urlquery - report: arx-libertatis.org/files/arx-libertatis-1.2-windows.exe

Overview

URL	arx-libertatis.org/files/arx-libertatis-1.2-windows.exe
IP	109.74.202.20
ASN	Linode, LLC
Location	United Kingdom
Report completed	2022-07-02 16:11:29 UTC
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Blocklists

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2022-07-02	2	arx-libertatis.org/files/arx-libertatis-1.2-windows.exe	Malware
2022-07-02	2	arx-libertatis.org/files/arx-libertatis-1.2/arx-libertatis-1.2-windows.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

Files

URL	arx-libertatis.org/files/arx-libertatis-1.2/arx-libertatis-1.2-windows.exe
IP	109.74.202.20
Magic	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive\012- data
Size	9535830
MD5	ebeb1fb140dad4bcf426d9b18927e6a0
SHA1	7e1b00f5965659f9a5568455e4a5c1698f634fa4
SHA256	69778d5a860708a9487458720da84f279ddbf1134d5541d0f731e470f5f1681d

Analyzer	Analysed	Verdict	Comment
VirusTotal	2022-06-03 21:04:34	19/68

Passive DNS (7)

Passive DNS Source	Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
[Mnemonic Passive DNS]	r3.o.lencr.org (4)	344	2020-12-02 08:52:13 UTC	2022-07-02 05:03:49 UTC	23.36.77.32
[Mnemonic Passive DNS]	contile.services.mozilla.com (1)	1114	No data	No data	34.117.237.239
[Mnemonic Passive DNS]	firefox.settings.services.mozilla.com (2)	867	2016-03-17 08:25:01 UTC	2020-05-25 20:01:47 UTC	54.230.111.35
[Mnemonic Passive DNS]	content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-07-02 05:33:42 UTC	54.230.111.99
[Mnemonic Passive DNS]	arx-libertatis.org (2)	0	2015-08-24 07:46:03 UTC	2022-06-28 09:39:27 UTC	109.74.202.20	Unknown ranking
[Mnemonic Passive DNS]	push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2022-07-02 06:56:22 UTC	44.240.140.78
[Mnemonic Passive DNS]	img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-07-02 15:26:32 UTC	34.120.237.76

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 109.74.202.20

Date	UQ / IDS / BL	URL	IP
2022-08-09 08:58:06 +0000	0 - 0 - 1	arx-libertatis.org/files/snapshots/arx-libert (...)	109.74.202.20
2022-07-05 18:31:08 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-05 16:54:14 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-04 16:35:10 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-04 16:12:02 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-03 17:13:20 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-03 16:30:41 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-02 16:28:08 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-01 16:27:47 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-01 16:11:51 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20

Last 10 reports on ASN: Linode, LLC

Date	UQ / IDS / BL	URL	IP
2022-08-11 14:16:21 +0000	0 - 0 - 2	admin.classified.pointsource.ng/a3et6u5dw.rar	139.162.200.189
2022-08-11 14:14:46 +0000	0 - 0 - 3	https://tobecoaching.co.uk/lfi9iu.rar	139.162.200.189
2022-08-11 13:59:19 +0000	0 - 0 - 1	mcnudes.com/mtm/direct/.eJxdiksOwjAMBe_iZYlql (...)	45.79.19.196
2022-08-11 13:47:23 +0000	0 - 0 - 1	spyonteens.com/mtm/direct/.eJxliksOwjAMBe_iZY (...)	173.255.194.134
2022-08-11 13:27:40 +0000	0 - 0 - 0	https://poskasir.net/	172.104.190.111
2022-08-11 13:24:27 +0000	0 - 0 - 3	smithbrosflorists.com/	173.255.194.134
2022-08-11 13:16:13 +0000	0 - 0 - 2	best-cigs.com/	72.14.185.43
2022-08-11 13:02:36 +0000	0 - 0 - 2	dealtypes.com/mtm/direct/.eJxdikEOwjAMBP_iY4l (...)	45.33.2.79
2022-08-11 13:02:20 +0000	0 - 0 - 1	hentainymphos.com/mtm/direct/.eJxtiksKAkEMBe- (...)	72.14.185.43
2022-08-11 13:02:05 +0000	0 - 0 - 1	privatecuties.com/mtm/direct/.eJxtikEKAjEMRe- (...)	45.33.20.235

Last 10 reports on domain: arx-libertatis.org

Date	UQ / IDS / BL	URL	IP
2022-08-09 08:58:06 +0000	0 - 0 - 1	arx-libertatis.org/files/snapshots/arx-libert (...)	109.74.202.20
2022-07-05 18:31:08 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-05 16:54:14 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-04 16:35:10 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-04 16:12:02 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-03 17:13:20 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-03 16:30:41 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-02 16:28:08 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-01 16:27:47 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20
2022-07-01 16:11:51 +0000	0 - 0 - 2	arx-libertatis.org/files/arx-libertatis-1.2-w (...)	109.74.202.20

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (17)

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "8E263E6763753F5659AC0FC2D11DAF8ECE9720988153C38CB40631AF26C86575" Last-Modified: Fri, 01 Jul 2022 16:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7830 Expires: Sat, 02 Jul 2022 18:21:45 GMT Date: Sat, 02 Jul 2022 16:11:15 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a7e37e80f3a67a41ff567648c1f2d285 Sha1: 7ce66e5153f2d4a7b14ccba49fd1a4b70ae274f5 Sha256: 8e263e6763753f5659ac0fc2d11daf8ece9720988153c38cb40631af26c86575
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6$ 34.117.237.239 HTTP/2 200 OK server: nginx date: Sat, 02 Jul 2022 16:11:16 GMT content-type: application/json content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243$ 54.230.111.35 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Cache-Control: max-age=3600 Date: Sat, 02 Jul 2022 15:38:48 GMT Expires: Sat, 02 Jul 2022 16:37:41 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: NaYwVMxyEPLLH0PQFBCwhHO4slOepWVhjFdJm4YqlA8x8Dbl1bKekA== Age: 1948 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	$Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 581454acdd98f34fd3fbabd0977ade29$ 54.230.111.99 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 last-modified: Tue, 21 Jun 2022 12:10:22 GMT content-disposition: attachment accept-ranges: bytes server: AmazonS3 date: Sat, 02 Jul 2022 03:26:42 GMT etag: "581454acdd98f34fd3fbabd0977ade29" x-cache: Hit from cloudfront via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: otKxLDM9ekHSdrib-T_U8C-wt60ZCMivRTS6poEAbnydPKvhyZ5RkA== age: 45875 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 581454acdd98f34fd3fbabd0977ade29 Sha1: d8d86c0b513137aeb85de01cea7b272c35eb6ab4 Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
GET /files/arx-libertatis-1.2-windows.exe HTTP/1.1 Host: arx-libertatis.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	$Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 162 Md5: 4f8e702cc244ec5d4de32740c0ecbd97$ 109.74.202.20 HTTP/1.1 301 Moved Permanently Content-Type: text/html Server: nginx Date: Sat, 02 Jul 2022 16:11:16 GMT Content-Length: 162 Location: http://arx-libertatis.org/files/arx-libertatis-1.2/arx-libertatis-1.2-windows.exe Connection: keep-alive Keep-Alive: timeout=300 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size: 162 Md5: 4f8e702cc244ec5d4de32740c0ecbd97 Sha1: 3adb1f02d5b6054de0046e367c1d687b6cdf7aff Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a Alerts: Blocklists: - fortinet: Malware
GET /files/arx-libertatis-1.2/arx-libertatis-1.2-windows.exe HTTP/1.1 Host: arx-libertatis.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	$Magic: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive\012- data Size: 9535830 Md5: ebeb1fb140dad4bcf426d9b18927e6a0$ 109.74.202.20 HTTP/1.1 200 OK Content-Type: application/octet-stream Server: nginx Date: Sat, 02 Jul 2022 16:11:16 GMT Content-Length: 9535830 Last-Modified: Wed, 14 Jul 2021 00:40:21 GMT Connection: keep-alive Keep-Alive: timeout=300 ETag: "60ee3275-918156" Accept-Ranges: bytes --- Additional Info --- Magic: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive\012- data Size: 9535830 Md5: ebeb1fb140dad4bcf426d9b18927e6a0 Sha1: 7e1b00f5965659f9a5568455e4a5c1698f634fa4 Sha256: 69778d5a860708a9487458720da84f279ddbf1134d5541d0f731e470f5f1681d Alerts: Blocklists: - fortinet: Malware File Analyzers: - virustotal: 19/68
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: 3RXgiVmczHlP7th7dXg6mw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	44.240.140.78 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: nyyESLI6AdQpIfNhp2XVnPL0UJQ= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "ED6C6F73611FB56DFA41FD028E23F0BC0470D319E51B212B8078C2C0DF8F4638" Last-Modified: Fri, 01 Jul 2022 19:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7622 Expires: Sat, 02 Jul 2022 18:18:20 GMT Date: Sat, 02 Jul 2022 16:11:18 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 58ddda9bd3e53e01306c6a03b89b13c9 Sha1: 617798858ee1e2abf3267917c977cd743294db2e Sha256: ed6c6f73611fb56dfa41fd028e23f0bc0470d319e51b212b8078c2c0df8f4638
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "ED6C6F73611FB56DFA41FD028E23F0BC0470D319E51B212B8078C2C0DF8F4638" Last-Modified: Fri, 01 Jul 2022 19:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7622 Expires: Sat, 02 Jul 2022 18:18:20 GMT Date: Sat, 02 Jul 2022 16:11:18 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 58ddda9bd3e53e01306c6a03b89b13c9 Sha1: 617798858ee1e2abf3267917c977cd743294db2e Sha256: ed6c6f73611fb56dfa41fd028e23f0bc0470d319e51b212b8078c2c0df8f4638
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "ED6C6F73611FB56DFA41FD028E23F0BC0470D319E51B212B8078C2C0DF8F4638" Last-Modified: Fri, 01 Jul 2022 19:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7622 Expires: Sat, 02 Jul 2022 18:18:20 GMT Date: Sat, 02 Jul 2022 16:11:18 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 58ddda9bd3e53e01306c6a03b89b13c9 Sha1: 617798858ee1e2abf3267917c977cd743294db2e Sha256: ed6c6f73611fb56dfa41fd028e23f0bc0470d319e51b212b8078c2c0df8f4638
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5571171d-93e2-4135-8225-3bfc53bc48ac.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6736 Md5: 0ace558e62edc260cee8891548c0621d$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 6736 x-amzn-requestid: 9e808fb4-bd09-40e9-91af-080ccdc93ee9 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Um2BSE0ToAMFfag= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62bf6a08-2a5ed3cb6402d1907c9656a8;Sampled=0 x-amzn-remapped-date: Fri, 01 Jul 2022 21:41:28 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: 9G-IIpCuXnf8fmMCzXnyB2Ciy2aUKE8G315HEV9w6GpGT1S1v9ZdOQ== via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google date: Fri, 01 Jul 2022 21:46:36 GMT etag: "a63b88bf7ec527ec4774676532c865a161533e4a" content-type: image/jpeg age: 66282 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6736 Md5: 0ace558e62edc260cee8891548c0621d Sha1: a63b88bf7ec527ec4774676532c865a161533e4a Sha256: 1fb21b28c0480725834b801307a5fff6b62d1a9c2495b901217fff6f5617059f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b693c9f-67be-4ac0-b261-907639467fd1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9986 Md5: 423b835cc7c59b9ae5e054bea9b5a350$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 9986 x-amzn-requestid: b96951f0-f4c4-4f63-ba41-ba43c6a30e11 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Um1x6GWeIAMFXsQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62bf69a5-04ea27df61b0abc76ec50b8a;Sampled=0 x-amzn-remapped-date: Fri, 01 Jul 2022 21:39:49 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: jQKaeII0MOP69AQkC4sUS3chweoHHM1glCDag2NSRohWeKevReGG6w== via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google date: Fri, 01 Jul 2022 21:45:24 GMT age: 66354 etag: "06bd1f5a2f23819184eb44076b107f234f432081" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9986 Md5: 423b835cc7c59b9ae5e054bea9b5a350 Sha1: 06bd1f5a2f23819184eb44076b107f234f432081 Sha256: 7b3a9e9f2cced74e0e018f5174c93dda41b95b2a5fa5aaabe933481d0a53ebde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb68b83e0-72c7-49aa-9626-3d36db21293e.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11496 Md5: 524069fd1931d39f6c9f106be7c29e3c$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 11496 x-amzn-requestid: 7254cb45-1ef0-478c-9910-beca727c109f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Um1yaEYPoAMFa-Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62bf69a8-53e04a3858a351eb5debddac;Sampled=0 x-amzn-remapped-date: Fri, 01 Jul 2022 21:39:52 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: sAkLQP7KAyNYnfEcZBBCmke_nFOGLjkMq0-jrVvfD4h_xx1GU-pxWA== via: 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google date: Fri, 01 Jul 2022 21:53:11 GMT etag: "c69cccbe6d0394d4b40bc350462da9bf00064e61" content-type: image/jpeg age: 65887 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11496 Md5: 524069fd1931d39f6c9f106be7c29e3c Sha1: c69cccbe6d0394d4b40bc350462da9bf00064e61 Sha256: ba7d5c6f33a49f80db9eec2634fcfc3fd5261bdf4932bce7bc70b54c02d6cc66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc64139e3-1714-4207-9f83-6963efdebdb1.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11303 Md5: b38a21dc4af2a753ec1149a58eca2ee2$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 11303 x-amzn-requestid: 133e1b8e-7db3-4337-92a0-b693c3ba40aa x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: UeQEkHN1IAMF6qQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62bbfa1d-65b9ee0025592952377ccb6d;Sampled=0 x-amzn-remapped-date: Wed, 29 Jun 2022 07:07:09 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: b6w4cQYK6SWIq1ovO9TD7-v9aiHUWt03LDuS6OeVOQ2GRV100sif2g== via: 1.1 cb2af39fbf29fa8b3d7f263c2b822092.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google date: Sat, 02 Jul 2022 05:42:53 GMT age: 37705 etag: "91d2dc48008a198adb2b740bec1843a146f826c1" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11303 Md5: b38a21dc4af2a753ec1149a58eca2ee2 Sha1: 91d2dc48008a198adb2b740bec1843a146f826c1 Sha256: 2e56992e4642c248dd330fc1343977dedd2ec4e944564214be432f3f390488e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb89745-bbbb-4235-9425-852f10044585.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11746 Md5: 1b628b3028c285be25c17f5665f4b727$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 11746 x-amzn-requestid: 9c689086-f3c0-4043-9905-c9580c6c3f51 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Uhif8EcIIAMF2_A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62bd4acc-3417fb3956f99fcd714f562b;Sampled=0 x-amzn-remapped-date: Thu, 30 Jun 2022 07:03:40 GMT x-amz-cf-pop: SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: 9XejFfM4ZuBWhhC_Zr3-8hLl9GYl7FXlG9eqbZkzJpFNWKY2BlBA9w== via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google date: Fri, 01 Jul 2022 18:45:18 GMT age: 77160 etag: "20333be7fca4c09773321bec15ac65c18391fae0" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11746 Md5: 1b628b3028c285be25c17f5665f4b727 Sha1: 20333be7fca4c09773321bec15ac65c18391fae0 Sha256: 56d7c15b78a6fd9e5b16c6e59981ba3d68839a6ad840f06ce2910b18495a38cd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1edb2a2-bd4b-4101-b70d-9136a59ce340.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8828 Md5: 8760265218db4424cf9d0cda9cc7e7df$ 34.120.237.76 HTTP/2 200 OK server: nginx content-length: 8828 x-amzn-requestid: f38dcd2a-5fde-4373-b296-082dabd98c9f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: Um2B7GozIAMFdeA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-62bf6a0c-211025f83d38b6c16a260502;Sampled=0 x-amzn-remapped-date: Fri, 01 Jul 2022 21:41:32 GMT x-amz-cf-pop: SEA73-P2, SEA73-P1 x-cache: Hit from cloudfront x-amz-cf-id: 1CZOHWd6jBu1e7lXcuarhhdBDbT8K2KVQAVOwM61MG3rLCOg_DXt9A== via: 1.1 f62c9ca47e35df5c65764381977823a6.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google date: Fri, 01 Jul 2022 21:53:15 GMT age: 65883 etag: "6809a6b6843631c3f0a2cf2f51e805166deb90ee" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8828 Md5: 8760265218db4424cf9d0cda9cc7e7df Sha1: 6809a6b6843631c3f0a2cf2f51e805166deb90ee Sha256: 4e4399d233c3a721e2d4def6cddfca03b4e43d4122428a503e27aa7527b1cfff
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	$Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 91dd975a7b17b2922dd23c0e49314e40$ 54.230.111.35 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Sat, 02 Jul 2022 15:50:47 GMT Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: iBdnnMXmZ-1AxaCQBKwboIYnqnJGPGgE7Dw6hHLNg2yqkKJUD_Lucg== Age: 1231 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 91dd975a7b17b2922dd23c0e49314e40 Sha1: 57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2 Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a