r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3359
Expires: Wed, 01 Feb 2023 07:00:26 GMT
Date: Wed, 01 Feb 2023 06:04:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15709
Expires: Wed, 01 Feb 2023 10:26:16 GMT
Date: Wed, 01 Feb 2023 06:04:27 GMT
Connection: keep-alive
s.eskus-rceu.icu/jp.php
147.182.204.118301 Moved Permanently 305 B IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b844d8dcbfa7b812114012740a60aaf1
e2f57e4040e6ae68aa7bc6edf31e21adca85cebe
5faba9fe7d05347e0737b958294be0af71827ba8145e1f1a1c365393d51857d5
Analyzer Verdict Alert openphish East Japan Railway Company
phishtank East Japan Railway Company
fortinet Phishing
GET /jp.php HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Feb 2023 06:04:27 GMT
Server: Apache
Location: https://s.eskus-rceu.icu/jp.php
Content-Length: 305
Connection: close
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 05:35:59 GMT
content-type: application/json
age: 1708
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10918
Expires: Wed, 01 Feb 2023 09:06:25 GMT
Date: Wed, 01 Feb 2023 06:04:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: A0w13cyjZfY/1LRhZG/eYW8xeHq4pRBT08VIV28eN9VM5Q2vYRKx3xG7JdG7L/yRjGapoN2ODsE=
x-amz-request-id: A341MKXA1YMVKYP3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 05:22:31 GMT
age: 2516
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 06:04:27 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ab9d2e5230f2cb6f315cbf4b6358a3e7
83962e2bfa197cc32bc3166ff3d50cf4f21df90a
ae0519845de432977dbf71d806e3484ff4d0bdbae56198f536d7d4df183de433
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE0519845DE432977DBF71D806E3484FF4D0BDBAE56198F536D7D4DF183DE433"
Last-Modified: Wed, 01 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21559
Expires: Wed, 01 Feb 2023 12:03:46 GMT
Date: Wed, 01 Feb 2023 06:04:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 05:41:42 GMT
age: 1365
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
s.eskus-rceu.icu/jp.php
147.182.204.118200 OK 599 B IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash b8fdddc06e4b80e3aeb7d89a4a476096
38d4c3b3109306619be619677295fafee47656c3
4d83e6587063d1ac150371e2b80c20ba4c745b34e0989631dcab18b82dfa2102
Analyzer Verdict Alert openphish East Japan Railway Company
phishtank East Japan Railway Company
fortinet Phishing
GET /jp.php HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; path=/
_amkc=75f1186b-0b6a-40d8-a2bd-c3bb10f280a7; expires=Wed, 01-Feb-2023 06:29:27 GMT; Max-Age=1500; path=/; domain=s.eskus-rceu.icu
62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Wed, 01-Feb-2023 06:29:27 GMT; Max-Age=1500; path=/; domain=s.eskus-rceu.icu
vary: Accept-Encoding
content-encoding: gzip
content-length: 599
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 06:04:27 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5298
Expires: Wed, 01 Feb 2023 07:32:46 GMT
Date: Wed, 01 Feb 2023 06:04:28 GMT
Connection: keep-alive
s.eskus-rceu.icu/vendor/vendor.23238u92u82.js
147.182.204.118200 OK 1.9 kB URL HTTP/2 s.eskus-rceu.icu/vendor/vendor.23238u92u82.js
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (325), with CRLF line terminators
Hash 7ca50ba65dff02b9c1fdc7dfc12151be
6c6c921082ff698e1596e48d4b857ad464fddc52
5560969a92b6346ddbc4f3473895be53bfc1f14309d5811595ea2428197658bd
Analyzer Verdict Alert fortinet Phishing
GET /vendor/vendor.23238u92u82.js HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/jp.php
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=75f1186b-0b6a-40d8-a2bd-c3bb10f280a7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 Jun 2022 20:31:10 GMT
etag: "1375-5e1aaa277bf80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1907
content-type: application/javascript
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/index.php?t=e6f98598df09783300c639301f7d5e787e04db0236936825ce4065b8203cf6db
147.182.204.118200 OK 2.4 kB URL HTTP/2 s.eskus-rceu.icu/index.php?t=e6f98598df09783300c639301f7d5e787e04db0236936825ce4065b8203cf6db
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4521), with CRLF line terminators
Hash 46c7cadb4b65914fc7f0ac63d3d42b47
728d7c7c5985b33875b988b7e41d5b32b28ec40a
1f333692a73892fb03d80a407da46f5dd0f0c898ef83ac3bdaa72448ff8b3c42
GET /index.php?t=e6f98598df09783300c639301f7d5e787e04db0236936825ce4065b8203cf6db HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/jp.php
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=75f1186b-0b6a-40d8-a2bd-c3bb10f280a7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _amkc=840774a2-2b74-410b-88d2-715ca14e7585; expires=Wed, 01-Feb-2023 06:29:28 GMT; Max-Age=1500; path=/; domain=s.eskus-rceu.icu
62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Wed, 01-Feb-2023 06:29:28 GMT; Max-Age=1500; path=/; domain=s.eskus-rceu.icu
vary: Accept-Encoding
content-encoding: gzip
content-length: 2408
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.88.112.71101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.88.112.71:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: juCXEnVyZPxaPcknndK+aA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +nK+olfj5JLZTtgtfwrMzBDuRxQ=
s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
147.182.204.118200 OK 4.2 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (335)
Hash d813359262777bb1b38ee0b5965ed4c5
2556529d01001b6c5c1fde00695c869a446ebca7
20a922abef6bf97ed00cc5fbe067fad0e0ad2ee66f9a6c421a4c9cc217d00beb
GET /eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1 HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/index.php?t=e6f98598df09783300c639301f7d5e787e04db0236936825ce4065b8203cf6db
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=840774a2-2b74-410b-88d2-715ca14e7585; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; expires=Wed, 01-Feb-2023 06:29:28 GMT; Max-Age=1500; path=/; domain=s.eskus-rceu.icu
vary: Accept-Encoding
content-encoding: gzip
content-length: 4205
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/css/common.css
147.182.204.118200 OK 15 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/css/common.css
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 0e6ba791463f12c93e466986bab70ca9
50b509bfc228363639eb4e06792d254aa5dbb45d
5ce91962f1cae041faf58aee72a13b88e443965e8ab71c23c1aaa82e4fd6b76f
GET /eki_ap/css/common.css HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "1e065-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 14629
content-type: text/css
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/css/member.css
147.182.204.118200 OK 3.2 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/css/member.css
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 3b3cbb50579158c3c77b1cc18a11341e
98f4997ef469f58734e73ad77a6db53ff40bf084
9f8e4372d78eb1d492d71dfdccee1ee56b4542a9f5dd6b8c8638d1f58e32a123
GET /eki_ap/css/member.css HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "4fe7-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3214
content-type: text/css
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/css/module.css
147.182.204.118200 OK 10 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/css/module.css
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c753a1433bb155c2150e696e10fdb810
4a752f90c25331701e9140070dadb3d78e30f3e1
2b613690fa86026b41b2642e864725e78b54e73e6c0dffbcede8693dac379db5
GET /eki_ap/css/module.css HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "12779-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 10179
content-type: text/css
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/css/load_font.css
147.182.204.118200 OK 324 B URL HTTP/2 s.eskus-rceu.icu/eki_ap/css/load_font.css
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 59aac5e27f11efa332837e0be33ddf39
2be90ed04ef327a3e22a066325da5fbf8de7ffab
02f38a24379735f477735e69951cb7b613957fc721bed4f4a7c4f80b1a8db02d
GET /eki_ap/css/load_font.css HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "312-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 324
content-type: text/css
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/css/style.css
147.182.204.118200 OK 6.6 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/css/style.css
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash c7bed20defe58bf1067038da11c627a8
f1c2035e8f6d01070b2ee00c2a418f18ad5d861b
dc4c5f1d4fb3186ac78e4e1ec23cfd04be738ef409abbbae271f6a6c6c89d33d
GET /eki_ap/css/style.css HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "9a27-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6590
content-type: text/css
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/images/logo_ekinet.png
147.182.204.118200 OK 7.5 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/images/logo_ekinet.png
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 186 x 52, 8-bit/color RGBA, non-interlaced\012- data
Hash 993c5429eae331230c45b6c12fa1cf01
bf068822793fab34c4c84dbfea9442f94ac69e4e
3f7c549cfacde11c4129c09b1908d106126d823682cc758f70fc046638d7746b
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/logo_ekinet.png HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "1d38-5ea9973029c00"
accept-ranges: bytes
content-length: 7480
content-type: image/png
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/images/logo_jreast.png
147.182.204.118200 OK 2.9 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/images/logo_jreast.png
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 88 x 68, 8-bit/color RGBA, non-interlaced\012- data
Hash 5dc3fb68ca54c0446848c5786df4063c
a459d4dddd3b2c788883ef9d07add9640a49330b
ba4924716ed0580ae30f974eebb97421a2c10c1e2cf61e8ad60fcd39d8fbca30
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/logo_jreast.png HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "b5d-5ea9973029c00"
accept-ranges: bytes
content-length: 2909
content-type: image/png
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/css/top_searchparts.css
147.182.204.118200 OK 13 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/css/top_searchparts.css
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 75715fbe0652f8c6e47f1b463ac8ea55
e49891237351269ddd016a362ce10ac48cce1777
c178a06d3de547c705bab9e9bdfa45c5770b3f8395f86f572f3e10a1d2c05b4e
GET /eki_ap/css/top_searchparts.css HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "1db4d-5ea9973029c00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12592
content-type: text/css
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/images/icon_linkblank.png
147.182.204.118200 OK 166 B URL HTTP/2 s.eskus-rceu.icu/eki_ap/images/icon_linkblank.png
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 73c445fe98114a16d3d453a359f24e48
5a987bf2d56d11b069d788d512f869431566b5bc
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/icon_linkblank.png HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "a6-5ea9973029c00"
accept-ranges: bytes
content-length: 166
content-type: image/png
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/images/icon_input_ok.png
147.182.204.118200 OK 3.2 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/images/icon_input_ok.png
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash a4a91639d8d3d804985fef75e1fbb4cc
152f6d800881c85bdce965cf204856d954d74bec
d4d96a513c50320d375f5cb8c1c4f52d6ba868b6ffafec5f451deb8dc9ef05f4
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/icon_input_ok.png HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "c9d-5ea9973029c00"
accept-ranges: bytes
content-length: 3229
content-type: image/png
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/images/icon_linkblank-1.png
147.182.204.118200 OK 166 B URL HTTP/2 s.eskus-rceu.icu/eki_ap/images/icon_linkblank-1.png
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 73c445fe98114a16d3d453a359f24e48
5a987bf2d56d11b069d788d512f869431566b5bc
e918e110b6e7e8c5ada678baab1d10bcf4f24d149943804b0b31363ccd976b7a
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
GET /eki_ap/images/icon_linkblank-1.png HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "a6-5ea9973029c00"
accept-ranges: bytes
content-length: 166
content-type: image/png
date: Wed, 01 Feb 2023 06:04:28 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/favicon.ico
147.182.204.118200 OK 1.5 kB URL HTTP/2 s.eskus-rceu.icu/eki_ap/favicon.ico
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type MS Windows icon resource - 5 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 3608d6a8aa4edf7951916f3dfa82ca3c
7d0dc0f86f876a12b1b491cf78916f660fcbcf01
b790e2b436991d81dfba3ee03342515d4ccb5564bc274900ec7ec425e2d33ae4
GET /eki_ap/favicon.ico HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/signin.php?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 22:48:24 GMT
etag: "231e-5eaa1d7295e00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1532
content-type: image/x-icon
date: Wed, 01 Feb 2023 06:04:29 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10972
Expires: Wed, 01 Feb 2023 09:07:21 GMT
Date: Wed, 01 Feb 2023 06:04:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10972
Expires: Wed, 01 Feb 2023 09:07:21 GMT
Date: Wed, 01 Feb 2023 06:04:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10972
Expires: Wed, 01 Feb 2023 09:07:21 GMT
Date: Wed, 01 Feb 2023 06:04:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10972
Expires: Wed, 01 Feb 2023 09:07:21 GMT
Date: Wed, 01 Feb 2023 06:04:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57810a89-c2fa-4da6-8c38-d7ab4682343c.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57810a89-c2fa-4da6-8c38-d7ab4682343c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23fba3309226071f6f44081c3a92bc0b
21119ea71d26ab157ec491f9cf68918d63310fb4
b29c1f3f6966e08bd3954275c8d2a3ae44a352b41e5d3f04203b55f65708fafc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57810a89-c2fa-4da6-8c38-d7ab4682343c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4588
x-amzn-requestid: 1d726cce-35c6-42d7-a592-8f22f1bd310a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJr4GXvoAMFXvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcb2-71af755c24ba2e9a39f17451;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:01:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LsEvNQbbsNXqHNIdBMEBukG7zb2OzwEXUwkxsk-19BCpjl_yUVrzCg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 07:10:04 GMT
age: 82465
etag: "21119ea71d26ab157ec491f9cf68918d63310fb4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78fe9a77211d6f9a462f625af0c6f9bc
ac0b58423d7578e7a1b60a62220c0a57924dda82
e047466c3ae0a55509f4ace49d0476f94271b5a25e71caa3b06ec468a238b652
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14041
x-amzn-requestid: 2be6655d-3b0e-4e65-b44b-11682610b640
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRGFpIAMFbMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-5554d18d5db235913afa77a2;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MeSOuCSjsjhK6FOS67rw6oF4rS08twjOACGbXJrNPH6vwZb8lZh9lw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:18 GMT
etag: "ac0b58423d7578e7a1b60a62220c0a57924dda82"
content-type: image/jpeg
age: 29591
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a36c4fb-50d9-4aa0-bfa2-db52c0bc2f9a.gif
34.120.237.76200 OK 45 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a36c4fb-50d9-4aa0-bfa2-db52c0bc2f9a.gif
IP 34.120.237.76:0
File type GIF image data, version 89a, 296 x 148\012- data
Hash 54d9e8efcff3cc7fa309dc41e89c2a26
fa1cd58cf243d18f360e4394a02bee994e738c0a
4dd37eec5c27d911c3193c7ba08c10a8ec2526eac48c9b6a2a4ec49502cf189a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a36c4fb-50d9-4aa0-bfa2-db52c0bc2f9a.gif HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 44860
x-amzn-requestid: 318e5c01-c024-4c5e-8422-e6cba20b8dc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaTEeBoAMFesA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-4b775cdc759aac341f2aff9a;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vmPt8MLY6RsliPiMKcbnJ6jGjfuc8LXspyaqEIQiExnxnPOXIWDhqA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:26 GMT
age: 29583
etag: "fa1cd58cf243d18f360e4394a02bee994e738c0a"
content-type: image/gif
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0378a78-c173-4036-ab09-812b1651c606.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0378a78-c173-4036-ab09-812b1651c606.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85cde231b700eec450e0611b97742a43
c2c6279d74efdcceb319d6943cbcb9d1d1b686ca
d52297e17f93932aa7c99ae734d4b68f3b9b09b9938db95ecc96bac9f3bb588c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0378a78-c173-4036-ab09-812b1651c606.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8542
x-amzn-requestid: ad485963-7e2e-410d-ad1c-6386fb738f18
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaVHXcoAMFuhw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-12d7e4502d1fc1511b6f2260;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: M1OD8v_jLlitIjUwxyZSke4kBfIFy0C_tbDQAHe5iDBrm_Fha7uwFg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:28 GMT
etag: "c2c6279d74efdcceb319d6943cbcb9d1d1b686ca"
content-type: image/jpeg
age: 29581
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ecb7da6-1717-43aa-b55e-cac2ea0272ce.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ecb7da6-1717-43aa-b55e-cac2ea0272ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 047bbffc1f0f6f90b9bccba83c5e0a9a
74d4eeea563d3d0514caf90cd7e99f368622c97b
d12c16dbb4c87c4b291fbf3b753bd330319bf7d29516669b0133391f08b9ce6c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ecb7da6-1717-43aa-b55e-cac2ea0272ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6993
x-amzn-requestid: 4ea76d66-e9be-460e-a503-2076755f96d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fln9kGKYoAMFsqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d886bd-715420b3594dfb827abb0d93;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 03:10:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGc6hOmzWmSMiFOhAWScYYuvHEO8UN3rFAJhlPT9AJNJbBThAfKPjg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 04:07:32 GMT
age: 7017
etag: "74d4eeea563d3d0514caf90cd7e99f368622c97b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faab963dd-ee21-4e6c-866b-f8ea6bb88bd9.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faab963dd-ee21-4e6c-866b-f8ea6bb88bd9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df1930b96e7ab4f5d4cbf64e473cc957
b793c3b6ca95d09a88635aec9eef99d12a1afe42
e5062168e5c4e1c11ebc9c653990e01546c3c60fbb59e49635934bc98e931ce0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faab963dd-ee21-4e6c-866b-f8ea6bb88bd9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4863
x-amzn-requestid: 80518d3b-e049-429c-b67d-4f4897ded9c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foetPGPaIAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ab21-00e41ad75acd71267a490f52;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 23:58:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Unsu1YKTCfvXjH8mQQXa-yupSZhwKznXaWyaRYAlThq32JbR4OZ0fA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 00:18:07 GMT
age: 20782
etag: "b793c3b6ca95d09a88635aec9eef99d12a1afe42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/fonts/notosanscjkjp-bold_subset.woff
147.182.204.118200 OK 548 B URL HTTP/2 s.eskus-rceu.icu/eki_ap/fonts/notosanscjkjp-bold_subset.woff
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 370e16c3b7dba286cff055f93b9a94d8
65f3537c3c798f7da146c55aef536f7b5d0cb943
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
fortinet Phishing
GET /eki_ap/fonts/notosanscjkjp-bold_subset.woff HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/css/load_font.css
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "224-5ea9973029c00"
accept-ranges: bytes
content-length: 548
vary: Accept-Encoding
content-type: font/woff
date: Wed, 01 Feb 2023 06:04:29 GMT
server: Apache
X-Firefox-Spdy: h2
s.eskus-rceu.icu/eki_ap/fonts/notosanscjkjp-regular_subset.woff
147.182.204.118200 OK 1.2 MB URL HTTP/2 s.eskus-rceu.icu/eki_ap/fonts/notosanscjkjp-regular_subset.woff
IP 147.182.204.118:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format, CFF, length 1216180, version 1.0\012- data
Size 1.2 MB (1216180 bytes)
Hash 2eed70e05875f5a1816d67fc9150ef4f
57022eef1926803836aafeb3a07cbd246d4a9892
434379a92cc3af5ca03ccb2bfaadc7f2b8224b1b49f310ec5f4d27ca36777520
Analyzer Verdict Alert urlquery phishing Phishing - East Japan Railway Company
fortinet Phishing
GET /eki_ap/fonts/notosanscjkjp-regular_subset.woff HTTP/1.1
Host: s.eskus-rceu.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://s.eskus-rceu.icu/eki_ap/css/load_font.css
Cookie: PHPSESSID=4592rsrt9r1uphsstpdfkv3lpu; _amkc=0f9aa943-9698-48f9-b201-60bd5f2ce6af; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 09 Oct 2022 12:47:44 GMT
etag: "128eb4-5ea9973029c00"
accept-ranges: bytes
content-length: 1216180
vary: Accept-Encoding
content-type: font/woff
date: Wed, 01 Feb 2023 06:04:29 GMT
server: Apache
X-Firefox-Spdy: h2