| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hash234b80a5a27f3d377e322e680413479d 3da8ba535ec19898f5b83ece48cd4038ac2bf557 370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4424
Expires: Mon, 13 Mar 2023 04:48:58 GMT
Date: Mon, 13 Mar 2023 03:35:14 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hashe7a9cb518d929d10c471394adc89cdfa d609cb0d94e645141ab1372f19c014c1b00b83af 200db48dd5e87cba8dc962e8981f72def9c12e21d5a417361c4f77425e55597a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "200DB48DD5E87CBA8DC962E8981F72DEF9C12E21D5A417361C4F77425E55597A"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9794
Expires: Mon, 13 Mar 2023 06:18:28 GMT
Date: Mon, 13 Mar 2023 03:35:14 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hashae4d7bec26e013433e638f87260aa632 62384e39bc90d0b2ab92895220f0383e678669f4 b704031d560770485c9552dcf56b911b7b5ad45d8a3f73acd17dbbbeeff294f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B704031D560770485C9552DCF56B911B7B5AD45D8A3F73ACD17DBBBEEFF294F4"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5643
Expires: Mon, 13 Mar 2023 05:09:17 GMT
Date: Mon, 13 Mar 2023 03:35:14 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash7f03faaba3392caae6dae54467bfdf6d 57ea1f14e8bfbcca8190c706d708c9fda12442c1 02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 13 Mar 2023 03:09:19 GMT
content-type: application/json
age: 1555
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashb5ba6334e73496995e3e3a9ecd0eb323 ad80d3b7718c28364e8c2004fb38a13a1747e462 aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hLII2seOZgs3rEGmkS5prVSWJgTy789bf8edKUFJ8epn8IF+0KYITl4veIc/CmH99tNBKsRRdzk=
x-amz-request-id: MYS2GVHPK2SDEZ3T
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 13 Mar 2023 02:46:12 GMT
age: 2942
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/ | 74.201.25.112 | 301 Moved Permanently | 162 B |
IP74.201.25.112:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | | fortinet | Phishing | |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 13 Mar 2023 03:35:14 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ekykdkgkpq.duckdns.org/
Strict-Transport-Security: max-age=31536000
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:15 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Pragma, Last-Modified, ETag, Retry-After, Cache-Control, Content-Type, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 13 Mar 2023 03:12:32 GMT
age: 1363
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hashcf2b4f5e0ed98f1edf20e8b09304b1df cec361b4db759b70420d537e5effc24687a339b9 e859db0f306a12c49a62d7ddb5d4e5ee22249b46ba44810df8292189c43ac590
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E859DB0F306A12C49A62D7DDB5D4E5EE22249B46BA44810DF8292189C43AC590"
Last-Modified: Sun, 12 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Mon, 13 Mar 2023 09:35:06 GMT
Date: Mon, 13 Mar 2023 03:35:15 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hashb426c61dbf49129b0554669c6666e025 6b329663868aac72e296a4c594d46b542f7003e7 6349d43a437729d91c0739616283458cbc123bd6d056522f68cd48b89364ea95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6349D43A437729D91C0739616283458CBC123BD6D056522F68CD48B89364EA95"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5333
Expires: Mon, 13 Mar 2023 05:04:08 GMT
Date: Mon, 13 Mar 2023 03:35:15 GMT
Connection: keep-alive
|
|
| push.services.mozilla.com/ | 54.200.178.235 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.200.178.235:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mZzV5HP4aB+q57Q588HXIQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 49QrXAYQijeYyEuX3MqsmiMlHlk=
|
|
| ekykdkgkpq.duckdns.org/static/softbank/notice_pcidss_y_tls.css | 74.201.25.112 | 200 OK | 940 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/notice_pcidss_y_tls.css IP74.201.25.112:0
File typeASCII text, with CRLF line terminators Hash76e2029c69482dcf83b9573ab90c2a4e e86d76f2ae6f4585c73cd6ab9c7d8b8d4483eb50 59a15b6d9f1bdcf5fbc2e5efe9a49b119d16bba1fbd80610a1d79119535aa00e
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - SoftBank | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/softbank/notice_pcidss_y_tls.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
content-length: 940
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/switch_blind.png | 74.201.25.112 | 200 OK | 261 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/switch_blind.png IP74.201.25.112:0
File typePNG image data, 106 x 99, 8-bit/color RGBA, non-interlaced\012- data Hash090b7c00bb9d737051208f9f6fe4219e 3c0078e827dcdfc2ed221b634d6abc759b1cd744 84c682ba3502718b4d5022a461d4d2ed1c162ab2d28d6aad64f8ff807309c9d4
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - SoftBank | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/softbank/switch_blind.png HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: image/png
content-length: 261
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/logo-header-mysb.png | 74.201.25.112 | 200 OK | 8.0 kB |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/logo-header-mysb.png IP74.201.25.112:0
File typePNG image data, 278 x 60, 8-bit/color RGBA, non-interlaced\012- data Hash72556b495c853060bbc5fc8ab58bf3d8 d4c0a94327b86923a8e4f841d50c9d73d52d4691 ca466c36e848b86b42a891a40f896392a88040c80a90dc186d27019478882bee
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - SoftBank | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/softbank/logo-header-mysb.png HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: image/png
content-length: 7953
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/site-logo.png | 74.201.25.112 | 200 OK | 2.7 kB |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/site-logo.png IP74.201.25.112:0
File typePNG image data, 258 x 38, 8-bit/color RGBA, non-interlaced\012- data Hash7a07ed34fb472dd9c92b0faf34b7eea1 7048c507ad782a1d6e2ccc7c83d0e024d7c8ddbf df3d1608e4ab20082b5556e209ea790f16cfaabe519e1f26d4f23986191c967c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - SoftBank | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/softbank/site-logo.png HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: image/png
content-length: 2693
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.globalsign.com/gsgccr3dvtlsca2020 | 151.101.130.133 | 200 OK | 1.4 kB |
URL HTTP/1.1ocsp.globalsign.com/gsgccr3dvtlsca2020 IP151.101.130.133:0
Hash96e84b616dbad97b2a516d9bc49881f2 ee06fdb295665c626a8789a86c9bd6f90b8be0ce 517985200d0f6f77a1aeee79232513520c8d5311221817663f2ea0fdea989351
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1414
Server: nginx
Content-Type: application/ocsp-response
Expires: Fri, 17 Mar 2023 02:51:05 GMT
ETag: "ee06fdb295665c626a8789a86c9bd6f90b8be0ce"
Last-Modified: Mon, 13 Mar 2023 02:51:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 13 Mar 2023 03:35:16 GMT
Age: 2650
X-Served-By: cache-qpg1233-QPG, cache-bma1658-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 5, 1
X-Timer: S1678678517.974165,VS0,VE1
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hashf1cb274086a7fc07be41dfeb65ec1dbf c6339993814eda4b9629ef179222b060d1f5143b b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6573
Expires: Mon, 13 Mar 2023 05:24:50 GMT
Date: Mon, 13 Mar 2023 03:35:17 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hashf1cb274086a7fc07be41dfeb65ec1dbf c6339993814eda4b9629ef179222b060d1f5143b b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6573
Expires: Mon, 13 Mar 2023 05:24:50 GMT
Date: Mon, 13 Mar 2023 03:35:17 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 95.101.11.115 | 200 OK | 503 B |
IP95.101.11.115:0 ASN#20940 Akamai International B.V.
Hashf1cb274086a7fc07be41dfeb65ec1dbf c6339993814eda4b9629ef179222b060d1f5143b b3fbd505775ab4d16c1a8b22e367b9d3b2698bd920d0c4578659b6c63e3d3f6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3FBD505775AB4D16C1A8B22E367B9D3B2698BD920D0C4578659B6C63E3D3F6F"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6573
Expires: Mon, 13 Mar 2023 05:24:50 GMT
Date: Mon, 13 Mar 2023 03:35:17 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg | 34.120.237.76 | 200 OK | 5.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashbbfef97312a1bc4792615717a63a48ba 1008882db3829f830b0f58c9c5b09792e844a31b 2b096364b450b4845252b7a22a9f9aadadf220e7a6a4134558647d308529d2a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bf0ac20-16ad-460d-8fcb-a873994d420a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5853
x-amzn-requestid: c8b1593f-4bd9-452d-a904-87b58194d599
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WlHEwoAMFyqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c3-461a986e5a5544cf574899e4;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C6xTwOtJHWOoB4SIZ7qDzhmjdyRpZtrJEQ4iSWw5SHWVIKSxfirSCw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:13:56 GMT
age: 19281
etag: "1008882db3829f830b0f58c9c5b09792e844a31b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c0a9a22-dda8-46a3-86d8-c629f30ace09.jpeg | 34.120.237.76 | 200 OK | 6.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c0a9a22-dda8-46a3-86d8-c629f30ace09.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashe55f467b2a43b23a928d3190cac816df 818acb3fc2246e0560a0b07aa4aedd833ee5cf93 577923cdee309c4c82a7ddcc7447b23ad3f4e2b9968596f2850899d2c457e1f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c0a9a22-dda8-46a3-86d8-c629f30ace09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6231
x-amzn-requestid: 414eb829-0850-4059-a314-1690eea63c79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_WwGeTIAMFoaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45c4-6820e63442da098049934d27;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:36:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: W-BqnUFYDaFGuHIVYpEOX0HEq86rFEkqQ90xV2qFvIweJdtaO0eScg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:17:01 GMT
etag: "818acb3fc2246e0560a0b07aa4aedd833ee5cf93"
content-type: image/jpeg
age: 19096
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a275078-bdc8-4724-9c53-d20550667d65.jpeg | 34.120.237.76 | 200 OK | 7.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a275078-bdc8-4724-9c53-d20550667d65.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash5fed1fec18aeb57b5a0097791aae3c5a 21b48434431c86d0d5292f65fc2b05d9eb674372 2a7170911dd5fb1b6b4c92e1aa6e24baafd863243299431a15bd82e93c4f2b7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a275078-bdc8-4724-9c53-d20550667d65.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7227
x-amzn-requestid: 4db2047b-7913-42a0-8ad0-8bc22ecb12d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_jEFc7oAMF1tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e4613-75e600687c46bf981318d5d4;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:37:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sLgDEVYdforlmpkwzGt3mDquGKh_pN93QSabLVcOZvjovkzT45Kkmg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:13:45 GMT
age: 19292
etag: "21b48434431c86d0d5292f65fc2b05d9eb674372"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde56a182-6d55-402d-b240-1fe8746a0a76.jpeg | 34.120.237.76 | 200 OK | 4.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde56a182-6d55-402d-b240-1fe8746a0a76.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash780098f209d535b5c802e280f41c2ed7 6d895fec65f4d11af82d1a417fdec5d2df2a9cd1 5b66b48774c284e271f0e4938e304b98e8e3642c9e479768b64fe4186055e886
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde56a182-6d55-402d-b240-1fe8746a0a76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4743
x-amzn-requestid: 307f30a9-ba32-4ff5-a987-990d05f07b64
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BpjcvEHvIAMFR-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640d4c51-3f20ae277aa76e175a7a3c44;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 03:51:45 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: GK32TQleZvqJHU-cz2Je8NZ9Bs3VPw0qaWuLVsWRK_o5WQxzwQvjKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 21618d080c6bfbcd465fc55a167a8c1a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:17:15 GMT
age: 19082
etag: "6d895fec65f4d11af82d1a417fdec5d2df2a9cd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg | 34.120.237.76 | 200 OK | 8.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashbe71491cee9b47dc3ffb23b4fdff25b3 79c7d22c8df6d305f46c5779ccb9f25169d4d111 e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: U2JtuJiGI7wXfW-kOhXKGMyrnuAYscw1mSptG-Yss3513ZFhYms3jA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 21:42:27 GMT
age: 21170
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53263bb2-8b93-4fc3-b1a1-248444d42c74.webp | 34.120.237.76 | 200 OK | 6.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53263bb2-8b93-4fc3-b1a1-248444d42c74.webp IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash51be243027a8ad61b954a2baf798e9c4 cb34aa7c5322764bf9c0a084e49441d2e4cb00ca e877f77e579ca134a2c251ab859bb17f838aba6ee2a74f73288c2f4c2a0df3ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53263bb2-8b93-4fc3-b1a1-248444d42c74.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6530
x-amzn-requestid: 5a3dff03-7e73-42ad-a613-8107f020b77e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Br_UkHnxIAMFTzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640e45b6-50a318d10364e57152410b77;Sampled=0
x-amzn-remapped-date: Sun, 12 Mar 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: F0TDNNf5ACg6lgdRnL8NjBjeNNtTamoara1Fq09a8IA3TtdXQoiI5g==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 12 Mar 2023 22:07:40 GMT
age: 19657
etag: "cb34aa7c5322764bf9c0a084e49441d2e4cb00ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/js/jquery.cookie.js | 74.201.25.112 | 200 OK | 1.4 kB |
URL HTTP/2ekykdkgkpq.duckdns.org/static/js/jquery.cookie.js IP74.201.25.112:0
Hash4cd3995bf9a06595ba9f10c4e930daa8 0aa715c082f5a12174f0f827372e3aa5fe2116bf 5c6855225fbc78fdbadc7416c2e16b5bcd449424098a6d69c583d0a396ca479e
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - SoftBank | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | | fortinet | Phishing | |
GET /static/js/jquery.cookie.js HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/ | 74.201.25.112 | 200 OK | 0 B |
IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | | fortinet | Phishing | |
NIDS | Severity | Alert | suricata | medium | ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain |
GET / HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:15 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
set-cookie: sessionid=ea053d4e60a17fab27bd366852d3e047; Path=/; HttpOnly
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/mysb-common.css | 74.201.25.112 | 200 OK | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/mysb-common.css IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/softbank/mysb-common.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/css/jquery.loadmask.css | 74.201.25.112 | 200 OK | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/css/jquery.loadmask.css IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/css/jquery.loadmask.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:44:42 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/css/modules/laydate/default/laydate.css?v=5.3.1 | 74.201.25.112 | 404 Not Found | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/css/modules/laydate/default/laydate.css?v=5.3.1 IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | | fortinet | Phishing | |
GET /static/softbank/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047; __tins__21564627=%7B%22sid%22%3A%201678678516558%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201678680316558%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Authorization,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,X-Token,X-Requested-With,withCredentials
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/style.css | 74.201.25.112 | 200 OK | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/style.css IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/softbank/style.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/mysb-temporary.css | 74.201.25.112 | 200 OK | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/mysb-temporary.css IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/softbank/mysb-temporary.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/layer.css | 74.201.25.112 | 200 OK | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/layer.css IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | |
GET /static/softbank/layer.css HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/js/jquery-3.3.1.min.js | 74.201.25.112 | 200 OK | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/js/jquery-3.3.1.min.js IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | | fortinet | Phishing | |
GET /static/js/jquery-3.3.1.min.js HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/softbank/layui.js | 74.201.25.112 | 200 OK | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/softbank/layui.js IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | | fortinet | Phishing | |
GET /static/softbank/layui.js HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:47:40 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ekykdkgkpq.duckdns.org/static/js/jquery.loadmask.min.js | 74.201.25.112 | 200 OK | 0 B |
URL HTTP/2ekykdkgkpq.duckdns.org/static/js/jquery.loadmask.min.js IP74.201.25.112:0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain | openphish | SoftBank Group | | fortinet | Phishing | |
GET /static/js/jquery.loadmask.min.js HTTP/1.1
Host: ekykdkgkpq.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ekykdkgkpq.duckdns.org/
Cookie: sessionid=ea053d4e60a17fab27bd366852d3e047
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 13 Mar 2023 03:35:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 17 Mar 2022 06:46:08 GMT
expires: Wed, 12 Apr 2023 03:35:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|