Report - t.sidekickopen54.com/Ctc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004

Report Overview

URL

t.sidekickopen54.com/Ctc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004
IP

172.64.144.171

ASN

#13335 CLOUDFLARENET
Submitted

2023-01-24T21:21:43Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

1

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
ocsp.pki.goog (11)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3773	7692	216.58.211.3
ocsp.sca1b.amazontrust.com (5)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1750	4823	54.230.245.39
ocsp.digicert.com (7)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2387	4392	93.184.220.29
www.google.com (1)	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416	1200	142.250.74.164
fonts.googleapis.com (2)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	908	22939	142.250.74.74
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387	15578	142.250.74.40
ocsp.r2m01.amazontrust.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	984	54.230.80.227
cdn.plaid.com (1)	17458	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384	777	54.230.111.89
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7094	23.36.76.226
ucarecdn.com (3)	76504	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1184	134821	23.36.76.131
www.grapevine.org (7)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2884	512954	54.91.6.89
fonts.gstatic.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1026	46778	142.250.74.35
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	703	564	216.239.32.36
js.hsforms.net (1)	7264	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363	1546	104.17.186.73
cdn.jsdelivr.net (1)	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	409	1087	104.16.86.20
t.sidekickopen54.com (4)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2958	87418	172.64.144.171
cdn-images.mailchimp.com (1)	5284	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	410	1368	54.230.217.92
media.grapevine.org (139)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	66885	1833714	54.230.111.44
js.hs-scripts.com (1)	2571	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365	635	104.17.211.204
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	35.162.125.72
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	55125	34.120.237.76
assets.customer.io (1)	19446	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	371	10986	54.230.111.127

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-24	medium	ucarecdn.com/libs/widget/3.x/uploadcare.full.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (209)

URL IP Response Size

t.sidekickopen54.com/Ctc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004

172.64.144.171

301 Moved Permanently

URL HTTP/1.1

t.sidekickopen54.com/Ctc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004
IP

172.64.144.171:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /Ctc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004 HTTP/1.1
Host: t.sidekickopen54.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Tue, 24 Jan 2023 21:21:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 24 Jan 2023 22:21:31 GMT
Location: https://t.sidekickopen54.com/Ctc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ebd1b98b950b59-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f416977a8d6dfaafb2dbfd0e68b871f8

dfa97bd829b03162de91c80133f2fde69b58a8d2

2c4d0fd1b7a6d398026a4817267adce203429acdd3defa44a879f0d945f392d5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C4D0FD1B7A6D398026A4817267ADCE203429ACDD3DEFA44A879F0D945F392D5"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13646
Expires: Wed, 25 Jan 2023 01:08:57 GMT
Date: Tue, 24 Jan 2023 21:21:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

04512fea22644dc0d22c3f3a665f6645

0e213646abfc6d9560ba562362fd9e9115be8354

124d9534f75506b8e8c7535ee7295ac4e6cf5a8249a0edac6940839e56043181

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "124D9534F75506B8E8C7535EE7295AC4E6CF5A8249A0EDAC6940839E56043181"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4361
Expires: Tue, 24 Jan 2023 22:34:12 GMT
Date: Tue, 24 Jan 2023 21:21:31 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

dcd75ca6daca51c5e39d431468511793

07f76d3bf23d65c9110d810fa71a994e39e085d3

73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 24 Jan 2023 20:42:45 GMT
content-type: application/json
age: 2326
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

6cd4f1da1215c7473500807c185f2449

b14db0c67cf1f5faf85648ed8f94baf2dd03808b

9750518efd869da5ff74ba65a196445bd4340c909157cc1a420f62c1d07224a0

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9750518EFD869DA5FF74BA65A196445BD4340C909157CC1A420F62C1D07224A0"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7205
Expires: Tue, 24 Jan 2023 23:21:36 GMT
Date: Tue, 24 Jan 2023 21:21:31 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: DfPWG4oVbt6manOzWc/tBRNOi3trv87uE0ZyjAU3EZJV9jbJksDO3u4ahzcQYHcv6Z1BRaPHc2Q=
x-amz-request-id: 6EBJ03FF7A8ASXQR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 24 Jan 2023 20:48:18 GMT
age: 1993
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 24 Jan 2023 21:21:31 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

t.sidekickopen54.com/events/public/v1/encoded/track/tc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004?_ud=36ab2f84-6431-4b40-87c3-0295142f95ee

172.64.144.171

301 Moved Permanently

URL HTTP/1.1

t.sidekickopen54.com/events/public/v1/encoded/track/tc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004?_ud=36ab2f84-6431-4b40-87c3-0295142f95ee
IP

172.64.144.171:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /events/public/v1/encoded/track/tc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004?_ud=36ab2f84-6431-4b40-87c3-0295142f95ee HTTP/1.1
Host: t.sidekickopen54.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Tue, 24 Jan 2023 21:21:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 24 Jan 2023 22:21:31 GMT
Location: https://t.sidekickopen54.com/events/public/v1/encoded/track/tc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004?_ud=36ab2f84-6431-4b40-87c3-0295142f95ee
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ebd1bde89c0b59-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

c398b6b39d11d25b8ae9bc5cd94a1c98

640aa8c399ced71d0c2a9f5a90fbaf091b01d642

a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19292
Expires: Wed, 25 Jan 2023 02:43:04 GMT
Date: Tue, 24 Jan 2023 21:21:32 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 24 Jan 2023 20:48:59 GMT
age: 1953
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.162.125.72

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.162.125.72:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PTyipQCZJIYN0t1JgYHnvQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Goc3qbH/zcdrfyDu24PHCxSPvZM=

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

ec7a177377cc1606f34742a52d2871fd

23877889f0cf538f74886610d9fbf0665865772f

ddc5c9d58477703d765d10f5946e74265fa8a63fb73139d352348f412284dfab

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDC5C9D58477703D765D10F5946E74265FA8A63FB73139D352348F412284DFAB"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21571
Expires: Wed, 25 Jan 2023 03:21:03 GMT
Date: Tue, 24 Jan 2023 21:21:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d5528af26e629a9bfbf0c421146b921f

1e4f99245d551384bedfe9b59b5f9905127d87bf

989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10852
Expires: Wed, 25 Jan 2023 00:22:25 GMT
Date: Tue, 24 Jan 2023 21:21:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d5528af26e629a9bfbf0c421146b921f

1e4f99245d551384bedfe9b59b5f9905127d87bf

989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10852
Expires: Wed, 25 Jan 2023 00:22:25 GMT
Date: Tue, 24 Jan 2023 21:21:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d5528af26e629a9bfbf0c421146b921f

1e4f99245d551384bedfe9b59b5f9905127d87bf

989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10852
Expires: Wed, 25 Jan 2023 00:22:25 GMT
Date: Tue, 24 Jan 2023 21:21:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg

34.120.237.76

200 OK

3411

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

3411
Hash

805711aaab303931f8966bbf73aeda52

2bd02a45c8b407e36a41a482b121ea3e14f7c722

66268668c1a970268d75beb1b57f66a759bedac76958a3359cb23104de40fbeb

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 3411
x-amzn-requestid: 62afd364-e94f-45ff-ba6c-9b589fc53e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyCEzrIAMFb8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-203f51040f82f12d535446c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3Ke5d5WguVrF_Phnhu9ojzN5Md0VkYnFfxKNoh5HHrmHwPI90IAIdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 04:49:41 GMT
age: 59512
etag: "2bd02a45c8b407e36a41a482b121ea3e14f7c722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7642

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b12041d-fdaa-483d-b290-d584ffb6ea13.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7642
Hash

deb690b8f5503bf4bcf424e58ddb6b8c

eb96120190e3a5c286ac5ec51ee8b163540377fd

c762b17d3e43d773966490d1186ebc352a78d47781c77a4f048e32fee9732b7d

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b12041d-fdaa-483d-b290-d584ffb6ea13.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7642
x-amzn-requestid: 3f4482cf-98a5-420e-abe7-17fd2d214da0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNyxIF3aIAMFWoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefe6d-0c1838dc7b4ab4650d54ee56;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OD1DSocM7Q1FhRQ4oMhGjU8GN-sv978YqNpLMiKjeWupfFbK-WDXxQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 22:04:05 GMT
age: 83848
etag: "eb96120190e3a5c286ac5ec51ee8b163540377fd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8308

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67efee66-d227-4c28-89a3-8fd7f382049b.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8308
Hash

91b2e12a39dc4f63b9d52e8800cce1f2

42d5b4b4a091778d98c351f0002d8656449d0243

d4dbc79e3383e83f861ccf8cde3e78ba427a66cd3fa99c17e23ec935867de4ad

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67efee66-d227-4c28-89a3-8fd7f382049b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 1988d3b3-5e1a-41fd-83f5-092eddb9185f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNys5GDKoAMFdbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefe52-2349fde60b7db8a34c996717;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WZE7yDAT_YRseW7m410pGAwkWAwJ2HmuTlg2IbSvCbN20SJbmQ4Odg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 22:06:36 GMT
age: 83697
etag: "42d5b4b4a091778d98c351f0002d8656449d0243"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4381

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ad2eb2b-9cfe-4f71-89ea-99ac9e3f783f.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4381
Hash

462fc1946b8dbae49aa3cf22291fc707

400c6dc7973b36a5d3e43cc3b439da49ab6c76b5

88e13373963e8427baa4cdf19909eb297aafe035ec0376cbed6d4f4fa45dbd32

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ad2eb2b-9cfe-4f71-89ea-99ac9e3f783f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4381
x-amzn-requestid: 528fddee-8bac-466a-8f82-3d5bffab7ca4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNzFpFghoAMFSPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefef0-63f97c8409b808910ce8f50a;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0eb65TKWgBaHaPETcwgUpjEHT6yMMT4N0vcRh3C66WYct0PNL-AcpQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 21:56:47 GMT
etag: "400c6dc7973b36a5d3e43cc3b439da49ab6c76b5"
content-type: image/jpeg
age: 84286
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12907

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67794d4b-c63e-47af-b530-92b195f8e718.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

12907
Hash

16d9c0855b43a6c2351cb450187948e2

7208e2e4beb739ae9aded4a207d48cb3572fad5f

92b0423b09aa653ec7326d0aa05dbe137ba452ef21f118c7eb6499a8ccecc8fd

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67794d4b-c63e-47af-b530-92b195f8e718.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 12907
x-amzn-requestid: c9f9a619-f0e1-4bc4-af2a-796b16aa1250
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNzFqF-lIAMFXIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefef0-625e4bab03baa979605f13f8;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: riKsmnzvLP5xapNSozaa5W4P6--p4xU5bkS4Ir7jln-P_o_QhMBBxQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 22:04:30 GMT
age: 83823
etag: "7208e2e4beb739ae9aded4a207d48cb3572fad5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12102

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F987410c8-c934-4399-b586-efb1a5111e3b.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

12102
Hash

c29ea116f715297b757c81dab8d1b5f3

6aae9d763dec58740cdfbfe46f6c69986b81414d

09afde8ec60dd1471e0ce33ed11ae4542b6813ad02e2abf037629a8ae5cfe240

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F987410c8-c934-4399-b586-efb1a5111e3b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 12102
x-amzn-requestid: 54ba881d-c54b-49fa-a5b3-20b8d80f2a35
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNyrNG1AIAMFxTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefe47-1acbf1c34a4dbfdd506d3383;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHA4jmrQvf2RWyPB4RRjQNr_zvaDR07EMo2oHUT12GAE9QbTP3umnA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 22:04:53 GMT
age: 83800
etag: "6aae9d763dec58740cdfbfe46f6c69986b81414d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

78ed7b7d814d987601b30851546309b5

12a653dabfd738fef99fad2295eec55e4651bc7c

a55164c954f0255d6d360ac0fac8b4598f8e0e01ec646105eed2e9b0abf5e2bd

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

1005c9e99dc8d4390861d6730c7a403b

0e3858ae26a1c01e0160e3b60e400bea202ebd05

4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

1005c9e99dc8d4390861d6730c7a403b

0e3858ae26a1c01e0160e3b60e400bea202ebd05

4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ucarecdn.com/libs/blinkloader/3.x/blinkloader.min.js

23.36.76.131

200 OK

3371

URL HTTP/2

ucarecdn.com/libs/blinkloader/3.x/blinkloader.min.js
IP

23.36.76.131:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text, with very long lines (539)

Size

3371
Hash

e7250b66d6f1693b3ece70386dea3520

6a06018a9e0a1b826580a7d6bff1ef87cfb6d3bc

c21fba9da31e41c9c76a85fa42fa915ea4bd4c2bce474c3ce7b3320aeedfa6bb

HTTP Headers

                                        GET /libs/blinkloader/3.x/blinkloader.min.js HTTP/1.1
Host: ucarecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.grapevine.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 3371
access-control-allow-methods: HEAD, GET, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
last-modified: Tue, 03 Nov 2020 14:31:31 GMT
server: nginx
etag: W/"810637653b8b6681622cbbfa20307826"
cache-control: public, max-age=1546
date: Tue, 24 Jan 2023 21:21:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2628000
X-Firefox-Spdy: h2

ucarecdn.com/libs/widget/3.x/uploadcare.full.min.js

23.36.76.131

200 OK

118855

URL HTTP/2

ucarecdn.com/libs/widget/3.x/uploadcare.full.min.js
IP

23.36.76.131:0
ASN

#20940 Akamai International B.V.

Magic

Unicode text, UTF-8 text, with very long lines (56386)

Size

118855
Hash

2579f87f2eec9f97910f17fe8eac35af

6c768e3017aee9b08bfd416a944837dfe059e49d

ecf93e4632a6d584bd79579a679ded9c48462e5e6598fc9ce8e5169e898c5f85

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /libs/widget/3.x/uploadcare.full.min.js HTTP/1.1
Host: ucarecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.grapevine.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
access-control-allow-methods: HEAD, GET, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
last-modified: Wed, 23 Nov 2022 09:32:49 GMT
server: nginx
etag: W/"b99723a137d00981f619f9af057e8df0"
content-length: 118855
cache-control: public, max-age=2073
date: Tue, 24 Jan 2023 21:21:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2628000
X-Firefox-Spdy: h2

104.18.43.85

307 Temporary Redirect

85295

URL HTTP/2

t.sidekickopen54.com/events/public/v1/encoded/track/tc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004?_ud=36ab2f84-6431-4b40-87c3-0295142f95ee
IP

104.18.43.85:0
ASN

#13335 CLOUDFLARENET

Magic

gzip compressed data, from Unix\012- data

Size

85295
Hash

b9c2999f192f1db16e6c17fc599d9534

c61eaed1b50898819cf7206128daad098e44a997

4327feb1866ee8a819226e7ee67012803ad620e065a3116db60f4a1065e8a02a

HTTP Headers

                                        GET /events/public/v1/encoded/track/tc/T9+23284/cLCQB04/Jks2-6q7W69sMD-6lZ3mRW3S0KKB8SV9T0W3zMRNC2ydNmcW79qWFr2GDfFgW3F9Pp82yTGNzVtbc4S3cSksSW6Y9C0585jpC2VJHYHL9bh6JBVbQ5fm10NZHgN3xF-mC7BVBMW1YLyyG7V10RsVtkrCC5rzZv4W8sVyk458vPdFW4QJmFZ6bT70_W5kz8tL3SjlbcW39qHJ129gsKDW1VzpJC82nDHrW9lgH4S6tfn2QW1y6YpC3WnswYN89ckzFN3DmDVyS2P26R5lN9dJl-8004?_ud=36ab2f84-6431-4b40-87c3-0295142f95ee HTTP/1.1
Host: t.sidekickopen54.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 307 Temporary Redirect
date: Tue, 24 Jan 2023 21:21:31 GMT
location: https://www.grapevine.org/network/grapevine
x-robots-tag: none
link: <https://www.grapevine.org/network/grapevine>; rel="canonical"
referrer-policy: no-referrer
x-hubspot-correlation-id: da324c30-e1b5-4106-939b-4204033d1e16
access-control-allow-credentials: false
vary: origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78ebd1be1ae1fabc-OSL
X-Firefox-Spdy: h2

cdn-images.mailchimp.com/embedcode/horizontal-slim-10_7.css

54.230.217.92

200 OK

851

URL HTTP/1.1

cdn-images.mailchimp.com/embedcode/horizontal-slim-10_7.css
IP

54.230.217.92:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with very long lines (388)

Size

851
Hash

8d928b65fd7a376587fd0407dce02b60

f82bbd4b2dd50e7c96bd771120aba22c81494eb8

a0e105cd0a2f8b40284b78b64dd11a672eb1b7c2a7b765b69531ce93ec5280df

HTTP Headers

                                        GET /embedcode/horizontal-slim-10_7.css HTTP/1.1
Host: cdn-images.mailchimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.grapevine.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Dec 2015 16:21:55 GMT
x-amz-version-id: null
Server: AmazonS3
Content-Encoding: gzip
Date: Tue, 24 Jan 2023 01:33:22 GMT
ETag: W/"bd21b0313fe7dc2b8ac08955a7ef1209"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5sJaHYqNsjge5rjw7-qV0kKiW3TYQiIM2ZaeVDXhvmHGUr1Gb64UpA==
Age: 71298

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

1005c9e99dc8d4390861d6730c7a403b

0e3858ae26a1c01e0160e3b60e400bea202ebd05

4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

78ed7b7d814d987601b30851546309b5

12a653dabfd738fef99fad2295eec55e4651bc7c

a55164c954f0255d6d360ac0fac8b4598f8e0e01ec646105eed2e9b0abf5e2bd

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ucarecdn.com/libs/widget-tab-effects/1.x/uploadcare.tab-effects.min.js

23.36.76.131

200 OK

11206

URL HTTP/2

ucarecdn.com/libs/widget-tab-effects/1.x/uploadcare.tab-effects.min.js
IP

23.36.76.131:0
ASN

#20940 Akamai International B.V.

Magic

Unicode text, UTF-8 text, with very long lines (32743)

Size

11206
Hash

6eef3d133b1fddbb31303132ed81dee4

d2e0c37a47fa4d31eb62e270243ea5818fca2a56

b1d0514ff6896eb8e3ea9475be5cb24ea89b51cb58cd26eb1dba9904666b5ae2

HTTP Headers

                                        GET /libs/widget-tab-effects/1.x/uploadcare.tab-effects.min.js HTTP/1.1
Host: ucarecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.grapevine.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 11206
access-control-allow-methods: HEAD, GET, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
last-modified: Wed, 16 Nov 2022 16:23:20 GMT
server: nginx
etag: W/"be81bbb7167f1ad012ccab5bc747bb9c"
cache-control: public, max-age=1766
date: Tue, 24 Jan 2023 21:21:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2628000
X-Firefox-Spdy: h2

www.grapevine.org/runtime-es2015.d42ccef103831d95c0b8.js

54.91.6.89

200 OK

1935

URL HTTP/1.1

www.grapevine.org/runtime-es2015.d42ccef103831d95c0b8.js
IP

54.91.6.89:0
ASN

#14618 AMAZON-AES

Magic

ASCII text, with very long lines (3461), with no line terminators

Size

1935
Hash

86f92f487c5cbef3d6c25e7030e4573d

4c228211d3fbecec1fa81813bdb1f8bac149179a

4da5e4af87b6b8627762599da53901989d0823e6b7a622f25b5372bd5d908211

HTTP Headers

                                        GET /runtime-es2015.d42ccef103831d95c0b8.js HTTP/1.1
Host: www.grapevine.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.grapevine.org/network/grapevine
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 20 Jan 2023 17:04:56 GMT
Etag: W/"d85-185d023f6c0"
Content-Type: application/javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 24 Jan 2023 21:21:39 GMT
Transfer-Encoding: chunked
Via: 1.1 vegur

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

54.230.245.39:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

332b4a6bc4d9a614dc34f5435c92de3a

fef47933e1b32260b8b3d204d2b3f3ded56eccd5

a558edc67895cf608a159394a3152e9e6d691f695dd1452b231b167a2d05ddf8

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154300
Date: Tue, 24 Jan 2023 21:21:39 GMT
Etag: "63d0039f-1d7"
Expires: Thu, 26 Jan 2023 16:13:19 GMT
Last-Modified: Tue, 24 Jan 2023 16:13:19 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TPvNOkfqLOxskuN0jUHAf1ha7OVEYlU_GwW-MGwfqhxl6kjMV7Zlzw==

www.grapevine.org/styles.848ffae22b84a3d3e2ca.css

54.91.6.89

200 OK

40656

URL HTTP/1.1

www.grapevine.org/styles.848ffae22b84a3d3e2ca.css
IP

54.91.6.89:0
ASN

#14618 AMAZON-AES

Magic

Unicode text, UTF-8 text, with very long lines (34366)

Size

40656
Hash

51744e423dc82607ec8800ccf7ac9e6d

2ebdb40440a2bc5031688c55e3aa08a29b1d20c2

798ebba9a635d162ce7635afd4b0757844b9be32a2e6d615a445d012258cc89a

HTTP Headers

                                        GET /styles.848ffae22b84a3d3e2ca.css HTTP/1.1
Host: www.grapevine.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.grapevine.org/network/grapevine
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 20 Jan 2023 17:04:40 GMT
Etag: W/"40e05-185d023b840"
Content-Type: text/css; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 24 Jan 2023 21:21:39 GMT
Transfer-Encoding: chunked
Via: 1.1 vegur

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

54.230.245.39:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

332b4a6bc4d9a614dc34f5435c92de3a

fef47933e1b32260b8b3d204d2b3f3ded56eccd5

a558edc67895cf608a159394a3152e9e6d691f695dd1452b231b167a2d05ddf8

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154300
Date: Tue, 24 Jan 2023 21:21:39 GMT
Etag: "63d0039f-1d7"
Expires: Thu, 26 Jan 2023 16:13:19 GMT
Last-Modified: Tue, 24 Jan 2023 16:13:19 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U3jE60EIyDQISTu_4WJslFDl8behxxMxuKSO5HXQQdeqNqG0KqYotQ==

ocsp.digicert.com/

93.184.220.29

200 OK

280

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

280
Hash

b226d41e0973c031bbe091a9cf4336f6

82ebea6d2007429d274309da9643952ea2f6f701

685eb673d1f1a1d93851d8efc7aa56caeee50c388a8653de9c952cd720541688

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6417
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:39 GMT
Etag: "63d015c0-118"
Last-Modified: Tue, 24 Jan 2023 19:34:42 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

2308e118af7fbceb0f6972c6b9bdc74c

cced95cd00ce3b14794eb57819101f50e2d1ff71

32873ac10dfe1ec3b153b949570feec2a63b3062bc93e7d384d6ef0059b5d7ad

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3542
Cache-Control: max-age=135864
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:39 GMT
Etag: "63cfadc5-117"
Expires: Thu, 26 Jan 2023 11:06:03 GMT
Last-Modified: Tue, 24 Jan 2023 10:07:01 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

76588848f71a5e2fade9adaaee0ecc10

92a48f5b0cf3ff43ba41e34ccbd483fc364d0315

02290b4e002ac2ac50475e586610a45adc5b29c0f43b556eb2a208d2dbb6402d

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5992
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:39 GMT
Last-Modified: Tue, 24 Jan 2023 19:41:47 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

54.230.245.39:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

332b4a6bc4d9a614dc34f5435c92de3a

fef47933e1b32260b8b3d204d2b3f3ded56eccd5

a558edc67895cf608a159394a3152e9e6d691f695dd1452b231b167a2d05ddf8

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154300
Date: Tue, 24 Jan 2023 21:21:39 GMT
Etag: "63d0039f-1d7"
Expires: Thu, 26 Jan 2023 16:13:19 GMT
Last-Modified: Tue, 24 Jan 2023 16:13:19 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sRVqF-ctaemq2ELG_KcKsoV-v8Yn4XV_cxgsAhEkk8-_7NoI3MJ0jA==

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

cc2b9a26cf016c0cf9e73531f6004051

408990c14ea8af4c979a277da755c89771672356

36e955bd017c3febc7623ad388bb260757294ca612b94ae5417de6cc04073a82

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

54.230.245.39:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

332b4a6bc4d9a614dc34f5435c92de3a

fef47933e1b32260b8b3d204d2b3f3ded56eccd5

a558edc67895cf608a159394a3152e9e6d691f695dd1452b231b167a2d05ddf8

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Tue, 24 Jan 2023 21:21:39 GMT
Etag: "63ceb21e-1d7"
Server: ECS (dcb/7EA5)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Jn7eETz9xqo_FDfTjOX5Vo71-XvgmU4WuQhGhCT0PD5viXkG6d56VQ==

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

#1 JS:Script (size: 6537)

#2 JS:Script (size: 131474)

#3 JS:Script (size: 3461)

#4 JS:Script (size: 552)

#5 JS:Script (size: 3080)

#6 JS:Script (size: 799)

#7 JS:Script (size: 546)

#8 JS:Script (size: 115763)

#9 JS:Script (size: 484)

#10 JS:Script (size: 58623)

#11 JS:Script (size: 2039)

#12 JS:Script (size: 747)

#13 JS:Script (size: 7722)

#14 JS:Script (size: 33280)

#15 JS:Script (size: 348)

#16 JS:Script (size: 13837)

#17 JS:Script (size: 128363)

#18 JS:Script (size: 884)

#19 JS:Script (size: 344)

#20 JS:Script (size: 642)

#21 JS:Script (size: 0)

#22 JS:Script (size: 810)

#23 JS:Script (size: 1058)

#24 JS:Script (size: 333)

#25 JS:Script (size: 219285)

#26 JS:Script (size: 466)

HTTP Transactions (209)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1