Overview

URLmpconfirmspfgroupauthclient.justns.ru/imp/sms.php
IP 91.229.90.152 (Ukraine)
ASN#51659 LLC Baxet
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-10-27 00:17:20 UTC
StatusLoading report..
IDS alerts0
Blocklist alert41
urlquery alerts No alerts detected
Tags None

Domain Summary (10)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
push.services.mozilla.com (1) 2140 2019-05-26 10:52:39 UTC 2020-05-03 10:09:39 UTC 35.162.110.205
img-getpocket.cdn.mozilla.net (6) 1631 2019-03-04 20:37:34 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
mpconfirmspfgroupauthclient.justns.ru (25) 0 2022-10-10 13:13:54 UTC 2022-10-26 18:45:05 UTC 91.229.90.152 Unknown ranking
r3.o.lencr.org (5) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-06-27 22:09:06 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-26 04:55:04 UTC 34.117.237.239
cfspart.impots.gouv.fr (1) 643420 2017-02-05 07:17:33 UTC 2022-10-26 12:17:42 UTC 145.242.11.27
ocsp.usertrust.com (1) 899 2018-07-01 06:43:13 UTC 2021-11-02 18:02:09 UTC 172.64.155.188
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/imp/sms.php DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)
2022-10-26 2 mpconfirmspfgroupauthclient.justns.ru/ DGI (French Tax Authority)

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/imp/sms.php Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/jquery-1.11.3.min.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/cdnjs.cloudflare.com/ajax/libs/jquery (...) Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/imp/templates/jquery-3.1.0.min.js Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/bootstrap.min.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/urls.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/auth.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/imp/templates/images/fermer.svg Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/images/Miniballs.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/cdnjs.cloudflare.com/ajax/libs/jquery (...) Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/images/Miniballs.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/jquery-1.11.3.min.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/imp/templates/css/Logo-Marianne_impot (...) Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/bootstrap.min.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/auth.html Phishing
2022-10-27 2 mpconfirmspfgroupauthclient.justns.ru/templates/js/urls.html Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 91.229.90.152
Date UQ / IDS / BL URL IP
2023-01-09 01:48:59 +0000 0 - 0 - 1 mpconfirmspfgroupauthclient.justns.ru/ 91.229.90.152
2022-12-17 13:47:14 +0000 89 - 0 - 88 www.updatepostecanada.com/ 91.229.90.152
2022-12-17 00:21:15 +0000 91 - 0 - 86 updatepostecanada.ca/ 91.229.90.152
2022-12-16 01:26:12 +0000 79 - 0 - 83 www.postcanadatrack.com/ 91.229.90.152
2022-10-27 00:18:00 +0000 0 - 0 - 51 mpconfirmspfgroupauthclient.justns.ru/ 91.229.90.152


Last 5 reports on ASN: LLC Baxet
Date UQ / IDS / BL URL IP
2023-01-29 07:12:57 +0000 7 - 1 - 3 express-colis-frances-chronopost.justns.ru/fr (...) 91.229.90.150
2023-01-29 02:58:19 +0000 0 - 1 - 1 46.29.166.149/bins/daku.m68k 46.29.166.149
2023-01-28 17:42:33 +0000 0 - 0 - 1 support-technique.t.justns.ru/ 91.229.90.157
2023-01-28 08:20:40 +0000 25 - 0 - 8 client.postale.justns.ru/se/e/k/p/files/login (...) 91.229.90.150
2023-01-28 05:41:46 +0000 0 - 2 - 1 settingvsa-hub.help/ 46.17.42.101


Last 5 reports on domain: justns.ru
Date UQ / IDS / BL URL IP
2023-01-29 07:12:57 +0000 7 - 1 - 3 express-colis-frances-chronopost.justns.ru/fr (...) 91.229.90.150
2023-01-28 17:42:33 +0000 0 - 0 - 1 support-technique.t.justns.ru/ 91.229.90.157
2023-01-28 08:20:40 +0000 25 - 0 - 8 client.postale.justns.ru/se/e/k/p/files/login (...) 91.229.90.150
2023-01-25 18:35:57 +0000 25 - 0 - 8 client.postale.justns.ru/se/e/k/p/files/login (...) 91.229.90.150
2023-01-25 07:42:16 +0000 25 - 0 - 8 client.postale.justns.ru/se/e/k/p/files/login (...) 91.229.90.150


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-10-27 00:17:42 +0000 0 - 0 - 39 mpconfirmspfgroupauthclient.justns.ru/imp/sms2.php 91.229.90.152
2022-10-26 18:45:17 +0000 0 - 0 - 41 mpconfirmspfgroupauthclient.justns.ru/imp/sms2.php 91.229.90.152
2022-10-24 21:06:10 +0000 0 - 0 - 17 mpconfirmspfgroupauthclient.justns.ru/imp/sms2.php 91.229.90.152
2022-10-03 20:50:22 +0000 0 - 0 - 2 enregistrementclientsoft-remboursementrecap.j (...) 91.229.90.153
2022-10-26 18:44:51 +0000 0 - 0 - 41 mpconfirmspfgroupauthclient.justns.ru/imp/sms.php 91.229.90.152

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (44)


Request Response
                                        
                                            GET /imp/sms.php HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 4178
content-encoding: gzip
vary: Accept-Encoding,User-Agent
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (566)
Size:   4178
Md5:    dc04ee796896da583188cec3b8691afd
Sha1:   258bbdca9c121c87bf87d4e27c0a60f17552068d
Sha256: 1bb807971bf12b3eab85f0d30338598d1c033e01c73359b3a0693ff4288dc604

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DF036D315A613AC6396B77AFB0A4EA5F793091786BE0CBF3F3A0D043BC1D1D3C"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5167
Expires: Thu, 27 Oct 2022 01:43:16 GMT
Date: Thu, 27 Oct 2022 00:17:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2247
Cache-Control: max-age=121879
Date: Thu, 27 Oct 2022 00:17:09 GMT
Etag: "6358fe56-1d7"
Expires: Fri, 28 Oct 2022 10:08:28 GMT
Last-Modified: Wed, 26 Oct 2022 09:31:02 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4579
Expires: Thu, 27 Oct 2022 01:33:28 GMT
Date: Thu, 27 Oct 2022 00:17:09 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 4leNN5+8HHj78Dhpg1677+tBtFsMcNr/KK/OdZewe287ew4SVaLdcdLvOhvraPkp0P+XBSo3CAA=
x-amz-request-id: WE04VMJGYYHR618E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 23:39:23 GMT
age: 2266
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 27 Oct 2022 00:17:09 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /imp/templates/css/bootstrap-3.3.6.min.css HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "2454c-6315e0f0-430e58814baf8eca;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 27876
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (391)
Size:   27876
Md5:    a4226e1cec767c85877fffe9186d3d0d
Sha1:   bf788d9fed48211fca58568b6f0a630459f736ff
Sha256: d728c97bc4e4b592b8983e6850d49786270a1bef61478db8abcb0721132f58a6

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /templates/js/jquery-1.11.3.min.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/css/autentification.css HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "4323-6315e0f0-d026a197643cf49b;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 4415
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   4415
Md5:    2b5d387be0e86add18490ddd01439a76
Sha1:   1a355df3bc474ec14da8f497f25722ec972e2445
Sha256: dc4ef84bf39a07a6b8f2033654cef80959c26a2df4bfdec875feeaae8cb4f3ee

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/css/imp.css HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "919a-6315e0f0-ee2a82446819d696;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 6599
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   6599
Md5:    98e52e0f6b55b212bd408dacae370a45
Sha1:   022d39c07fa8b90a1068eb98cebfcf39d8f2da72
Sha256: 5c23fd3c14f006ef462973af4cabc8dbcc98adc84ee006dbe53729767456e97d

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/jquery-3.1.0.min.js HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: application/javascript
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "1514f-6315e0f0-2455488bef513184;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 33870
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (32014)
Size:   33870
Md5:    9d5ea5f1bef7683e1aaf61fc8abc1166
Sha1:   160c90a79b32dc5165a2c7a83cda8100cd941539
Sha256: e4ef543b9e443322e960aef998f70f9386274e6e51218150df6fd5b52ef4b0b5

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/bootstrap.min.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/urls.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/auth.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/5.gif HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/gif
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "733-6315e0ee-cfba1842e98c9a3f;;;"
accept-ranges: bytes
content-length: 1843
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 118 x 40\012- data
Size:   1843
Md5:    d6621df34ea2eadd541830ee370ea10f
Sha1:   d651d11e6622cb873489cca89fdce44b421a9a0d
Sha256: 58b70b4cdcb982be2ab0d89312bb4b1f8596c2294392983aba048cc046acc7c5

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/images/fermer.svg HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/svg+xml
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "6dd-6315e0f0-e1999aab8f6f6af7;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 820
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (340)
Size:   820
Md5:    183cf299befd3e25f7e251f9e4ad33f5
Sha1:   c6c60ff45894e816a46159deb0c458213cbe96d5
Sha256: 263e0e47c4c79d9c8d8c2ad3553215207d29f7c7a64c4a2b183a924b0cb79500

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/1.gif HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/gif
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "afc-6315e0ee-644581b4c5011cbe;;;"
accept-ranges: bytes
content-length: 2812
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 124 x 28\012- data
Size:   2812
Md5:    0d050fd3d35da175a6129a21030e78aa
Sha1:   09ee6a15ede6919de054fde434e9398684d48e2b
Sha256: 3b5b95ee14d3c3e64158175050be929c9fb2612a1c003df388d62af47a4c3e37

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /templates/images/Miniballs.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/3.jpg HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/jpeg
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "1bc6-6315e0ee-40625c2c16894cf1;;;"
accept-ranges: bytes
content-length: 7110
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Size:   7110
Md5:    0e2048acf0519d2c005209f8146edfca
Sha1:   e80d85ad5b49404bbc97e09652c79f3eb988fc90
Sha256: 2e3c000bb11b035e1a6bfe511338a7877fdc67f5c51a5ff29394e4d3735b36df

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/2.gif HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/gif
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "b32-6315e0ee-f47a1dc8c7c4fa9d;;;"
accept-ranges: bytes
content-length: 2866
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 138 x 25\012- data
Size:   2866
Md5:    ae43f701c156c678e3124853049bcd1d
Sha1:   0875ffacc52951f87e0b6d50578cbd4e5c1da976
Sha256: f4f598b5fc93817de8bdd76013d28b4c092b8f139be116e625d046e3b3b9be30

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /imp/templates/4.gif HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/gif
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:09 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "d1d-6315e0ee-e63ad7468569588e;;;"
accept-ranges: bytes
content-length: 3357
date: Thu, 27 Oct 2022 00:17:09 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  GIF image data, version 89a, 143 x 45\012- data
Size:   3357
Md5:    559e49c09cad7db6d103fbaf08be4d51
Sha1:   19236601f16bb32cfa38a65c991f9de4a528c826
Sha256: 9d0567e661cf2d5205acaaec1a0c7dfee24f48af2d56a56212c1b4db1ab88b60

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:10 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/images/Miniballs.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:10 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/jquery-1.11.3.min.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:10 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /imp/templates/css/Logo-Marianne_impots-gouv-fr.svg HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/templates/css/autentification.css

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/svg+xml
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:10 GMT
last-modified: Mon, 05 Sep 2022 11:43:44 GMT
etag: "13d96-6315e0f0-143ab9239d4fb50f;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 26156
date: Thu, 27 Oct 2022 00:17:10 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1263)
Size:   26156
Md5:    7fa4d73d461d2465cebd5a55e4a2d148
Sha1:   fa8ae427e96b93cd4a40fe1772fe7200215561bb
Sha256: 11dcd8cbea17afd540f4813f5bcc25d25ef0cd7d0089ae2ec3d4a36679d128c2

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/bootstrap.min.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:10 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/js/auth.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:10 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 27 Oct 2022 00:17:10 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 26 Oct 2022 10:12:16 GMT
Expires: Wed, 02 Nov 2022 10:12:15 GMT
Etag: "c03d4686ffb6ffd82bca1fd2bccac416ad41f570"
Cache-Control: max-age=603150,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1176
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76073f46cd84b512-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    4f44ca26704cdfd1854d87874c226b8f
Sha1:   c03d4686ffb6ffd82bca1fd2bccac416ad41f570
Sha256: 0902749b2472c71ca8e0e62811e86cadb03dacb17663ef10ae165c6f24ff20e9
                                        
                                            GET /templates/js/urls.html HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 404 Not Found
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Thu, 27 Oct 2022 00:17:10 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 27 Oct 2022 00:17:10 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 24 Oct 2022 18:59:03 GMT
Expires: Mon, 31 Oct 2022 18:59:02 GMT
Etag: "de393e2db2d0ed909278a1010bb763296a7e4541"
Cache-Control: max-age=412311,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76073f46eeca0afe-OSL

                                        
                                            GET /templates/images/Cadenas.svg HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 27 Oct 2022 00:17:10 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Tue, 19 Mar 2019 06:51:49 GMT
ETag: "41b26-b72-5846cf07e72bc"
Accept-Ranges: bytes
Content-Length: 2930
Via: dpapusx051
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (323)
Size:   2930
Md5:    31c8c7c86c2a6814948044e8714acddb
Sha1:   49cf9783f5f57a2a843a141c27bed79f54a5c2aa
Sha256: 8254c9ce56497ac4e9e296b9b8d35cccde8872e5961de17b7b7bb65d8c2cf1db
                                        
                                            GET /imp/templates/11.png HTTP/1.1 
Host: mpconfirmspfgroupauthclient.justns.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mpconfirmspfgroupauthclient.justns.ru/imp/sms.php

search
                                         91.229.90.152
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 00:17:10 GMT
last-modified: Mon, 05 Sep 2022 11:43:42 GMT
etag: "60e-6315e0ee-94d62762ea0c5ae4;;;"
accept-ranges: bytes
content-length: 1550
date: Thu, 27 Oct 2022 00:17:10 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  PNG image data, 70 x 38, 8-bit/color RGBA, non-interlaced\012- data
Size:   1550
Md5:    9b7a4cbc2e295e49b60d8a5b72399444
Sha1:   293fe21c8450a75a4f338bbfcc4f0cad0cae6383
Sha256: 9228464e8acd568a52b80e5cc15db869c35ea782cee383a4c895e3d209779c32

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6247
Cache-Control: max-age=120824
Date: Thu, 27 Oct 2022 00:17:10 GMT
Etag: "6358ea97-1d7"
Expires: Fri, 28 Oct 2022 09:50:54 GMT
Last-Modified: Wed, 26 Oct 2022 08:06:47 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JwIUUVcvMOvjn3IK1gtSOg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.162.110.205
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wR/R1qTofqtA+i7IG6aiva9SnkM=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16319
Expires: Thu, 27 Oct 2022 04:49:11 GMT
Date: Thu, 27 Oct 2022 00:17:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16319
Expires: Thu, 27 Oct 2022 04:49:11 GMT
Date: Thu, 27 Oct 2022 00:17:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16319
Expires: Thu, 27 Oct 2022 04:49:11 GMT
Date: Thu, 27 Oct 2022 00:17:12 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2013af8a-e057-44cd-8dca-381e200609e6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 18182
x-amzn-requestid: f1232b1f-32ac-4820-b186-b3bfb928c0b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aYvSKFF4oAMF2Wg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63535f40-0b9bc4d27b7534176cc278ed;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 03:10:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6Ep7Z_31m6kPwBoVaHyE2TioMdDmF_SkwT5kl326QvWN1pFEX_sy6Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 10:29:50 GMT
age: 49642
etag: "61b82445b422a5f917bb10640beb6d73eb0e62c3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   18182
Md5:    ed4462f023dbabb596a2e3b521425ca1
Sha1:   61b82445b422a5f917bb10640beb6d73eb0e62c3
Sha256: a02af2897331acc123bf7d54b30929e3bc062a0875b5dea95302ddf60d808ded
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9256
x-amzn-requestid: 25249b1e-6ef4-432c-b370-a645259c0727
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aoeDVHAyIAMFo9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359aa15-73f252de0cc8d8246183f658;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:43:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V7UFjzwuVqIZJiJg_Q3BWuSd8B_aghBauo7NYg2EYT3MDme-jggsYA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 22:11:54 GMT
age: 7518
etag: "f50d8270aeb43fb15457d961f925cf2b38060240"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9256
Md5:    e307787eef6193fe4988367feb5e07d9
Sha1:   f50d8270aeb43fb15457d961f925cf2b38060240
Sha256: d69ba1c958614a831462b81a046bb6a59e353db0b63d23b060b84df124057452
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5a9dae4-226e-42f6-b38d-d6f3f560ed69.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6806
x-amzn-requestid: bdf4f489-b474-4143-881f-521ad5dee74b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocwUGb9oAMFRGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a801-2a1e822f6b1dd3304c8f0527;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: oxLrpXYZuUBO5qEKrFYAkh3lx2ZE7Jph8tcq0b4dWIHxUODXP3FDDQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:47:49 GMT
etag: "0f432e521fc4392f528042c711139dc0becc5598"
age: 8963
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6806
Md5:    8240214ef7bc82b09de023cde217beb9
Sha1:   0f432e521fc4392f528042c711139dc0becc5598
Sha256: 2d5f1a426441536086c8278651808dc6e3e819ec18b48048520a4dedbc8a08ce
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faedeaf71-ffea-4e66-9a25-1410acdb03ec.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5136
x-amzn-requestid: 0059b05c-746b-41cd-8cc1-c744d0b149fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aoc2-H9sIAMFquA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a82c-772120580c4cf9e45b685971;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:35:40 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fqqRNgPgAZRwp_xRyHC3YzEKQTwydDs45MNLQC7hoRpytCb91-9b5Q==
via: 1.1 44cd593d82a2d200a94217033c614c6a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:51:05 GMT
age: 8767
etag: "fed9b6693077d233f60cc7394c7b667291ffade7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5136
Md5:    ace7660d2948795997e3c7cb9cf12495
Sha1:   fed9b6693077d233f60cc7394c7b667291ffade7
Sha256: fd4718a6649572cbaf13f46b8e2961cd1c680afa1494b0bacd5fda9010a95098
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe98a4c03-5fa3-4445-a037-d229b86c94a6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8936
x-amzn-requestid: d0698fc0-e4c9-4633-9b64-df09be35b450
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocuiGBlIAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a7f6-7c78a1fc43552b934e6b8708;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:46 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gus8UKo03dRkfqPRhxnW6zzqx7o-2tZbbv-DsBSW7UREHPOA1uqdUw==
via: 1.1 5abfab33f248090bb0f31ca137ce9464.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:47:37 GMT
etag: "b05b7299a7e473e873510671a6abdd5227a53f46"
age: 8975
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8936
Md5:    eb430e5efbc6c8c306fce87e26faf734
Sha1:   b05b7299a7e473e873510671a6abdd5227a53f46
Sha256: c49d64e87ec8243a1ee7f214f21988b6f6a33ba93814ec31262d80e4a22b8504
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24d0f74b-ba69-4b8a-bd11-56fb0231d2b7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9914
x-amzn-requestid: 3d0fb9c3-d606-497e-b196-6ac5ec846814
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aZRwIE1IoAMFYCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63539667-34f866976ebb7efd2c4e868d;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 07:06:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: apZ7KwORR0VbbnuY24PJJQ99-3BZdfWRqAOSHlOYxCAPPCwygrfzfw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 12:31:05 GMT
age: 42367
etag: "0ddd9f80782a4bda5643be710b498f0fdc2c50db"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9914
Md5:    76b8756bea7b9c29285f6b604ec13a8e
Sha1:   0ddd9f80782a4bda5643be710b498f0fdc2c50db
Sha256: 7068a15f10288c3de5fea422b360b8f20989ac33af4481fb8e5a0f125486b3fb