Overview

URLmail.barnhillcreativecounseling.com/securelogin/americafirst.com/
IP 69.49.246.103 (United States)
ASN#46606 UNIFIEDLAYER-AS-1
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-06 09:46:54 UTC
StatusLoading report..
IDS alerts0
Blocklist alert6
urlquery alerts No alerts detected
Tags None

Domain Summary (12)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-05 04:09:09 UTC 34.102.187.140
mail.barnhillcreativecounseling.com (15) 0 2022-11-15 15:27:49 UTC 2022-12-06 03:34:43 UTC 69.49.246.103 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.148.53.106
stackpath.bootstrapcdn.com (1) 2467 2018-06-15 20:36:43 UTC 2022-12-05 12:12:51 UTC 104.18.10.207
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-05 04:09:48 UTC 34.117.237.239
code.jquery.com (2) 634 2012-05-21 17:28:02 UTC 2020-04-21 12:46:20 UTC 69.16.175.42
ajax.aspnetcdn.com (1) 693 2012-05-24 13:35:31 UTC 2020-04-28 09:07:42 UTC 152.199.19.160
cdnjs.cloudflare.com (2) 235 2015-04-17 20:46:33 UTC 2022-12-05 07:49:46 UTC 104.17.25.14
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-12-05 2 mail.barnhillcreativecounseling.com/securelogin/americafirst.com/ America First Credit Union

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-06 2 mail.barnhillcreativecounseling.com/securelogin/americafirst.com/ Phishing
2022-12-06 2 mail.barnhillcreativecounseling.com/securelogin/americafirst.com/asset/anal (...) Phishing
2022-12-06 2 mail.barnhillcreativecounseling.com/securelogin/americafirst.com/adobe/data (...) Phishing
2022-12-06 2 mail.barnhillcreativecounseling.com/securelogin/americafirst.com/adobe/data (...) Phishing
2022-12-06 2 mail.barnhillcreativecounseling.com/securelogin/americafirst.com/adobe/data (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 69.49.246.103
Date UQ / IDS / BL URL IP
2022-12-07 00:33:35 +0000 0 - 0 - 5 barnhillcreativecounseling.com/securelogin/am (...) 69.49.246.103
2022-12-06 15:05:46 +0000 4 - 0 - 6 branchandfire.com/outlooks 69.49.246.103
2022-12-06 13:31:53 +0000 0 - 0 - 8 barnhillcreativecounseling.com/securelogin/am (...) 69.49.246.103
2022-12-06 13:31:30 +0000 0 - 0 - 6 barnhillcreativecounseling.com/securelogin/am (...) 69.49.246.103
2022-12-06 13:15:36 +0000 3 - 0 - 2 razirecruiting.com/office/quad/ 69.49.246.103


Last 5 reports on ASN: UNIFIEDLAYER-AS-1
Date UQ / IDS / BL URL IP
2023-01-28 20:07:37 +0000 11 - 8 - 4 oakhillvillagepa-auth1.ml/adobe/document/security 108.179.232.69
2023-01-28 20:03:22 +0000 0 - 0 - 1 e-commerce.saleensuporte.com.br/z4voa7.rar 192.185.215.34
2023-01-28 20:02:57 +0000 0 - 0 - 3 lceventos.net/qqo0sk.tar 162.241.5.72
2023-01-28 19:59:20 +0000 0 - 0 - 2 encorewaters.com/wp-includes/2022/optimum/opt (...) 50.87.151.230
2023-01-28 19:59:15 +0000 6 - 7 - 3 petersenhealthcare-secure-doc-auth.ml/adobe/d (...) 108.179.232.69


Last 5 reports on domain: barnhillcreativecounseling.com
Date UQ / IDS / BL URL IP
2022-12-07 00:33:35 +0000 0 - 0 - 5 barnhillcreativecounseling.com/securelogin/am (...) 69.49.246.103
2022-12-06 13:31:53 +0000 0 - 0 - 8 barnhillcreativecounseling.com/securelogin/am (...) 69.49.246.103
2022-12-06 13:31:30 +0000 0 - 0 - 6 barnhillcreativecounseling.com/securelogin/am (...) 69.49.246.103
2022-12-06 12:33:35 +0000 0 - 0 - 6 mail.barnhillcreativecounseling.com/securelog (...) 69.49.246.103
2022-12-06 12:29:31 +0000 0 - 0 - 8 mail.barnhillcreativecounseling.com/securelog (...) 69.49.246.103


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-26 07:54:43 +0000 15 - 0 - 6 housebuyerswc.com/secure01 162.241.70.188
2023-01-26 07:54:18 +0000 16 - 0 - 5 housebuyerswc.com/secure01/ 162.241.70.188
2023-01-24 19:23:37 +0000 16 - 0 - 8 quickhouses.pt/americanfirst 185.32.189.194
2023-01-24 16:37:02 +0000 16 - 0 - 8 quickhouses.pt/americanfirst 185.32.189.194
2023-01-24 16:36:37 +0000 16 - 0 - 6 quickhouses.pt/americanfirst/ 185.32.189.194

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (46)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3284
Cache-Control: max-age=92360
Date: Tue, 06 Dec 2022 09:46:43 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:26:03 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14567
Expires: Tue, 06 Dec 2022 13:49:30 GMT
Date: Tue, 06 Dec 2022 09:46:43 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14636
Expires: Tue, 06 Dec 2022 13:50:39 GMT
Date: Tue, 06 Dec 2022 09:46:43 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 09:20:23 GMT
cache-control: public,max-age=3600
age: 1580
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: J1cv45bp32SDoQ+c/vv6UbtzWt2dQU4/yJpps69gPHwVV2CofjCk2e0ayfnHXGzLi0tUSE8Nm0A=
x-amz-request-id: 47A45EG3922NGT6C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 08:47:02 GMT
age: 3581
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 06 Dec 2022 09:46:43 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /securelogin/americafirst.com/ HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:46:43 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 18:14:06 GMT
Accept-Ranges: bytes
Content-Length: 33357
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3970), with CRLF line terminators
Size:   33357
Md5:    636a0d5c4650abe144994004f31833c9
Sha1:   3998a1e7e881f5a619fba6aecccb8f56c3c601fd
Sha256: 65cd35a0af166f01c3713a184e0c3a27e735986cc1e8b59929ba174dc401d0c3

Alerts:
  Blocklists:
    - openphish: America First Credit Union
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5647
Cache-Control: max-age=130347
Date: Tue, 06 Dec 2022 09:46:43 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 21:59:10 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /jquery-3.3.1.slim.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mail.barnhillcreativecounseling.com
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         69.16.175.42
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Dec 2022 09:46:43 GMT
content-encoding: gzip
content-length: 24038
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1111d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670320003.dop024.sk1.t,1670320003.cds237.sk1.hn,1670320003.cds230.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65247)
Size:   24038
Md5:    0f2e7d37e730fdbb1d8a1e8638529ecb
Sha1:   c21d16978a858baa75be15cb7e799ff000929429
Sha256: cc938c08b93e67c94c68995709f52133c62cac78991f42058503b9c3d9e4b0b0
                                        
                                            GET /jquery-3.2.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         69.16.175.42
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Dec 2022 09:46:43 GMT
content-encoding: gzip
content-length: 30125
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15283"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670320003.dop208.sk1.t,1670320003.cds240.sk1.hn,1670320003.cds222.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   30125
Md5:    148f8d3ffd9cc02048c5f4d1cc83c407
Sha1:   9f2b89cfd151be6a29b4d43ad64d164fb8471046
Sha256: 4dc681da48ba2b417e613e8e027ff5322963c3a3697a8ba97973cfefb48def5e
                                        
                                            GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1 
Host: ajax.aspnetcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         152.199.19.160
HTTP/2 200 OK
content-type: application/javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 23321498
cache-control: public,max-age=31536000
date: Tue, 06 Dec 2022 09:46:43 GMT
etag: "80288516b793d31:0"
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (ska/F7A8)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30394
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30394
Md5:    a263be51483c81a54aa8c85104a93e55
Sha1:   555a54a73531c553bd2aede6abc25c128b63312e
Sha256: b2f13ad730928958c09d89e6e32bb6a227c0260d032a39ca464d998a59e57a66
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3070
Cache-Control: max-age=165946
Date: Tue, 06 Dec 2022 09:46:43 GMT
Etag: "638ee8bf-116"
Expires: Thu, 08 Dec 2022 07:52:29 GMT
Last-Modified: Tue, 06 Dec 2022 07:01:19 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /ajax/libs/popper.js/1.14.0/umd/popper.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mail.barnhillcreativecounseling.com
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Dec 2022 09:46:43 GMT
content-length: 6458
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-500f"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 405568
expires: Sun, 26 Nov 2023 09:46:43 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8lvKE17fPMKhrtigUmrldIN82YMiXJHHaQd%2Bj0HpBdRO4%2BZXgoMbebcV0mvm%2FfphMWMVclolj%2BmVRiAHr7%2Bz4KY2pxBfUyLGBxRjele8X77IVyeOEA2y5cdc9xl9tuFhdp59OD6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775418989b6cb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20322)
Size:   6458
Md5:    df9fe6d48e380554eb0ec9687bed3246
Sha1:   207263d754220200c1916edfbda262f62223ecf5
Sha256: 91d57502b7260e6752c2b5f1636d77707929fa9f09da28589691e61816a448f9
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5647
Cache-Control: max-age=130347
Date: Tue, 06 Dec 2022 09:46:43 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 21:59:10 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Dec 2022 09:46:44 GMT
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4125118
expires: Sun, 26 Nov 2023 09:46:43 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=noNjexxomPQqTn2BoLkwSgvazihQT7%2BFmQhJvqdqoV7VBi3wsByUZhmO7b7wwmDloJhwmZ0hqR8OKZp2waOF3Lwh2yH8FZZH%2BVGpC0OspQYp4mwT%2FMCs0k0RRH9rU5HAveaG9V34"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77541898fc081c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4517
Md5:    e40e054c5726f042bad463e3774a2777
Sha1:   5c9413b72837a440b327444104830c35ae3b052c
Sha256: fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5648
Cache-Control: max-age=130347
Date: Tue, 06 Dec 2022 09:46:44 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 21:59:11 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3071
Cache-Control: max-age=165946
Date: Tue, 06 Dec 2022 09:46:44 GMT
Etag: "638ee8bf-116"
Expires: Thu, 08 Dec 2022 07:52:30 GMT
Last-Modified: Tue, 06 Dec 2022 07:01:19 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/app.76ff82e5.css HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 06 Dec 2022 09:46:43 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 2555
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (2555), with no line terminators
Size:   2555
Md5:    45fdfaabff062b120c343417bdb06350
Sha1:   332147dbfd8ffbb33144494cc90abe385ed6dff2
Sha256: ff7c1455abe0a7bc7da593da4f46d258b47b70c61cd37b2f2890f8063930d034
                                        
                                            GET /securelogin/americafirst.com/asset/analytics/ads/js/style.css HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 06 Dec 2022 09:46:43 GMT
Server: Apache
Last-Modified: Tue, 16 Nov 2021 19:01:14 GMT
Accept-Ranges: bytes
Content-Length: 414
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   414
Md5:    f9653fbeecf34b04791fee59eb3e253b
Sha1:   fcbbad7c6616682a22a9d0de09d715c61cb17722
Sha256: 7924e7e8b95825e4cefbfc31444ea9247e1b0d04cb066b56f06addf9cc7c5eaf
                                        
                                            GET /securelogin/americafirst.com/asset/analytics/ads/js/actions.js HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:46:43 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 18:15:38 GMT
Accept-Ranges: bytes
Content-Length: 1340
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1340
Md5:    177f47a9c71a04e082c7c502ba4ae445
Sha1:   a9bece7afac9441a26b42003fa22211664c5ec43
Sha256: 7219e7d8e27562ba9bf6148161cdbe618e79884969f860ad1d80fe971dc13839

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/index_1.html HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:46:43 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:56 GMT
Accept-Ranges: bytes
Content-Length: 7069
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   7069
Md5:    cdb27a0a2c3b25c23454a4454c2c78d6
Sha1:   c7ed38e2a97b9033975cb81cc63b0031b93a3a2f
Sha256: b5d1cc340a095d374fe03137d3b45a6b8772ab148672d13e3d15ffb3d94db019

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/chunk-vendors.eab46e62.css HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 06 Dec 2022 09:46:43 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 716803
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (60387)
Size:   716803
Md5:    fa58619b967a7b4a132981b548401f8d
Sha1:   abd8234b95cc2bf19fa27f3afa472beb7ce3aa9d
Sha256: dd66ac6aaff011d49ba95602e75d12741be4e1cdb6a3ab587233a5f5879a6eae
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 09:08:58 GMT
cache-control: public,max-age=3600
age: 2266
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/78bdeddcd621c8d0d38dce1c2bfedd9330602f96.png HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 2913
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 99 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size:   2913
Md5:    6265054874bcf3c370bef6bb64646fe9
Sha1:   78bdeddcd621c8d0d38dce1c2bfedd9330602f96
Sha256: df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/368f9486f1d69178fbf8bf2dcfbc491b23e4b261.png HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:52 GMT
Accept-Ranges: bytes
Content-Length: 3580
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 277 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size:   3580
Md5:    aa3ffca4509491de728b7f7e60a7ef63
Sha1:   368f9486f1d69178fbf8bf2dcfbc491b23e4b261
Sha256: 83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/logo-desktop-inverse.a3a99f3a.png HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 8898
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 390 x 134, 8-bit/color RGBA, non-interlaced\012- data
Size:   8898
Md5:    a3a99f3aea38a0574c84d332fc5f871f
Sha1:   5a3bcb4c445e47551ad7fb98a1d57a34432c298d
Sha256: c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/21d7d23b5082cfbd7662ecf888a9879cef5e3b6d.png HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 1998
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 55 x 62, 8-bit/color RGBA, non-interlaced\012- data
Size:   1998
Md5:    ae659b5597c9500445cc6f80a4281459
Sha1:   21d7d23b5082cfbd7662ecf888a9879cef5e3b6d
Sha256: a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3279
Cache-Control: max-age=87287
Date: Tue, 06 Dec 2022 09:46:44 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:01:31 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /securelogin/americafirst.com/asset/analytics/ads/js/loading.gif HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sat, 11 Aug 2018 17:03:52 GMT
Accept-Ranges: bytes
Content-Length: 38636
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 200 x 200\012- data
Size:   38636
Md5:    d10ef01e81faa2c2d812bdf670b4e072
Sha1:   77d09a57b2091fd7665dff763a5eab23e0ff907e
Sha256: 5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/d4c16de980048679c0662f782e29945ab5125717.png HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 3311
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 250 x 54, 8-bit/color RGBA, non-interlaced\012- data
Size:   3311
Md5:    cf4f20bf0af1f7b4b77126ac20180c2c
Sha1:   d4c16de980048679c0662f782e29945ab5125717
Sha256: 986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/roboto-latin-500.020c97dc.woff2 HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/adobe/data/js/css/chunk-vendors.eab46e62.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 15872
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Size:   15872
Md5:    020c97dc8e0463259c2f9df929bb0c69
Sha1:   8f956a31154047d1b6527b63db2ecf0f3a463f24
Sha256: 24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/roboto-latin-400.479970ff.woff2 HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/adobe/data/js/css/chunk-vendors.eab46e62.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 15736
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Size:   15736
Md5:    479970ffb74f2117317f9d24d9e317fe
Sha1:   81c796737cbe44d4a719777f0aff14b73a3efb1e
Sha256: 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7bLFlzJkqYFd3D7EnnIiqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.148.53.106
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fro3/oiw6Z1e4yqNDUFXhOPDbNs=

                                        
                                            GET /securelogin/americafirst.com/adobe/data/js/css/favicon.ico HTTP/1.1 
Host: mail.barnhillcreativecounseling.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/securelogin/americafirst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         69.49.246.103
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Tue, 06 Dec 2022 09:46:44 GMT
Server: Apache
Last-Modified: Sun, 20 Feb 2022 16:38:54 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    5f0fb15bba173e0aa54bd6434418f8fe
Sha1:   fc16c82f44707eb5045be0f68cfcfce4a4ac29d9
Sha256: 0534a1a2f971f20a153479d5e01ad4051a8af96221bb5f7c80ff06a759d1ea2e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11837
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 09:46:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11837
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 09:46:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11837
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 09:46:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11837
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 09:46:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11837
Expires: Tue, 06 Dec 2022 13:04:03 GMT
Date: Tue, 06 Dec 2022 09:46:46 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10594
x-amzn-requestid: eee9f193-eef5-44bf-997a-877fa206749e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyIHpGoAMF1fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-0a9190f7698dbf2f73bb1575;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T28mItwomGU8iDJ18lUF7ZrFuyh_P3ZTwUtA4AC5qZ5C5FQurDMgmQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:54:01 GMT
age: 42765
etag: "366aa3ab0790c496ea51bc08d1f2ff3358530d9e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10594
Md5:    7e1b54923ba506fde6b21c5bfb51ccc8
Sha1:   366aa3ab0790c496ea51bc08d1f2ff3358530d9e
Sha256: a993ca6dc9a1f854f4542f9221e4f90060825ea863974b5163a9d3e284dc4663
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4827
x-amzn-requestid: 26ac5a48-3e41-4638-88d6-c94ba8b7a6c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csS3nFxPoAMFcpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64fd-28f8cb92130706e3652eb971;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YUk1Nt1XioDColWXDiEZsL8BmFpyWaV5tRbsbmAiR6A2psM_Gx3j_A==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:41:49 GMT
age: 43497
etag: "0f1c7567b89cc3de60196e47e37879296359bc78"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4827
Md5:    73b9f329cd3a39d0756de62dd5f190b7
Sha1:   0f1c7567b89cc3de60196e47e37879296359bc78
Sha256: e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5790
x-amzn-requestid: 2e409a5f-ce04-4b9b-b3a2-74e5bbd256d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvoEoUoAMFsxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64ca-72e1bb13187b18aa26c8566f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jr6GWYa2SFKmDWscGBd9-g7b0RKr6j4GrgNisS0-DYiojh7Kv1oMJQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:06 GMT
etag: "1f25392db4cf3693259202b24e898f21093b8bf9"
age: 43180
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5790
Md5:    18bbcbf84b00d3bc602830478ff1bd7f
Sha1:   1f25392db4cf3693259202b24e898f21093b8bf9
Sha256: cb2b44e1f74a9bb43fab48536f6146e273c728b34e4889ff3f18a411d14d2282
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12293
x-amzn-requestid: 49891ceb-3f74-4e83-8064-f54fc8b30961
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyGHPOIAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-651e4e0c55257bcc553cd176;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4f0QQ4-21m-DiP4oUtIG75_vremc835laqhfDerlqCuW-WyKClvc9Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:54:20 GMT
age: 42746
etag: "9a26884875abb0652c568c50438b65f801779f9a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12293
Md5:    53afd826523f4c18bf968764818d7ca7
Sha1:   9a26884875abb0652c568c50438b65f801779f9a
Sha256: 4f9dfeda67a040fef9c6987a7c334a91c993c84f694fa91771fcf7fd1d2e4937
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:09:28 GMT
age: 41838
etag: "36082b7329d473829178f280cb71a83b1531e486"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11224
Md5:    b15136d60fd0a5e0f657a4f5c75d540f
Sha1:   36082b7329d473829178f280cb71a83b1531e486
Sha256: 79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10183
x-amzn-requestid: 0cdea572-aab4-4d52-948b-976170a787a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uLHQZoAMF4hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1327-7948052f39c4f6071b4a0e0d;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WDqUFMBT59kulx4WLxNh5XTsHzr4_u524juvZJnGMYBH-mUaJclnTg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:49:44 GMT
age: 43022
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10183
Md5:    99d1ff8fa2e095dcf2bda3d1e1af1221
Sha1:   f914f04a0e1fb45a221d31d2105bfc73015b03e6
Sha256: 90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
                                        
                                            GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/1.1 
Host: stackpath.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mail.barnhillcreativecounseling.com
Connection: keep-alive
Referer: https://mail.barnhillcreativecounseling.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.18.10.207
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Dec 2022 09:46:44 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"ce6e785579ae4cb555c9de311d1b9271"
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
cdn-cachedat: 11/15/2022 10:39:35
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1054
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 21eb882ba7a2958c37e0223e65ff2946
cdn-cache: HIT
cf-cache-status: HIT
age: 236
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77541898ff21b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---