Overview

URL 53.com.kosqvery.com/19de2/umail.php
IP92.204.145.105
ASNGO-DADDY-COM-LLC
Location United States
Report completed2022-07-07 00:17:49 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Added / Verified Severity Host Comment
2022-07-06 2 53.com.kosqvery.com/19de2/umail.php Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
2022-07-05 2 53.com.kosqvery.com/ Fifth Third Bank
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-07-07 2 53.com.kosqvery.com/19de2/umail.php Phishing
2022-07-07 2 53.com.kosqvery.com/19de2/assets/dist/js/forms.js Phishing
2022-07-07 2 53.com.kosqvery.com/19de2/assets/dist/js/plugins/Foundation.min.js Phishing
2022-07-07 2 53.com.kosqvery.com/19de2/assets/dist/js/FormValidation.min.js Phishing
2022-07-07 2 53.com.kosqvery.com/19de2/assets/img/53_Shield-logo-small.svg Phishing
2022-07-07 2 53.com.kosqvery.com/19de2/assets/img/user-Question-o.svg Phishing
2022-07-07 2 53.com.kosqvery.com/19de2/assets/img/53_Horizontal-logo.svg Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (9)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-07-06 04:41:34 UTC 23.36.76.226
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-07-06 04:55:23 UTC 54.230.111.99
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-07-06 04:47:23 UTC 54.149.83.187
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-07-06 17:02:11 UTC 34.120.237.76
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.35
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] 53.com.kosqvery.com (12) 0 No data No data 92.204.145.105 Unknown ranking
[Mnemonic Passive DNS] cdnjs.cloudflare.com (3) 235 2014-04-23 07:31:51 UTC 2022-05-16 10:07:49 UTC 104.17.25.14
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-07-06 19:05:02 UTC 93.184.220.29


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 92.204.145.105

Date UQ / IDS / BL URL IP
2022-07-12 19:03:48 +0000
0 - 0 - 20 https://53.com.kosqvery.com/a6a31 92.204.145.105
2022-07-12 19:03:19 +0000
0 - 0 - 20 https://53.com.kosqvery.com/a6a31/card.php 92.204.145.105
2022-07-12 19:02:53 +0000
0 - 0 - 17 https://53.com.kosqvery.com/a6a31/personal.php 92.204.145.105
2022-07-12 19:02:21 +0000
0 - 0 - 22 https://53.com.kosqvery.com/a6a31/ufmail.php 92.204.145.105
2022-07-12 19:01:50 +0000
0 - 0 - 19 https://53.com.kosqvery.com/a6a31/umail.php 92.204.145.105
2022-07-12 19:01:19 +0000
0 - 0 - 18 https://53.com.kosqvery.com/a6a31/ 92.204.145.105
2022-07-12 19:00:50 +0000
0 - 0 - 20 https://53.com.kosqvery.com/d0c32/card.php 92.204.145.105
2022-07-12 19:00:19 +0000
0 - 0 - 17 https://53.com.kosqvery.com/d0c32/personal.php 92.204.145.105
2022-07-12 18:59:48 +0000
0 - 0 - 22 https://53.com.kosqvery.com/d0c32/ufmail.php 92.204.145.105
2022-07-12 18:59:17 +0000
0 - 0 - 20 https://53.com.kosqvery.com/d0c32/umail.php 92.204.145.105

Last 10 reports on ASN: GO-DADDY-COM-LLC

Date UQ / IDS / BL URL IP
2022-08-12 23:10:24 +0000
8 - 0 - 9 elitechairlifts.com/secur06c/auth.php?apodcvl (...) 132.148.244.203
2022-08-12 23:08:59 +0000
8 - 0 - 9 elitechairlifts.com/secur06c/auth.php?md=UxvN (...) 132.148.244.203
2022-08-12 21:32:52 +0000
8 - 0 - 9 elitechairlifts.com/secur06c/auth.php?md=mozu (...) 132.148.244.203
2022-08-12 21:31:36 +0000
8 - 0 - 9 elitechairlifts.com/secur06c/auth.php?ApOdCVL (...) 132.148.244.203
2022-08-12 21:26:17 +0000
0 - 0 - 2 www.vivacuscoperu.com/misrepresentation.php 160.153.72.162
2022-08-12 21:26:14 +0000
0 - 0 - 2 www.vivacuscoperu.com/anechoic.php 160.153.72.162
2022-08-12 21:25:36 +0000
0 - 0 - 2 www.vivacuscoperu.com/en.php 160.153.72.162
2022-08-12 21:25:28 +0000
0 - 0 - 2 www.vivacuscoperu.com/annotator.php 160.153.72.162
2022-08-12 20:58:01 +0000
0 - 0 - 1 tara.globodyinc.biz/cgi-bin/nkoqaAoDD7dO/ 192.169.148.125
2022-08-12 20:57:53 +0000
0 - 0 - 1 training.globodyinc.biz/7irru0OP/ 192.169.148.125

No other reports on domain: kosqvery.com



JavaScript

Executed Scripts (7)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (32)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "78A5DCFAF2D93D9C87CFB6DBC56100E9F22965D4500554BA65F71CB7D84DD666"
Last-Modified: Wed, 06 Jul 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10084
Expires: Thu, 07 Jul 2022 03:05:40 GMT
Date: Thu, 07 Jul 2022 00:17:36 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 06 Jul 2022 23:56:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Tam9dpXST8QgjqtHJmXsDTZxYKjE4WJNbiLTr9-dUkFJeaA6XrJVNg==
Age: 1273


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.99
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Tue, 21 Jun 2022 12:10:22 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 06 Jul 2022 03:26:46 GMT
etag: "581454acdd98f34fd3fbabd0977ade29"
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YEMkwnss7UtUBlbNh4IB-wI0wNiMAK-HsSDn0rYvxlyvUka9UI2GUQ==
age: 75051
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    581454acdd98f34fd3fbabd0977ade29
Sha1:   d8d86c0b513137aeb85de01cea7b272c35eb6ab4
Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 07 Jul 2022 00:17:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /19de2/umail.php HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 07 Jul 2022 00:17:36 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (505)
Size:   20192
Md5:    eab4d761d3d59267bc36ef7095b0250c
Sha1:   5ce7b2a268eda79b08b364503291fc5298009fe5
Sha256: 81ea3d546a52b0786431a98b063eff93bb5f7724933ceb68c188a72b2d5bc73a

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /ajax/libs/es6-shim/0.35.3/es6-shim.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://53.com.kosqvery.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
                                        
date: Thu, 07 Jul 2022 00:17:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 14321
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e54-dca5"
last-modified: Mon, 04 May 2020 16:09:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 197127
expires: Tue, 27 Jun 2023 00:17:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWsWw6XdpgbA4EvY3Xkd8FxzQwh1dAATGztht68NQpoqfJ4ihLVLT4TB7UblM9dn5Fxlcrf29RikuK0D47QH2FgkEIaoHdodNpXW%2FfviIWyNBaTZpRXDKtHJV5dwi%2B1uoGf%2FeqsT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 726c65f0de41b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32014)
Size:   14321
Md5:    eb4ac442850e11463eec24148ce333a5
Sha1:   edc473d05b9d97a09625f8b8f0fcca8565ab8cbe
Sha256: a3d6f16e507899f64132cb657ca82fba1b4249afce43f1f5bfdedccfdd817513
                                        
                                            GET /ajax/libs/jquery/3.0.0-beta1/jquery.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://53.com.kosqvery.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
                                        
date: Thu, 07 Jul 2022 00:17:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 64839
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-40023"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 2599272
expires: Tue, 27 Jun 2023 00:17:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3A9qGqHDSmYsfEZl%2Fmk3M5Nvb9WvEPwI2cUAf3I18cmESJAlfVMGFS5eb1RJXdwlzJvK2mpBdjdVxcVaqz1RtxWLwQuUQunk0UxqJ7nAgKKAfydpqOTONVvd5%2BwFp70qNi95B8a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 726c65f0de48b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   64839
Md5:    9c221071bb902ab29972e322b74d7264
Sha1:   0d696a6bd5fabb1e23b7382d9fb4054b8bc29e98
Sha256: 9862fdce3bbe57e40ffdfcd3fb7de2cb0573524b7630c1eeee5621e50b9d7c9e
                                        
                                            GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://53.com.kosqvery.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
                                        
date: Thu, 07 Jul 2022 00:17:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 2441424
expires: Tue, 27 Jun 2023 00:17:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsDwpsqwHCB%2BhxjyM1%2BQYAsBXM35VQ1WfvKze7ooIGYCbPkUQQ065f6piisCyRUndybZIRercVXUKEeCv540mShpZaA2k4KihU74C3XPw9bWZuEOhEQGjm2%2FgfAMnRf%2BmLV4wEC9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 726c65f0de45b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4517
Md5:    e40e054c5726f042bad463e3774a2777
Sha1:   5c9413b72837a440b327444104830c35ae3b052c
Sha256: fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8
                                        
                                            GET /19de2/assets/dist/js/forms.js HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 13961
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   13961
Md5:    105590c6062e49fa6e7f449936ab9920
Sha1:   ae01fef4b4b5b6ed0e19049f6737c419ab83a28e
Sha256: b8b709a8a41499ce945c344fb7cc53f8f1b99f66d8f72e81d87f1847c40ba873

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /19de2/assets/dist/js/plugins/Foundation.min.js HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 2029
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (2029), with no line terminators
Size:   2029
Md5:    e47ecd93128ab399fcef3241a216f527
Sha1:   f5917be5c7d75a2f41b9a6c4c3422b69acd109ff
Sha256: e347bf8a60497f126cd8d4df5cef31df2daa7ea19b48a0cb2c4070b6689dda51

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3478
Cache-Control: 'max-age=158059'
Date: Thu, 07 Jul 2022 00:17:37 GMT
Last-Modified: Wed, 06 Jul 2022 23:19:39 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /19de2/assets/dist/css/formValidation.min.css HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 19343
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (9642)
Size:   19343
Md5:    a04f3fe72bc421c126256e5cacf1e7c7
Sha1:   87895f89616146f124266cdf7b17323ef0d17557
Sha256: a1df840d52a6e1a2b85ed8ea59e25b34c824d520ca34b2a84adf7fef4b2689d8

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Content-Type, Last-Modified, Alert, Backoff, Pragma, Expires, Content-Length, Cache-Control
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2022 23:34:57 GMT
Cache-Control: max-age=3600
Expires: Thu, 07 Jul 2022 00:10:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Gp-3B1-Lonl7h7kLRUXX9zYnON5gbT22BTPoerTWPd-mdiN5exrjzA==
Age: 2561


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /19de2/assets/dist/js/FormValidation.min.js HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 67938
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   67938
Md5:    958e5454cf92264436c2c3c1de4c1c0c
Sha1:   f0fb820b4174e553b9f148f986b71df40ca49c52
Sha256: d90224cd9ba0d138e7ba721d12b39e5e680999b2a1b246691542b195514e91ad

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eGEDf1cf9DMYK0RZYOPzgg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.149.83.187
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GruuH/1YKtXqearjPUTgoOPn5eo=

                                        
                                            GET /19de2/assets/css/autocomplete.css HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 274902
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   274902
Md5:    3d0f58f448182ee276e0c2f3822d5625
Sha1:   3821329d121c4510ea24558611bcf46303f95bb5
Sha256: fa481938b765790e06d52408ec3d4b5296f40adfa5852246bb1556c0b8a3973a

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /19de2/assets/img/member-fdic.png HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 13495
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 118 x 74, 8-bit/color RGBA, non-interlaced\012- data
Size:   13495
Md5:    12f52a05cd1d945085ff8f5cb0eab45a
Sha1:   cd6b9ea773fb2055e467c8d474dca7152aa475f1
Sha256: 96b5e6548b16dff5e401d796818b8fc6c4158338dffadd90f550a48ca1d8a47c

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /19de2/assets/img/53_Shield-logo-small.svg HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 1707
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   1707
Md5:    d7024eb89b1473a00d37b2311dbd0967
Sha1:   d2c6fd0cae554d445eb201542d0113a3e3f220d0
Sha256: c61a11c9e8c7b27848483a7d469e9e1b4d5226ab2377f02c8665a7352be0ce60

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /19de2/assets/img/equal-housing-lender--large.png HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 6668
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 74 x 82, 8-bit/color RGBA, non-interlaced\012- data
Size:   6668
Md5:    3191014c1149a25a9a359542581e0e37
Sha1:   2bb382de51ab8ecf794235338c143cbf5b8b6536
Sha256: a6a561761acd53e674570d7ec3a2d119c75db57276efd9d1cfbce792389782e1

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            GET /19de2/assets/img/user-Question-o.svg HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 1994
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1994), with no line terminators
Size:   1994
Md5:    8160abdb4cf326567f033243364d7c22
Sha1:   e19df1c4a337a1e0acc8014b17697b584ce4b39b
Sha256: a7abbce85d88803c72cfa7917730744140f547363661a478e6e092326f7ddf89

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /19de2/assets/img/53_Horizontal-logo.svg HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 07 Jul 2022 00:17:37 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 8875
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (8875), with no line terminators
Size:   8875
Md5:    3880a984605784f04f282708a2f5786c
Sha1:   89a8f8d5cca2287a8a2f89667c2ca9a31010b3b0
Sha256: 909b33e41bbfa67cf7c1227e05b1b9c0e9d8c2a11b5cdc0618e7bb09d49124be

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
    - fortinet: Phishing
                                        
                                            GET /19de2/assets/img/favicon.png HTTP/1.1 
Host: 53.com.kosqvery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://53.com.kosqvery.com/19de2/umail.php

                                         
                                         92.204.145.105
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 07 Jul 2022 00:17:38 GMT
Server: Apache
Last-Modified: Sun, 19 Jun 2022 08:40:14 GMT
Accept-Ranges: bytes
Content-Length: 1814
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1814
Md5:    3bf542c74fd58eaca23c6ce2afa8ae4f
Sha1:   bbb516e3c7ed858eb951e678f5c170f1825a8fe6
Sha256: 243756cacc67ac3fcca021ec29c5341d58e644135492ba290ee9ad5c9a2ef72e

Alerts:
  Blocklists:
    - openphish: Fifth Third Bank
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Thu, 07 Jul 2022 01:09:27 GMT
Date: Thu, 07 Jul 2022 00:17:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Thu, 07 Jul 2022 01:09:27 GMT
Date: Thu, 07 Jul 2022 00:17:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Thu, 07 Jul 2022 01:09:27 GMT
Date: Thu, 07 Jul 2022 00:17:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E96EA592111AAC8DB4D301EA1E1DEF1043D15D8774C4224D707FB21885E98909"
Last-Modified: Wed, 06 Jul 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Thu, 07 Jul 2022 01:09:27 GMT
Date: Thu, 07 Jul 2022 00:17:39 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce2fc71a-842c-433d-8506-e191aa0edcd6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 4243
x-amzn-requestid: 7529aa91-0ea7-442d-a0b7-c3c74f0d5d5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UthU8HNdoAMFpUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c215b9-527e994b56eb0630557d6dd5;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 22:18:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DQPLClNEQSPyiJJEq83p-1_lCk1cLIqpXQuPUQA2EzYd4kc0D9ILaw==
via: 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 04:44:24 GMT
age: 70395
etag: "5f4a7a2dcc9ffbb5bb61859a6337ec9c8f11f1f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4243
Md5:    4dadb5bd9157f2899ea250117bf6655e
Sha1:   5f4a7a2dcc9ffbb5bb61859a6337ec9c8f11f1f3
Sha256: 236f94db1ce5926743b6f0692509ab20c17fca595b5c062133a9d24fc80d6f0d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F922dd00d-fd62-44d8-aed0-44e2f9cf82d4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 10272
x-amzn-requestid: 8351e692-985b-4891-b827-77b52d9fa1ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Utc5yGQnIAMFYLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c20ea4-58e49c525fba7a4d71ae9aed;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 21:48:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: sDaxe8WDrbE53siAcd90FUbOcpLIL2YLybRGhZa-Nx_x2msBCP72yw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 15:30:48 GMT
etag: "e514dd2ba6506dbfa0393dacd64630699e739697"
content-type: image/jpeg
age: 31611
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10272
Md5:    eddc9e66ac69496089132a17abcb74ac
Sha1:   e514dd2ba6506dbfa0393dacd64630699e739697
Sha256: ea84cd380943f8b4f74dccea600b23701bbf46b0ab1b512065b6b4cf0b4eab05
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd91e1318-19c1-478d-9499-3baab13b925b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6764
x-amzn-requestid: 066475d9-bed3-4626-9a4d-a9e713866195
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U3UCmEwgIAMFSDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c60076-694099bd5429b3a91e282d27;Sampled=0
x-amzn-remapped-date: Wed, 06 Jul 2022 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jh7ZAJd4DsRo2ta0q52WTWDvbtko84520eh2OKRfDv7KdoEW4fGtXQ==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 21:45:37 GMT
age: 9122
etag: "245427c92c74e85f199f9fd9563c91cb62cba979"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6764
Md5:    92e0cfdf03ce76aa5a899b42fc763e83
Sha1:   245427c92c74e85f199f9fd9563c91cb62cba979
Sha256: 2216f105d3350eabd7422e964bbbd9758009675ace79437c368097a27bf1f1fb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa89fb6c-1b8f-4b5f-881a-7c1b4ddc61b9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 4829
x-amzn-requestid: 9345b8b6-c799-4398-86f8-618eec6f54d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UjGL9F4oIAMFZQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62bdea4c-0699926943cefd29234495fa;Sampled=0
x-amzn-remapped-date: Thu, 30 Jun 2022 18:24:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: SMiaJuChqVtH1akE4ReBrQQQS5Ic3HWrxL6FolBADdFQPakWPK9-zw==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 21:56:11 GMT
age: 8488
etag: "b639fd1617311bd45a8615efc46b043526add4aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4829
Md5:    08b23daa51c5aa9893d433505300ef81
Sha1:   b639fd1617311bd45a8615efc46b043526add4aa
Sha256: 861c1f7c52fd5c5d2b8d0ae86ee2e3d46df0e9552ed2657f8aa6114703320779
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1f48beb-da86-42f3-b5da-39fa82b568cb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7249
x-amzn-requestid: 74cbc653-182e-4ef0-9fe5-901ddaa4edaf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UoBIEGKqIAMFp8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62bfe233-383f73a750696511624ff453;Sampled=0
x-amzn-remapped-date: Sat, 02 Jul 2022 06:14:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BVo4WA3x-2hGSrOBQTIcT5yjiYcdzQby4NDOrnrWpREFtHG5x52Jzg==
via: 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 09:18:45 GMT
age: 53934
etag: "2f79d1e28bb827f7fa60b6675dba8022c28a1a3d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7249
Md5:    5c958b0c904620aff5f5f8a74f80d9f9
Sha1:   2f79d1e28bb827f7fa60b6675dba8022c28a1a3d
Sha256: 8bba608d028bbb678f021eaca3364856f930069f44b647346e649eca4c383955
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13136825-0301-44c6-8c81-faf21628fe4c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6737
x-amzn-requestid: 9a9c33df-daa2-49fb-ba8e-fd5a3149828e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UeP9ZG93oAMFX6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62bbf9ef-248528170cf451be2662dbef;Sampled=0
x-amzn-remapped-date: Wed, 29 Jun 2022 07:06:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GZWZ5vCdHbLeGN4FdZbd8ysfjqcGd-7MsBW_steUpJ38jyLd16JNtw==
via: 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 03:53:29 GMT
age: 73450
etag: "5e2f835320ab350cdd1c3ad1ceb71db2bb27b84f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6737
Md5:    44f59062cacc44be268845c493de29de
Sha1:   5e2f835320ab350cdd1c3ad1ceb71db2bb27b84f
Sha256: c37305dfa7a241e526c7246a6eb71360dbfa2fe5d7f369f37ef7ddbfe1b97749