Overview

URLuser-mtb01.hufeer.ir/login.php?online_id=e627923551380d406e035fa6d&country=&iso=
IP 212.33.195.109 (Iran)
ASN#43754 Asiatech Data Transmission company
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-03 17:45:18 UTC
StatusLoading report..
IDS alerts0
Blocklist alert7
urlquery alerts
10
Phishing - M&T Bank
Phishing - M&T Bank
Tags None

Domain Summary (13)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-02 17:27:45 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-02 17:12:21 UTC 34.117.237.239
ocsp.entrust.net (11) 1208 2014-01-10 02:18:45 UTC 2020-04-24 21:44:37 UTC 104.110.10.32
resources.mtb.com (8) 144011 2014-11-08 14:57:30 UTC 2020-02-13 20:43:22 UTC 192.216.61.78
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 35.164.56.167
asset.mtb.com (1) 246397 2018-06-20 04:36:38 UTC 2020-04-12 15:50:42 UTC 143.204.55.80
r3.o.lencr.org (6) 344 No data No data 95.101.11.115
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (6) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
nexus.ensighten.com (1) 2786 2012-05-23 18:34:00 UTC 2022-07-25 21:30:27 UTC 54.230.111.63
user-mtb01.hufeer.ir (8) 0 2022-06-29 16:16:04 UTC 2022-12-01 01:25:47 UTC 212.33.195.109 Unknown ranking

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-03 2 user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cb (...) Phishing
2022-12-03 2 user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cb (...) Phishing
2022-12-03 2 user-mtb01.hufeer.ir/Assets/scripts/Login/Index.js Phishing
2022-12-03 2 user-mtb01.hufeer.ir/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js Phishing
2022-12-03 2 user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cb (...) Phishing
2022-12-03 2 user-mtb01.hufeer.ir/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js Phishing
2022-12-03 2 user-mtb01.hufeer.ir/Assets/scripts/Login/Index.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 212.33.195.109
Date UQ / IDS / BL URL IP
2023-01-04 17:40:19 +0000 0 - 0 - 1 user-mtb01.hufeer.ir/login.php?online_id=4610 (...) 212.33.195.109
2023-01-04 17:39:30 +0000 0 - 0 - 1 www.user-mtb01.hufeer.ir/login.php?online_id= (...) 212.33.195.109
2023-01-04 17:39:29 +0000 0 - 0 - 1 user-mtb01.hufeer.ir/login.php?online_id=cdfb (...) 212.33.195.109
2023-01-04 17:36:18 +0000 0 - 0 - 1 www.user-mtb01.hufeer.ir/login.php?online_id= (...) 212.33.195.109
2023-01-04 17:36:10 +0000 0 - 0 - 1 user-mtb01.hufeer.ir/login.php?online_id=05b2 (...) 212.33.195.109


Last 5 reports on ASN: Asiatech Data Transmission company
Date UQ / IDS / BL URL IP
2023-01-26 17:19:36 +0000 0 - 1 - 0 dl1.wikishare.ir/sdlftpuser/90/10/12/Windows7 (...) 212.33.193.26
2023-01-26 15:48:22 +0000 0 - 1 - 0 soundbit.cloud/dl3/music/Miley%20Cyrus/ATTENT (...) 77.238.110.175
2023-01-26 09:52:08 +0000 0 - 1 - 0 dl3.downloadly.ir/Files/Software/WinRAR_6.20_ (...) 212.33.193.117
2023-01-25 07:19:49 +0000 0 - 0 - 1 212.33.205.42/ 212.33.205.42
2023-01-24 03:03:41 +0000 0 - 0 - 1 dl.zabandan.com/archive/Coach%20Shane/Daily%2 (...) 79.127.127.13


Last 5 reports on domain: hufeer.ir
Date UQ / IDS / BL URL IP
2023-01-04 17:40:19 +0000 0 - 0 - 1 user-mtb01.hufeer.ir/login.php?online_id=4610 (...) 212.33.195.109
2023-01-04 17:39:30 +0000 0 - 0 - 1 www.user-mtb01.hufeer.ir/login.php?online_id= (...) 212.33.195.109
2023-01-04 17:39:29 +0000 0 - 0 - 1 user-mtb01.hufeer.ir/login.php?online_id=cdfb (...) 212.33.195.109
2023-01-04 17:36:18 +0000 0 - 0 - 1 www.user-mtb01.hufeer.ir/login.php?online_id= (...) 212.33.195.109
2023-01-04 17:36:10 +0000 0 - 0 - 1 user-mtb01.hufeer.ir/login.php?online_id=05b2 (...) 212.33.195.109


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-26 21:54:36 +0000 2 - 0 - 0 www.onlinetransits.com/login.php?online_id=89 (...) 5.180.107.178
2023-01-26 21:26:07 +0000 6 - 0 - 0 onlinetransits.com/login.php?country=&iso=&on (...) 5.180.107.178
2023-01-26 19:39:27 +0000 6 - 0 - 0 onlinetransits.com/login.php?online_id=87c86a (...) 5.180.107.178
2023-01-26 18:51:51 +0000 6 - 1 - 10 www.onlinetransits.com/login.php?country=&iso (...) 5.180.107.178
2023-01-26 18:42:06 +0000 6 - 1 - 10 www.onlinetransits.com/login.php?online_id=2b (...) 5.180.107.178

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (48)


Request Response
                                        
                                            GET /login.php?online_id=e627923551380d406e035fa6d&country=&iso= HTTP/1.1 
Host: user-mtb01.hufeer.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         212.33.195.109
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=0
Expires: Sat, 03 Dec 2022 17:45:09 GMT
Content-Length: 4798
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Sat, 03 Dec 2022 17:45:09 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (960), with CRLF line terminators
Size:   4798
Md5:    d9d3b9129013d7c03caa960e39f0344d
Sha1:   b61db46f8e8e7406f0414ff9f12a59605fd068d0
Sha256: 0208b343f1f505560ddc01fefda5c50c04b0a6609cd52c0cf3f1ca1f58980c60

Alerts:
  urlquery:
    - Phishing - M&T Bank
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15446
Expires: Sat, 03 Dec 2022 22:02:33 GMT
Date: Sat, 03 Dec 2022 17:45:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10207
Expires: Sat, 03 Dec 2022 20:35:14 GMT
Date: Sat, 03 Dec 2022 17:45:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3784
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 17:45:07 GMT
Last-Modified: Sat, 03 Dec 2022 16:42:03 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: ah1zQNAFt/Z/Gu5SqXdP5rnPtaq7i8zaDXc8ll+2le+e95EqHtFX4Lfb8R2ojep9bq8XbKjBTYY=
x-amz-request-id: 223VJ051S9AFPZ1S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 16:46:38 GMT
age: 3510
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 17:20:00 GMT
cache-control: public,max-age=3600
age: 1508
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1 
Host: user-mtb01.hufeer.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php?online_id=e627923551380d406e035fa6d&country=&iso=

search
                                         212.33.195.109
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 708
Date: Sat, 03 Dec 2022 17:45:09 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  urlquery:
    - Phishing - M&T Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9 HTTP/1.1 
Host: user-mtb01.hufeer.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php?online_id=e627923551380d406e035fa6d&country=&iso=

search
                                         212.33.195.109
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 708
Date: Sat, 03 Dec 2022 17:45:09 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  urlquery:
    - Phishing - M&T Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 03 Dec 2022 17:45:08 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /Assets/scripts/Login/Index.js HTTP/1.1 
Host: user-mtb01.hufeer.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php?online_id=e627923551380d406e035fa6d&country=&iso=

search
                                         212.33.195.109
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 708
Date: Sat, 03 Dec 2022 17:45:09 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  urlquery:
    - Phishing - M&T Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1 
Host: user-mtb01.hufeer.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php?online_id=e627923551380d406e035fa6d&country=&iso=

search
                                         212.33.195.109
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 708
Date: Sat, 03 Dec 2022 17:45:09 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  urlquery:
    - Phishing - M&T Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1 
Host: user-mtb01.hufeer.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php?online_id=e627923551380d406e035fa6d&country=&iso=

search
                                         212.33.195.109
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 708
Date: Sat, 03 Dec 2022 17:45:09 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  urlquery:
    - Phishing - M&T Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2319
Expires: Sat, 03 Dec 2022 18:23:47 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    d4f7376e613199e6cef4e47515ccad25
Sha1:   5ce176918333e8cbb4a346cb65866b73781c2a7d
Sha256: c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Sat, 03 Dec 2022 18:24:06 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    d4f7376e613199e6cef4e47515ccad25
Sha1:   5ce176918333e8cbb4a346cb65866b73781c2a7d
Sha256: c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2319
Expires: Sat, 03 Dec 2022 18:23:47 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    d4f7376e613199e6cef4e47515ccad25
Sha1:   5ce176918333e8cbb4a346cb65866b73781c2a7d
Sha256: c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Sat, 03 Dec 2022 18:24:06 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    d4f7376e613199e6cef4e47515ccad25
Sha1:   5ce176918333e8cbb4a346cb65866b73781c2a7d
Sha256: c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "C1D4510EB29A5C351BA5EEF0BE1EC99CCE751124B182D4C251E47848F1A744B4"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2319
Expires: Sat, 03 Dec 2022 18:23:47 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    d4f7376e613199e6cef4e47515ccad25
Sha1:   5ce176918333e8cbb4a346cb65866b73781c2a7d
Sha256: c1d4510eb29a5c351ba5eef0be1ec99cce751124b182d4c251e47848f1a744b4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "02FD441684F3FF70E2CCE2A9256060E03CC30F93445017A6A7923ADFD9E1EBF1"
Last-Modified: Sat, 03 Dec 2022 08:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3555
Expires: Sat, 03 Dec 2022 18:44:23 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    421b5e7ae4c94b943495120b20343d2e
Sha1:   cfb6298b2cd13987419ce1edffa70e9f38cef58c
Sha256: 02fd441684f3ff70e2cce2a9256060e03cc30f93445017a6a7923adfd9e1ebf1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "02FD441684F3FF70E2CCE2A9256060E03CC30F93445017A6A7923ADFD9E1EBF1"
Last-Modified: Sat, 03 Dec 2022 08:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3555
Expires: Sat, 03 Dec 2022 18:44:23 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    421b5e7ae4c94b943495120b20343d2e
Sha1:   cfb6298b2cd13987419ce1edffa70e9f38cef58c
Sha256: 02fd441684f3ff70e2cce2a9256060e03cc30f93445017a6a7923adfd9e1ebf1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "02FD441684F3FF70E2CCE2A9256060E03CC30F93445017A6A7923ADFD9E1EBF1"
Last-Modified: Sat, 03 Dec 2022 08:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3555
Expires: Sat, 03 Dec 2022 18:44:23 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    421b5e7ae4c94b943495120b20343d2e
Sha1:   cfb6298b2cd13987419ce1edffa70e9f38cef58c
Sha256: 02fd441684f3ff70e2cce2a9256060e03cc30f93445017a6a7923adfd9e1ebf1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "02FD441684F3FF70E2CCE2A9256060E03CC30F93445017A6A7923ADFD9E1EBF1"
Last-Modified: Sat, 03 Dec 2022 08:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3555
Expires: Sat, 03 Dec 2022 18:44:23 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    421b5e7ae4c94b943495120b20343d2e
Sha1:   cfb6298b2cd13987419ce1edffa70e9f38cef58c
Sha256: 02fd441684f3ff70e2cce2a9256060e03cc30f93445017a6a7923adfd9e1ebf1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "02FD441684F3FF70E2CCE2A9256060E03CC30F93445017A6A7923ADFD9E1EBF1"
Last-Modified: Sat, 03 Dec 2022 08:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3491
Expires: Sat, 03 Dec 2022 18:43:19 GMT
Date: Sat, 03 Dec 2022 17:45:08 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    421b5e7ae4c94b943495120b20343d2e
Sha1:   cfb6298b2cd13987419ce1edffa70e9f38cef58c
Sha256: 02fd441684f3ff70e2cce2a9256060e03cc30f93445017a6a7923adfd9e1ebf1
                                        
                                            GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1 
Host: user-mtb01.hufeer.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php?online_id=e627923551380d406e035fa6d&country=&iso=

search
                                         212.33.195.109
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 708
Date: Sat, 03 Dec 2022 17:45:09 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  urlquery:
    - Phishing - M&T Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /r/simple-layout-responsive/css.mtb?v=08132020140516 HTTP/1.1 
Host: resources.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.216.61.78
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Expires: Sun, 03 Dec 2023 17:45:08 GMT
Last-Modified: Sat, 03 Dec 2022 17:45:07 GMT
ETag: "1670089508:dtagent10253221019152312ShlF"
Vary: User-Agent
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1014262694"
Date: Sat, 03 Dec 2022 17:45:08 GMT
Cteonnt-Length: 258715
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_2_sn_E94319A0841D11ABA6E8FBE3157B6D1C_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com TS019299a7=019f8203fda28fa3e493ce810c2babaa31964fef971c13c215ce64d2354f78c3b38d66819dd41343df210b0a2316a1afbb0b502fe0; Path=/ TS0128739d=019f8203fd511d8eb929749d5215c561059cac7eca1c13c215ce64d2354f78c3b38d66819d23e3cb8b0eb8e9ef26c2ae337482f0da00fb9ff50b4166c1c9612fd28b024883; path=/; domain=.mtb.com TSf60233d5027=08affc4e07ab20008c86c6d1e38d72e016967765374fede1ec2fa8e9708140e59f82f80f33f2614c0885e561af113000831cb69aa70aead14595d1ca039d4a6c05e7b352babe091e1521f560bc3f481e1cdc248aa7e3badbeb0e628390650f6b; Path=/
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size:   34711
Md5:    a09551203c370fcc0c14eee4d7af4fac
Sha1:   6fcd08a7f0871a33ded481a49023de7c42bcdbf0
Sha256: 59df120e12a64898104a890d8a3d976a0c9ef2e31c0741215106fd1edfa172d9
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 17:11:17 GMT
cache-control: public,max-age=3600
age: 2031
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /Assets/img/mtb-entrust.svg HTTP/1.1 
Host: resources.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.216.61.78
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Last-Modified: Tue, 15 Nov 2022 08:38:32 GMT
Accept-Ranges: bytes
ETag: "0348ba4cdf8d81:0"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-221313787"
Date: Sat, 03 Dec 2022 17:45:08 GMT
Content-Length: 1349
Set-Cookie: TSf60233d5027=08affc4e07ab2000b22e5d55073828977d12c9cbd7d5a8b7cfa75f3d203edab4b64b174a2aa8ad0b08eb68bdb911300048bff45d68f99f284595d1ca039d4a6c5787c4090b1e7da845bf94dddcb2e60eef956bbbe37e6bc4fe9ebf442aad596f; Path=/


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators
Size:   1349
Md5:    9a569ad20708d7453d89fe6c72e7fcdc
Sha1:   60b6a41620583484642f7c826faf8e3c879a6374
Sha256: b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
                                        
                                            GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1 
Host: resources.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.216.61.78
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Last-Modified: Tue, 15 Nov 2022 08:38:32 GMT
Accept-Ranges: bytes
ETag: "0348ba4cdf8d81:0"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-353722363"
Date: Sat, 03 Dec 2022 17:45:08 GMT
Content-Length: 230
Set-Cookie: TSf60233d5027=08affc4e07ab2000b14088dbe1edf46cc78b1d9b9026c26831347e669659aeb262f1ff22fe05cb59081023a5841130003845f22f419eae994595d1ca039d4a6c4c8f12eb68550684014f7977ee1a7ea89574f6bb3bb8b455b97ce97b885dc551; Path=/


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size:   230
Md5:    916635d10512ae6a1840614a895dcd38
Sha1:   db175de4c42281bb4d239c57d1b95b8e75c529ec
Sha256: d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad
                                        
                                            GET /Assets/img/mtb-logo.svg HTTP/1.1 
Host: resources.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.216.61.78
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Last-Modified: Tue, 15 Nov 2022 08:38:32 GMT
Accept-Ranges: bytes
ETag: "0348ba4cdf8d81:0"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-735257588"
Date: Sat, 03 Dec 2022 17:45:08 GMT
Content-Length: 2039
Set-Cookie: TSf60233d5027=08affc4e07ab20005b5085ae6a70acb742bdaea22ae6aef0db5591933878b8f065c4e4747210da520819d499e111300043f347e301c5b5ad4595d1ca039d4a6c6673405ebf9f45d7c46fe2edc8d65fc4f7145533d4c9b8200e3e1204a2f65a79; Path=/


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators
Size:   2039
Md5:    f2b901cf895852a0866fe4a16c7f1730
Sha1:   c4240af1ec798477b4e65a185ddbb1b038817da4
Sha256: 5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3779
Cache-Control: max-age=145482
Date: Sat, 03 Dec 2022 17:45:08 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:09:50 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /r/simple-layout-responsive/js.mtb?v=08132020140516 HTTP/1.1 
Host: resources.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.216.61.78
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Expires: Sun, 03 Dec 2023 17:45:08 GMT
Last-Modified: Sat, 03 Dec 2022 17:45:07 GMT
ETag: "1670089508:dtagent10253221019152312ShlF"
Vary: User-Agent
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="206437706"
Date: Sat, 03 Dec 2022 17:45:08 GMT
Cteonnt-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_6_sn_AED80938EA187C70FB2C78E4F3974495_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com TS019299a7=019f8203fdd016905a3e05136aab9e032ff9514670c777c3e52236a1eb33f36495a3ac16b627048547ef4a00d25c4e84b30a745d57; Path=/ TS0128739d=019f8203fd34f8427a45e0e9aec8e5f51cdd8749bdc777c3e52236a1eb33f36495a3ac16b6867306b7d9f95090d6c99154016e9d9e02ea55ab7ec0640f2027e26a07fbd5ba; path=/; domain=.mtb.com TSf60233d5027=08affc4e07ab20001555c3063de6a92f6c3438cf00711eec0d120e108ec98319a8eab1481bde434d089646527b1130008e011f991228cf9c4595d1ca039d4a6c1b5792aafd0e1807afa46af1c01b4aa5f55970e5aff37382f569c6826ec0012f; Path=/
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   103531
Md5:    727a0de3144aa33cd4534796486e2363
Sha1:   86ed4f75d976f4f5974724a6a19723798f29386e
Sha256: 4944e8c395c12a394fb7be2e85d249d24381a5848f743a5d63bf2b0edda3bcdc
                                        
                                            GET /mtbank/OE-Prod/Bootstrap.js HTTP/1.1 
Host: nexus.ensighten.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/

search
                                         54.230.111.63
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 15
Connection: keep-alive
Date: Sat, 03 Dec 2022 17:45:09 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Fri, 22 Jul 2022 23:48:01 GMT
ETag: "ffe905f50d9b47e6353b68513c4d48ac"
x-amz-server-side-encryption: AES256
Cache-Control: no-cache, no-store
x-amz-version-id: aoJA4xuOoFemAhjg4lZAdeni.2iMq5FL
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Error from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: I8xC10sSLz3yOmvnXOK5RGk3LqfS5OmsGzC1StxuxbxpTnOGJ-XsKg==


--- Additional Info ---
Magic:  ASCII text
Size:   15
Md5:    ffe905f50d9b47e6353b68513c4d48ac
Sha1:   d2c2ee4201cca3be67abf771ed1f1922fa94d083
Sha256: c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633
                                        
                                            GET /Assets/scripts/Login/Index.js HTTP/1.1 
Host: user-mtb01.hufeer.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php?online_id=e627923551380d406e035fa6d&country=&iso=

search
                                         212.33.195.109
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 708
Date: Sat, 03 Dec 2022 17:45:10 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  urlquery:
    - Phishing - M&T Bank
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pB4z+HQ/FJOgTYUpfTP8IQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.164.56.167
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HCa1BoYmq89endGudPDKTVB8w0E=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.entrust.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.110.10.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
ETag: "303E7A95B65A0C816C9055C1D82F8698ED75E61B9111F6DDFCFA660F69E7595F"
Last-Modified: Sat, 03 Dec 2022 15:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3549
Expires: Sat, 03 Dec 2022 18:44:18 GMT
Date: Sat, 03 Dec 2022 17:45:09 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1588
Md5:    191791cbd3b57af8300c681a64172037
Sha1:   0f723befd8a9eaa6f1f55b8be41828565dc1b844
Sha256: 303e7a95b65a0c816c9055c1d82f8698ed75e61b9111f6ddfcfa660f69e7595f
                                        
                                            GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1 
Host: resources.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://user-mtb01.hufeer.ir
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         192.216.61.78
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
                                        
Last-Modified: Tue, 15 Nov 2022 08:38:31 GMT
Accept-Ranges: bytes
ETag: "0348ba4cdf8d81:0:dtagent10253221019152312ShlF"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="359755982", dtTao;desc="1"
Date: Sat, 03 Dec 2022 17:45:08 GMT
Content-Length: 4776
Set-Cookie: dtCookie=v_4_srv_6_sn_C6283F3C37711E2DF8BC4914B0CEF632_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com TS019299a7=019f8203fdbf22d12360cac4e6bc0e0e72aac6af504a45fd4e823b2a4a736ea6519722fb83c6d5a0ac47f4f9224c5ec32f75fcab94; Path=/ TS0128739d=019f8203fdc7133f5e06d0dd75e8e1a35950b5ca0b4a45fd4e823b2a4a736ea6519722fb83c4a65e359fb09ffa4924a6b47a853fb51282a1dba5efbaaee656a9ff10fc6845; path=/; domain=.mtb.com TSf60233d5027=08affc4e07ab2000d6411787d0188f0f28a85c6574242338be5eff4ccce3b7ab9b19e9d6b9539ebc08ff1ec966113000719207bc2281288fe0be666d7f949b5732d475e920e39980c3efb8e9e751a5d985e02248668aff1175b6c3b8d76cd208; Path=/


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 4776, version 1.0\012- data
Size:   4776
Md5:    ac13691b89191d11d0e5577eb3cf3d53
Sha1:   0126fa82c0ab022e61b5de74f1fe3e204a905a7b
Sha256: 108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df
                                        
                                            GET /Documents/html/homepage/favicon.ico HTTP/1.1 
Host: asset.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.80
HTTP/2 200 OK
content-type: image/x-icon
                                        
content-length: 14862
accept-ranges: bytes
content-disposition: inline
content-encoding: gzip
last-modified: Wed, 04 May 2022 18:18:59 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
date: Sat, 03 Dec 2022 17:44:24 GMT
cache-control: max-age=3600, no-cache="set-cookie"
etag: "3dce-5de33a8b9cac0-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1f_b_Qws_7xtte0dzdCYkBGjzV8sQO9dJpxCM-dyZLez2jPOmXMSuA==
age: 1197
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Size:   14862
Md5:    e82f458a5c1c5353a97401eccc925613
Sha1:   949d6c8d06ca14b52f496c20f63fae269b6708c2
Sha256: cd320f6e4a5ccfb2d08a5aca1d42dc606530d63e3d779038c41865c85568cbf3
                                        
                                            GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1 
Host: resources.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://user-mtb01.hufeer.ir
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         192.216.61.78
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
                                        
Last-Modified: Tue, 15 Nov 2022 08:38:31 GMT
Accept-Ranges: bytes
ETag: "0348ba4cdf8d81:0:dtagent10253221019152312ShlF"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1142494911", dtTao;desc="1"
Date: Sat, 03 Dec 2022 17:45:08 GMT
Content-Length: 67671
Set-Cookie: dtCookie=v_4_srv_11_sn_AEAA686639EBB112EE0B4A62DD6A2F33_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com TS019299a7=019f8203fd1cabe3f50d83d38b3069df3c260653aaa0d5ffbf73fcc0b2d85af5cc63c335d8de13b9a47c58c8c02e0b1018677bd77d; Path=/ TS0128739d=019f8203fd464321eb96508d855de706b3bc2e0431a0d5ffbf73fcc0b2d85af5cc63c335d8e7d339a48d450b1905b31e7576a102cb687998c5ab73a3f33f16435d1a1ffdd3; path=/; domain=.mtb.com TSf60233d5027=08affc4e07ab2000b65fd5b53d0caa4fe16ce889dce04563e537693ec0ce45c24f981400e7d255f908e216c7aa113000776c370e98f499934595d1ca039d4a6c8222c75897fc71322390e9cfc24ff64dff6ba1f116bb26d6f584dac33ee1efbb; Path=/


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Size:   67671
Md5:    6cd469e8613d82d4d07834a5ca7745f0
Sha1:   95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
Sha256: 4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
                                        
                                            GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1 
Host: resources.mtb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://user-mtb01.hufeer.ir
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         192.216.61.78
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
                                        
Last-Modified: Tue, 15 Nov 2022 08:38:31 GMT
Accept-Ranges: bytes
ETag: "0348ba4cdf8d81:0:dtagent10253221019152312ShlF"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1323113508", dtTao;desc="1"
Date: Sat, 03 Dec 2022 17:45:08 GMT
Content-Length: 64318
Set-Cookie: dtCookie=v_4_srv_9_sn_3E2D5FA114D444ED7AE9EBB9811C112A_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com TS019299a7=019f8203fdd637a9088b819be1e5821ca8a37e89367b159130dd05e203876f0fc4ecd7e6bd6b884092d90dfc672fdf8007858fafbb; Path=/ TS0128739d=019f8203fdf0ad9472993337ba215f7b1aadf5f8e27b159130dd05e203876f0fc4ecd7e6bd8970a7811a61712de972a4f8c52f4a2d3d8cd43e3a91c7e02c048457ad938521; path=/; domain=.mtb.com TSf60233d5027=08affc4e07ab2000693ec0af32bc1cfd6e823c06643d9d11f18d815dd4ffe451fb0ffd553249fd9d08d0d52ae911300080555158ea216b14e0be666d7f949b57bce48ab33100ca1d9f24f459278009710deaf9c153775e2756deb7bb187fa2ea; Path=/


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Size:   64318
Md5:    b245a55f7e33e1cf4d2477570936ef84
Sha1:   12bf1c1eda6db246778f7c343acebbaad8fa36f4
Sha256: b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15176
Expires: Sat, 03 Dec 2022 21:58:06 GMT
Date: Sat, 03 Dec 2022 17:45:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15176
Expires: Sat, 03 Dec 2022 21:58:06 GMT
Date: Sat, 03 Dec 2022 17:45:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15176
Expires: Sat, 03 Dec 2022 21:58:06 GMT
Date: Sat, 03 Dec 2022 17:45:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4112
Expires: Sat, 03 Dec 2022 18:53:42 GMT
Date: Sat, 03 Dec 2022 17:45:10 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -AurmlKwF0QgfsWBsV3ZN9ZyDhw1Zo82zUqrpkBbvbCfh0j7evV2Tg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 11:01:04 GMT
age: 24246
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5354
Md5:    1e74254b3fdce7d6b84a71a7aff43789
Sha1:   65c8b4abf957f9b54d99d0f78559e639adb29efb
Sha256: f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: c824c317-e6e3-4006-9f9d-ea54e8170a4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cf2_tGErIAMF8_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63896b97-7fc523296afea4dd4b5d1de8;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 03:05:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bd85z5A6C0nxpDjeSEPp1NHJxXFO5sy1OgTLz7KpdWz61TNrfyQ47Q==
via: 1.1 40b967aa4aa18637c4b91214147f3cb4.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 03:53:20 GMT
age: 49910
etag: "544428cdad754b1bb7be3cd46a79bf078fd5b450"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    fcb89ca25035b2bbb71ae5dd175fcd40
Sha1:   544428cdad754b1bb7be3cd46a79bf078fd5b450
Sha256: 36dcbbe6cd2710ee502776b4bcf32053e92b750a55e2bd4cdeadbc694c7c2699
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:51:06 GMT
age: 71644
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9715
Md5:    45182367fd4f8b6dd234eef1022acdb1
Sha1:   d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
Sha256: a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: V_7_ohQr9ENIjOvdvy65ZpJqg2OI9gzRdiuxCTJzl4qwXe2Nmu_tAQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:49:27 GMT
etag: "91f0d888c38db0899f106b652e3dcac062648099"
age: 71743
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7657
Md5:    3abdcce275bb9723b4ac1d0c38cc8891
Sha1:   91f0d888c38db0899f106b652e3dcac062648099
Sha256: ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 00:57:24 GMT
age: 60466
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6174
Md5:    b986f9fcbeca91ed5c8d58fbfaf47d19
Sha1:   6e6c8bd2bce144cc4da1cd7be375b046b60dca79
Sha256: 07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:02:08 GMT
age: 45782
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2942
Md5:    b47431190f34eccf0a6efb98e2a32b7d
Sha1:   9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
Sha256: 08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2