id9271-trackups.servehttp.com/
162.241.124.229302 Found 0 B URL HTTP/1.1 id9271-trackups.servehttp.com/
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET / HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 09 Feb 2023 01:50:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b; path=/
location: Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4542
Expires: Thu, 09 Feb 2023 03:05:50 GMT
Date: Thu, 09 Feb 2023 01:50:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12876
Expires: Thu, 09 Feb 2023 05:24:44 GMT
Date: Thu, 09 Feb 2023 01:50:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 01:34:15 GMT
content-type: application/json
age: 953
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16064
Expires: Thu, 09 Feb 2023 06:17:52 GMT
Date: Thu, 09 Feb 2023 01:50:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JzZSV7kqHIsdNpzYQ5pfz62NcJKW/UJAxWKdY9OlARv09rtphqeRXtcWIYWE96ARblY9HJ/YzLXD0brrLAY0ig==
x-amz-request-id: HX3JF7VT0T251CW2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 01:46:11 GMT
age: 237
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 01:50:08 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
162.241.124.229200 OK 22 kB URL HTTP/1.1 id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (339), with CRLF line terminators
Hash 6cf0fead674c53094980397e5fe3a11c
e0c31d1825d00749e1d6d0527642b73627f7d407
7eb7ed5e1a43d62e8012861061c6ad8602d514ec4ac89b7d305d3dc3ab746069
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
id9271-trackups.servehttp.com/us_assetz/css/css.css
162.241.124.229200 OK 6.8 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/css/css.css
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1774), with CRLF line terminators
Hash 04e8a120dde7249f3c9167465ec654e0
f36f6283385aca9a885eca237c33d4f4afd184d5
d7c386848e3e41f2e3c8f38613bb8c456a710c2159e20f8466e0b23e0e50015e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/css/css.css HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:07 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 6828
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 00:51:21 GMT
age: 3527
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
id9271-trackups.servehttp.com/us_assetz/css/ups_0021.css
162.241.124.229200 OK 111 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/css/ups_0021.css
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size 111 kB (110745 bytes)
Hash 96ec416a6e4dc3efd4851553260df107
76c7dc20579e28febcede120bbaaaaad19e29372
7b9d3bb05c7bb49a2680609ff320fe6526b0cec48f2a0f8c580355352d54cf5d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/css/ups_0021.css HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:07 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 110745
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
id9271-trackups.servehttp.com/us_assetz/js/mask.js
162.241.124.229200 OK 23 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/js/mask.js
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash a1fb4aaee1dcbfd24e6ec0fd67ab9645
77558a30ff578aeb671e2bdb574df166751aa487
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/js/mask.js HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:07 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 23177
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3803
Expires: Thu, 09 Feb 2023 02:53:32 GMT
Date: Thu, 09 Feb 2023 01:50:09 GMT
Connection: keep-alive
id9271-trackups.servehttp.com/us_assetz/css/ups1.css
162.241.124.229200 OK 235 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/css/ups1.css
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (65495), with no line terminators
Size 235 kB (234613 bytes)
Hash 812b4af20c1b783f0725fc004732aa83
99bdc407f7b9eba27a2f3444165a92696baeaf0e
28daf19b1d0bef89f2388ebb2e9d9f44abbdd5ee9894515e5b774b5bcbc1dfbb
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/css/ups1.css HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:07 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 234613
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
id9271-trackups.servehttp.com/us_assetz/js/jquery.js
162.241.124.229200 OK 272 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/js/jquery.js
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Size 272 kB (272153 bytes)
Hash 2ac898daf1837381b1264cdb792319ba
532496df4622a43699ee57b612180a21aedad065
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/js/jquery.js HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:07 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 272153
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
id9271-trackups.servehttp.com/us_assetz/img/ups-logo.svg
162.241.124.229200 OK 2.0 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/img/ups-logo.svg
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1964), with no line terminators
Hash d0844ff2e7a14df3ea3ab44e655954df
1fc8335cbae890c2cbac90dd6ab87014583bb9cd
9f5ae3f644595dc6c5aa69ae618a108102bb62e1a38a50b89fd7af1b8ffe5eae
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/img/ups-logo.svg HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:08 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 1964
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
push.services.mozilla.com/
52.25.69.156101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.25.69.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dUzvow3+WIFJi1RArF3Vqg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wfno0c42uX89SqeK2KORwNpnEiE=
id9271-trackups.servehttp.com/us_assetz/fonts/Roboto-Medium.woff
162.241.124.229200 OK 94 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/fonts/Roboto-Medium.woff
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 94364, version 2.137\012- data
Hash 7350337b673e86f2d62ee0eb5761e1e2
eb11f6c75c34069217cc1692d00e8ac3945c8a3d
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/fonts/Roboto-Medium.woff HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/us_assetz/css/ups1.css
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:08 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 94364
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff
id9271-trackups.servehttp.com/us_assetz/images/social.jpg
162.241.124.229404 Not Found 315 B URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/images/social.jpg
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/images/social.jpg HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/us_assetz/css/ups1.css
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 404 Not Found
Date: Thu, 09 Feb 2023 01:50:08 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
id9271-trackups.servehttp.com/us_assetz/img/20220401-JTBD-US-MAEVE.webp
162.241.124.229200 OK 42 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/img/20220401-JTBD-US-MAEVE.webp
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash 053f88f3256fa1b029ea33cec4944698
1afe94f1d8b47db35c9eda2144fab72384e51805
fe27203a5bf4ec6df5e01fcaa14cad6376afd0adbe5aca73b282fbdc85cb536b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/img/20220401-JTBD-US-MAEVE.webp HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:08 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 42494
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/webp
id9271-trackups.servehttp.com/us_assetz/fonts/Roboto-Bold.woff
162.241.124.229200 OK 27 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/fonts/Roboto-Bold.woff
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 26564, version 1.0\012- data
Hash 849fd0ec4277f2e8ee9ebe2753a30edd
ebcff6b5216b7cfdacc058ab35023c6f9bd6f286
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/fonts/Roboto-Bold.woff HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/us_assetz/css/ups1.css
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:08 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 26564
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff
id9271-trackups.servehttp.com/us_assetz/fonts/Roboto-Regular.woff
162.241.124.229200 OK 94 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/fonts/Roboto-Regular.woff
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 93784, version 2.137\012- data
Hash 1cfd1aa3b4fe4bba10c132acea9985af
4edccc73318b8d3f6dee84f934063ea52644ed0f
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/fonts/Roboto-Regular.woff HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/us_assetz/css/ups1.css
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:08 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 93784
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff
id9271-trackups.servehttp.com/us_assetz/img/favicon.ico
162.241.124.229200 OK 2.2 kB URL HTTP/1.1 id9271-trackups.servehttp.com/us_assetz/img/favicon.ico
IP 162.241.124.229:0
ASN #46606 UNIFIEDLAYER-AS-1
File type MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel\012- data
Hash afd13e52f285793f5eaa266c12a19abe
4b71098176443981be65286ec864b12ebc233f81
9ca2236bb4ec1714e173cecb6bcc95c82e12df204c7d4c87fe4b9f01135efce8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
openphish UPS
NIDS Severity Alert suricata medium ET INFO HTTP Connection To DDNS Domain Servehttp.com
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain
GET /us_assetz/img/favicon.ico HTTP/1.1
Host: id9271-trackups.servehttp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://id9271-trackups.servehttp.com/Find?sslchannel=true&sessionid=mlDzKuxNbYuVdwGydIk2b5j6PhoFgxmnB8M0VXZrTbknBtTYJtPQE8ahqsYq9FmvUXE1MjAnXXtOPbPr6xfsXJ06yuIurT9NdwpHNYaj5lxP6YO9MOImwcJqcdZWm7kHcu
Cookie: PHPSESSID=a72f567fb630a3d447261d741c1ec88b
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 01:50:08 GMT
Server: Apache
Last-Modified: Mon, 27 Jun 2022 09:34:16 GMT
Accept-Ranges: bytes
Content-Length: 2238
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/x-icon
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9278
Expires: Thu, 09 Feb 2023 04:24:48 GMT
Date: Thu, 09 Feb 2023 01:50:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9278
Expires: Thu, 09 Feb 2023 04:24:48 GMT
Date: Thu, 09 Feb 2023 01:50:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9278
Expires: Thu, 09 Feb 2023 04:24:48 GMT
Date: Thu, 09 Feb 2023 01:50:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:41:28 GMT
age: 47322
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce710ab5746832fe637fada3e6d63abf
d545c85d4a8cf92dc8b88db0a056623d1ef7a943
40bae4a2fb9dd60e9339d15ad0838f3ca83b5b6275c35cd22878b6783fcd6247
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: c3dabd4b-797b-4bbe-8824-5f502ff477b0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2aG-IoAMFfnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf5-68de905b2ed5bfe46a87e688;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CsMWJP4A64pbv9jhvJkyNF2SU7gQEIkQ5xWBlSVSlGjlfz9O0dkPGQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 03:38:47 GMT
age: 79883
etag: "d545c85d4a8cf92dc8b88db0a056623d1ef7a943"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnbG_CYddidhGlygFinwMyN81eHxP_vRzxsm7QBIAJzFqwaKTt-POQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:44 GMT
age: 15326
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6c45da743665658afcfbf2309e1594b
04d025452dcec571f3eb6068499290d86e0c4c30
3ddfcf83ea18ba20700364c7095750a142a15575c988ba5688ed2f4dbbba4ee8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6471
x-amzn-requestid: ab4c8119-a2f0-4b3d-bbed-b34c5a0a7a30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiGaGsjoAMFmZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e416f5-7298e0530bee8f997b552e6e;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:41:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b74bFyh7eYS-pBQhcW3BItLbjUzmTdCMoKd_lpXXwqVWyfhfdKUP0A==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:46:24 GMT
age: 14626
etag: "04d025452dcec571f3eb6068499290d86e0c4c30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b11f9f70f5e8af4de6d9fc5b9f50ccbe
753cb08c3f8c7c0750d113253790a08db01986bc
d4b77ba995ea274fd169fc9bc66919b23e72a8edb88d6184bf3d7f3ab398c645
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11036
x-amzn-requestid: 4bd4976c-9500-4d6d-a447-dd2873987d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswexHCYIAMFzag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-61d430202cbbf52823f38c49;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1mDt4mKlkZG2_zBPhwB_lbzJ0Im0FlnjmJMa7gcopuv14gwqtwlA2w==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
age: 15333
etag: "753cb08c3f8c7c0750d113253790a08db01986bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc553a8677d9c0bf4835a0c29a7345c
ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8
e821faf86e44f2b9c9d5bd8cd3575c0a99acfc58774077034c413e345a7c0c0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7451
x-amzn-requestid: a900a5b4-85cd-4817-8e70-2516eb33a0a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fox8IHMuIAMFdHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c9e7-1122726b315a7c5623d1ff3f;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 02:09:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JFPF2xZJ9QIqJbOEjTi5gt2aflnM9HVaWp8FpRAIIeDf59cJzbp6kw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:46:36 GMT
age: 14614
etag: "ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2