ww25.uhxqin.biz/eye?subid1=20230404-0057-1161-aeba-d06f26ed0083
199.59.243.223200 OK 725 B URL HTTP/1.1 ww25.uhxqin.biz/eye?subid1=20230404-0057-1161-aeba-d06f26ed0083
IP 199.59.243.223:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (975), with no line terminators
Hash 9e295c11ab75e2f5da9b6de0d5ae963c
9d2edcc2a678ef0112e12db5dcb2025b1f32f885
882734ac720ea77c51bfb2d9d8809b3bb189247ea8ef4c4042bb6843b026410a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /eye?subid1=20230404-0057-1161-aeba-d06f26ed0083 HTTP/1.1
Host: ww25.uhxqin.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 04 Apr 2023 15:05:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001; expires=Tue, 04-Apr-2023 15:20:23 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_NZ/Jz+xdLmQNgAJr4YCKgSKDHnKARh/ydE0Q0WxpRljUkUB6mRvuXMH+pKYoqIWo2IN9ELBzMM9Qu9pTEe9YUA==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a4074549843769a3da3f055bcb5a78ff
f99062d34cf71bda6a9c64061fb9e61008f94021
895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7111
Expires: Tue, 04 Apr 2023 17:03:55 GMT
Date: Tue, 04 Apr 2023 15:05:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e50dac5108a698d61ca49516033d1a20
53d243b89fc00deb9bfae07351bbe36ddb7c1df3
e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2860
Expires: Tue, 04 Apr 2023 15:53:04 GMT
Date: Tue, 04 Apr 2023 15:05:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfa7240b39fdd332060e920c46349e55
4048b95ed6f1434eebbfd50296d21e3660c96448
53b261a56af518a9a5f27a6e08209e1c137d4c24947229567ee11f6b79cee7a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "53B261A56AF518A9A5F27A6E08209E1C137D4C24947229567EE11F6B79CEE7A4"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10770
Expires: Tue, 04 Apr 2023 18:04:54 GMT
Date: Tue, 04 Apr 2023 15:05:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 14:16:39 GMT
content-type: application/json
age: 2925
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3
GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PplJeazTbIkB8xmCR/6ZOfQ47rnBCsFl/RjSyZxeH/sMYXZouJFutYaRiQI5/9fF38yy015n+YCPKyd0zU84hQ==
x-amz-request-id: CB7GGF7JW40JTMWX
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 14:53:11 GMT
age: 733
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 15:05:24 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ww25.uhxqin.biz/js/parking.2.104.1.js
199.59.243.223200 OK 22 kB URL HTTP/1.1 ww25.uhxqin.biz/js/parking.2.104.1.js
IP 199.59.243.223:0
File type HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash c90bb88c05245a2d88ccf715f68f07fb
01d44c146ec4877eac9ceac21d18fd48388bdcdc
c6fba917f12371964e2826d512a6d7572f9a62dc530cd58a3a17a2b96dd96d07
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /js/parking.2.104.1.js HTTP/1.1
Host: ww25.uhxqin.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.uhxqin.biz/eye?subid1=20230404-0057-1161-aeba-d06f26ed0083
Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 04 Apr 2023 15:05:24 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 29 Mar 2023 20:49:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww25.uhxqin.biz/_fd?subid1=20230404-0057-1161-aeba-d06f26ed0083
199.59.243.223200 OK 1.9 kB URL HTTP/1.1 ww25.uhxqin.biz/_fd?subid1=20230404-0057-1161-aeba-d06f26ed0083
IP 199.59.243.223:0
File type ASCII text, with very long lines (3733), with no line terminators
Hash 4ac904969d46c1d4b8181eaf52a7e741
6cadeee0a3bb28c2be55afa804934f5885f889c1
73c81b6cf1194d27716e6a416113c1c1e4af34cc0d48099be5b1293d073a0198
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /_fd?subid1=20230404-0057-1161-aeba-d06f26ed0083 HTTP/1.1
Host: ww25.uhxqin.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.uhxqin.biz/eye?subid1=20230404-0057-1161-aeba-d06f26ed0083
Content-Type: application/json
Origin: http://ww25.uhxqin.biz
Connection: keep-alive
Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001
Content-Length: 0
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 04 Apr 2023 15:05:24 GMT
X-Version: 2.104.1
Set-Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001; expires=Tue, 04-Apr-2023 15:20:24 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww25.uhxqin.biz/px.gif?ch=1&rn=10.169650370726586
199.59.243.223200 OK 42 B URL HTTP/1.1 ww25.uhxqin.biz/px.gif?ch=1&rn=10.169650370726586
IP 199.59.243.223:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /px.gif?ch=1&rn=10.169650370726586 HTTP/1.1
Host: ww25.uhxqin.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.uhxqin.biz/eye?subid1=20230404-0057-1161-aeba-d06f26ed0083
Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 04 Apr 2023 15:05:24 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ww25.uhxqin.biz/px.gif?ch=2&rn=10.169650370726586
199.59.243.223200 OK 42 B URL HTTP/1.1 ww25.uhxqin.biz/px.gif?ch=2&rn=10.169650370726586
IP 199.59.243.223:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /px.gif?ch=2&rn=10.169650370726586 HTTP/1.1
Host: ww25.uhxqin.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.uhxqin.biz/eye?subid1=20230404-0057-1161-aeba-d06f26ed0083
Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 04 Apr 2023 15:05:24 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Alert, Expires, Pragma, Content-Length, ETag, Backoff, Cache-Control, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 14:17:29 GMT
age: 2875
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ww25.uhxqin.biz/favicon.ico
199.59.243.223200 OK 0 B URL HTTP/1.1 ww25.uhxqin.biz/favicon.ico
IP 199.59.243.223:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ww25.uhxqin.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.uhxqin.biz/eye?subid1=20230404-0057-1161-aeba-d06f26ed0083
Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 04 Apr 2023 15:05:24 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-225.ec2.internal
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3e18ab4ca97f7339957b43db660cfd1a
762deec33262d66e27a74faa8e4c894f56204559
492dc3540f5c32f203158d75df28bf7da92b30f650307d6756ad11a44126752a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 15:05:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d5ba0d24586872fbb887f9ace5b204a6
748b10c9a747a90adf10b8f8dedefe59a22ed072
5d50fe5859a98b867ef22fd65c4ab3652d46188813256d43ba7ac61e2b7c9a18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 15:05:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 26a6b4d1c4426572a6d10e512c0a5175
3fb584f8f39bd671a01e62997aca215a15972807
be2f9213d9b0dfbb11a54bedb5ede11248b2405e2e2874c7ad44a9b1ab8034e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 15:05:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a4e63ad4a4c68269ab2144a7eba16b3
077d9d18481cca0a72c5daca41e9e7bbe21fdb1a
2723d135b26dc00409018c7e347017e6896c61077ad93df7144e7f9be3a448e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2723D135B26DC00409018C7E347017E6896C61077AD93DF7144E7F9BE3A448E5"
Last-Modified: Mon, 03 Apr 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7146
Expires: Tue, 04 Apr 2023 17:04:30 GMT
Date: Tue, 04 Apr 2023 15:05:24 GMT
Connection: keep-alive
www.google.com/adsense/domains/caf.js
142.250.74.132200 OK 54 kB URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.132:0
File type ASCII text, with very long lines (2193)
Hash d2eb52a778213f5c89ac063357c3a83d
f65b65a5bc80d782130960705efcf872e1b56bcc
3e6c6fd7e73b895fac4003dde6d1278459b6d5190a4f55e3b75ea3f1e002e1c3
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww25.uhxqin.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Tue, 04 Apr 2023 15:05:24 GMT
expires: Tue, 04 Apr 2023 15:05:24 GMT
cache-control: private, max-age=3600
etag: "4344430910953116546"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 26a6b4d1c4426572a6d10e512c0a5175
3fb584f8f39bd671a01e62997aca215a15972807
be2f9213d9b0dfbb11a54bedb5ede11248b2405e2e2874c7ad44a9b1ab8034e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 15:05:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 52cf7892de6cdf242185d850568a556a
c81784fa4cbafdb0aeaadc6698ba4b1b31750358
708e5977583e24c30bdbbbfd5d59e7c8adb7771162e54672b59dfd8e1a8d0ed3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 15:05:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 52cf7892de6cdf242185d850568a556a
c81784fa4cbafdb0aeaadc6698ba4b1b31750358
708e5977583e24c30bdbbbfd5d59e7c8adb7771162e54672b59dfd8e1a8d0ed3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 15:05:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b
142.250.74.97200 OK 272 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash ab1acb76dd408583614a7a6cedf41866
e2d2d7074479023d37474ab62755b658d22d4ab1
8622edbe2503910e3cbeecef073a09e662fd2507436c3aabf885d155afd96565
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 03 Apr 2023 20:06:37 GMT
expires: Tue, 04 Apr 2023 19:06:37 GMT
cache-control: public, max-age=82800
age: 68328
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
142.250.74.97200 OK 278 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Hash bb7fc36f627255dd4783f849dca0932e
80e89ef8f3c2c8ee982523757fce214ea7323a69
735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647
GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 14:45:26 GMT
expires: Wed, 05 Apr 2023 13:45:26 GMT
cache-control: public, max-age=82800
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 1199
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ad0970bda143f5191af476e9e6035a4b
f6160142d7ad88fef33c43105e70e845b492c8a0
14be07158cf3f6773ce5c647a642439b5d911d5ad419129bf26c11b02dde849e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 15:05:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.163.117.112101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.117.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Q+Bl3u0F9ZA3iONTtRylwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bZmjWq2me/gSP0WovTNYfA2yucE=
ww25.uhxqin.biz/_tr
199.59.243.223200 OK 22 B IP 199.59.243.223:0
File type ASCII text, with no line terminators
Hash 5cfde9b47de2d84bd26fc473632647c0
fd53c70631b6068328be57daec71bd94bf004d41
47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /_tr HTTP/1.1
Host: ww25.uhxqin.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.uhxqin.biz/eye?subid1=20230404-0057-1161-aeba-d06f26ed0083
Content-Type: application/json
Origin: http://ww25.uhxqin.biz
Content-Length: 1745
Connection: keep-alive
Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001; __gsas=ID=0a8d29429d927a4a:T=1680620724:S=ALNI_MZm9AQMWP-MpveA4CUMhd_CRMCmnQ
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 04 Apr 2023 15:05:25 GMT
X-Version: 2.104.1
Set-Cookie: parking_session=ff5755d5-61d5-03e3-ecae-f6984c54a001; expires=Tue, 04-Apr-2023 15:20:25 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16832
Expires: Tue, 04 Apr 2023 19:45:58 GMT
Date: Tue, 04 Apr 2023 15:05:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16832
Expires: Tue, 04 Apr 2023 19:45:58 GMT
Date: Tue, 04 Apr 2023 15:05:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16832
Expires: Tue, 04 Apr 2023 19:45:58 GMT
Date: Tue, 04 Apr 2023 15:05:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16832
Expires: Tue, 04 Apr 2023 19:45:58 GMT
Date: Tue, 04 Apr 2023 15:05:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16832
Expires: Tue, 04 Apr 2023 19:45:58 GMT
Date: Tue, 04 Apr 2023 15:05:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bc87aa979c0767120514f1e4b758ff17
67f5976f5c3664fdddf0df409fd06c6654f2f844
6933b54d13aba860ff4e8c5978ffa4a2e546b15a17c783fcf5d87bfb817a28f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6eccc3c-84ad-4e21-956c-e1be89a82cfa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4815
x-amzn-requestid: 9f83c9c3-43ef-4753-8407-8592386870f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNUVHDcoAMFtNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642928e8-733f938a34d9987746b87996;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:04:08 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9BppJUd9FJVFIdgyG6EjmTfnhfGUvyf2Zovd7TX2r6HndLV2zdtzpg==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:12:10 GMT
age: 28396
etag: "67f5976f5c3664fdddf0df409fd06c6654f2f844"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fde7605b95c3ac6b8de339dbd12e17b1
b44d521b31be7b3fe378a0e070c49379a6eab26e
5496cf7c705ccc67dd13f86a07d9a352424d58591aa67afe1e1361c640f8d510
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6803
x-amzn-requestid: 6c78179f-0d11-4a23-8e86-e4f05d7c7f90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fq3HrioAMF7ww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4645-758850e07ef9b1512b684c35;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:57 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: fYzW2B9Nf5JLhQdDSzDsT7h-auY41wg3PSAaSI6U68BNGvtHI99W7A==
via: 1.1 ee32c7a76e2727d565413cc6c352ef48.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:51:49 GMT
age: 62017
etag: "b44d521b31be7b3fe378a0e070c49379a6eab26e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 80fcfbf9081b3ede0bbbb18635a9cbf4
037891066a15726bb272a8d74f96abb1520b4fe3
5cf70d8254f20aea5ca12439a4558f459d6bbf162f5e1a0f9b62e79de29d4b29
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6898
x-amzn-requestid: a56b192d-c797-4521-9af4-e3baaa8e6205
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbGsRoAMFjiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-5aeb60706595f7762c545067;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: FntrW1uzEjetZkzVLvN-VUeVu4uWI0ceRV5-OY12YFGq5LQKFfS2mg==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 f268a165a18929fd0a24a3189fbd16b2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:52:14 GMT
age: 61992
etag: "037891066a15726bb272a8d74f96abb1520b4fe3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad137bebd56918d96431d867ae123332
8572417b762ea2b1dccc3d4236336456be6be1cf
92a575b8055174a83ac1066e2ff931525760c9b96f3e588077ce0ce24a0a7b46
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8658
x-amzn-requestid: 36fb7671-bd9a-43fc-8920-c5948711d560
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNkNGjHIAMFsBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6429294d-5e753ae346a583ac5cbb42f4;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:05:49 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UPNt2yE-_295UTjOFpgSxhrl1XjSOSgQVJoEf__wc0y5btcJ9dIT1w==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:23:35 GMT
age: 27711
etag: "8572417b762ea2b1dccc3d4236336456be6be1cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 790b71fc2b1faa08db8b4334c9c3f9e3
e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4
eed429169c9d3feb115463d8ead934fa348cdca60aabf0c88d4553ed23575c9c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10535
x-amzn-requestid: 8efe600f-9818-4c23-afd3-41c5a4dece2f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbFHSoAMF8HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-65e8e6fd575fdc91668d6676;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: NhzzKWFDbSlLrixhTlz5sZSW4x_TPkwj7Kzt6M2m1FmXR7ZdBCCq0w==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 22:01:36 GMT
age: 61430
etag: "e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d1360ec3cb182322e0a0c445f57e5b7
9f71e3cd002ca8116d917c3b7fb57291099269d1
e3d216e879d771bf2507928ba1b26465c87a4202a4cdc03483f002c2826a81b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6912
x-amzn-requestid: 53fcdc8a-e064-4e81-b5ac-5d0ae4bcfdb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fpuEZ-IAMFxaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b463d-3b7b43f30dd66fae5dc9ea6a;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:49 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: I29hcOKFN0L3ivDpD5pWg-Kg22Z10td_Vll6SRScTslvd__JZnJyTg==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:52:12 GMT
age: 61994
etag: "9f71e3cd002ca8116d917c3b7fb57291099269d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2