Report - go.greensagemedia.info/go/d2934662-65b2-459c-80c5-bd0feda89952

Report Overview

Submitted URL
go.greensagemedia.info/go/d2934662-65b2-459c-80c5-bd0feda89952
IP
3.70.16.242
ASN
#16509 AMAZON-02
Submitted
2023-01-17 07:19:13
Access
Website Title
Final URL
Tags
urlquery detections
Scam / Brand infringement

Detections

urlquery
1
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
go.greensagemedia.info	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	1.8 kB	3.70.16.242
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	796 B	93.184.220.29
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.213.114.144
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	46 kB	34.120.237.76
mediadirecttrck.us	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	619 B	730 B	104.21.67.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-17	medium	go.greensagemedia.info/go/d2934662-65b2-459c-80c5-bd0feda89952	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	173 B	2023-03-07	2023-04-05
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:02 Last Seen2023-04-05 01:57:28 Times Seen12 Hash 3ca2f0346364b6187d8c0c5f5df15905 e87957f21b4c0f1758d49a763a6faa735580ee91 b07382aed2de8e1f40ca2b0f2519da3ec9d63dc2321c57f50c1f815a8c8f95f8 Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	2.2 kB	2023-03-07	2023-03-17
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:02 Last Seen2023-03-17 11:41:59 Times Seen1 Hash 04d66360b71e72732683d0867ac72470 68f8cdc18f019e35068c719f23d303d21d79c929 d8d96e4341aea9d08827175046d20ef30a12cf1b1977c80d2218b575ffe77b4e Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	432 B	2023-03-07	2023-04-05
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:53 Last Seen2023-04-05 01:57:28 Times Seen13 Hash 545d5d17949fbfcdf9e1f6698c30ede2 716bb041124bc69feec124331f31b8d3a37a93a0 a101e3a589b24fb933bc552cfec77272c762ce273c71ded6e8d02ba6a03abcd3 Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	262 B	2023-03-07	2023-04-05
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:02 Last Seen2023-04-05 01:57:28 Times Seen13 Hash 835455e72723e919e9dc90018a15ed3e 2175767be59e6253720b66629e2d2310a07264a8 bb9e5fd03a6aafe53d10e77c69b2e895c99008f70ec5c897990ffaeb96f911ae Loading...

	mediadirecttrck.us/ip14c/jquery.min.js	87 kB	2023-03-07	2024-04-20
Pretty URL mediadirecttrck.us/ip14c/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:28 Last Seen2024-04-20 18:50:55 Times Seen7504 Hash 5b5a269bd363e0886c17d855c2aab241 042dd055cd289215835a58507c9531f808e1648a 1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	40 B	2023-03-07	2024-04-25
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-25 05:32:28 Times Seen3875 Hash fe0dc8d4915af0701a005086d0696180 2e65cc10554fde204edbde4d3b1e4fedff82cfa7 909b1dec809484d438fc8a24deba298ffbed61663709c5f0a5302746a8ac41be Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	42 B	2023-03-07	2023-07-04
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:42 Last Seen2023-07-04 01:52:06 Times Seen24 Hash 4149650bdb8a049b5d71589c278ce29e 44c31c7c7f86a63deca1fee03ac7385f78134932 1f7148e3ad63fa2b9a8596119d9a2be815e12074101789b2c18a0b2117005311 Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	113 B	2023-03-07	2023-03-26
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:02 Last Seen2023-03-26 06:15:38 Times Seen8 Hash d15b6f4c521f84ce5966fcf0ed48d828 5575c360689842e18124a1d7356177ea53c18cca 3ba7d12d67031e0547bcec181afedbc9492b1428461c29f9c5dbea8176fbe9e4 Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	169 B	2023-03-07	2023-03-26
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:02 Last Seen2023-03-26 06:15:38 Times Seen8 Hash 69ca5fc1cc1d38544f176872c9d79d5e 85db92d4ca3bc3cc1b0409d2d558814b1563d6e5 fb34bb3b5739f377a0e5b218c268a3885d02932f17be29dccc7252ece4c7b0e2 Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	336 B	2023-03-08	2023-04-05
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:42 Last Seen2023-04-05 01:57:28 Times Seen12 Hash dde5b0744f6fd5ec977ff438ef3eb03e 0f6d928f74cd1653acf93a858da2600dbfed5822 b86ad5f2d094d3533b206c7aeb839d37eb03ae063109fc9e87a06d6def2ebb3e Loading...

	mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0	193 B	2023-03-08	2023-03-26
Pretty URL mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 IP 104.21.67.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:42 Last Seen2023-03-26 06:15:38 Times Seen8 Hash d49ffaf7a04cff39412fdeaacebdea91 561fc8d1d945b7b9bca6e926603a467f7c4fb4d4 70fc8d19963e7a29cd885e8934ee386079f48001d412bf0d2440d7e29fe2ce0d Loading...

		Size	First Seen	Last Seen
	#1 Write - 9cf774eb2c567d3c1d92311ca727db27	15 B	2023-03-08	2023-03-26
Pretty Observations First Seen2023-03-08 14:36:42 Last Seen2023-03-26 05:26:55 Times Seen5 Hash 9cf774eb2c567d3c1d92311ca727db27 61097db204a6922b38f3f3652e6a992e55a8bb6b 4807d147ab6efb763f85743c4cd38a93e8ba485b761ee1b7dd7e3d38b31709e3 Loading...

	#2 Write - d5b9290a0b67727d4ba1ca6059dc31a6	6 B	2023-03-07	2024-02-14
Pretty Observations First Seen2023-03-07 12:22:22 Last Seen2024-02-14 16:20:53 Times Seen128 Hash d5b9290a0b67727d4ba1ca6059dc31a6 988455e67df7cd81d090ea4bacdc05f39fb7caa5 bea54a349795017db7e863500429c8ba0c78b89855d73f9c82dfd92cb7c2d748 Loading...

	#3 Write - 3e95ed7c975b86c36f04116a99b82b57	74 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 13:22:02 Last Seen2023-03-17 11:41:59 Times Seen1 Hash 3e95ed7c975b86c36f04116a99b82b57 6805bcdcbd28845643c69588fd40fc8d7717a5a6 d0c40bf071c3764af04d520ae4a1e4be3e66010eb39cbb25f0ba29620380a301 Loading...

HTTP Transactions (21)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bb0c8d0984a1f09a012961a54cda03c6
1a8ad450a0241554ee4fc7d02fac7b83529e60f6
eee3ca879a67cc25ea89cb83de9521eea1b82845705c3e82169d4787ecb7dd3a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EEE3CA879A67CC25EA89CB83DE9521EEA1B82845705C3E82169D4787ECB7DD3A"
Last-Modified: Mon, 16 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13882
Expires: Tue, 17 Jan 2023 11:10:24 GMT
Date: Tue, 17 Jan 2023 07:19:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2258cd6b877a3aca8f4c84074e65ac4b
4e46c70941f8e497e8afc8d078644e7f81761a1c
faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6167
Expires: Tue, 17 Jan 2023 09:01:49 GMT
Date: Tue, 17 Jan 2023 07:19:02 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 17 Jan 2023 06:42:16 GMT
content-type: application/json
age: 2206
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d38f4bb41e1264b8a1e11ff0b1499d20
21c3e36bd908df43e0d49b747e270ec75cb882b0
3ff822eb56d2218ad6244fd013a82e0d27450ae21d47e08f1e3fdf4c82a8aad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FF822EB56D2218AD6244FD013A82E0D27450AE21D47E08F1E3FDF4C82A8AAD7"
Last-Modified: Mon, 16 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12161
Expires: Tue, 17 Jan 2023 10:41:43 GMT
Date: Tue, 17 Jan 2023 07:19:02 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: QrC6PB1TtUONY+mecbwL84v4XNbByq8T8lrgGTQokId9/BfUhxVzxGcEUQ5bDfT+sUQHXY40kWc=
x-amz-request-id: K007PD6W02NT0EQ4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 17 Jan 2023 06:44:54 GMT
age: 2048
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 07:19:02 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

go.greensagemedia.info/go/d2934662-65b2-459c-80c5-bd0feda89952

3.70.16.242

302 Found

464 B

URL HTTP/1.1
go.greensagemedia.info/go/d2934662-65b2-459c-80c5-bd0feda89952
IP
3.70.16.242:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (464), with no line terminators
Size
464 B (464 bytes)
Hash
92be102272475f6354d888c65b7580fa
9c7b56a26e19c895fca62df40e6b8d8e68d4a838
ae0d72c261c47664fb13c7563e6809f1ceb6d7c6173521926af34eb1ea724c7f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /go/d2934662-65b2-459c-80c5-bd0feda89952 HTTP/1.1
Host: go.greensagemedia.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: openresty
Date: Tue, 17 Jan 2023 07:19:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 464
Connection: keep-alive
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
Access-Control-Allow-Origin: *
Location: https://mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0
Set-Cookie: bemob-uniq-visit:d2934662-65b2-459c-80c5-bd0feda89952=1; Domain=go.greensagemedia.info; Path=/; Expires=Wed, 18 Jan 2023 07:19:02 GMT; HttpOnly
bemob-rotation:d2934662-65b2-459c-80c5-bd0feda89952:random:fa1c62ddee3f3fe6abd9111bde6ea248=0-0-3; Domain=go.greensagemedia.info; Path=/; Expires=Wed, 18 Jan 2023 07:19:02 GMT; HttpOnly
bemob-track-url=https%3A%2F%2Fmediadirecttrck.us%2Fip14c%2Findex.html%3Ftd%3Dgo.greensagemedia.info%26brand%3D%26country%3DNorway%26bemobdata%3Dc%253Dd2934662-65b2-459c-80c5-bd0feda89952..l%253D7bbc2813-f878-4744-8c6c-a63d26968d18..a%253D0..b%253D0; Domain=go.greensagemedia.info; Path=/; Expires=Wed, 18 Jan 2023 07:19:02 GMT; HttpOnly
Vary: Accept
X-Response-Time: 343.658ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 17 Jan 2023 07:17:25 GMT
age: 97
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d03545e1fc5a8876441094039811aac5
99fcc840f3516298625c528e9b408132f7fcbb9c
166fa7c7bb716b2cd02a47884ee00df31030dfb4b2a6fdae7b59b19f87739123

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6273
Cache-Control: max-age=99143
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 07:19:03 GMT
Etag: "63c513ad-1d7"
Expires: Wed, 18 Jan 2023 10:51:26 GMT
Last-Modified: Mon, 16 Jan 2023 09:06:53 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.213.114.144

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.213.114.144:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rGnSPDWdXWosbuYuzCEzeQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1GF1MPX+RIv7pr3hfy3f1bCTgzM=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17711
Expires: Tue, 17 Jan 2023 12:14:15 GMT
Date: Tue, 17 Jan 2023 07:19:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17711
Expires: Tue, 17 Jan 2023 12:14:15 GMT
Date: Tue, 17 Jan 2023 07:19:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17711
Expires: Tue, 17 Jan 2023 12:14:15 GMT
Date: Tue, 17 Jan 2023 07:19:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17711
Expires: Tue, 17 Jan 2023 12:14:15 GMT
Date: Tue, 17 Jan 2023 07:19:04 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b86ae5-6ee8-42e7-bcb0-c54e39e4fbd6.jpeg

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b86ae5-6ee8-42e7-bcb0-c54e39e4fbd6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4736 bytes)
Hash
c8077a04cfa8a88823a83c3481fe33eb
534966ca691706e724af5a9891859e1ee3c10b78
b8df497111b6e7876f53bd2433d9a0c5153f8b84b1ccd91dc5eb9bfdbe4579aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36b86ae5-6ee8-42e7-bcb0-c54e39e4fbd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4736
x-amzn-requestid: 4f03413a-fd17-4b48-ba36-e1580ee5c19a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tm-HLroAMFTMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c2f9-08fc93b860c346db68f4a83c;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:34:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hr9MJmIisVsbZYgHhEMd6plnerrtoQ_Hvwf7xWfQDjHqocVoXlSoFA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:46:50 GMT
age: 34334
etag: "534966ca691706e724af5a9891859e1ee3c10b78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4757d4fe-f057-41bb-b2e2-4ed4877c7af4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7873 bytes)
Hash
a5d0a29e6fe3ce0fb4a9237dd5917778
6919dcbbcdcc241672358cc5733ef064180c928a
6d0d71c35e1ca331ee5f4794bc74747f7c38f2d46863d983377bef526f7ca356

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4757d4fe-f057-41bb-b2e2-4ed4877c7af4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7873
x-amzn-requestid: 8a2a267d-8062-4755-8b1d-1e715ee9c413
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: exco-GL0oAMF-uQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c3a7d2-567e30c7063b71217f8175fc;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 07:14:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pmqzTZ1Nuqtw5aryFNr3vcfUpQGBs0PxAW2Eu2NE82Q37Die5cgpbw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 07:23:06 GMT
age: 86158
etag: "6919dcbbcdcc241672358cc5733ef064180c928a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20129690-ba2c-4d31-9d15-963cf6e4f66e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8610 bytes)
Hash
fbadbf308733e10efcf26a97bd5f86c7
a51e7e889bfdab10c59624a0fb1c301054e2d3d8
e87c014b465f1deed4316d7e7581ab63329523e68f9ca3e47c180cf14f43d9aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20129690-ba2c-4d31-9d15-963cf6e4f66e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8610
x-amzn-requestid: 14c3776b-05ba-4367-93f1-b887b7e1bd10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tm7FlGoAMFuKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c2f8-125017a12c4b83130a70b836;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mqgt51FSXFokAtn5znzBQsaXsbqHbLHuJQvqhFlRxFFDFy36peimeg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:46:15 GMT
age: 34369
etag: "a51e7e889bfdab10c59624a0fb1c301054e2d3d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f4b6ad-4bfa-468c-ac97-628f5ed79b68.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10592 bytes)
Hash
7558650f7e974b34a7b3cb0c3c3a310c
7adb15e8c38cb18b57a696f8c1f08c523e1137e4
3179a4c545337e9a32d4f1ab851a3ec30ee16b44014c127630e1efcbf77e0c29

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0f4b6ad-4bfa-468c-ac97-628f5ed79b68.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10592
x-amzn-requestid: 7cb5c56a-324a-4eef-b2d0-63e151ae2920
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: etlLyEhToAMF34Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c21be4-7b48a8de0c2957dc329af0e0;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 03:05:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U4yiXXjOtTAxXIINAt6tIZGqsp1XPD2TMvcDPG_daMfEZ3Cf6fNKDw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 08:25:07 GMT
age: 82437
etag: "7adb15e8c38cb18b57a696f8c1f08c523e1137e4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4645b901-7a6a-474e-a0e9-8661e378c83d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4272 bytes)
Hash
304bb1b20c55a224a8aa28c2af0a0d0e
590f9978d35d8bff19b665505b9761f87c66b915
74a5930f8ccc54b5618892ace303d163066656b02c942273e8d6debcf2ab3614

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4645b901-7a6a-474e-a0e9-8661e378c83d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4272
x-amzn-requestid: e53617f5-3c7b-4a81-a9bb-79667a1ef7c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ej0BwETpIAMFdcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63be33a4-328c82663ce8bb024b0181d9;Sampled=0
x-amzn-remapped-date: Wed, 11 Jan 2023 03:57:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IrGvuEbwzYF0PIcAiXFsYSOc30EQlSkpX1Fi0WW_S1SYaXP-I67HQw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:52:19 GMT
age: 34005
etag: "590f9978d35d8bff19b665505b9761f87c66b915"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9297b226-d4aa-49e6-b351-77061f381097.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.2 kB (3172 bytes)
Hash
1d877fea13674783b11ec5f6c3e93810
6691f478a758386f8c7a0f714fbfe8d36b1bf257
b64d0343ca935e1618a3cedfa7fa837467917daf09bf667cf7709f52341e8015

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9297b226-d4aa-49e6-b351-77061f381097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3172
x-amzn-requestid: 18de115a-9b45-4dc5-ac81-be90514e7acb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2s__EXOoAMFhyw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c1ff-5aafd9526583391c1e182be6;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:30:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CnUr67O4sv9O5yZucmA3HgM7IXu5CQhEnMMKSdwhooAE-OYdX7Ij5g==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:51:54 GMT
etag: "6691f478a758386f8c7a0f714fbfe8d36b1bf257"
content-type: image/jpeg
age: 34030
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0

104.21.67.97

200 OK

0 B

URL HTTP/2
mediadirecttrck.us/ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0
IP
104.21.67.97:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ip14c/index.html?td=go.greensagemedia.info&brand=&country=Norway&bemobdata=c%3Dd2934662-65b2-459c-80c5-bd0feda89952..l%3D7bbc2813-f878-4744-8c6c-a63d26968d18..a%3D0..b%3D0 HTTP/1.1
Host: mediadirecttrck.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 17 Jan 2023 07:19:02 GMT
content-type: text/html; charset=UTF-8
age: 82632
cache-control: public, max-age=0, must-revalidate
vary: Accept-Encoding
x-nf-request-id: 01GPZ9GZB6MZ7MFGJVN8FBT30H
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRxYn%2FXyBRNmvOwhIdkoVMQwv4PbiAKCkVZ2ph%2FR0EwhYwQgL0NoZZERMN7naGfBf4W5t%2Bem5Dp3G%2B8hNhEiqmUFP8PoA%2FUrDSlsji5LXDVLeRRCtS%2BDRfbqM3hSYmV62CWJU8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ad520228d3b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML