Overview

URLles-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
IP 63.250.43.6 (United States)
ASN#22612 NAMECHEAP-NET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-10-12 20:58:24 UTC
StatusLoading report..
IDS alerts0
Blocklist alert13
urlquery alerts No alerts detected
Tags None

Domain Summary (11)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
les-impots-bad117.ingress-comporellon.ewp.live (25) 0 2022-10-10 16:55:14 UTC 2022-10-12 20:58:03 UTC 63.250.43.5 Unknown ranking
ocsp.usertrust.com (1) 899 2012-05-21 15:43:18 UTC 2022-10-12 10:05:34 UTC 172.64.155.188
push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-12 05:00:17 UTC 44.228.207.167
cfspart.impots.gouv.fr (1) 643420 2017-02-05 07:17:33 UTC 2022-10-12 13:54:50 UTC 145.242.11.27
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-12 12:13:11 UTC 34.120.237.76
r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-10-12 04:58:09 UTC 23.36.77.32
ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-10-12 18:33:14 UTC 172.64.155.188
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-12 04:58:51 UTC 34.117.237.239
ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-12 15:05:50 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-27 01:58:08 UTC 2022-10-12 14:32:44 UTC 54.230.111.65
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-12 04:58:20 UTC 34.160.144.191

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/ DGI (French Tax Authority)

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/ Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/te (...) Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/te (...) Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/te (...) Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/templates/js/auth.js Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/templates/js/jquery-1.11.3.min.js Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/templates/js/urls.js Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/templates/js/bootstrap.min.js Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/te (...) Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/templates/js/bootstrap.min.js Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/templates/js/auth.js Phishing
2022-10-12 2 les-impots-bad117.ingress-comporellon.ewp.live/templates/js/urls.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 63.250.43.6
Date UQ / IDS / BL URL IP
2023-01-12 17:07:09 +0000 0 - 0 - 7 www.itskryptic.com/wp-content/languages/bid/l (...) 63.250.43.6
2023-01-08 08:34:44 +0000 0 - 0 - 22 ammadigitalmarketing.com/ 63.250.43.6
2022-12-12 08:35:50 +0000 0 - 0 - 23 ammadigitalmarketing.com/ 63.250.43.6
2022-11-10 23:28:26 +0000 0 - 0 - 8 seriale-shqip.com/ 63.250.43.6
2022-10-24 10:19:31 +0000 0 - 0 - 14 mygov-8-997cef.ingress-comporellon.ewp.live/m (...) 63.250.43.6


Last 5 reports on ASN: NAMECHEAP-NET
Date UQ / IDS / BL URL IP
2023-02-07 08:22:37 +0000 0 - 0 - 3 hentaifck.click/ 162.0.235.180
2023-02-07 08:09:13 +0000 0 - 25 - 11 coastalover.xyz/ 162.255.119.186
2023-02-07 08:02:13 +0000 0 - 0 - 2 honnovii.com/requirements.zip 162.0.215.196
2023-02-07 07:51:58 +0000 0 - 1 - 0 striketogethernow.org/ 162.255.119.50
2023-02-07 07:48:45 +0000 0 - 1 - 2 sanotomopharmaceutical.com/ 162.255.119.218


Last 5 reports on domain: ewp.live
Date UQ / IDS / BL URL IP
2023-01-30 04:41:20 +0000 0 - 0 - 18 stylelagoon-9b67f8.ingress-daribow.ewp.live/ 63.250.43.14
2023-01-23 17:49:55 +0000 0 - 0 - 3 loukinacomo-c57ec7.ingress-erytho.ewp.live/29 (...) 63.250.43.133
2023-01-23 17:30:14 +0000 0 - 0 - 3 loukinacomo-c57ec7.ingress-erytho.ewp.live/29 (...) 63.250.43.133
2023-01-23 08:05:12 +0000 1 - 0 - 2 uspss-1-b67907.ingress-erytho.ewp.live/usa/ 63.250.43.132
2023-01-17 07:59:33 +0000 47 - 0 - 22 corroes0-c45cce.ingress-erytho.ewp.live/pagom (...) 63.250.43.132


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-21 21:11:37 +0000 17 - 0 - 6 wordpress-867582-3000298.cloudwaysapps.com/dg (...) 18.102.83.111
2023-01-21 06:44:52 +0000 17 - 0 - 6 wordpress-867582-3000298.cloudwaysapps.com/dg (...) 18.102.83.111
2022-11-07 09:04:37 +0000 0 - 0 - 12 www.siantartop.co.id/impots-2021-lmtbn/gouv-f (...) 202.74.236.102
2022-10-29 21:55:36 +0000 0 - 0 - 1 wordpress-231390-2982067.cloudwaysapps.com/63 (...) 104.248.163.238
2022-10-29 19:08:55 +0000 0 - 0 - 1 wordpress-231390-2982067.cloudwaysapps.com/63 (...) 104.248.163.238

JavaScript

Executed Scripts (7)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (45)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.65
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 12 Oct 2022 20:49:20 GMT
Expires: Wed, 12 Oct 2022 21:35:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3k0sK1BmVYOS0F330REe794uloqs8OEQyeAHi_CBELeS3Qhy4itM6w==
Age: 533


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    bdb8b66c705a7b996496d780f50c00b5
Sha1:   403ae92039fcc933870f51f913f78ccaf9652256
Sha256: c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5495AD212166703DCD1D17D7AA6FF4D1C40E73DFAD703D24F00F60F35BC7D56C"
Last-Modified: Tue, 11 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6536
Expires: Wed, 12 Oct 2022 22:47:09 GMT
Date: Wed, 12 Oct 2022 20:58:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6C840089371A0E25D60D0D76D6400348B0CDFB5967876C7B88E2B4A2AAF01A03"
Last-Modified: Wed, 12 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2610
Expires: Wed, 12 Oct 2022 21:41:43 GMT
Date: Wed, 12 Oct 2022 20:58:13 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: bDYqiHR9RnC4xcp3MgPeAh51eD2isuPicaxz7DHzzz8TMZwQn+Ay0soJrHBmcTqQmwpPBbeRkhg=
x-amz-request-id: 5KM4GD460NBQRW68
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 12 Oct 2022 20:33:29 GMT
age: 1484
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 12 Oct 2022 20:58:13 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 12 Oct 2022 19:03:53 GMT
Expires: Wed, 19 Oct 2022 19:03:52 GMT
Etag: "7dc71ed5137c7251279a205304b23a8932492cd9"
Cache-Control: max-age=597338,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7592c09b6ad2b524-OSL

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:13 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/ HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:18 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-a3f2"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 45235
x-cache: HIT
accept-ranges: bytes
content-length: 7219
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ISO-8859 text, with very long lines (3361), with CRLF line terminators
Size:   7219
Md5:    48bdd77258c90ff66fdf0f912af4d795
Sha1:   eb1ef9fb7ef4c18d0b8f24a133a7db3649754e75
Sha256: ca304f7c57b4bf885e7b857841dfd9a8daa82d795184603038ae1a36c9ffd773

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.65
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Wed, 12 Oct 2022 20:29:41 GMT
Cache-Control: max-age=3600
Expires: Wed, 12 Oct 2022 20:44:56 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yneVJsVEXBenzXR5HcfRwwYV6hFlrrXKy5_cLQtcjBdXUKjPUO6iFw==
Age: 1713


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/css/bootstrap-3.3.6.min.css HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-2454c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
content-length: 21399
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (391)
Size:   21399
Md5:    b16c347c97c573785f413e7a556ba5c4
Sha1:   669ef88dc6b2c3ab02d9acae233118ef8c940a86
Sha256: e3a7d66e8012d7d427e1f479c5dccea4fd7abc833c690eddabb562bb13708724
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4835
Cache-Control: max-age=131350
Date: Wed, 12 Oct 2022 20:58:14 GMT
Etag: "63467599-1d7"
Expires: Fri, 14 Oct 2022 09:27:24 GMT
Last-Modified: Wed, 12 Oct 2022 08:06:49 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/css/autentification.css HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-4323"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
content-length: 3835
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   3835
Md5:    57138b734711f109efe7670ee908bcc7
Sha1:   3fe9a4c299b009a98dd87b462a399b3a72ba3d5d
Sha256: 68cc0ab7c5774e21f4d463e680c5f1bae5d97d4651e5cd5782e9b68d55298207
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/css/imp.css HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-919a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
content-length: 5159
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   5159
Md5:    9322a061b1051faa0080c36095ee2472
Sha1:   28d10482e43a63c2b7b6b0851c300d764c93730a
Sha256: b0c7406fffd368efea139cae5d743f7959b660d0feb772c667eb6f91940cbaf9
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/jquery.maskedinput.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:26 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-284d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 45227
x-cache: HIT
accept-ranges: bytes
content-length: 2647
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2647
Md5:    e339508f78ba8133305f3491c6405390
Sha1:   39e22e61c069afb5479c996c646a132977b1abd0
Sha256: eda27913d27f71dc91db40064f25a634189020fbcc4f752f021ba0c2bf202457

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/jquery-3.1.0.min.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:25 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-1514f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 45228
x-cache: HIT
accept-ranges: bytes
content-length: 30070
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32014)
Size:   30070
Md5:    ae9d8d4c0dec623c2576c2fb03a51cea
Sha1:   d48b4b306fd21b80467d5b0913ff06bc5b949bb5
Sha256: 261d0b1ea5b85979c59923aa544fe4bea3743882b2e02a83020befc328c2d696

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/info.png HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-c56"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-length: 3158
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 107 x 105, 8-bit/color RGBA, non-interlaced\012- data
Size:   3158
Md5:    8586605c7e823e4c6c088954c90d1290
Sha1:   56aff3bdeaa37d2d0cbe800edc2a63c22c745e98
Sha256: b16fbbc475f7128aa28ed91bc59e48517a580ca486ef5a4836e240e62224cc61
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/1.gif HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-afc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-length: 2812
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 124 x 28\012- data
Size:   2812
Md5:    0d050fd3d35da175a6129a21030e78aa
Sha1:   09ee6a15ede6919de054fde434e9398684d48e2b
Sha256: 3b5b95ee14d3c3e64158175050be929c9fb2612a1c003df388d62af47a4c3e37
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/2.gif HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-b32"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-length: 2866
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 138 x 25\012- data
Size:   2866
Md5:    ae43f701c156c678e3124853049bcd1d
Sha1:   0875ffacc52951f87e0b6d50578cbd4e5c1da976
Sha256: f4f598b5fc93817de8bdd76013d28b4c092b8f139be116e625d046e3b3b9be30
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/images/aide.gif HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/5.gif HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-733"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-length: 1843
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 118 x 40\012- data
Size:   1843
Md5:    d6621df34ea2eadd541830ee370ea10f
Sha1:   d651d11e6622cb873489cca89fdce44b421a9a0d
Sha256: 58b70b4cdcb982be2ab0d89312bb4b1f8596c2294392983aba048cc046acc7c5
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/3.jpg HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-1bc6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-length: 7110
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Size:   7110
Md5:    0e2048acf0519d2c005209f8146edfca
Sha1:   e80d85ad5b49404bbc97e09652c79f3eb988fc90
Sha256: 2e3c000bb11b035e1a6bfe511338a7877fdc67f5c51a5ff29394e4d3735b36df
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/4.gif HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-d1d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-length: 3357
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 143 x 45\012- data
Size:   3357
Md5:    559e49c09cad7db6d103fbaf08be4d51
Sha1:   19236601f16bb32cfa38a65c991f9de4a528c826
Sha256: 9d0567e661cf2d5205acaaec1a0c7dfee24f48af2d56a56212c1b4db1ab88b60
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/images/fermer.svg HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-6dd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
content-length: 778
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (340)
Size:   778
Md5:    414f563159726d51b4e055bae11a9807
Sha1:   4e1d495ecfc67a5b31d06315211ed72c0cd06ff7
Sha256: 71e61a7480e7cc0cf83c782310bfca6845c0fb5884e5791bd9bbf9a0439657bf

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /templates/js/auth.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /templates/images/Miniballs.gif HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
                                        
                                            GET /templates/js/jquery-1.11.3.min.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /templates/js/urls.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /templates/js/bootstrap.min.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 12 Oct 2022 20:58:14 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 12 Oct 2022 10:12:16 GMT
Expires: Wed, 19 Oct 2022 10:12:15 GMT
Etag: "2cfe0060d3136ba1e76fdef7f423b74d26525288"
Cache-Control: max-age=602225,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1423
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7592c0a0e9400b31-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    694b8d60f2b76c644718af46832e4e35
Sha1:   2cfe0060d3136ba1e76fdef7f423b74d26525288
Sha256: ba595e489decf0d5cdea6ce7d868e4cd4a7b4399ef85abc2bd803d0092ace504
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/images/aide.gif HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/css/Logo-Marianne_impots-gouv-fr.svg HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/templates/css/autentification.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 12 Oct 2022 08:24:31 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-13d96"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 45222
x-cache: HIT
accept-ranges: bytes
content-length: 22657
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1263)
Size:   22657
Md5:    0369d85cd8ed14ce5be2744ee2eb52d2
Sha1:   d78644594cb8c29bf7ab61209fcea528b6d1aff7
Sha256: c608999ad33b3f1e7df1b0e00638b1f821f3002e4ea2d27a6bd9aec400b6756a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KzMN2CRNXzuBgZS8l9kMUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.228.207.167
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: USll5nclCPfbMGLXgwbpDaRWinA=

                                        
                                            GET /templates/js/bootstrap.min.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 12 Oct 2022 20:58:14 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 18:59:03 GMT
Expires: Mon, 17 Oct 2022 18:59:02 GMT
Etag: "f91001aea038e5b8ffeee9c6f6eebea85d826315"
Cache-Control: max-age=424247,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7592c0a11d06b524-OSL

                                        
                                            GET /templates/images/Cadenas.svg HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Wed, 12 Oct 2022 20:58:14 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Tue, 19 Mar 2019 06:51:46 GMT
ETag: "79f9-b72-5846cf054fa3f"
Accept-Ranges: bytes
Content-Length: 2930
Via: dpapusx032
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (323)
Size:   2930
Md5:    31c8c7c86c2a6814948044e8714acddb
Sha1:   49cf9783f5f57a2a843a141c27bed79f54a5c2aa
Sha256: 8254c9ce56497ac4e9e296b9b8d35cccde8872e5961de17b7b7bb65d8c2cf1db
                                        
                                            GET /templates/js/auth.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /templates/js/urls.js HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 12 Oct 2022 20:58:14 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /gouv-fr/gouv-fr/3zja1otu=/templates/11.png HTTP/1.1 
Host: les-impots-bad117.ingress-comporellon.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://les-impots-bad117.ingress-comporellon.ewp.live/gouv-fr/gouv-fr/3zja1otu=/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.5
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Wed, 12 Oct 2022 08:25:54 GMT
last-modified: Tue, 20 Sep 2022 01:00:09 GMT
etag: "63291099-a9f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-length: 2719
x-cacheable: YES
age: 45140
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   2719
Md5:    5ec43abf8b7fc3b90bff69584689737a
Sha1:   7faf2f8159901d65bd85034b31ed1d57868acd38
Sha256: f31974e0b79c482dc230c94cc861698e8c2851fac18199883b56627d24180039
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4674
Expires: Wed, 12 Oct 2022 22:16:09 GMT
Date: Wed, 12 Oct 2022 20:58:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4674
Expires: Wed, 12 Oct 2022 22:16:09 GMT
Date: Wed, 12 Oct 2022 20:58:15 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50df13c8-d4e3-4d87-8794-332894dfce82.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7108
x-amzn-requestid: 9f8e92e1-b64f-46b4-8a87-4d0e5c21bdaf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z3BzOEmzoAMFsoA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6345e347-3ec5e4d50d2e14a17f88a64d;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 21:42:31 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 07WNuyF4EIA2AAZyB4kU669K49Jzqys2YvkfnzEb2aIn3Dq6K_CT2g==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 11 Oct 2022 22:09:12 GMT
age: 82143
etag: "22a32b863ce79c6165cc90e998f1498bf9e74fd0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7108
Md5:    f5d47115d404a4b49a15c5aa29f132c2
Sha1:   22a32b863ce79c6165cc90e998f1498bf9e74fd0
Sha256: 549725a62e4c15820c47249ae933120bbb091a55331be511b486307e33ec59c0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11800
x-amzn-requestid: 5f2ce4dd-0df8-4df7-a12d-e6fffd622752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZnTQHGADIAMFXfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f98cd-5044665325e5d64975c1ff0c;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 03:11:09 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZKsi1hYgZdJQNWpphaMVLfpg69dC93J575Y2RsOzFV3ZzBb6x-nrew==
via: 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 11 Oct 2022 21:42:26 GMT
age: 83749
etag: "3a8d76badce50dd98938885082dcb6e30363ae88"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11800
Md5:    6e9aa9808428e5fd81ac9d61d6f7c708
Sha1:   3a8d76badce50dd98938885082dcb6e30363ae88
Sha256: d8f7c48a1cbe04af2f7e0455d1ef7af9b63506b9ae343ebf14ece8689bb06bf6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5d5a2a4-e4d4-4f11-8cb5-c320f1078b2f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5252
x-amzn-requestid: b4ef9c4f-7ca4-42c9-a928-b0b8aa3cc695
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z3BUaEtBoAMF8Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6345e282-455619be605fa91977c66df7;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 21:39:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: u8SRxkVzSO3pnQB_FibQBfwzvJ2uiT9YQzQI4_ZVMxgdED9Zsir8qQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Tue, 11 Oct 2022 22:09:04 GMT
age: 82151
etag: "53a7502d8932c515aa09055c5cf8f2d2242e4398"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5252
Md5:    4f78379e6bde371b492c950402bcc39e
Sha1:   53a7502d8932c515aa09055c5cf8f2d2242e4398
Sha256: 241016bbd3cebc009f63dff2773c1c7fdb68fa941ab62b368d5e023b9155fa37
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbb15fc1-cc74-4918-8e82-688ede90f3df.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12284
x-amzn-requestid: 7df5e0e3-155f-4cfd-b1e1-62310edf4516
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z3B7JFbxIAMFxnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6345e37a-0882e1333f26304f1d89c3c9;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 21:43:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7WAk09ANiNHmH9U2PMQRQ8WjASq6GKpEw-zsLtg97Y-DedBaEumK5A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 11 Oct 2022 21:59:07 GMT
age: 82748
etag: "19dd911262d941074183edd995d59abc84a42cd5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12284
Md5:    5a61ea2d6a9b25c5567339c60f503bc6
Sha1:   19dd911262d941074183edd995d59abc84a42cd5
Sha256: 0ff68c4572b0eda2ddce4ce76b39cd268dcf5182acdaacb0274c23e2c5f50b3d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74c4905d-ef25-43db-8882-67009cd34f1a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3985
x-amzn-requestid: 6da73a65-c346-4040-9a03-63d5d6845adf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z1Cr1HeVoAMFubg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634517e5-34af0c8d6dc8218963b7319c;Sampled=0
x-amzn-remapped-date: Tue, 11 Oct 2022 07:14:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LAjdvQ29NhOnJjwigVkIjb7vx5tCPJPrHOOPmUD5Vh9N45WN4ZZXCg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 12 Oct 2022 07:45:22 GMT
age: 47573
etag: "3bbdd5560213e9b49ab7c079c5f2549d68890720"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3985
Md5:    eda06240feabfa1b019765fe963c2d9c
Sha1:   3bbdd5560213e9b49ab7c079c5f2549d68890720
Sha256: cd3724bfc1355b419c46df1259bfa40b4b4517a81bd45a4392d34e22c14a3d6e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd952f4-819b-4d3c-91a1-0f9020bae81c.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9325
x-amzn-requestid: 6a0388e5-97d6-42f4-b54d-a3f4826f2293
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZxMaDE2JoAMFieg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63438dd9-76ff69230ce03c033b35a4c4;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 03:13:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oUdj3LVRzke7i9j4pQRCGqss6LC-l1Qf4gvtAnrM9ZH1Bzu6Adezuw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 12 Oct 2022 04:22:04 GMT
age: 59771
etag: "ec0a371cca2d4e43f3375dd6b699478c5af62884"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9325
Md5:    d31330d47548d966e50813d7e2253551
Sha1:   ec0a371cca2d4e43f3375dd6b699478c5af62884
Sha256: 309f2cf9ccd62d5c2fd8713836b602317875f4273ef560f3bf3d681aa868b9d6