Overview

URL babycookie.net/panel/login.php
IP20.85.218.142
ASNMICROSOFT-CORP-MSN-AS-BLOCK
Location United States
Report completed2022-09-29 00:45:01 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-29 2 babycookie.net/panel/login.php Malware
2022-09-29 2 babycookie.net/panel/assets/js/waves.js Malware
2022-09-29 2 babycookie.net/panel/assets/js/jquery.min.js Malware
2022-09-29 2 babycookie.net/panel/assets/js/bootstrap.bundle.min.js Malware
2022-09-29 2 babycookie.net/panel/assets/js/simplebar.min.js Malware
2022-09-29 2 babycookie.net/panel/assets/js/feather.min.js Malware
2022-09-29 2 babycookie.net/panel/icon.ico Malware
mnemonic secure dns
Scan Date Severity Indicator Comment
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
2022-09-29 2 babycookie.net Sinkholed
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (11)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS babycookie.net (12) 0 2022-08-20 15:55:03 UTC 2022-09-29 00:41:12 UTC 20.85.218.142 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-28 05:13:47 UTC 143.204.55.35
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-28 18:52:26 UTC 93.184.220.29
mnemonic passive DNS ocsp.pki.goog (5) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS fonts.googleapis.com (2) 8877 2013-06-10 20:14:26 UTC 2022-09-28 16:03:51 UTC 216.58.211.10
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-28 04:36:33 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-28 08:06:38 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-28 18:56:49 UTC 143.204.55.27
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.77.32
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 54.69.181.45


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 20.85.218.142

Date UQ / IDS / BL URL IP
2022-10-05 17:01:00 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-05 14:01:26 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-04 13:54:31 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-04 01:06:32 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-03 00:13:23 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Date UQ / IDS / BL URL IP
2022-12-06 17:03:12 +0000
6 - 0 - 4 mtbaccess.me/app/verify.php 20.231.76.207
2022-12-06 16:08:02 +0000
0 - 0 - 1 20.253.174.196/file01/fifth.exe 20.253.174.196
2022-12-06 15:47:13 +0000
0 - 0 - 1 20.253.174.196/file01/_______0o0-_0oo0_weriur (...) 20.253.174.196
2022-12-06 14:32:13 +0000
0 - 0 - 2 www.mesharepoint.com/swe/a2316b89-04ae-4c59-b (...) 13.107.237.53
2022-12-06 14:22:31 +0000
0 - 0 - 1 safety.oktedi.com/wp-admin/review 20.5.125.17

Last 5 reports on domain: babycookie.net

Date UQ / IDS / BL URL IP
2022-10-05 17:01:00 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-05 14:01:26 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-04 13:54:31 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-04 01:06:32 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-03 00:13:23 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-29 05:55:20 +0000
7 - 0 - 47 data.topababa.com/panel/login.php 157.230.93.107
2022-10-05 17:01:00 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-05 14:01:26 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-04 13:54:31 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142
2022-10-03 00:13:23 +0000
0 - 0 - 20 babycookie.net/panel/login.php 20.85.218.142


JavaScript

Executed Scripts (5)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (37)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 00:15:46 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5f_qtTKAxYUhNebCdz_8kDzQdna6U3aqKupvh8iJZq6_RBZmRRkwxQ==
Age: 1744


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /panel/login.php HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 29 Sep 2022 00:44:50 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   4346
Md5:    fe310691282ca2e7109f504d22b494b1
Sha1:   bccfec5d22cecb9b1c29d4fc34d5bf94a88feab1
Sha256: d8f09307b60c5bef5ceacfd8501bd3d91f1de9e5e746bb2d7def94d86789da50

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9FE6BEB1CB3851018168765A243B6DE69EC71D30770F8C2DCC57CAE7D9978CC1"
Last-Modified: Wed, 28 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5828
Expires: Thu, 29 Sep 2022 02:21:58 GMT
Date: Thu, 29 Sep 2022 00:44:50 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2gJ3I-wMI816OUbYXlfGTOVDY290wB5CeY56kVxYpm5Wtj3d9lDuYg==
age: 69384
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 29 Sep 2022 00:44:50 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /panel/assets/css/metisMenu.min.css HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:12 GMT
Accept-Ranges: bytes
Content-Length: 1922
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1679)
Size:   1922
Md5:    8577b369f2381960d8ac2fe7f31e54f6
Sha1:   d869c978f5f68ef4cc29f2cca11eeede4fff66dd
Sha256: 099ac56e52f547f59624894dd9416afbcd13ba299bd439f649f597bee2b7a9c6

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
                                        
                                            GET /panel/assets/css/daterangepicker.css HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:10 GMT
Accept-Ranges: bytes
Content-Length: 8885
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   8885
Md5:    ccca85807858e793faa8b93026b7e357
Sha1:   69e2151abc1b2c9b3b34a490980f54baf2ae73c0
Sha256: 119f7b90fb354d7c322f5a9fe3f7a4891709f8d4f1d611a7e1afbb48d74b0f94

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
                                        
                                            GET /panel/assets/js/waves.js HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:16 GMT
Accept-Ranges: bytes
Content-Length: 18867
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   18867
Md5:    16995356a7ff9061d800c2e4c7407879
Sha1:   caf0964cba63d3ff8f9c6cdd9dbda6ccdbc4a085
Sha256: 4b11e7c433e0918139535b861674cec60f4fdee98de7eed0a1c7ce0afa5a60fa

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 00:29:33 GMT
Expires: Thu, 29 Sep 2022 00:34:04 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sumLOYsyj44WGZpZQA8QBwuP-kbroid7RzYWkAVrunicF8wmFVv5hA==
Age: 918


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /panel/assets/js/jquery.min.js HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:16 GMT
Accept-Ranges: bytes
Content-Length: 89476
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   89476
Md5:    dc5e7f18c8d36ac1d3d4753a87c98d0a
Sha1:   c8e1c8b386dc5b7a9184c763c88d19a346eb3342
Sha256: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
                                        
                                            GET /panel/assets/css/bootstrap.min.css HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 29 Sep 2022 00:44:50 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:10 GMT
Accept-Ranges: bytes
Content-Length: 159398
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65184), with CRLF line terminators
Size:   159398
Md5:    9a073152f0d7006c650c9633e06181f8
Sha1:   bc51160eb291083d4f04c85edeb332a3cb82dda9
Sha256: 9faf0345bf0785854343b9303734c2f4d3adba818cb408dcc6e2384ccc8a7aa2

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
                                        
                                            GET /panel/assets/css/app.min.css HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:12 GMT
Accept-Ranges: bytes
Content-Length: 146052
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (46273)
Size:   146052
Md5:    44ff01b96f88ed1e70bc44cbd096bfcd
Sha1:   c37062d4411237f4fa7136158d1369678ee8161c
Sha256: ddb09d35f279dd9fe20ad8569d6bf306c71b1dbc453964968720b90dedfc5276

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
                                        
                                            GET /panel/assets/js/bootstrap.bundle.min.js HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:14 GMT
Accept-Ranges: bytes
Content-Length: 84152
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65299)
Size:   84152
Md5:    7f389f5d2622ce2090eca7c36bcb90bc
Sha1:   ab27031159724e2421f6ff5c70f48e657abe9d39
Sha256: 8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
                                        
                                            GET /panel/assets/js/simplebar.min.js HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:16 GMT
Accept-Ranges: bytes
Content-Length: 58015
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (57807)
Size:   58015
Md5:    a8680d7a3ac007fb2b94a183791c435e
Sha1:   a21a5ada6a6ca5bdd3f7ff75d0f68e89784058ba
Sha256: 84575d0fa5cc23015b6b8213423a6fe56584e79ef0e8ed30f5145f9868c8cf89

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
                                        
                                            GET /panel/assets/js/feather.min.js HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:16 GMT
Accept-Ranges: bytes
Content-Length: 73050
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (61490)
Size:   73050
Md5:    ebb5ac3f4f7ad6a7453f1cb7a2214f31
Sha1:   29c0698f8b607c94c4e002e92a8c25ac70b2d2c3
Sha256: 36f832aa433d56ed432c7933c53c5743164d743ca6525c215dc48912a51f3e25

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
                                        
                                            GET /panel/assets/css/icons.min.css HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 29 Sep 2022 00:44:50 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2022 18:43:10 GMT
Accept-Ranges: bytes
Content-Length: 480294
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   480294
Md5:    9b19a2af34c09da87c1a39963e66bf77
Sha1:   9ddb1e4a2fcff03cb131c01ad197f72c5442b9be
Sha256: 20e6bb3cf9d13f10bca7b7b5d1f4cb82146c274747e8c2ae7fe3307881f00829

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5774
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 00:44:51 GMT
Last-Modified: Wed, 28 Sep 2022 23:08:37 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css2?family=Poppins:wght@300;400;500;600;700&family=Roboto:wght@300;400;500;700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://babycookie.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 00:44:51 GMT
date: Thu, 29 Sep 2022 00:44:51 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /css2?family=Poppins:wght@300;400;500;600;700&family=Roboto:wght@300;400;500;700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://babycookie.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 00:44:51 GMT
date: Thu, 29 Sep 2022 00:44:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1239
Md5:    051be14b9dee5a12d0e0265e0b9572d7
Sha1:   9c79ab8f1415393261c3a2cabdfd21b8e603a3f0
Sha256: 3844e32ed69cdb8a59f4ba385daae5951af3ccb1c1a190d4470559ddde879560
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://babycookie.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:14:12 GMT
expires: Mon, 25 Sep 2023 18:14:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
age: 282639
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size:   15920
Md5:    3a44e06eb954b96aa043227f3534189d
Sha1:   23cef6993ddb2b2979e8e7647fc3763694e2ba7d
Sha256: b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://babycookie.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 18643
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /panel/icon.ico HTTP/1.1 
Host: babycookie.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://babycookie.net/panel/login.php
Cookie: PHPSESSID=edac3dd0607e2e87e98d379c35ed8575

                                         
                                         20.85.218.142
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 29 Sep 2022 00:44:51 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Qo3V4W1XF4GdvzwmYeA7Xw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.69.181.45
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vjZLZprJefzQdMafDjOQUr2pN84=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5199
Expires: Thu, 29 Sep 2022 02:11:31 GMT
Date: Thu, 29 Sep 2022 00:44:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5198
Expires: Thu, 29 Sep 2022 02:11:31 GMT
Date: Thu, 29 Sep 2022 00:44:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5198
Expires: Thu, 29 Sep 2022 02:11:31 GMT
Date: Thu, 29 Sep 2022 00:44:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7810
x-amzn-requestid: f2d2333f-0b81-4875-9058-cc1f3d238dd4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGU0HEeVIAMFoQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332681a-06d5f81114b0bb2547f4ca9a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:03:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Nbkg06K87aXb-TZpPY0HPI_xlbQYgzgOwrv3FijeFZgG6mks4hiRHg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 04:07:24 GMT
age: 74249
etag: "31b8538deb0f00d5b4182739a4a2fcc1b956a998"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7810
Md5:    456968f691ae9464d69a37bffe9bd7ce
Sha1:   31b8538deb0f00d5b4182739a4a2fcc1b956a998
Sha256: 5cde1e3158e6c6c0b7a01d3bd32f2aa292b3b205f604e5c4ed71cafedad06bf2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd156c6a4-51d8-498f-ac66-df71d14dc199.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7229
x-amzn-requestid: 1e98e32e-b1da-4f28-b0fb-6ad482cc3b12
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2KrgGhDIAMFjPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bf17c-197f996d46d51b72085923b2;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 05:24:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BxFR1ChcGuHjkvOhB5PVZwVpiGQM9RWPV7rKgKgekaTSbSKnVQ_t5Q==
via: 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 17:51:26 GMT
age: 24807
etag: "8c73e318a79c74a980108bb3d79c89d00c35af57"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7229
Md5:    f5d602deb76fb578e19f56ab7ded2070
Sha1:   8c73e318a79c74a980108bb3d79c89d00c35af57
Sha256: d212b5cfea23e349471702c7a79f464ef012bc644ab7ab60caed6a7f7395a049
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6795
x-amzn-requestid: 20067932-e2e5-410a-8c7a-a5f623f33454
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCs6FbooAMFyHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633117ec-65749cd04e48e49a46b4c215;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:09:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: o1q8r6PSQDQyLs4xfhCSXu4q8fFi3zIoAIMlwNznvOsEtORfuVumCA==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 05:17:23 GMT
age: 70050
etag: "7057c6707c7299ac386c6b2164240eff241db294"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6795
Md5:    9f94853ffae41ec3c0e002bc152da1c4
Sha1:   7057c6707c7299ac386c6b2164240eff241db294
Sha256: 818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91221c7-ce03-4ea5-9826-7a53eaafc5e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9002
x-amzn-requestid: 0623931b-a4d6-49de-ba32-d071c08eddbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoiGKRIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be36-1573e2e91c85617424db019f;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:50 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3kkSL0VcJl64iZ0TiKfOwK620pLX2CAVWqY1Bp2NhokTX0572t_nnQ==
via: 1.1 2a44ef7b9d28e74c78ffadeedcbb887c.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:47 GMT
etag: "d76293673a7aa2861b069ced614cdcdb84fed6d3"
age: 11046
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9002
Md5:    c80d7ce8a9d3fba54855e05731db759c
Sha1:   d76293673a7aa2861b069ced614cdcdb84fed6d3
Sha256: eabd1bfef29cad4045d688a909b9a8c88818d80bb432ce642d055583cf66d77d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff61695e2-14b2-44b1-b2d0-93aed95788f3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10272
x-amzn-requestid: 443e641f-25dc-456c-bb7f-ae23153dc52d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVSwECzoAMFpeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633268de-20524e433a72428653175a94;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:10 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: k1I8tevinkxbPVl-cUWVt8vOEqQK5rxo5B17xyQGMSkCUbrbNj4AmA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 03:48:25 GMT
age: 75388
etag: "9f21cefa8882ea63961ae2eb51b7cd406b2358d6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10272
Md5:    33d8a1c1782f57095619cfba8c58a4a5
Sha1:   9f21cefa8882ea63961ae2eb51b7cd406b2358d6
Sha256: 47c04dd3680f76a5bc54157c64d64dcb7dea517c8dace4fdcf8e46df43fa9cae
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9034
x-amzn-requestid: 20199dff-cd75-4f47-9395-9fdab045638c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYtHROoAMFQ6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-6a77e2d438ae887e4cd54ec6;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: z92zeMKTSVmpz2TYok8XpBUxuY4ZzN3Z_w32gQgjX1QGb26YDxnfdQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 03:57:15 GMT
age: 74858
etag: "927d5a375d9607b23caadae148566fdff10147b1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9034
Md5:    2054ae778a3079d8233ee33045127df6
Sha1:   927d5a375d9607b23caadae148566fdff10147b1
Sha256: 6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a