r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ec332b81a27117ce9c16b67a5a8e4fac
b6d2afa2c859d000ad830d3d8d73f57bac6ffce2
1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F"
Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7442
Expires: Wed, 22 Mar 2023 17:47:45 GMT
Date: Wed, 22 Mar 2023 15:43:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14940
Expires: Wed, 22 Mar 2023 19:52:43 GMT
Date: Wed, 22 Mar 2023 15:43:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 22 Mar 2023 15:15:00 GMT
content-type: application/json
age: 1723
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9831
Expires: Wed, 22 Mar 2023 18:27:34 GMT
Date: Wed, 22 Mar 2023 15:43:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7VicSze2g/0tAskOYtxd7dD9JOlv9VVu6YDKwbmqsgKhaOiBBX+IzweXrPyD2x1dBFVf0u+fu40=
x-amz-request-id: 26TJ1YBPYWB8W2X6
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 22 Mar 2023 14:53:40 GMT
age: 3003
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 22 Mar 2023 15:43:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
45.147.197.101200 OK 75 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
IP 45.147.197.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (363), with CRLF line terminators
Hash 92ac3c5baf92a09e9fe8f0e9f4f5e07c
a87abed53afb09a7661372d250398ecf7c4f6424
546a286925f62399284d8d488459e50d825f214e8797a07eb3b63c1af053013a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Wed, 22 Mar 2023 15:43:43 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; Domain=.v6.army; HttpOnly; Path=/; Expires=Thu, 21-Mar-2024 15:43:43 GMT
PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620; path=/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
ezymrdeioear.v6.army/tr/Seleccione%20medio%20de%20pago_fichiers/main.css
45.147.197.101200 OK 11 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/Seleccione%20medio%20de%20pago_fichiers/main.css
IP 45.147.197.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16728)
Hash a149c870b197e2488b7290891e0f1a97
39d7b22d29cdbd158dabd1292adb7db5bcc56c5b
90e4415c6e412afe376500af9c6c4e875642ef2c4679d649efe435ce69061241
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/Seleccione%20medio%20de%20pago_fichiers/main.css HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:40 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:36 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 149223
Content-Length: 10687
DDG-Cache-Status: HIT,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/clientlib-provider-correosid.js
45.147.197.101200 OK 359 B URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/clientlib-provider-correosid.js
IP 45.147.197.101:0
File type ASCII text, with very long lines (544)
Hash 97a7641b5f45d665acd091f0d8a09ae7
7a00bd2d400ca07f0c6ba9feaf0244ab111a201d
8ebb6a5164236229738be9ccac10d47756fd9d9900cd6e162dc67db982e3fa8d
Analyzer Verdict Alert urlquery phishing Phishing - Correos
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/clientlib-provider-correosid.js HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:40 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 149223
Content-Length: 359
DDG-Cache-Status: HIT,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/correos-ui-kit.css
45.147.197.101200 OK 18 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/correos-ui-kit.css
IP 45.147.197.101:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 257c33d4f7443470485f1d3074949c5d
ad1a3fe2a611c2817e8f20f3c80a06b5201c7a46
8bf222934610cef3cdf385f38d78bb5f4eb93c95f87c9d98cd8b7db775ab8c72
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/correos-ui-kit.css HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:40 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 149223
DDG-Cache-Status: HIT,MISS
Content-Length: 18222
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/container.js
45.147.197.101200 OK 316 B URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/container.js
IP 45.147.197.101:0
File type ASCII text, with very long lines (514)
Hash bd20e46936268128708527350b1a097d
eba8909aa9a8a01c7025b6f02a933ebb6164aa4e
75f96e16192581a2e2412dca8f84bfc2bd3aae93e3be16f3be938a14cd75b79b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/container.js HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Tue, 21 Mar 2023 06:48:17 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 118526
Content-Length: 316
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/gtm.js
45.147.197.101200 OK 30 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/gtm.js
IP 45.147.197.101:0
File type ASCII text, with very long lines (1555)
Hash 9246740879c363c5e9de37b3d834a1b3
dac124aef051f1c37e673b815bdb5d5089224ef0
aaaa70dd0b99206e1260c97dfaa8991cc5ca3d8fe471533ef0b623227e16eca8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/gtm.js HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:40 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 149223
Content-Length: 30237
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/clientlib-site.js
45.147.197.101200 OK 11 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/clientlib-site.js
IP 45.147.197.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16728)
Hash 39111cd9fb235fc8f93753dff6f5a459
f1868b5aa2ccf2736d61dcad3e20db916cf05753
70ae0fb154e2c19c37405d695fc245c01924c8bf72da92c6282766a65c139473
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/clientlib-site.js HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:40 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 149223
Content-Length: 10787
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/clientlib-base.js
45.147.197.101200 OK 20 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/clientlib-base.js
IP 45.147.197.101:0
Hash ff413f499912410a97bc49815aae4934
183d39521b43cad0594e036b67f8a473c7922068
2fb6d7696e70b10f775e6b584d3dd14c979b26ef8baa07a6fafa16aea67cc83b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/clientlib-base.js HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:40 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 149223
Content-Length: 20354
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/apple_store.jpg
45.147.197.101200 OK 11 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/apple_store.jpg
IP 45.147.197.101:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 250x82, components 3\012- data
Hash 498c4a8cc089ec2fc0b87f460924b9b4
324b0ef1cf07829216653bf3fca04add4ebf553f
509066150aa1da2b163e681cff62f67f0becd0bb65cded95be964371835798f6
Analyzer Verdict Alert urlquery phishing Phishing - Correos
urlquery suspicious Suspicious - DynDNS domain
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/apple_store.jpg HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Tue, 21 Mar 2023 13:07:44 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Length: 11255
Content-Type: image/jpeg
Age: 95761
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1_002.js
45.147.197.101200 OK 33 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1_002.js
IP 45.147.197.101:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 789c9194d94f78355f2b51acff609400
824e133a964a9fff24156b9f02bfc57ebf1118db
e416dfc15aebdff771ce26f6f8b0684a8264c3dd798c9e2f7d7efadc16e97f2e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1_002.js HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Tue, 21 Mar 2023 06:48:17 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 118526
Content-Length: 33173
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-ui-1.js
45.147.197.101200 OK 52 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-ui-1.js
IP 45.147.197.101:0
File type ASCII text, with very long lines (18557)
Hash 1776a824c9954390fb052f4570f0c61b
cc7245e27a784b2dbd07bf865e63daa1009056d0
9fa5ded0f7f9118ebbae0ab29d7790f4739a032638eac1f3790f75d66c40756d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-ui-1.js HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Tue, 21 Mar 2023 13:07:44 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 95759
Content-Length: 52402
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/deco_triangles.svg
45.147.197.101200 OK 451 B URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/deco_triangles.svg
IP 45.147.197.101:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9f484954ec83afedf792b8a54262b528
e6bbe505e712c396e0dca15915f68fa897f5ed77
e9fd41da5588466d5e7fda079a6555b926a422449e22e61e13c8356411fce3a8
Analyzer Verdict Alert urlquery phishing Phishing - Correos
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
GET /tr/assets/recibir_paquete_files/deco_triangles.svg HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Tue, 21 Mar 2023 13:07:44 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: image/svg+xml
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 95760
Content-Length: 451
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/deco_bars.svg
45.147.197.101200 OK 390 B URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/deco_bars.svg
IP 45.147.197.101:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82304b9a0023912a7a5ecf6bc3423a4d
74cdfe76217be9aef762ccc76c807b54bc627a35
0fbc2616c8ad67b276f458ff1896e233a0f803314318197dc00a13d53d026097
Analyzer Verdict Alert urlquery phishing Phishing - Correos
urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
GET /tr/assets/recibir_paquete_files/deco_bars.svg HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Tue, 21 Mar 2023 06:48:17 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: image/svg+xml
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 118527
Content-Length: 390
DDG-Cache-Status: HIT,HIT
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/google_play.jpg
45.147.197.101200 OK 12 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/google_play.jpg
IP 45.147.197.101:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 270x80, components 3\012- data
Hash 71405560fcf941f01e531e8564ad9e3f
a970b8084d6e7cdd714dbd1add272ac630cd9fe9
bda17ffead5e3809b288330e7aa2d2b689c45cfadcef8249416d07afe34477a7
Analyzer Verdict Alert urlquery phishing Phishing - Correos
urlquery suspicious Suspicious - DynDNS domain
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/google_play.jpg HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:41 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Length: 11827
Content-Type: image/jpeg
Age: 149223
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1.js
45.147.197.101200 OK 72 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1.js
IP 45.147.197.101:0
Hash 5180bc7db3ef71a6abd0b618430f8cfc
5f16af6015382f3eb8c4d121fc8ddaf094f6411c
48cf805cb574b9a141a51c8bb9cef2dbf42b2b9fb3125f060309c7e3c1798e50
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
suricata medium ET MALWARE Magecart Loader Javascript
GET /tr/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1.js HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:40 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 149223
Content-Length: 72525
DDG-Cache-Status: MISS,HIT
ezymrdeioear.v6.army/tr/assets/pic_image/package.jpg
45.147.197.101200 OK 80 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/pic_image/package.jpg
IP 45.147.197.101:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1440x960, components 3\012- data
Hash c8f62200abc0901f82eb57cfd63f11da
b57afb6c671cc84aff03656945c36af57ec0c68d
0e343f72b8fe95c764a97e83ec0b5f47910e7615045487174fb48e1ce6075372
Analyzer Verdict Alert urlquery phishing Phishing - Correos
urlquery suspicious Suspicious - DynDNS domain
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/pic_image/package.jpg HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Tue, 21 Mar 2023 13:07:44 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Length: 79701
Content-Type: image/jpeg
DDG-Cache-Status: HIT,MISS
Age: 95760
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 22 Mar 2023 15:14:33 GMT
age: 1751
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ezymrdeioear.v6.army/libs/granite/csrf/token.json
45.147.197.101404 Not Found 238 B URL HTTP/1.1 ezymrdeioear.v6.army/libs/granite/csrf/token.json
IP 45.147.197.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 520f4af4fa2a221f0fcaf2bd8dd91190
ff7f6ecdcec4d56428d84c9380c81ede0f33fa4c
e4af90c52865b7203efde020d8d7ca02b5b99f50b435770b37a34766772744a7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
GET /libs/granite/csrf/token.json HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 404 Not Found
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Wed, 22 Mar 2023 15:43:44 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/CORREOS-favicon.ico
45.147.197.101200 OK 18 kB URL HTTP/1.1 ezymrdeioear.v6.army/tr/assets/recibir_paquete_files/CORREOS-favicon.ico
IP 45.147.197.101:0
File type MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel\012- data
Hash 979cb9d8edebbab32271c2b8012e2fec
6883f5e00e6dc2482190fbe5f2610ff5877d44e5
81c8f7072936900d76c28d8d4a8ba8be60dc1a47ddd5a0a6d459cdfbc34405a6
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .army Domain
suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /tr/assets/recibir_paquete_files/CORREOS-favicon.ico HTTP/1.1
Host: ezymrdeioear.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ezymrdeioear.v6.army/tr/Recibir_paquete.php?=Confiramtionebsf0-cKGufbVd:lfESxB-aOZxWqsnsfAvBix4c7blWCMQ1OT4N6TlccfJCQk8bTtqnJmBpn
Cookie: __ddg1_=P5Z3b5ZQzmIOZSLN9q93; PHPSESSID=c7b23a4042a8c2a92607e2488b9bf620
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Mon, 20 Mar 2023 22:16:41 GMT
Last-Modified: Fri, 10 Feb 2023 14:16:37 GMT
Accept-Ranges: bytes
Content-Type: image/x-icon
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 149223
Content-Length: 17613
DDG-Cache-Status: MISS,HIT
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9259
Expires: Wed, 22 Mar 2023 18:18:03 GMT
Date: Wed, 22 Mar 2023 15:43:44 GMT
Connection: keep-alive
push.services.mozilla.com/
52.43.107.188101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.107.188:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /Kr1+BWzAgBajVG8Nnz3Mg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ROtsai86Ctkh7uQ01PE+hztv+CE=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2362
Expires: Wed, 22 Mar 2023 16:23:07 GMT
Date: Wed, 22 Mar 2023 15:43:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2362
Expires: Wed, 22 Mar 2023 16:23:07 GMT
Date: Wed, 22 Mar 2023 15:43:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2362
Expires: Wed, 22 Mar 2023 16:23:07 GMT
Date: Wed, 22 Mar 2023 15:43:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2362
Expires: Wed, 22 Mar 2023 16:23:07 GMT
Date: Wed, 22 Mar 2023 15:43:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2362
Expires: Wed, 22 Mar 2023 16:23:07 GMT
Date: Wed, 22 Mar 2023 15:43:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f0b9e85381489dcf646c251722b21d4
5f7ea91288a2170bcabdca6be296718c4191eacd
911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: hqGFdT1Sk0IcvaNqfvjz5RsGBK-qMBcNKbK9FyZ7OoiH30hDL9ekxA==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:59:52 GMT
age: 63833
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22c3f36a-d800-4eab-8a32-e2b5ef86e386.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22c3f36a-d800-4eab-8a32-e2b5ef86e386.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 412bd6aea60211324e649d7d920601d2
a813976bda850a584b5ab94d9a70bfe0da69aca0
d36ef17fc6ab3cd4e5e43836f7df2c6fdf1781f1bac73e42c9a09e8594f797f9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22c3f36a-d800-4eab-8a32-e2b5ef86e386.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: 1b374321-f2df-404f-ab91-4e73d830fac9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJqmAEhHoAMFgRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a248c-217d81154ecfe0c44ca70432;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:41:32 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: DL7vQgu72hwpt7yHbmIKnAZnoIaR4CQPE1JJAjq8M4jg0REUsq5lOw==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:48:25 GMT
age: 64520
etag: "a813976bda850a584b5ab94d9a70bfe0da69aca0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ccef074-5c97-4b5e-842d-b01d7dc45627.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ccef074-5c97-4b5e-842d-b01d7dc45627.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f9aef2e82d471b00bdf191d1e955492
e1d36f5481258ce121d9f41b4b868d1c9c1b2f06
c09128e3010f6f2e3e4ccbe4b4920ba55e46ce2cde0c51eedb7779cd92add9f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ccef074-5c97-4b5e-842d-b01d7dc45627.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3100
x-amzn-requestid: bf7f14b6-a186-4824-92d9-8c1760d16684
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraHOYIAMF4eA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-58a8c02a6ea83e326050f73b;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: GThx9OjL58T8fXdYtQ2LdgHKsogADojKlokwT_Qw9usgR6-vlwCnOA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 58b8655e3ea662bad02cac6b9d4c88ba.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:53:57 GMT
age: 64188
etag: "e1d36f5481258ce121d9f41b4b868d1c9c1b2f06"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bad98da-6135-4f42-b2ae-18c876c9d5b5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bad98da-6135-4f42-b2ae-18c876c9d5b5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10b246700a68864e2e13eb3a2362a2ab
5aa62479325a9cb5e70e4c9b8423880a7e39272a
f8e4416ac4d95566b93f4e875033af06178f95787819086eead9620f72fe680e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bad98da-6135-4f42-b2ae-18c876c9d5b5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9954
x-amzn-requestid: 6f7bb52c-1cae-4856-9b0f-d509135028e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEazIAMFqBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-568aafe9529abdae561482a5;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: mb0sBDsqYnO4s3PTK0ALZ-65Ys8BLI_XaH3weNCYtG5LznmxZtr3tQ==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 bb763d35677c62f9f5d9728bba884662.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:43:18 GMT
age: 64827
etag: "5aa62479325a9cb5e70e4c9b8423880a7e39272a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f57fa6-bac5-42a3-be66-ebcc96d82ea2.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f57fa6-bac5-42a3-be66-ebcc96d82ea2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2062cf7a271d4ac7a04c0a746d443e07
3343851f2128c5f1fe4302c2aa53e8ce1fb661ac
e479263c1742d2597cf8948ef059b0bc97dbb97f47bb5cafee3d4af12069d2ce
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2f57fa6-bac5-42a3-be66-ebcc96d82ea2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10407
x-amzn-requestid: 87aba2e6-d7e8-4456-a12f-e05ac556b839
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJqJhGnXIAMF1yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a23d6-2b6c3d62366f47f506ce8415;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: d7wlX2p3nm1VAV3qxRv2S1VbjxRah6GciBVRgyds7qbK1yNltNmtMQ==
via: 1.1 b3cdce1c2fc39b89f45c98c417351f26.cloudfront.net (CloudFront), 1.1 1f41b5f27f3ec2e93db2155dbc56900c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:49:24 GMT
age: 64461
etag: "3343851f2128c5f1fe4302c2aa53e8ce1fb661ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F882a2ebf-b22a-46de-bf52-8b9a1aaa2743.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F882a2ebf-b22a-46de-bf52-8b9a1aaa2743.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aeb0d8069d746e467fecd886c0e42628
8229b537f84a7418dc67e30691e62db4cea67f0f
24705dc5b7eefd79a35323beee7c741aa041c3bf55801d13b4ffc2b202e6a394
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F882a2ebf-b22a-46de-bf52-8b9a1aaa2743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8037
x-amzn-requestid: 7a9f7bb5-d810-4831-b5d2-3eead1af864a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJprcGY1IAMFSAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-53cdee4b645ed18e1dfeb92c;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: QW8T5AGg_L1mT4fE8IHeBG9TSiGpbBJpZE2yZdBtAQMJCPV8OKK5Dw==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 21:43:22 GMT
age: 64823
etag: "8229b537f84a7418dc67e30691e62db4cea67f0f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2