Overview

URL www.na-amazon-creturns.com/ap/signin?clientContext=FCCustomerReturns.Authenticate&openid.return_to=www.na-amazon-creturns.com/prepClassification/new&openid.identity=specs.openid.net/auth/2.0/identifier_select&openid.assoc_handle=amzn_returns_na&openid.mode=checkid_setup&marketPlaceId=A1YOV8979VXAH1&openid.claimed_id=specs.openid.net/auth/2.0/identifier_select&pageId=FCCustomerReturns&openid.ns=http://specs.openid.net/auth/2.0&suppressSignInRadioButtons=1
IP52.94.233.188
ASNAMAZON-02
Location United States
Report completed2022-09-26 23:23:22 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-16 2 www.na-amazon-creturns.com/ap/signin?clientContext=FCCustomerReturns.Authen (...) Amazon.com Inc.
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (13)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-26 04:26:56 UTC 143.204.55.49
mnemonic passive DNS www.na-amazon-creturns.com (4) 0 2020-08-19 05:09:56 UTC 2022-09-26 15:24:28 UTC 52.94.233.188 Unknown ranking
mnemonic passive DNS m.media-amazon.com (1) 580 2017-01-30 07:16:30 UTC 2022-09-26 17:20:22 UTC 151.101.85.16
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-26 12:15:18 UTC 34.120.237.76
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.156
mnemonic passive DNS fls-na.amazon.com (2) 1217 2017-01-30 05:00:21 UTC 2022-09-26 19:02:02 UTC 35.168.195.206
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-26 04:35:11 UTC 23.36.76.226
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-26 12:59:20 UTC 143.204.55.35
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-26 04:28:07 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-26 22:11:41 UTC 93.184.220.29
mnemonic passive DNS images-na.ssl-images-amazon.com (5) 842 2014-06-07 22:29:20 UTC 2022-09-26 05:15:46 UTC 151.101.85.16
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-26 05:45:55 UTC 52.42.148.177
mnemonic passive DNS unagi.amazon.com (2) 1350 2020-03-21 21:26:34 UTC 2022-09-26 19:02:04 UTC 52.94.233.61


Recent reports on same IP/ASN/Domain/Screenshot

Last 3 reports on IP: 52.94.233.188

Date UQ / IDS / BL URL IP
2022-10-06 02:35:26 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.233.188
2022-09-26 23:23:22 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.233.188
2022-09-03 10:56:44 +0000
0 - 0 - 4 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.233.188

Last 5 reports on ASN: AMAZON-02

Date UQ / IDS / BL URL IP
2022-12-07 00:54:29 +0000
0 - 0 - 4 prolleted-flogyprus.icu/2a02c810-0d4c-4fff-b7 (...) 18.192.108.151
2022-12-07 00:51:16 +0000
0 - 0 - 2 ldp.page/polandvn 18.138.206.213
2022-12-07 00:47:59 +0000
0 - 0 - 1 665990.directcpmfwr.com/bdvfrd.dbm?gto=direct (...) 15.197.211.11
2022-12-07 00:08:36 +0000
6 - 0 - 0 secrud.us/M&T/login.php?online_id=0faf126e5f2 (...) 18.223.162.162
2022-12-06 23:55:31 +0000
6 - 0 - 1 widnows.net/landing/form/e7791f04-05c7-47be-a (...) 3.248.140.141

Last 5 reports on domain: na-amazon-creturns.com

Date UQ / IDS / BL URL IP
2022-10-06 02:35:26 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.233.188
2022-09-26 23:23:22 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.233.188
2022-09-21 00:25:13 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 72.21.195.84
2022-09-14 15:25:16 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.237.108
2022-09-13 20:23:34 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.237.108

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-06 02:35:26 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.233.188
2022-09-14 15:25:16 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.237.108
2022-09-13 20:23:34 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 52.94.237.108
2022-12-06 03:04:45 +0000
4 - 0 - 0 amazon.kktspfejhoqmiptlxoveox.cf/ap/signin?op (...) 208.83.237.12
2022-09-21 00:25:13 +0000
0 - 0 - 1 www.na-amazon-creturns.com/ap/signin?clientCo (...) 72.21.195.84


JavaScript

Executed Scripts (10)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (33)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8262
Expires: Tue, 27 Sep 2022 01:40:54 GMT
Date: Mon, 26 Sep 2022 23:23:12 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 22:24:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3jwSdP9MLJuGnaqE-PzBpE5mBwIAUTP7h-HUcl8nVBI32H5RZhEm-g==
Age: 3548


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Cdr5ZuSI0jDKQ4-FDokcwACwFKb6rQwOyK20AKDsuMUMM2uDnFe_jQ==
age: 67677
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 26 Sep 2022 23:23:12 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ap/signin?clientContext=FCCustomerReturns.Authenticate&openid.return_to=https://www.na-amazon-creturns.com/prepClassification/new&openid.identity=specs.openid.net/auth/2.0/identifier_select&openid.assoc_handle=amzn_returns_na&openid.mode=checkid_setup&marketPlaceId=A1YOV8979VXAH1&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&pageId=FCCustomerReturns&openid.ns=http://specs.openid.net/auth/2.0&suppressSignInRadioButtons=1 HTTP/1.1 
Host: www.na-amazon-creturns.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         52.94.233.188
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=UTF-8
                                        
Server: Server
Date: Mon, 26 Sep 2022 23:23:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-rid: 9N4WHE1SPS25X7JBE51J
Set-Cookie: session-id=145-3795792-9322014; Domain=.na-amazon-creturns.com; Expires=Tue, 26-Sep-2023 23:23:12 GMT; Path=/; Secure session-id-time=2294954592l; Domain=.na-amazon-creturns.com; Expires=Tue, 26-Sep-2023 23:23:12 GMT; Path=/; Secure
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
x-ua-compatible: IE=edge
Pragma: No-cache
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (15649)
Size:   74081
Md5:    cdbaf5d0150297fb00ea222c54eb9988
Sha1:   f8bde39b4a1e130285e402122fc43c24b95c144e
Sha256: 607c2c7c5fc85c3acb0d5e2038df5b93cc711267b626e2a0d87b88b993305ee6

Alerts:
  Blocklists:
    - openphish: Amazon.com Inc.
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 26 Sep 2022 23:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Mon, 26 Sep 2022 23:54:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8tK_kkqhePvwM1uCt-aC9ArlZkqU1myy_Ae6fRmNzqY3EZrz6a4vzw==
Age: 747


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6290
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 23:23:13 GMT
Last-Modified: Mon, 26 Sep 2022 21:38:23 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /images/G/01/x-locale/common/errors-alerts/error-styles-ssl._CB485937077_.css HTTP/1.1 
Host: images-na.ssl-images-amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.16
HTTP/2 200 OK
content-type: text/css
                                        
x-amz-ir-id: d801cd4b-b8b1-4c55-90f8-5afd9b524ae5
expires: Mon, 24 Mar 2042 14:09:30 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.com
access-control-allow-origin: *
last-modified: Fri, 07 Aug 2009 22:35:25 GMT
x-nginx-cache-status: HIT
content-encoding: br
accept-ranges: bytes
date: Mon, 26 Sep 2022 23:23:13 GMT
age: 2398310
x-served-by: cache-iad-kiad7000108-IAD, cache-bma1624-BMA
vary: Accept-Encoding
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 492
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   492
Md5:    aa17f19d0739ce79e17dff087b2eddc8
Sha1:   e47ae7aba5044c34aad92768997211ac10990c17
Sha256: 2a08ffb9ad24ee8b769e1a10f658186208ff989a05f75e391e62b4851af244aa
                                        
                                            GET /images/G/01/x-locale/common/amazon-logo._CB485948382_.gif HTTP/1.1 
Host: images-na.ssl-images-amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.85.16
HTTP/2 200 OK
content-type: image/gif
                                        
x-amz-ir-id: 584db044-43a1-496f-a309-5f42295c2bae
expires: Mon, 08 Sep 2042 16:24:07 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.com
access-control-allow-origin: *
last-modified: Thu, 03 Jun 2010 15:52:42 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
date: Mon, 26 Sep 2022 23:23:13 GMT
age: 1148346
x-served-by: cache-iad-kjyo7100095-IAD, cache-bma1624-BMA
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 2834
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 140 x 30\012- data
Size:   2834
Md5:    642a646b8977280891a724a81db230de
Sha1:   d36e1762fa6d88e3fd022d538a4ccd07603cc94c
Sha256: 89074c2d536640df53aeaf95e9a461b2d07c39075b317e7bbc56932b567cb00e
                                        
                                            GET /images/G/01/x-locale/common/orange-arrow._CB485935489_.gif HTTP/1.1 
Host: images-na.ssl-images-amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.85.16
HTTP/2 200 OK
content-type: image/gif
                                        
x-amz-ir-id: 6139f9e8-d50f-4928-b124-171a9dabb5db
expires: Sun, 24 Aug 2042 13:11:17 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.com
access-control-allow-origin: *
last-modified: Wed, 02 Jun 2010 17:02:57 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
date: Mon, 26 Sep 2022 23:23:13 GMT
age: 2455915
x-served-by: cache-iad-kjyo7100169-IAD, cache-bma1624-BMA
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 57
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 10 x 9\012- data
Size:   57
Md5:    6d2f9a0f392c02735ab2faf6bc859c52
Sha1:   ba24be86d759dd8e3c0c68b8accf5a21c95629eb
Sha256: 21d6cfdfe556880246bed731e16eca3be533d89161253799c936b1cfc623de05
                                        
                                            GET /images/G/01/associates/question-mark._CB485935160_.gif HTTP/1.1 
Host: images-na.ssl-images-amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.85.16
HTTP/2 200 OK
content-type: image/gif
                                        
x-amz-ir-id: b745af48-2272-4825-b2be-42e085227d15
expires: Mon, 01 Sep 2042 14:15:43 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.com
access-control-allow-origin: *
last-modified: Wed, 02 Jun 2010 17:00:05 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
date: Mon, 26 Sep 2022 23:23:13 GMT
age: 1760850
x-served-by: cache-iad-kjyo7100023-IAD, cache-bma1624-BMA
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 508
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 40 x 35\012- data
Size:   508
Md5:    379b52d455257a2098d78654c9c1fa38
Sha1:   734639430cf055f2de7b1e8c8bae944cf1d87a43
Sha256: 03fe21bde7fdf6b9415764aaa36673650f9cf9cd07a3ff22fd8ccc3a298ed6ac
                                        
                                            GET /images/G/01/authportal/common/css/ap_global._CB485967074_.css HTTP/1.1 
Host: images-na.ssl-images-amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.16
HTTP/2 200 OK
content-type: text/css
                                        
x-amz-ir-id: b1e0cf3e-24b3-40fd-b8e9-e7355bfa91a3
expires: Thu, 27 Mar 2042 09:05:54 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.com
access-control-allow-origin: *
last-modified: Fri, 27 Jun 2014 00:54:18 GMT
x-nginx-cache-status: HIT
content-encoding: br
accept-ranges: bytes
date: Mon, 26 Sep 2022 23:23:13 GMT
age: 2379902
x-served-by: cache-iad-kcgs7200095-IAD, cache-bma1624-BMA
vary: Accept-Encoding
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 6011
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (786), with CRLF, LF line terminators
Size:   6011
Md5:    309fdb497ef2e7d6afd19f1181dcfa8a
Sha1:   60b75b584dcd4ff116785969264a30b630ede732
Sha256: c42b370858d24a06450aa24abd6cd064cf979f3aae756571f7f1db7408db955f
                                        
                                            GET /images/G/01/csm/showads.v2.js?adtag=csm&adflag=-google-adsense. HTTP/1.1 
Host: m.media-amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.na-amazon-creturns.com/
Origin: https://www.na-amazon-creturns.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.16
HTTP/2 200 OK
content-type: application/x-javascript
                                        
x-amz-ir-id: de9abd09-6653-4dcd-9034-5ad0fff254d7
expires: Wed, 31 Aug 2022 02:24:33 GMT
cache-control: max-age=86400,public
timing-allow-origin: https://www.amazon.com
access-control-allow-origin: *
last-modified: Mon, 28 Nov 2016 08:22:04 GMT
x-nginx-cache-status: HIT
content-encoding: br
accept-ranges: bytes
date: Mon, 26 Sep 2022 23:23:13 GMT
age: 29080
x-served-by: cache-iad-kcgs7200030-IAD, cache-bma1680-BMA
vary: Accept-Encoding
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 28
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   28
Md5:    6d355197591570cee568ab636183c16e
Sha1:   0b188f7c91a79519727a25ce3cb4e997f187be43
Sha256: f245f3dbd4291746d1e44363529f7cb3851a2780c01d8bcdd3c5e080a0009494
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.na-amazon-creturns.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/ap/signin?clientContext=FCCustomerReturns.Authenticate&openid.return_to=https://www.na-amazon-creturns.com/prepClassification/new&openid.identity=specs.openid.net/auth/2.0/identifier_select&openid.assoc_handle=amzn_returns_na&openid.mode=checkid_setup&marketPlaceId=A1YOV8979VXAH1&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&pageId=FCCustomerReturns&openid.ns=http://specs.openid.net/auth/2.0&suppressSignInRadioButtons=1
Cookie: session-id=145-3795792-9322014; session-id-time=2294954592l; csm-hit=tb:s-9N4WHE1SPS25X7JBE51J|1664234591184&t:1664234591193
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.94.233.188
HTTP/1.1 302 Found
                                        
Server: Server
Date: Mon, 26 Sep 2022 23:23:13 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: EZ69NF53MP2HB30740DT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=ATVPDKIKX0DER:sid=123-456-7890:rid=EZ69NF53MP2HB30740DT:sn=www.na-amazon-creturns.com
Location: https://www.na-amazon-creturns.com/ap/signin?clientContext=FCCustomerReturns.Authenticate&openid.return_to=https%3A%2F%2Fwww.na-amazon-creturns.com%2Ffavicon.ico&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=amzn_returns_na&openid.mode=checkid_setup&marketPlaceId=A1YOV8979VXAH1&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=FCCustomerReturns&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&suppressSignInRadioButtons=1
Vary: Content-Type,Accept-Encoding,User-Agent

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SCGVj8UQdgyvhwXNsbhQmQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.42.148.177
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mfsgxWqPlyTam3yoUC/vytXmpDs=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 23:23:13 GMT
Last-Modified: Mon, 26 Sep 2022 23:13:40 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iONtcxH64h9hV0CrivvLwNm8tHqBKbFxsu390WDtDDNSDrYKl5_row==
Age: 573

                                        
                                            GET /ap/signin?clientContext=FCCustomerReturns.Authenticate&openid.return_to=https%3A%2F%2Fwww.na-amazon-creturns.com%2Ffavicon.ico&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=amzn_returns_na&openid.mode=checkid_setup&marketPlaceId=A1YOV8979VXAH1&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=FCCustomerReturns&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&suppressSignInRadioButtons=1 HTTP/1.1 
Host: www.na-amazon-creturns.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.na-amazon-creturns.com/ap/signin?clientContext=FCCustomerReturns.Authenticate&openid.return_to=https://www.na-amazon-creturns.com/prepClassification/new&openid.identity=specs.openid.net/auth/2.0/identifier_select&openid.assoc_handle=amzn_returns_na&openid.mode=checkid_setup&marketPlaceId=A1YOV8979VXAH1&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&pageId=FCCustomerReturns&openid.ns=http://specs.openid.net/auth/2.0&suppressSignInRadioButtons=1
Connection: keep-alive
Cookie: session-id=145-3795792-9322014; session-id-time=2294954592l; csm-hit=tb:s-9N4WHE1SPS25X7JBE51J|1664234591184&t:1664234591193
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.94.233.188
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Server: Server
Date: Mon, 26 Sep 2022 23:23:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-rid: Y4BNQNHPQHJH55TPQSYY
Set-Cookie: ap-fid=""; Domain=.na-amazon-creturns.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ap/; Secure session-id=145-3795792-9322014; Domain=.na-amazon-creturns.com; Expires=Tue, 26-Sep-2023 23:23:13 GMT; Path=/; Secure session-id-time=2294954593l; Domain=.na-amazon-creturns.com; Expires=Tue, 26-Sep-2023 23:23:13 GMT; Path=/; Secure ubid-main=130-1662130-0504837; Domain=.na-amazon-creturns.com; Expires=Tue, 26-Sep-2023 23:23:13 GMT; Path=/; Secure
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
x-ua-compatible: IE=edge
Pragma: No-cache
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12649), with CRLF, LF line terminators
Size:   96637
Md5:    4c5f219f88583a8a077a1842014c262d
Sha1:   2a7fa0de75080d7bb0f067dbba16be326bd5ba0e
Sha256: 884c59418cd14be374ee0ad674dd5c9bf7a3c1d3622e8ccf78f1c7651aa953e3
                                        
                                            GET /1/batch/1/OP/A1YOV8979VXAH1:145-3795792-9322014:9N4WHE1SPS25X7JBE51J$uedata=s:%2Fap%2Fuedata%3Fstaticb%26id%3D9N4WHE1SPS25X7JBE51J:0 HTTP/1.1 
Host: fls-na.amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.168.195.206
HTTP/2 200 OK
content-type: image/gif
                                        
date: Mon, 26 Sep 2022 23:23:13 GMT
content-length: 43
x-amzn-requestid: 507472cb-83eb-411f-9524-57c26f4f661b
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    e68cc604cab69bf03b8cd228d940f5ef
Sha1:   15c0c62c4c7c917b5dd82a8e1e439211a44b9e98
Sha256: a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce
                                        
                                            GET /ap/uedata?ld&v=0.229559.0&id=9N4WHE1SPS25X7JBE51J&sw=1280&sh=1024&vw=1280&vh=939&m=1&sc=9N4WHE1SPS25X7JBE51J&ue=4&bb=267&be=285&fcp=331&pc=770&tc=-594&na_=-594&ul_=-1664234590927&_ul=-1664234590927&rd_=-1664234590927&_rd=-1664234590927&fe_=-595&lk_=-575&_lk=-569&co_=-569&_co=-272&sc_=-470&rq_=-272&rs_=-79&_rs=-79&dl_=-11&di_=303&de_=320&_de=323&_dc=768&ld_=769&_ld=-1664234590927&ntd=0&ty=0&rc=0&hob=1&hoe=4&ld=771&t=1664234591698&ctb=1&rt=__ld:8-0-2-4-4-0-1&csmtags=fls-na-amazon-com|adblk_no&viz=visible:3&pty=AuthenticationPortal&spty=Error404Page&pti=undefined&tid=9N4WHE1SPS25X7JBE51J&aftb=1 HTTP/1.1 
Host: www.na-amazon-creturns.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/ap/signin?clientContext=FCCustomerReturns.Authenticate&openid.return_to=https://www.na-amazon-creturns.com/prepClassification/new&openid.identity=specs.openid.net/auth/2.0/identifier_select&openid.assoc_handle=amzn_returns_na&openid.mode=checkid_setup&marketPlaceId=A1YOV8979VXAH1&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&pageId=FCCustomerReturns&openid.ns=http://specs.openid.net/auth/2.0&suppressSignInRadioButtons=1
Cookie: session-id=145-3795792-9322014; session-id-time=2294954593l; csm-hit=tb:s-9N4WHE1SPS25X7JBE51J|1664234591184&t:1664234591399&adb:adblk_no; ubid-main=130-1662130-0504837
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.94.233.188
HTTP/1.1 400 Bad Request
                                        
Server: Server
Date: Mon, 26 Sep 2022 23:23:13 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: RWVN9409GYZSH6K7X1KJ
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
x-ua-compatible: IE=edge
Vary: Content-Type,Accept-Encoding,User-Agent

                                        
                                            GET /1/batch/1/OP/A1YOV8979VXAH1:145-3795792-9322014:9N4WHE1SPS25X7JBE51J$uedata=s:%2Fap%2Fuedata%3Fld%26v%3D0.229559.0%26id%3D9N4WHE1SPS25X7JBE51J%26sw%3D1280%26sh%3D1024%26vw%3D1280%26vh%3D939%26m%3D1%26sc%3D9N4WHE1SPS25X7JBE51J%26ue%3D4%26bb%3D267%26be%3D285%26fcp%3D331%26pc%3D770%26tc%3D-594%26na_%3D-594%26ul_%3D-1664234590927%26_ul%3D-1664234590927%26rd_%3D-1664234590927%26_rd%3D-1664234590927%26fe_%3D-595%26lk_%3D-575%26_lk%3D-569%26co_%3D-569%26_co%3D-272%26sc_%3D-470%26rq_%3D-272%26rs_%3D-79%26_rs%3D-79%26dl_%3D-11%26di_%3D303%26de_%3D320%26_de%3D323%26_dc%3D768%26ld_%3D769%26_ld%3D-1664234590927%26ntd%3D0%26ty%3D0%26rc%3D0%26hob%3D1%26hoe%3D4%26ld%3D771%26t%3D1664234591698%26ctb%3D1%26rt%3D__ld%3A8-0-2-4-4-0-1%26csmtags%3Dfls-na-amazon-com%7Cadblk_no%26viz%3Dvisible%3A3%26pty%3DAuthenticationPortal%26spty%3DError404Page%26pti%3Dundefined%26tid%3D9N4WHE1SPS25X7JBE51J%26aftb%3D1:779 HTTP/1.1 
Host: fls-na.amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.168.195.206
HTTP/2 200 OK
content-type: image/gif
                                        
date: Mon, 26 Sep 2022 23:23:13 GMT
content-length: 43
x-amzn-requestid: 792d28a3-308c-4e98-acc4-040e8c0e63dd
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    e68cc604cab69bf03b8cd228d940f5ef
Sha1:   15c0c62c4c7c917b5dd82a8e1e439211a44b9e98
Sha256: a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce
                                        
                                            POST /1/events/com.amazon.csm.csa.prod HTTP/1.1 
Host: unagi.amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 8355
Origin: https://www.na-amazon-creturns.com
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.94.233.61
HTTP/1.1 200
Content-Type: application/json
                                        
Server: Server
Date: Mon, 26 Sep 2022 23:23:14 GMT
Content-Length: 22
Connection: keep-alive
x-amz-rid: 739QNE6HW5MCKAR0KJ2P
x-amzn-RequestId: 25871079-d4c8-4f7e-bca4-4968fb78d520
Content-Encoding: gzip
Vary: Content-Type,Accept-Encoding,User-Agent


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   22
Md5:    49fced5a15e8763d46199088fad93fca
Sha1:   8b3f69bdb1250e55ab9968a157416c8968369ec3
Sha256: 09819ee7c805183bdc1c2cb02e46b868c31b426baa5bbede8b56ae6163af04be
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10783
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Mon, 26 Sep 2022 23:23:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10783
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Mon, 26 Sep 2022 23:23:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10783
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Mon, 26 Sep 2022 23:23:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10783
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Mon, 26 Sep 2022 23:23:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10783
Expires: Tue, 27 Sep 2022 02:22:57 GMT
Date: Mon, 26 Sep 2022 23:23:14 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7128
x-amzn-requestid: 5806782b-498e-427b-be73-a94695e3cacf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlPfFn4IAMFwMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bfc-07a420d631e463286c1dafa0;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:39:08 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dVs6mb-XGvvd4DXu8yFwO11iheR3QU3O3jFpxjcHZnWCc6jlXpx0Rg==
via: 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:51:54 GMT
age: 5480
etag: "4dbd2da7f7c45a97e3f6f6544ed428e892227cc3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7128
Md5:    4197a8a505b360b0c43142faf8cb7f48
Sha1:   4dbd2da7f7c45a97e3f6f6544ed428e892227cc3
Sha256: 434039a91ec37c8ff827c78f7613aa4f6416ded182b01140048a52654a2de4ce
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a2c481a-abce-43aa-89a3-95cd7559102c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6518
x-amzn-requestid: d4a26d13-5318-4491-8aec-4c5c738d3254
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y_HlsHzmoAMFl3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f8624-1baed38e2c89933e66870f2f;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 22:35:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FoSurbU0rYpw1-0snI2b3EC_t2HkfMZpoYnKX6KqFosBv23z4BJCLg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 13:32:27 GMT
age: 35447
etag: "1b5f002272083d5e19b5bd18d503f49635b771e5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6518
Md5:    b1f571f5fdf5233ffa70132a4504d4fe
Sha1:   1b5f002272083d5e19b5bd18d503f49635b771e5
Sha256: 4563ffe63e1d043c159648a72d9f4c59a3b0fe40379254848a52c11a4f1a6511
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11881
x-amzn-requestid: 4562e550-9c0f-407b-be2a-3c5d8901d444
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2apSEPuIAMF5TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c0b08-5c5f052f146d25a7190412d1;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:13:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EAiLlHN2h6EPX0idrlQG4TIyGBMt_In0_Tpy79foal99j4xoRasO-A==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:23:49 GMT
age: 3565
etag: "3b660de9902fbfcf2efb477f40480b08545ebc5f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11881
Md5:    91d97447a6a35813e57d942f685544c4
Sha1:   3b660de9902fbfcf2efb477f40480b08545ebc5f
Sha256: 08c1ea19c4918273da12c9a2e962edf4463c486a30f60c8a279a45e5edcf972a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3823d156-2245-40a3-a9a3-7cb4a5c4a14d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7716
x-amzn-requestid: 1cf0b1c7-4611-40bf-b72a-412ebd03ef79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2KguFL7IAMFzKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bf137-2b7c15d3071e0266586fd17d;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 05:23:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5XZZKUgjmv2njI3xAPo57u0fBKEGqPmMUcWxHYzoSAaVjIIA2Oi0Aw==
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:03:16 GMT
age: 4798
etag: "2b53c4f836970501a682dae07235215c487d35cc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7716
Md5:    8ef8d9284ebd57a7cf76ceb762291356
Sha1:   2b53c4f836970501a682dae07235215c487d35cc
Sha256: 3529ab97ab2214ee9c67ee234beac96cd40f0bd6092b92b71c60956ed5710b41
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8255
x-amzn-requestid: 3bf29c4a-406a-4645-ad18-44cd6f05d457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VnFEV-IAMFQMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfc6-3eaa337d1e1c1b6d5e951419;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qkOlqM6tJ90H9572YLE0J-s79edBSceM5hLbJtyyuH86xdW8juoktA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 13:28:31 GMT
age: 35683
etag: "04a0665f771562c3e56ac3542abe5bd3c4c1a6b5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8255
Md5:    fa70ece15044b7318cb11ae5e37a64e7
Sha1:   04a0665f771562c3e56ac3542abe5bd3c4c1a6b5
Sha256: 8c974283b2ba0058114404af3e4818daa8cc56f270cb8a46f5f2f54de9d2f0e1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6487
x-amzn-requestid: cd11b94b-24be-4e6d-bce3-a480b2c1cc23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDWDQEYAIAMFetw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633136e1-5fcb76b5408fdfa20ec55dd8;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 05:21:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GcEH02ZlJM-8wUvNf7K7rK7f1cs6_m4i9UYUNxXUGzcDTEz74JH3cA==
via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:59:28 GMT
age: 5026
etag: "edff303440c5972381295b4b2602bd3f77f6702a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6487
Md5:    e88b78ede0e4583585d6bb805fb39470
Sha1:   edff303440c5972381295b4b2602bd3f77f6702a
Sha256: ce55a1ff5c71ec43884b74a08cd32ef75cb0632a91f3fe8b150f5ead499375a4
                                        
                                            POST /1/events/com.amazon.csm.csa.prod HTTP/1.1 
Host: unagi.amazon.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3446
Origin: https://www.na-amazon-creturns.com
Connection: keep-alive
Referer: https://www.na-amazon-creturns.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.94.233.61
HTTP/1.1 200
Content-Type: application/json
                                        
Server: Server
Date: Mon, 26 Sep 2022 23:23:19 GMT
Content-Length: 22
Connection: keep-alive
x-amz-rid: Z3M697S54FASFK4N8T9C
x-amzn-RequestId: 47098b10-c6f3-4438-aeb2-e5e974da20c3
Content-Encoding: gzip
Vary: Content-Type,Accept-Encoding,User-Agent


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   22
Md5:    49fced5a15e8763d46199088fad93fca
Sha1:   8b3f69bdb1250e55ab9968a157416c8968369ec3
Sha256: 09819ee7c805183bdc1c2cb02e46b868c31b426baa5bbede8b56ae6163af04be