Overview

URL www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd
IP52.156.28.51
ASNMICROSOFT-CORP-MSN-AS-BLOCK
Location Canada
Report completed2022-10-05 20:37:40 UTC
StatusLoading report..
urlquery Alerts DynDNS domain detected
Phishing - J.P.Morgan


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
2022-10-04 2 www.secure3accountactivity.duckdns.org/ Chase Personal Banking
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd Phishing
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/ Phishing
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css (...) Phishing
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css (...) Phishing
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css (...) Phishing
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css (...) Phishing
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css (...) Phishing
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css (...) Phishing
2022-10-05 2 www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (8)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-05 09:14:56 UTC 52.43.46.140
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-10-05 12:33:02 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-05 14:02:21 UTC 54.230.111.35
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-10-05 07:13:38 UTC 23.36.77.32
mnemonic passive DNS www.secure3accountactivity.duckdns.org (13) 0 2022-10-04 21:50:24 UTC 2022-10-05 12:34:22 UTC 52.156.28.51 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-05 06:03:19 UTC 34.160.144.191
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-05 05:01:05 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-05 16:07:29 UTC 93.184.220.29


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 52.156.28.51

Date UQ / IDS / BL URL IP
2022-10-06 04:38:24 +0000
15 - 0 - 20 secure3accountactivity.duckdns.org/5410612f81 (...) 52.156.28.51
2022-10-05 22:11:19 +0000
15 - 0 - 20 mail.secure3accountactivity.duckdns.org/b1725 (...) 52.156.28.51
2022-10-05 22:10:59 +0000
15 - 0 - 20 www.secure3accountactivity.duckdns.org/9644bc (...) 52.156.28.51
2022-10-05 21:56:39 +0000
15 - 0 - 20 www.secure3accountactivity.duckdns.org/240615 (...) 52.156.28.51
2022-10-05 21:26:39 +0000
15 - 0 - 20 secure3accountactivity.duckdns.org/9181fae076 (...) 52.156.28.51

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Date UQ / IDS / BL URL IP
2022-11-29 13:49:05 +0000
3 - 0 - 0 myaccounts.servehttp.com/Lake.zip 20.106.211.8
2022-11-29 13:17:16 +0000
0 - 0 - 1 lib.mappifhui.org/repository/how-to-change-yo (...) 104.215.190.165
2022-11-29 12:35:23 +0000
18 - 0 - 14 digitalt.privatekunde.20-234-163-228.cprapid. (...) 20.234.163.228
2022-11-29 10:44:34 +0000
0 - 0 - 0 cronos.co.sgs.com/ 52.234.213.166
2022-11-29 07:22:25 +0000
0 - 0 - 1 app.secads.club/15GlG1 20.113.187.208

Last 5 reports on domain: secure3accountactivity.duckdns.org

Date UQ / IDS / BL URL IP
2022-10-06 04:38:24 +0000
15 - 0 - 20 secure3accountactivity.duckdns.org/5410612f81 (...) 52.156.28.51
2022-10-05 22:11:19 +0000
15 - 0 - 20 mail.secure3accountactivity.duckdns.org/b1725 (...) 52.156.28.51
2022-10-05 22:10:59 +0000
15 - 0 - 20 www.secure3accountactivity.duckdns.org/9644bc (...) 52.156.28.51
2022-10-05 21:56:39 +0000
15 - 0 - 20 www.secure3accountactivity.duckdns.org/240615 (...) 52.156.28.51
2022-10-05 21:26:39 +0000
15 - 0 - 20 secure3accountactivity.duckdns.org/9181fae076 (...) 52.156.28.51

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-06 04:38:24 +0000
15 - 0 - 20 secure3accountactivity.duckdns.org/5410612f81 (...) 52.156.28.51
2022-10-05 22:11:19 +0000
15 - 0 - 20 mail.secure3accountactivity.duckdns.org/b1725 (...) 52.156.28.51
2022-10-05 22:10:59 +0000
15 - 0 - 20 www.secure3accountactivity.duckdns.org/9644bc (...) 52.156.28.51
2022-10-05 21:56:39 +0000
15 - 0 - 20 www.secure3accountactivity.duckdns.org/240615 (...) 52.156.28.51
2022-10-05 21:26:39 +0000
15 - 0 - 20 secure3accountactivity.duckdns.org/9181fae076 (...) 52.156.28.51


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (32)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6T-x3b3MM2nFjKCCMgd9mVtlIyKtvM3-vSm66BjTqikvR4hafW98Gg==
Age: 17411


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AB48F17E54075E1ECF034278E82BCACD2E3689773186CC84FBA9B79AAC907294"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2517
Expires: Wed, 05 Oct 2022 21:19:26 GMT
Date: Wed, 05 Oct 2022 20:37:29 GMT
Connection: keep-alive

                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         52.156.28.51
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Wed, 05 Oct 2022 20:37:29 GMT
Server: Apache
Location: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Content-Length: 288
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   288
Md5:    5b449e1c8f46f9cc4835150c40146124
Sha1:   c457ccffc925655db44e6a601dfb6a02571d5571
Sha256: 930f21dda90d5d8456d216dfddb4b512a62c92b363fd248fcb64bfe7658969d6

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8510
Expires: Wed, 05 Oct 2022 22:59:19 GMT
Date: Wed, 05 Oct 2022 20:37:29 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 6Oo6wOxwadtBR8tgKDR4C4sREWGAJ8GhCw5i6t1DXcqoTds+H0cG2FUSO9+PvRHV+yrwc13Hc0A=
x-amz-request-id: GVF399NEBZ65TX5P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 05 Oct 2022 20:30:28 GMT
age: 421
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/ HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 05 Oct 2022 20:37:29 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1183)
Size:   11949
Md5:    9954524e4bfecb68fcffa97ceffbf462
Sha1:   96d6b370f40749a5fd020815c5f0ec9a8b8c31fd
Sha256: 2c08fb30225976198f77e1629cc2decff8668bde1a7cc2089a82c7a5f23887f4

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 05 Oct 2022 20:37:29 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 20:32:19 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 05 Oct 2022 20:54:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hblPWcRNlA4nzKQbRwaTp-vf2IXKjekoX9QCmAugFnt2g0uN3UkFDw==
Age: 476


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/blue-ui.css HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 05 Oct 2022 20:37:29 GMT
Server: Apache
Last-Modified: Wed, 05 Oct 2022 09:03:33 GMT
Accept-Ranges: bytes
Content-Length: 263831
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   263831
Md5:    211e64e6de2becc9719922e4c3ff261c
Sha1:   be9b1e4f8ba134dadc3b88a1e326ffd751652475
Sha256: 80a18543ba3fff90a23a10df2d435680fcefee6c962dd9d20ab3f51c2abaf162

Alerts:
  urlquery:
    - DynDNS domain detected
    - Phishing - J.P.Morgan
  Blocklists:
    - openphish: Chase Personal Banking
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/logon.css HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 05 Oct 2022 20:37:29 GMT
Server: Apache
Last-Modified: Wed, 05 Oct 2022 09:03:33 GMT
Accept-Ranges: bytes
Content-Length: 66913
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   66913
Md5:    ca724f5c0a7eb5c96b59c37d0c5404d6
Sha1:   3a7ecd03df0e47cadd9aaeaf9c312b52cc35a94f
Sha256: 2e8c3233428a93ef9bb4be8188eaed6dbbfa559618f014b08cc6c97dd6ff8bfb

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1662
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 20:37:29 GMT
Last-Modified: Wed, 05 Oct 2022 20:09:47 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/Capture.PNG HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 05 Oct 2022 20:37:29 GMT
Server: Apache
Last-Modified: Wed, 05 Oct 2022 09:03:33 GMT
Accept-Ranges: bytes
Content-Length: 1062
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 133 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   1062
Md5:    3b847fb5f5b6ec3e30a955259b200c10
Sha1:   39b692f575af837d011f500d8f0dc3e269205cfe
Sha256: 922579c97e77c029923625e04383db0a7d2060e94170a7493f7f15b111eb832b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/opensans-regular.ttf HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Wed, 05 Oct 2022 20:37:30 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/fonts/dcefont.woff HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css/blue-ui.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Wed, 05 Oct 2022 20:37:30 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/chase.png HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 05 Oct 2022 20:37:29 GMT
Server: Apache
Last-Modified: Wed, 05 Oct 2022 09:03:33 GMT
Accept-Ranges: bytes
Content-Length: 18850
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 300 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size:   18850
Md5:    d0c0f6acacbbbe60a4fd29c30f6385f6
Sha1:   9df86966c89c761d6f1883f848f295073b889c48
Sha256: be2e9a139a53a358658b746924656ebcb08cafe09636949e4cdcd2cde9ce6d5d

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/opensans-semibold.woff HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Date: Wed, 05 Oct 2022 20:37:30 GMT
Server: Apache
Last-Modified: Wed, 05 Oct 2022 09:03:33 GMT
Accept-Ranges: bytes
Content-Length: 25108
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 25108, version 1.0\012- data
Size:   25108
Md5:    33b58dcbc5aa1ae12fa76473c21ffe44
Sha1:   82a3345756101d0f95fe1dab285e9f9c4e79871f
Sha256: d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/background.mobile.night.7.jpeg HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Wed, 05 Oct 2022 20:37:29 GMT
Server: Apache
Last-Modified: Wed, 05 Oct 2022 09:03:33 GMT
Accept-Ranges: bytes
Content-Length: 82134
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 568x319, components 3\012- data
Size:   82134
Md5:    51db2f6fb86b835b38ea2ebdd9a9f79e
Sha1:   b53ce5d7616b69f04f024d34b68d742be1c29607
Sha256: fa5166010c751844a915458795a7c560af4bc1b1f3b71215d1d5b6b661e8176b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PcLlHvdupuuaQ8kBejJpQw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.43.46.140
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 70Hl/RdwC1/oBcUCJ0GrteaHcIc=

                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/fonts/dcefont.ttf HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/css/blue-ui.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Wed, 05 Oct 2022 20:37:30 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/chase-touch-icon-152x152.png HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Wed, 05 Oct 2022 20:37:30 GMT
Server: Apache
Last-Modified: Wed, 05 Oct 2022 09:03:33 GMT
Accept-Ranges: bytes
Content-Length: 3306
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced\012- data
Size:   3306
Md5:    c914a8a86590b23691476a4178ea3a52
Sha1:   af16ec4fc3b5446cac17ec8f0044286b835d3295
Sha256: f3446f452fc926c9182a2a43780faa169e533df8446d4f9a5f62ac2fb5b375e6

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
                                        
                                            GET /03bbba9f290dd33c9d0df4a6a1b620fd/css/chasefavicon.ico HTTP/1.1 
Host: www.secure3accountactivity.duckdns.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.secure3accountactivity.duckdns.org/03bbba9f290dd33c9d0df4a6a1b620fd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.156.28.51
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Wed, 05 Oct 2022 20:37:30 GMT
Server: Apache
Last-Modified: Wed, 05 Oct 2022 09:03:33 GMT
Accept-Ranges: bytes
Content-Length: 32038
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   32038
Md5:    5744986eb3dc6f2da92157a651889902
Sha1:   5a558b58498fab2aeb742acdab51e0c2fbc78385
Sha256: 625816f80596303e9de8e68695973369faa462b416202825b03899c781464fb9

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Chase Personal Banking
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12929
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 20:37:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12929
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 20:37:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12929
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 20:37:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12929
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 20:37:31 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3585
x-amzn-requestid: 43c510d4-d87c-4665-a132-d798b836d415
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaJbLHEOoAMFfxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a55e0-614faff31425ff183b7ca4dd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:24:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d1LCc44Gj_0Je8adu7Iv3I9MwkaDPgWqlNHI96UAtZub22l210J65A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:53:07 GMT
age: 56664
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3585
Md5:    5d7d7df8d4c440f9db445c3d99e818d6
Sha1:   612b6dbd4ba895c167964ff7e6d9263013b52b0a
Sha256: bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:25 GMT
age: 82446
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8926
Md5:    1de7c17a0ba9295135e7f8b490b6a8d3
Sha1:   70e8d1589f3daf71378965dd197934e220fb6aa4
Sha256: ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3de74da8-9c15-4010-a6fb-c1e0b5fd8804.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13615
x-amzn-requestid: 3aaef924-99ea-407a-acc6-ec7d294952a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaHG_GDcoAMFfuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a522c-488613591ddf46181bdded50;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:08:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2EtPbSkffJVkwiA3hlDRimFxjNmd2FXv4vwcQZ2aYBsiF4ApXgHrLQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:40:34 GMT
age: 57417
etag: "32a3ebb440b3d770c446bef75c39ce788ffeb034"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13615
Md5:    42ab91a02aa34dbcc6d56e75fd0d7fc5
Sha1:   32a3ebb440b3d770c446bef75c39ce788ffeb034
Sha256: 397373a17846231eb149c3a207574b79c5ca6c7832ffd48da9c8f1e8e0aa9f69
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iR82CJ6A06dpqy_nm6JrmjeUJT-uhI5rr0dr6ZnhrQQo9Jqxh10qRQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:43 GMT
age: 82428
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5832
Md5:    3257b782efae9b64e6e18a547866ec50
Sha1:   4daf0c001e86af8477fb097e8ca932edb8e5f981
Sha256: 899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aeOU8fGkf5uHuYZ79k17EzxiFnwm0_z7SeZJElgwECzRyhR2N_SYJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:06:09 GMT
age: 59482
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10158
Md5:    4fc2ddd86450d64d3fb659ab4e78be58
Sha1:   bbe71936b78a8c34d03ab87948dc840b35c6948f
Sha256: 84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7021
x-amzn-requestid: 2e30bdac-360e-4d0a-8bb7-c3144e074abe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8ucHb1oAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7f5-18ba6bc50cb32b1e14c882bd;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: UPEhTwAYEIRy-Cnb0ITefEotLyg3rFe_NaGy92xwWe_7hrdo6UQLwQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:56:53 GMT
age: 81638
etag: "6b5db8fbfb56f083d54b13e7660d0e4bc866aa00"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7021
Md5:    229c99cfb655a8c9f1a22de69fdff73c
Sha1:   6b5db8fbfb56f083d54b13e7660d0e4bc866aa00
Sha256: f4099e9153c3dc481add95b0f24dbb8f6d65cc74ad5631d9cb6c6f2a0351843d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8816
x-amzn-requestid: b9f3ec8a-f478-4405-b275-e21f2d7d89d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKK7gFPJIAMF-7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f1e3-250348e6140f3c74762263ea;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8f83Wv7OrO7NOd1y1LXjfphRmJjdwrkcAxrxUN4A4qSgsEzIQMq81g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:38:40 GMT
age: 79138
etag: "5261a6c2ee6d6cc87e91ee82e32d8be234db393e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8816
Md5:    100559d746bedd7c3802661c875c35ee
Sha1:   5261a6c2ee6d6cc87e91ee82e32d8be234db393e
Sha256: ff06f31267ddcc9a0d84ddc68932872bfed29d072783c3a1dd3790d41c280aec