r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4cbb89840b57466fcbc0b31305c9dc47
c2c08a7a243a3f7972e8068c448488cac6d2519f
5f871ffd142470f132fed1c93f5f1a7fe6a5ecc3b4311d3d47555fce1d9a35f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F871FFD142470F132FED1C93F5F1A7FE6A5ECC3B4311D3D47555FCE1D9A35F1"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2769
Expires: Mon, 19 Dec 2022 02:57:33 GMT
Date: Mon, 19 Dec 2022 02:11:24 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 460af93786e1eaa666f135e6c3fdc634
bc8aeba36225c79718f5de73d79928fe817c5490
471f4e7ae29bcf6ba1f749c0f5d4ab446cebfac5aa80c3e19c6edf21be456eb5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "471F4E7AE29BCF6BA1F749C0F5D4AB446CEBFAC5AA80C3E19C6EDF21BE456EB5"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19285
Expires: Mon, 19 Dec 2022 07:32:49 GMT
Date: Mon, 19 Dec 2022 02:11:24 GMT
Connection: keep-alive
s.eskus-rczaou.icu/jp.php
143.198.99.135301 Moved Permanently 309 B URL HTTP/1.1 s.eskus-rczaou.icu/jp.php
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3394c0a89d3e6b729d8787e555bed6e4
06ec6fd4135993bcc652a5600061be10bd5749bc
627c6ad2ae461f199a1797273bad45e627156cab591c5b559107824559338d99
GET /jp.php HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 19 Dec 2022 02:11:24 GMT
Server: Apache
Location: https://s.eskus-rczaou.icu/jp.php
Content-Length: 309
Connection: close
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 555fc6e99ad3bf077d1c4b9b805e428d
4e800fc8e809a950288df0e94992084647762561
fac00cada519279717e2a13528cb202d292fc92ed5eb42782c41f8e7b9509eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAC00CADA519279717E2A13528CB202D292FC92ED5EB42782C41F8E7B9509EAF"
Last-Modified: Fri, 16 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9438
Expires: Mon, 19 Dec 2022 04:48:42 GMT
Date: Mon, 19 Dec 2022 02:11:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 19 Dec 2022 01:34:20 GMT
content-type: application/json
age: 2224
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zBkBqHmTzUHtT9NfIYnHJHzQVcgaqqODOJhqw+yFf5Bh+Zq5Fcl9QKlqeU9czUMhVuyNVHOte58=
x-amz-request-id: PHAN12JED3J0SS01
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 19 Dec 2022 01:54:22 GMT
age: 1022
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 02:11:24 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 780ac81aea8d51651b949eed1a2a05c5
e704de21ff5c40ec599862c5dee89ec23c6aa768
e928c221dc31ce112fd50a254151c25a6af72acdad11b6d20e9187e7d24b27c9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E928C221DC31CE112FD50A254151C25A6AF72ACDAD11B6D20E9187E7D24B27C9"
Last-Modified: Sun, 18 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2825
Expires: Mon, 19 Dec 2022 02:58:29 GMT
Date: Mon, 19 Dec 2022 02:11:24 GMT
Connection: keep-alive
s.eskus-rczaou.icu/jp.php
143.198.99.135200 OK 597 B URL HTTP/2 s.eskus-rczaou.icu/jp.php
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 92187efd6755a2f3725461ca90a4de69
c5173571764ea1205dce7346d8d8ae0e8001cc6b
60a181181bb7fb0a92bec361a123ffd566fa52b873df66a3e5292da5bb966cd6
GET /jp.php HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; path=/
_amkc=763878e9-c06e-4372-8571-42accc2d7117; expires=Mon, 19-Dec-2022 02:36:24 GMT; Max-Age=1500; path=/; domain=s.eskus-rczaou.icu
62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Mon, 19-Dec-2022 02:36:24 GMT; Max-Age=1500; path=/; domain=s.eskus-rczaou.icu
vary: Accept-Encoding
content-encoding: gzip
content-length: 597
content-type: text/html; charset=UTF-8
date: Mon, 19 Dec 2022 02:11:24 GMT
server: Apache
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 19 Dec 2022 02:08:00 GMT
age: 204
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0bc27cdcd6c42d7f8eece6c074bc452f
ff1234b58f7381f51f9082c1ef4894b1ac5700ff
672fc3b7ba7ee7a8b376c73a86a5bab00b1a1aead54c3ca64c0bff83d831348e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3516
Cache-Control: max-age=114843
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 02:11:24 GMT
Etag: "639ed82b-1d7"
Expires: Tue, 20 Dec 2022 10:05:27 GMT
Last-Modified: Sun, 18 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
s.eskus-rczaou.icu/vendor/vendor.23238u92u82.js
143.198.99.135200 OK 1.9 kB URL HTTP/2 s.eskus-rczaou.icu/vendor/vendor.23238u92u82.js
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (325), with CRLF line terminators
Hash 7ca50ba65dff02b9c1fdc7dfc12151be
6c6c921082ff698e1596e48d4b857ad464fddc52
5560969a92b6346ddbc4f3473895be53bfc1f14309d5811595ea2428197658bd
GET /vendor/vendor.23238u92u82.js HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/jp.php
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=763878e9-c06e-4372-8571-42accc2d7117; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Jun 2022 20:31:10 GMT
etag: "1375-5e1aaa277bf80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1907
content-type: application/javascript
date: Mon, 19 Dec 2022 02:11:24 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/index.php?t=9db0c82a16e8dce71e4802eb1cefda7715ed43b86aa8f2b5071bcbff317f93f0
143.198.99.135200 OK 2.4 kB URL HTTP/2 s.eskus-rczaou.icu/index.php?t=9db0c82a16e8dce71e4802eb1cefda7715ed43b86aa8f2b5071bcbff317f93f0
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4521), with CRLF line terminators
Hash 46c7cadb4b65914fc7f0ac63d3d42b47
728d7c7c5985b33875b988b7e41d5b32b28ec40a
1f333692a73892fb03d80a407da46f5dd0f0c898ef83ac3bdaa72448ff8b3c42
GET /index.php?t=9db0c82a16e8dce71e4802eb1cefda7715ed43b86aa8f2b5071bcbff317f93f0 HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/jp.php
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=763878e9-c06e-4372-8571-42accc2d7117; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _amkc=8ff634eb-3eab-4889-b7ca-88ba54274918; expires=Mon, 19-Dec-2022 02:36:25 GMT; Max-Age=1500; path=/; domain=s.eskus-rczaou.icu
62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Mon, 19-Dec-2022 02:36:25 GMT; Max-Age=1500; path=/; domain=s.eskus-rczaou.icu
vary: Accept-Encoding
content-encoding: gzip
content-length: 2408
content-type: text/html; charset=UTF-8
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.202.70.174101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.202.70.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GQ0EBYespYlF3k13eZgqsA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +PXidfyEHYaW2FGzUOrupSVJEjA=
s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
143.198.99.135200 OK 4.2 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (335)
Hash d813359262777bb1b38ee0b5965ed4c5
2556529d01001b6c5c1fde00695c869a446ebca7
20a922abef6bf97ed00cc5fbe067fad0e0ad2ee66f9a6c421a4c9cc217d00beb
GET /eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1 HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/index.php?t=9db0c82a16e8dce71e4802eb1cefda7715ed43b86aa8f2b5071bcbff317f93f0
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=8ff634eb-3eab-4889-b7ca-88ba54274918; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; expires=Mon, 19-Dec-2022 02:36:25 GMT; Max-Age=1500; path=/; domain=s.eskus-rczaou.icu
vary: Accept-Encoding
content-encoding: gzip
content-length: 4205
content-type: text/html; charset=UTF-8
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/css/member.css
143.198.99.135200 OK 3.2 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/css/member.css
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 3b3cbb50579158c3c77b1cc18a11341e
98f4997ef469f58734e73ad77a6db53ff40bf084
9f8e4372d78eb1d492d71dfdccee1ee56b4542a9f5dd6b8c8638d1f58e32a123
GET /eki_ap/css/member.css HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "4fe7-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3214
content-type: text/css
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/css/module.css
143.198.99.135200 OK 10 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/css/module.css
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c753a1433bb155c2150e696e10fdb810
4a752f90c25331701e9140070dadb3d78e30f3e1
2b613690fa86026b41b2642e864725e78b54e73e6c0dffbcede8693dac379db5
GET /eki_ap/css/module.css HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "12779-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 10179
content-type: text/css
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/css/common.css
143.198.99.135200 OK 15 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/css/common.css
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 0e6ba791463f12c93e466986bab70ca9
50b509bfc228363639eb4e06792d254aa5dbb45d
5ce91962f1cae041faf58aee72a13b88e443965e8ab71c23c1aaa82e4fd6b76f
GET /eki_ap/css/common.css HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "1e065-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 14629
content-type: text/css
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/css/style.css
143.198.99.135200 OK 6.6 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/css/style.css
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c7bed20defe58bf1067038da11c627a8
f1c2035e8f6d01070b2ee00c2a418f18ad5d861b
dc4c5f1d4fb3186ac78e4e1ec23cfd04be738ef409abbbae271f6a6c6c89d33d
GET /eki_ap/css/style.css HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "9a27-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6590
content-type: text/css
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/css/load_font.css
143.198.99.135200 OK 324 B URL HTTP/2 s.eskus-rczaou.icu/eki_ap/css/load_font.css
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 59aac5e27f11efa332837e0be33ddf39
2be90ed04ef327a3e22a066325da5fbf8de7ffab
02f38a24379735f477735e69951cb7b613957fc721bed4f4a7c4f80b1a8db02d
GET /eki_ap/css/load_font.css HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "312-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 324
content-type: text/css
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/images/logo_ekinet.png
143.198.99.135200 OK 7.5 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/images/logo_ekinet.png
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 186 x 52, 8-bit/color RGBA, non-interlaced\012- data
Hash 993c5429eae331230c45b6c12fa1cf01
bf068822793fab34c4c84dbfea9442f94ac69e4e
3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/logo_ekinet.png HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "1d38-5ea9973029c00"
accept-ranges: bytes
content-length: 7480
content-type: image/png
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/images/logo_jreast.png
143.198.99.135200 OK 2.9 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/images/logo_jreast.png
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 88 x 68, 8-bit/color RGBA, non-interlaced\012- data
Hash 5dc3fb68ca54c0446848c5786df4063c
a459d4dddd3b2c788883ef9d07add9640a49330b
ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/logo_jreast.png HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "b5d-5ea9973029c00"
accept-ranges: bytes
content-length: 2909
content-type: image/png
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/css/top_searchparts.css
143.198.99.135200 OK 13 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/css/top_searchparts.css
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 75715fbe0652f8c6e47f1b463ac8ea55
e49891237351269ddd016a362ce10ac48cce1777
c178a06d3de547c705bab9e9bdfa45c5770b3f8395f86f572f3e10a1d2c05b4e
GET /eki_ap/css/top_searchparts.css HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "1db4d-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12592
content-type: text/css
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/images/icon_linkblank-1.png
143.198.99.135200 OK 166 B URL HTTP/2 s.eskus-rczaou.icu/eki_ap/images/icon_linkblank-1.png
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 73c445fe98114a16d3d453a359f24e48
5a987bf2d56d11b069d788d512f869431566b5bc
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/icon_linkblank-1.png HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "a6-5ea9973029c00"
accept-ranges: bytes
content-length: 166
content-type: image/png
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/images/icon_linkblank.png
143.198.99.135200 OK 166 B URL HTTP/2 s.eskus-rczaou.icu/eki_ap/images/icon_linkblank.png
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 73c445fe98114a16d3d453a359f24e48
5a987bf2d56d11b069d788d512f869431566b5bc
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/icon_linkblank.png HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "a6-5ea9973029c00"
accept-ranges: bytes
content-length: 166
content-type: image/png
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/images/icon_input_ok.png
143.198.99.135200 OK 3.2 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/images/icon_input_ok.png
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash a4a91639d8d3d804985fef75e1fbb4cc
152f6d800881c85bdce965cf204856d954d74bec
d4d96a513c50320d375f5cb8c1c4f52d6ba868b6ffafec5f451deb8dc9ef05f4
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/icon_input_ok.png HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "c9d-5ea9973029c00"
accept-ranges: bytes
content-length: 3229
content-type: image/png
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/favicon.ico
143.198.99.135200 OK 1.5 kB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/favicon.ico
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type MS Windows icon resource - 5 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 3608d6a8aa4edf7951916f3dfa82ca3c
7d0dc0f86f876a12b1b491cf78916f660fcbcf01
b790e2b436991d81dfba3ee03342515d4ccb5564bc274900ec7ec425e2d33ae4
GET /eki_ap/favicon.ico HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 22:48:24 GMT
etag: "231e-5eaa1d7295e00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1532
content-type: image/x-icon
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/fonts/notosanscjkjp-bold_subset.woff
143.198.99.135200 OK 548 B URL HTTP/2 s.eskus-rczaou.icu/eki_ap/fonts/notosanscjkjp-bold_subset.woff
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 370e16c3b7dba286cff055f93b9a94d8
65f3537c3c798f7da146c55aef536f7b5d0cb943
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/fonts/notosanscjkjp-bold_subset.woff HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/css/load_font.css
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "224-5ea9973029c00"
accept-ranges: bytes
content-length: 548
vary: Accept-Encoding
content-type: font/woff
date: Mon, 19 Dec 2022 02:11:26 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3375
Expires: Mon, 19 Dec 2022 03:07:41 GMT
Date: Mon, 19 Dec 2022 02:11:26 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3375
Expires: Mon, 19 Dec 2022 03:07:41 GMT
Date: Mon, 19 Dec 2022 02:11:26 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3375
Expires: Mon, 19 Dec 2022 03:07:41 GMT
Date: Mon, 19 Dec 2022 02:11:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d178a6b115f657a00617293489405fe
5a85960ea077d8a1e8ee24de73a9594682d9a4ef
61c2a7e815efe3206e64f00974ddba9b24b99b41bf030a102e53a6613d105b67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11263
x-amzn-requestid: 7cb5a6e1-9e6f-4b65-a0c4-d7612223edb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c6OCtGU6IAMF6lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393f6dd-459d1bef15af6cf134231005;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 03:02:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dF3uhrxqSuq8L3bfocnU2ryQb_UcL97PM_MVhushhf0_STCTbIhORA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:37:59 GMT
age: 16407
etag: "5a85960ea077d8a1e8ee24de73a9594682d9a4ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F956cf952-1c2d-4c51-b322-8a251d3893bf.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F956cf952-1c2d-4c51-b322-8a251d3893bf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c9ed63c9760a5b3826550e59a96f43
912a87f2df4a93717a3817bb9c9bf0071b2fce7e
5e75e2e9bbc0d3e992f72257923c97ff8d037fcbf5ccf092e100ae26af2b2d89
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F956cf952-1c2d-4c51-b322-8a251d3893bf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4362
x-amzn-requestid: e88d6aea-c8f7-45e5-9f10-07bc6efb4b9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dObYsEa1IAMFa_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639c0c37-1f4852530ab1b5b73a088601;Sampled=0
x-amzn-remapped-date: Fri, 16 Dec 2022 06:12:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QIK3QHtic45T4AGzPHbGnLqJ41ynolJ48u3_-xk_BJ75_OJbCXt2NQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:52:39 GMT
age: 15527
etag: "912a87f2df4a93717a3817bb9c9bf0071b2fce7e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6c714628a486b8d09101fe1115b4a25
a859bec81457e5b3511fb7612b65bcd4be790f21
41586527c64614c69c2833d2eb9a0e5e03906388a39ae16443b45dd6885329af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9058
x-amzn-requestid: 30f541b7-557c-45c6-a639-596ec624d6b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dVJtzFJPIAMFaow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ebcbe-221f45c41cc4ac943f78ce6c;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 07:09:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f_sUIMBle-AT5Od_IJdlhNc1razIfG8LYIi1tEsIyWtMRBs063gjwQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 07:20:48 GMT
age: 67838
etag: "a859bec81457e5b3511fb7612b65bcd4be790f21"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340d7003-71e4-4f8e-a457-d067d05e0525.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340d7003-71e4-4f8e-a457-d067d05e0525.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dce7a87ac0852f838007018af2e83cb5
379f7844a18284958ec0250cc45f2c91ac1ddfcf
31a5191700b9d5c2e471c0e6db15d43f1804b61c6a0867340e8001c32a0dabb5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340d7003-71e4-4f8e-a457-d067d05e0525.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: f8f1832c-4269-4c4b-83c0-4c2d8c2fdd8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dQjC7GLSIAMFd4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ce545-4c54f9704a32da245a90ab0d;Sampled=0
x-amzn-remapped-date: Fri, 16 Dec 2022 21:38:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sg4SOln-mB63kOrv2oVmW25o92Sxw7bW4QA78iT5eq3Tpbk_SYUEdw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 00:09:11 GMT
age: 7335
etag: "379f7844a18284958ec0250cc45f2c91ac1ddfcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ce95c2-1c3f-4d6c-ad18-90e8258c9a17.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ce95c2-1c3f-4d6c-ad18-90e8258c9a17.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9d50aad72b8daca282646dc709ea2ce
ed8e062f6911bf752b9c4fbea466e827385ad26d
9e49058f60a12311a2d2a0872ec29a268d7b4575b4de83364c606ffa37ae8655
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ce95c2-1c3f-4d6c-ad18-90e8258c9a17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8709
x-amzn-requestid: b6a49df2-29df-4341-bb05-d9b704de011f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dR2EMHKXoAMFrMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639d6a1a-2b1b90bb6275bc9153987aa0;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 07:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ObpjD8D5oR5QTNmIkpg1PzN4UlG2dl_kbgIcPly_gBwlYjjG2IpZfA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 07:18:13 GMT
age: 67993
etag: "ed8e062f6911bf752b9c4fbea466e827385ad26d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8576327b06d5d8259e87bfeb71761ff5
2b2e5694e77b30f2e2cdfddd8ad616be214c9df2
377ffbcb85710900d97b1d99522a8087a6c66bcb778be42da806283cae833715
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5654
x-amzn-requestid: b9f6e88a-f07b-4c6c-b823-9b9e928274ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dKtB8Eb5oAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639a8ed9-3c8888ca41c995d67a09fa50;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 03:04:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: a7Dw7_p4r_RL5cGq8DtJXSNDIF9oiYGiFZt74yC9SI1j-cGYL3Se1g==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 05:22:22 GMT
age: 74944
etag: "2b2e5694e77b30f2e2cdfddd8ad616be214c9df2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s.eskus-rczaou.icu/eki_ap/fonts/notosanscjkjp-regular_subset.woff
143.198.99.135200 OK 1.2 MB URL HTTP/2 s.eskus-rczaou.icu/eki_ap/fonts/notosanscjkjp-regular_subset.woff
IP 143.198.99.135:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format, CFF, length 1216180, version 1.0\012- data
Size 1.2 MB (1216180 bytes)
Hash 2eed70e05875f5a1816d67fc9150ef4f
57022eef1926803836aafeb3a07cbd246d4a9892
434379a92cc3af5ca03ccb2bfaadc7f2b8224b1b49f310ec5f4d27ca36777520
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/fonts/notosanscjkjp-regular_subset.woff HTTP/1.1
Host: s.eskus-rczaou.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://s.eskus-rczaou.icu/eki_ap/css/load_font.css
Cookie: PHPSESSID=gpumd7le43nen1tfopjufi6ka1; _amkc=fc9f8dc3-6f68-415b-824c-932d49ed9fda; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "128eb4-5ea9973029c00"
accept-ranges: bytes
content-length: 1216180
vary: Accept-Encoding
content-type: font/woff
date: Mon, 19 Dec 2022 02:11:25 GMT
server: Apache
X-Firefox-Spdy: h2