Overview

URL du-wizards.com/raw0rbp9s.rar
IP66.206.25.59
ASNHVC-AS
Location Germany
Report completed2022-07-05 17:52:34 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-07-05 2 du-wizards.com/raw0rbp9s.rar Malware
2022-07-05 2 du-wizards.com/raw0rbp9s.rar Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Added / Verified Severity Host Comment
2022-07-05 2 du-wizards.com Sinkholed
2022-07-05 2 du-wizards.com Sinkholed


Files

No files detected



Passive DNS (9)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] use.fontawesome.com (1) 942 2017-01-30 04:43:25 UTC 2022-07-05 05:07:44 UTC 172.67.169.247
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-07-05 10:44:38 UTC 93.184.220.29
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-07-05 05:12:14 UTC 52.40.216.187
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 143.204.55.115
[Mnemonic Passive DNS] r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-07-05 04:59:43 UTC 23.36.77.32
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-07-05 05:12:14 UTC 143.204.55.110
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-07-05 12:56:13 UTC 34.120.237.76
[Mnemonic Passive DNS] du-wizards.com (2) 0 2019-07-19 01:58:42 UTC 2021-12-19 03:52:38 UTC 66.206.25.59 Unknown ranking


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 66.206.25.59

Date UQ / IDS / BL URL IP
2022-08-05 12:35:58 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-08-03 14:28:11 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-08-02 16:19:12 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-26 16:19:03 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-25 16:17:40 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-24 16:16:37 +0000
0 - 0 - 6 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-23 16:17:23 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-22 16:18:32 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-21 16:19:13 +0000
0 - 0 - 2 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-20 16:18:45 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59

Last 10 reports on ASN: HVC-AS

Date UQ / IDS / BL URL IP
2022-08-09 13:40:22 +0000
0 - 0 - 27 mendoncacaporici.com.br/utarchitecto/severe-3 (...) 162.254.149.227
2022-08-09 13:40:07 +0000
0 - 0 - 44 www.centerplastic.com.br/doc/90r/eM9/NCQ/KmJ3 (...) 162.220.61.50
2022-08-09 13:40:02 +0000
0 - 0 - 44 www.centerplastic.com.br/doc/dMY/UwG/xXV/e1Gm (...) 162.220.61.50
2022-08-09 13:11:31 +0000
0 - 0 - 2 vtlg.me/lib/login.php 23.29.117.114
2022-08-09 12:28:03 +0000
0 - 0 - 3 https://noonimpex.com/aotmw46nn.zip 217.79.245.244
2022-08-09 12:27:13 +0000
0 - 0 - 3 noonimpex.com/aotmw46nn.zip 217.79.245.244
2022-08-09 12:24:35 +0000
0 - 0 - 3 thegift.live/invoice_payment.zip 23.111.138.149
2022-08-09 12:17:23 +0000
0 - 0 - 1 https://tradingview-brokers.learnforcareer.co (...) 107.155.93.134
2022-08-09 12:17:15 +0000
0 - 0 - 4 https://faai-international.com/dahp7znyk.jpg 217.79.245.244
2022-08-09 11:39:14 +0000
0 - 0 - 3 https://ctmibd.com/admin/uploads/Ghfthjjkg.exe 162.213.196.2

Last 10 reports on domain: du-wizards.com

Date UQ / IDS / BL URL IP
2022-08-05 12:35:58 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-08-03 14:28:11 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-08-02 16:19:12 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-26 16:19:03 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-25 16:17:40 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-24 16:16:37 +0000
0 - 0 - 6 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-23 16:17:23 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-22 16:18:32 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-21 16:19:13 +0000
0 - 0 - 2 du-wizards.com/raw0rbp9s.rar 66.206.25.59
2022-07-20 16:18:45 +0000
0 - 0 - 5 du-wizards.com/raw0rbp9s.rar 66.206.25.59


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (19)


Request Response
                                        
                                            GET /raw0rbp9s.rar HTTP/1.1 
Host: du-wizards.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         66.206.25.59
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Tue, 05 Jul 2022 17:52:21 GMT
Server: Apache
Location: https://du-wizards.com/raw0rbp9s.rar
Content-Length: 244
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   244
Md5:    4ae53d3b9365649c1d6cbb8b5fa09e92
Sha1:   29256bab8406ebe7807e01c6117dd99871aa400e
Sha256: 0890a124f890d83a23e25c2eba4c44fbb7d0e43ccc702cf2b7f1e21d5ddb5090

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 05 Jul 2022 16:55:24 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kIXndYYwVLBNtJ4r1p6zYh-bBSCihpeJ3FIrcCegrsqQab1S7s7FKw==
Age: 3417


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5CA12512DFBE8A007255191678A4ECD570026D865AE741C0D3025D8FE1A58659"
Last-Modified: Mon, 04 Jul 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10620
Expires: Tue, 05 Jul 2022 20:49:21 GMT
Date: Tue, 05 Jul 2022 17:52:21 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Tue, 21 Jun 2022 12:10:22 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 05 Jul 2022 03:26:45 GMT
etag: "581454acdd98f34fd3fbabd0977ade29"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: C2pQqVUYVlvOnNN9CsdvadybuXGzIowHIzkz2WUFjghQSvaQLHImdg==
age: 51937
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    581454acdd98f34fd3fbabd0977ade29
Sha1:   d8d86c0b513137aeb85de01cea7b272c35eb6ab4
Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
                                        
                                            GET /raw0rbp9s.rar HTTP/1.1 
Host: du-wizards.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         66.206.25.59
HTTP/2 302 Found
                                        
location: https://du-wizards.com/cgi-sys/suspendedpage.cgi
content-length: 232
content-type: text/html; charset=iso-8859-1
date: Tue, 05 Jul 2022 17:52:21 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   232
Md5:    a311f108f0380a9b9f9b7d6cb6830520
Sha1:   37e27380281d8981d93e8f423e5b4f2d4ee7eb4a
Sha256: c4b09b726bdc308736fc7d7ebdc84f34fbdcb409e965ffeae3c665e1e257ef2e

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Tue, 05 Jul 2022 17:52:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /releases/v5.0.6/css/all.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://du-wizards.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.169.247
HTTP/2 200 OK
                                        
date: Tue, 05 Jul 2022 17:52:22 GMT
content-type: text/css
x-amz-id-2: kolV4J3F+xkkhQ14Qo6NDLGtxU6eYIYyMxT3B8LQiyGaHOBuK4GeVd9tlHs5Z99VLwlwXMVrHEc=
x-amz-request-id: F06F1PVA2VMKCA6V
last-modified: Wed, 30 Jun 2021 15:27:49 GMT
etag: W/"42eaa52604673b64d6b356c2fd7f87e3"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2490237
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uksiTJaVxkKXgoQe%2BLt7PfBMbASTSVuR3E%2B5pgQoIQkwJeh2S6a6wznggJzwS9JuisnN8a1mp3DeVGhnyGPnnewTD9ek%2BGZ2zw4PBmFTF3IYViSlzeCNciSxjir7GDa13yCYWxGh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7261f4398f38b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (34556)
Size:   7858
Md5:    b3b64ccfd2c9a763fb4ca50b7a25a850
Sha1:   df2a7dd4301401dfb4b7d3a28639b81ea4e59130
Sha256: 1265fb716f6a0ce5d824a51e28b5d1dfc7e3feb068a015799f68eaeb9e350e60
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Content-Type, Last-Modified, Alert, Backoff, Pragma, Expires, Content-Length, Cache-Control
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 05 Jul 2022 17:43:56 GMT
Cache-Control: max-age=3600
Expires: Tue, 05 Jul 2022 17:50:31 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FAqWb8DUPWdP38_-ro_le7VT0t4lH9dLNE8135Sn8sOubJSqt8miuw==
Age: 1046


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3589
Cache-Control: 'max-age=158059'
Date: Tue, 05 Jul 2022 17:52:22 GMT
Last-Modified: Tue, 05 Jul 2022 16:52:33 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: batMErLnt0ig2MyA6JYbqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.40.216.187
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oxoZBKcf+nMtMM3H2zXv03hKxz4=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4237
Expires: Tue, 05 Jul 2022 19:03:01 GMT
Date: Tue, 05 Jul 2022 17:52:24 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4237
Expires: Tue, 05 Jul 2022 19:03:01 GMT
Date: Tue, 05 Jul 2022 17:52:24 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4237
Expires: Tue, 05 Jul 2022 19:03:01 GMT
Date: Tue, 05 Jul 2022 17:52:24 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8718223e-bfad-403b-ae83-afcbd382cadb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8241
x-amzn-requestid: cdabcbe8-5936-4547-8278-8bf49c07bcaf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UwulYF-SoAMF_yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c35e22-7591d2de58e1fb0006aff5e8;Sampled=0
x-amzn-remapped-date: Mon, 04 Jul 2022 21:39:46 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ATEY5g5HAC5x9ql6ofrkFBpjZujElOfZHETPOjiyn4u-B7g4Y8phlw==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 04 Jul 2022 21:56:13 GMT
age: 71771
etag: "90312a1902b10dc375f39a9e1ef8961c33c0be7d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8241
Md5:    30f549fff99dd7275484446f9ab89baf
Sha1:   90312a1902b10dc375f39a9e1ef8961c33c0be7d
Sha256: f17fcd3a8abf75b88cbafef88d1b86d8fb6ef2e500b7320cf4069049a6352b95
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82c6fe48-cad7-447d-af08-03e130a67792.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 12087
x-amzn-requestid: 7cd842af-cbdd-46fd-94b0-f67895c350b0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Uq50KFMfoAMF8rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c109b4-77eb5e3e5c01f25f6bf926ee;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 03:15:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IrVx1Jws840puxW9CzRHUIiEm7tU004lUmBOVLaw-ll_hLEwsIJAzg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 04:11:48 GMT
age: 49236
etag: "01263eb9c35561bb52cf79d480533392179ad5e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12087
Md5:    17f863b2083b5221101950ac034a828f
Sha1:   01263eb9c35561bb52cf79d480533392179ad5e1
Sha256: 927ad484ccdacdd0d3cf0e7d9a9d4889b6d10613e52095c21c5936002a7e1ff8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ab971d9-6cfa-459f-978d-a4ff8d5ece46.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6634
x-amzn-requestid: 044e1960-1137-4282-9cc6-d6cf00fe201a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Uk3d6G-coAMF0KQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62be9f8c-585927711b24e49f6fed10cf;Sampled=0
x-amzn-remapped-date: Fri, 01 Jul 2022 07:17:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zDETqGS7kDPcCK9IUOp4jSmgJBYQztUp2OLGKUW4602cip9SdUdTmA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 07:28:42 GMT
age: 37422
etag: "2bd1a129bdf34ac79d6eb084a54e625ca9cdf84e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6634
Md5:    6fda94b99fcbd70c8154ab55e69b54ee
Sha1:   2bd1a129bdf34ac79d6eb084a54e625ca9cdf84e
Sha256: 77477945f0d6592d5509bf2d8b4c8b0533f897835cfef90a47d782d31096f176
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd06fa81-5ac9-4295-806a-c831c401721a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 4200
x-amzn-requestid: 2d5e08fb-e811-4d46-b6a6-234708fa21ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Up-c9G8woAMFfGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c0aab9-781b80882f892d46750460a0;Sampled=0
x-amzn-remapped-date: Sat, 02 Jul 2022 20:29:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _UTBzOCy8fX5BNktSzjbIo_0XiGySNSeo4t34pja9WYv1CuM_hygSA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 08:40:06 GMT
age: 33138
etag: "245248a8bb7e566cfc35aaa1e83f2d9afdeb2990"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4200
Md5:    3869b8128e7d8a9f23ba26aabe4c718a
Sha1:   245248a8bb7e566cfc35aaa1e83f2d9afdeb2990
Sha256: 582f5382cb70f10b65794e8042fc0cbee11b11f030be39c87c7e2dc167622747
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b5149e9-33ff-4147-bde2-5c16d2c85400.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 9130
x-amzn-requestid: 7a6e4330-591e-41aa-a8fc-2eb50ef7b9dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UorLgE9UIAMFlSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c0257c-541a0e3d218259623aceb2d1;Sampled=0
x-amzn-remapped-date: Sat, 02 Jul 2022 11:01:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jNnq1HnAUaS4IEFZtJJMK0Fy9C9QYwp77_FnpN5FJkF55RY5ukQDQw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 05:54:45 GMT
age: 43059
etag: "bad0f6fef090a81fd10ef57575424f76b9e73b85"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9130
Md5:    a0c68898cc187df82b25edc852693e9a
Sha1:   bad0f6fef090a81fd10ef57575424f76b9e73b85
Sha256: fedb62c5c89e162540d34eb50f20b2c5b59f100c69e302105b26f90528ec1d01
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F431f287f-9907-47aa-be38-0ff4e6db75fc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8553
x-amzn-requestid: 2c1e16d1-357b-493e-bcf7-b4de1a34757f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Utd8tEKYIAMFbmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c21051-7382cb3050c6f13d70dd3706;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 21:55:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QbUfJjPZPpKjVFzyb0NlS-aXRVWIs4MBDiR_3pNde5dAn7f097K8Lg==
via: 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 03:11:52 GMT
age: 52832
etag: "303f4efaa9b98e39a935fc6514d3731d40d2977c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8553
Md5:    e6f97e6b64100081e8bed56216564854
Sha1:   303f4efaa9b98e39a935fc6514d3731d40d2977c
Sha256: 92dd803f1633bd65a2b4ac3223d8aa93dd55ed64c74b338aff62323585a3623c