Overview

URLulgroup.ca/simc.rnis/3/login.php
IP 38.117.65.66 (United States)
ASN#12212 RAVAND
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-17 15:36:33 UTC
StatusLoading report..
IDS alerts0
Blocklist alert7
urlquery alerts No alerts detected
Tags None

Domain Summary (8)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (6) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-17 05:55:30 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-17 05:55:20 UTC 34.117.237.239
ulgroup.ca (11) 0 2019-03-28 13:11:26 UTC 2022-11-16 20:16:31 UTC 38.117.65.66 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.148.190.4

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-17 2 ulgroup.ca/simc.rnis/3/login.php Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/3/media/SSL-certificate-seal-ssl-animated.webp Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/3/media/logo_main.webp Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/3/media/proceed.webp Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/3/media/flama-book-webfont.woff Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/3/media/flama-light-webfont.woff Phishing
2022-11-17 2 ulgroup.ca/simc.rnis/3/media/flama-basic-webfont.woff Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 38.117.65.66
Date UQ / IDS / BL URL IP
2022-11-17 15:36:33 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66
2022-11-17 15:35:16 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 20:17:42 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:37:05 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:35:16 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66


Last 5 reports on ASN: RAVAND
Date UQ / IDS / BL URL IP
2023-01-27 14:47:54 +0000 0 - 3 - 3 danoblab.com/wordpress_4/zxPS1i6oWXBbeK/ 38.117.65.129
2023-01-27 14:47:35 +0000 0 - 0 - 3 danoblab.com/wordpress_4/kSNthhP5C9KswzAC9cBMmku/ 38.117.65.129
2023-01-27 14:07:45 +0000 0 - 2 - 3 danoblab.com/wordpress_4/Fw/ 38.117.65.129
2023-01-27 11:39:14 +0000 0 - 2 - 3 danoblab.com/wordpress_4/zxPS1i6oWXBbeK/ 38.117.65.129
2023-01-27 11:38:55 +0000 0 - 0 - 3 danoblab.com/wordpress_4/kSNthhP5C9KswzAC9cBMmku/ 38.117.65.129


Last 5 reports on domain: ulgroup.ca
Date UQ / IDS / BL URL IP
2022-11-17 15:36:33 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66
2022-11-17 15:35:16 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 20:17:42 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:37:05 +0000 0 - 0 - 24 ulgroup.ca/simc.rnis/5/login.php 38.117.65.66
2022-11-16 15:35:16 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66


Last 1 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-16 15:35:16 +0000 0 - 0 - 7 ulgroup.ca/simc.rnis/3/login.php 38.117.65.66

JavaScript

Executed Scripts (1)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (31)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11319
Expires: Thu, 17 Nov 2022 18:45:01 GMT
Date: Thu, 17 Nov 2022 15:36:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5048
Cache-Control: max-age=159549
Date: Thu, 17 Nov 2022 15:36:22 GMT
Etag: "63760d7b-1d7"
Expires: Sat, 19 Nov 2022 11:55:31 GMT
Last-Modified: Thu, 17 Nov 2022 10:31:23 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11689
Expires: Thu, 17 Nov 2022 18:51:11 GMT
Date: Thu, 17 Nov 2022 15:36:22 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 17 Nov 2022 14:44:43 GMT
cache-control: public,max-age=3600
age: 3099
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: J25bKy4gTYtA/lR3UGU5Ga9iSKSTnNKqMTVmmS1GeEa5kt3nrIZN/3eubtt4QZxpnbHMZFY5y+4=
x-amz-request-id: M5VC1WWMHVR1C29V
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 17 Nov 2022 15:15:10 GMT
age: 1272
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 17 Nov 2022 15:36:22 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 17 Nov 2022 15:25:01 GMT
cache-control: public,max-age=3600
age: 682
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /simc.rnis/3/login.php HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Content-Length: 2142
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (518), with CRLF line terminators
Size:   2142
Md5:    124593970e08ae4381414f850ec82b7e
Sha1:   90746f82c0db1836eac6baccb35638b2923148c2
Sha256: 514ac744a6a1f6624025aca6d75944b4ab1d48a130db6372d7e99a327db28ae3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/3/media/jquery-ui-1.css HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd10-3b2a"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (15146), with no line terminators
Size:   3478
Md5:    1d8ed2f83ef521c998d12f716b49481d
Sha1:   98ccf46303119a4ead17c3fe0a7d328ce45b1684
Sha256: f83060d7c9742a5871b292f1a0480ab433a61b2cb63c87f7086f8b110ceeab7a
                                        
                                            GET /simc.rnis/3/media/default-3.css HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd10-db35"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   11712
Md5:    91e0849985146b5ff6bf12431817919c
Sha1:   c155143550cbf08cba6757af03091a4d47629844
Sha256: d0689a994f8a913071141cec0311ad8bed7a1778a178e7cec2f6d38b883c8a82
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4592
Cache-Control: max-age=154024
Date: Thu, 17 Nov 2022 15:36:23 GMT
Etag: "6375f9af-1d7"
Expires: Sat, 19 Nov 2022 10:23:27 GMT
Last-Modified: Thu, 17 Nov 2022 09:06:55 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /simc.rnis/3/media/default.css HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd10-21ae"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (8622), with no line terminators
Size:   2107
Md5:    feda9350e43a87a7b0ffce4484e9e009
Sha1:   888d77b201127dac691ea2d85a6afaf9cb418871
Sha256: e9e665b19ad1d0b3d1a608a0c80ea8ed565ce951e639d8a2701e8a040d89bbd6
                                        
                                            GET /simc.rnis/3/media/SSL-certificate-seal-ssl-animated.webp HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/webp
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Content-Length: 2106
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Connection: keep-alive
ETag: "62f9fd10-83a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   2106
Md5:    75fcd1be17cc9a8e3db9d676c4927df1
Sha1:   30cd5774110851925314d0c35c97767bdaa8e1b0
Sha256: 522b3471d47a908987b3c759702d605b071f577160db626fb82d804e5a02231c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/3/media/logo_main.webp HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/webp
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Content-Length: 5508
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Connection: keep-alive
ETag: "62f9fd10-1584"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   5508
Md5:    3ebd203d98e0e1d693dcb2e23e7a41d8
Sha1:   cf41b15270a9351bc41c1b332e5043ca4e3de37c
Sha256: ddcb02d35e0a32c62943f94db483c06a925c6d5368e0be0297104b15a71eaee7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/3/media/proceed.webp HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/webp
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Content-Length: 207
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
ETag: "b8-5e64305ad6400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   207
Md5:    0f4c8e3eb8d6f178c0e8ffce0222bd97
Sha1:   207842874c3e6f00c4a0f16dec99a3684e41d1a4
Sha256: fa6194b927c4f8413d86ad70a5fd91338d7e61fa8f788ee6774c11098fb739c1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/3/media/flama-book-webfont.woff HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/media/default-3.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-woff
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Content-Length: 26624
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Connection: keep-alive
ETag: "62f9fd10-6800"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 26624, version 1.0\012- data
Size:   26624
Md5:    fc9f84b094d600671bcadd7015f2ef5a
Sha1:   7aee3e8dcfb10908609e2c903b37b32828f9ed7c
Sha256: 8ff5a4879abd8e55115c1c18a45e6d88c821916f0f376a13c5e084ea898ea9b6

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/3/media/flama-light-webfont.woff HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/media/default-3.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-woff
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Content-Length: 22524
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Connection: keep-alive
ETag: "62f9fd10-57fc"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 22524, version 1.0\012- data
Size:   22524
Md5:    0da7befa5f87df0571444f547e6a0279
Sha1:   970ce4ddf9346747705a00978ef70b41d937b214
Sha256: 42ee73b97ca513aa2896efae9044db4e2ce52d72006fe8528d8606411073c4e8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /simc.rnis/3/media/flama-basic-webfont.woff HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/media/default-3.css

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: application/x-font-woff
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Content-Length: 26624
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Connection: keep-alive
ETag: "62f9fd10-6800"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 26624, version 1.0\012- data
Size:   26624
Md5:    fc9f84b094d600671bcadd7015f2ef5a
Sha1:   7aee3e8dcfb10908609e2c903b37b32828f9ed7c
Sha256: 8ff5a4879abd8e55115c1c18a45e6d88c821916f0f376a13c5e084ea898ea9b6

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Sx2IMlBDyNPvWmiVb+VJfA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.148.190.4
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: m2Mh6ei7ztzkwqr0hN97xy71koc=

                                        
                                            GET /simc.rnis/3/media/favicon.ico HTTP/1.1 
Host: ulgroup.ca
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/3/login.php

search
                                         38.117.65.66
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Thu, 17 Nov 2022 07:40:23 GMT
Content-Length: 5430
Last-Modified: Mon, 15 Aug 2022 08:00:16 GMT
Connection: keep-alive
ETag: "62f9fd10-1536"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   5430
Md5:    647ea5d0e5d4493cac32198bb6b3855a
Sha1:   d11b3c537432bd691f827426ea665190175cdabf
Sha256: c4a18cfd73f5fbe884e5681a18ad37fe130b60b99fdf33f1570fa3e4f1a4376c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11599
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 15:36:24 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11599
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 15:36:24 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11599
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 15:36:24 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11599
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 15:36:24 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: mhgNSp1_LsVmn00ULm116flMHpnfE6G6JABrJwXH5i4q-isv_W1-Ig==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:34:18 GMT
age: 64926
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6344
Md5:    a9d32fa3866dd741de610a61a93ad893
Sha1:   4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
Sha256: 4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12337
x-amzn-requestid: 783b124b-1f0e-445d-b19d-78ed9358c717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bX6VnGCBoAMFx8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ca423-6767360524d1bb9a7cf259fb;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 07:11:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xi0co5JQdy62MidhB6aUpqt8_18pj-ytLday1_6XauQ4v4B1K3qW0w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:57:12 GMT
age: 63552
etag: "fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12337
Md5:    2bd274d60bc239b0328fe30a442ef2d9
Sha1:   fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed
Sha256: f32dab0bb88b93fe3fe49c0b0974cb14e6bdca88d2eaab2d8b9fc42d36ee0dc0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11667
x-amzn-requestid: ae092a0a-1709-4497-9f07-0348a28d2491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqZOIEN7oAMFlaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637408c0-5ac595df302a8f1d3703ad8d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:46:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c_SJMaV3uYSUysTSOFV--jQqDUxw-fBp8cXWWUZw9vUjt0d6PsOpxA==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 02:49:36 GMT
age: 46008
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11667
Md5:    032386e5c9dffff1ba1ee5e8a322d438
Sha1:   dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
Sha256: 0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667acc-25d7-4d63-8fab-1711f6b4988c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8235
x-amzn-requestid: e8a91ec0-fa93-45b6-8dc8-a405c00242fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqY4_HANoAMFSvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63740839-3ebbd38b0e3e774923ad019e;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:44:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QoxGYkibw1jcAuQl98jD4TlKooUlL6ojdOVzQ7khiF0pMwY4_0IO9Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:49:13 GMT
age: 64031
etag: "87e277a627c1085cad5c6e38bdd5100aa0a9ecee"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8235
Md5:    98802857df59f8eacd9211811cc59ae6
Sha1:   87e277a627c1085cad5c6e38bdd5100aa0a9ecee
Sha256: 102e73f690a972da6d3ab609ffab5f29884185d85c4230a19ec74d74c7320cf1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F341e5945-39b4-44e2-a1dc-be4e70577262.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4055
x-amzn-requestid: 1b786b76-b4bf-480f-ad87-f024bffa73b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOUE8wIAMFi_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-4524317071a87c374d0884c3;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: o1r-ZlYD51CedvMlPKbKDwX-qsFjVy9s-KatKheGFiGOz8dYbYmKyg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:34:18 GMT
age: 64926
etag: "0c7ae87051649d5fc46578e59484600c9184b59b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4055
Md5:    3afa84bffe8905e9191085d281a89637
Sha1:   0c7ae87051649d5fc46578e59484600c9184b59b
Sha256: 7a7e00b0359058de64cb45fbb7e54b279dab70ba81d23c267697fda0e157f2f7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8027
x-amzn-requestid: 9c8f833a-bc10-4899-aafb-b6068751f15d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn08wGsOoAMFaSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637301eb-75b862d5320dfa553466860c;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:05:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fbMtJC2Dfg8rDQl7nw16eZf1C1aMGv-3VtcXARXUaZV80TGvps3aAA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:51:12 GMT
age: 42312
etag: "e63af885fa20dbd2a49ee44397d8f8c595b1cbcf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8027
Md5:    785c079072174860502c277b03f7743d
Sha1:   e63af885fa20dbd2a49ee44397d8f8c595b1cbcf
Sha256: f4d748e2e7b16f41af16e3f2450a4823af56dacaacaa7f1a9537f41186c64148
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9656cbd-d5f9-46cc-bec6-bcc983e12c29.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6134
x-amzn-requestid: 00909d7b-f5dd-4f73-932b-81f2aa689732
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: baqH0H_4IAMF6hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636dbd65-155b471f41ef040d4dd3033b;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 03:11:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Yxi3VDlH4PjKot8LJv9kzBlzS-6M0km9zUmGfbcVKACeZRFRa88rVA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 07:47:43 GMT
age: 28128
etag: "d3fe8f965ee69f3ecd08dfa34e14dcd7d7eed505"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6134
Md5:    a1be294b5a3b2e68e8d9f9e0441ca04c
Sha1:   d3fe8f965ee69f3ecd08dfa34e14dcd7d7eed505
Sha256: e7db15087e8012e37ccf50c6c86db5c7d6d9826439268b7f17d970229a3acba5