4c5b-a4dd-e22d3c7eccdb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI37hEnnIAMFTYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336d16-74ff11ed7bd3eace611ac20d;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:37:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: g-9Qy83NyV9AqmIXXT-JAyx3fqEceoDucPcdMLnC11wqDqDK9hcCKg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:10:23 GMT
age: 38050
etag: "251777479f84b43885fe63cc2627269590cafb15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

upload.wikimedia.org/wikipedia/commons/d/da/GoDaddy_Logo_-_The_GO.svg

91.198.174.208

200 OK

7.3 kB

URL HTTP/2
upload.wikimedia.org/wikipedia/commons/d/da/GoDaddy_Logo_-_The_GO.svg
IP
91.198.174.208:0
ASN
#14907 WIKIMEDIA

File type
data
Size
7.3 kB (7332 bytes)
Hash
040748536f5210eb8d8e42adc2b1ba07
d253ca8f94461aefcde7554a6589476a28f3551a
e3cd461a45376e3236b73a1e6c14fa445a119db94708ba11b86b061268db3554

HTTP Headers

GET /wikipedia/commons/d/da/GoDaddy_Logo_-_The_GO.svg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 27 Sep 2022 14:51:44 GMT
content-type: image/svg+xml
x-object-meta-sha1base36: jawgt7shpgxoh9c5t0arap5zb58g6y5
last-modified: Sun, 21 Aug 2022 12:55:31 GMT
server: ATS/8.0.8
etag: W/a3419a7babc6604800eb39cbf7dbe79a
content-encoding: gzip
vary: Accept-Encoding
age: 64367
x-cache: cp3057 hit, cp3051 miss
x-cache-status: hit-local
server-timing: cache;desc="hit-local", host;desc="cp3051"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff14e2acf-9d43-48bc-ab80-1dc73fa7dfc8.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5377 bytes)
Hash
c301dff6ddda16fd64692c19173cfa8c
2afdfb716192540a61327137706462c53588bf23
fd0f33a778fec87dbfa323ffa6b24ca5f94aa16d102e62683ad54b759208058b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff14e2acf-9d43-48bc-ab80-1dc73fa7dfc8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5377
x-amzn-requestid: 28ddd5cd-c299-4b36-98be-b6dbeaadc1ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI4KRGo7oAMFUiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336d74-27ebe6e974ee5b7d06227fca;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TEv_Z7_1FsPBC2ugxBvTbts1ubHFeZjRhrSFAGt2liOt-Z5GQhmu-g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:28:53 GMT
age: 36940
etag: "2afdfb716192540a61327137706462c53588bf23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8500 bytes)
Hash
6139c878a7d2bd32c61fc8287996eb5b
9c4692ea64832895fbd107d91f879728b6a440c7
3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
content-type: image/jpeg
age: 39335
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7723c423-9c9b-4e58-93cc-7198e8ff6f62.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7359 bytes)
Hash
46dc8f1499f4de5f03bd87a68c3c6c7b
0cd28a243f9704140ccb9eb1415a77fcccc7cf87
3d7a5cdc0812857efabd7ab941aea6d6582790b86a9587809d222c0a8546262b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7723c423-9c9b-4e58-93cc-7198e8ff6f62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7359
x-amzn-requestid: 6e3123b2-ea7e-4e3e-8399-19a66d27923f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI34CEYtIAMF01w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336d00-5995316c70da7a0c460ac432;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:37:04 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: t_uz9vKifWkMj014gCS83STU-fnM39a49_LB5By3j9NqLpqfl8tKSA==
via: 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:57:38 GMT
age: 38815
etag: "0cd28a243f9704140ccb9eb1415a77fcccc7cf87"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.in2tech.com.au/wp-content/uploads/2019/01/owa.png

103.146.112.110

200 OK

42 kB

URL HTTP/2
www.in2tech.com.au/wp-content/uploads/2019/01/owa.png
IP
103.146.112.110:0
ASN
#136557 Host Universal Pty Ltd

File type
PNG image data, 306 x 305, 8-bit/color RGBA, non-interlaced\012- data
Size
42 kB (41582 bytes)
Hash
19f61966f681742892120b619962f1a3
dea063aeed0fd630125e31732fc2501379bf3a6d
74f5a3fbfa87ce7333aefde497bc7bff81c5e1aaa21d2a7fd93dd0847ddc15f4

HTTP Headers

GET /wp-content/uploads/2019/01/owa.png HTTP/1.1
Host: www.in2tech.com.au
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Oct 2022 08:44:32 GMT
content-type: image/png
last-modified: Mon, 11 Feb 2019 00:27:10 GMT
etag: "a26e-5c60c15e-bfd3c44315819b92;;;"
accept-ranges: bytes
content-length: 41582
date: Wed, 28 Sep 2022 08:44:32 GMT
server: LiteSpeed
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae59c4a931bcafe811bc28436399838c
b99d2e0c55cec3a9cf0eb578fc5bcc88d6454126
62add5e74d87fa2211ac76adce051a92242d00addae52e4fd79d79726f85a416

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62ADD5E74D87FA2211AC76ADCE051A92242D00ADDAE52E4FD79D79726F85A416"
Last-Modified: Tue, 27 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21528
Expires: Wed, 28 Sep 2022 14:43:22 GMT
Date: Wed, 28 Sep 2022 08:44:34 GMT
Connection: keep-alive

external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fclipartcraft.com%2Fimages%2Foutlook-logo.png&f=1&nofb=1

52.142.125.222

200 OK

0 B

URL HTTP/2
external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fclipartcraft.com%2Fimages%2Foutlook-logo.png&f=1&nofb=1
IP
52.142.125.222:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /iu/?u=https%3A%2F%2Fclipartcraft.com%2Fimages%2Foutlook-logo.png&f=1&nofb=1 HTTP/1.1
Host: external-content.duckduckgo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:44:31 GMT
content-type: image/png
content-disposition: inline; filename="outlook-logo-1339797958"; filename*=UTF-8''outlook-logo-1339797958
strict-transport-security: max-age=31536000
permissions-policy: interest-cohort=()
content-security-policy: default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ;
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: origin
expect-ct: max-age=0
expires: Thu, 28 Sep 2023 08:44:31 GMT
cache-control: max-age=31536000
x-duckduckgo-locale: en_US
X-Firefox-Spdy: h2

external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fflexcutech.com%2Fwp-content%2Fuploads%2F2016%2F07%2Fdocusign-lgo.png&f=1&nofb=1

52.142.125.222

200 OK

0 B

URL HTTP/2
external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fflexcutech.com%2Fwp-content%2Fuploads%2F2016%2F07%2Fdocusign-lgo.png&f=1&nofb=1
IP
52.142.125.222:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /iu/?u=https%3A%2F%2Fflexcutech.com%2Fwp-content%2Fuploads%2F2016%2F07%2Fdocusign-lgo.png&f=1&nofb=1 HTTP/1.1
Host: external-content.duckduckgo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ybfdvjmtj-01924995.freshminlog.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:44:32 GMT
content-type: image/png
content-disposition: inline; filename="docusign-lgo-1492457432"; filename*=UTF-8''docusign-lgo-1492457432
strict-transport-security: max-age=31536000
permissions-policy: interest-cohort=()
content-security-policy: default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ;
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: origin
expect-ct: max-age=0
expires: Thu, 28 Sep 2023 08:44:32 GMT
cache-control: max-age=31536000
x-duckduckgo-locale: en_US
X-Firefox-Spdy: h2

ybfdvjmtj-01924995.freshminlog.workers.dev/

104.21.15.105

200 OK

0 B

URL HTTP/2
ybfdvjmtj-01924995.freshminlog.workers.dev/
IP
104.21.15.105:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DocuSign
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: ybfdvjmtj-01924995.freshminlog.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:44:31 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VPoFfyNORoZtClQFoCPKbXI7D%2BoBfsej33JG0YGgY%2B0MKCkUZGmOWcF%2B2P%2BWPwuSuyq7C5VIdFi7pL0WImoqyBZtUD3yKPhwR1476RDJi05hsJCGeg%2By7OWj0dpcX0McWsLW1sg9t%2BNHFq9FTyMMiuQFhQINAAwQoJkkSow%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 751b32977976b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (39)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN